SlideShare a Scribd company logo

ClearPass Policy Model - An Introduction

Aruba, a Hewlett Packard Enterprise company
Aruba, a Hewlett Packard Enterprise company

ClearPass Policy Model - An Introduction

Technology
1 of 4
Download to read offline
ClearPass Policy Model An Introduction Services Paradigm Services are the highest level element in the Policy Manager policy model. They have two purposes: Unique Categorization Rules (per Service) enable Policy Manager to test Access Requests (“Requests”) against available Services to provide robust differentiation of requests by access method, location, or other network vendor- specific attributes. Policy Manager ships configured with a number of basic Service types. You can flesh out these Service types, copy them for use as templates, import other Service types from another implementation (from which you have previously exported them), or develop new Services from scratch. By wrapping a specific set of Policy Components, a Service can coordinate the flow of a request, from authentication, to role and health evaluation, to determination of enforcement parameters for network access. The following image and table illustrate and describe the basic Policy Manager flow of control and its underlying architecture. Figure 1: Generic Policy Manager Service Flow of Control 0511601-00v1 | March 2014 1
Component Service: component ratio Description A - Authentication Method Zero or more per service EAP or non-EAP method for client authentication. Policy Manager supports four broad classes of authentication methods: l EAP, tunneled: PEAP, EAP-FAST, or EAP-TTLS. l EAP, non-tunneled: EAP-TLS or EAP-MD5. l Non-EAP, non-tunneled: CHAP, MS-CHAP, PAP, or MAC-AUTH. l MAC_AUTH must be used exclusively in a MAC- based Authentication Service. When the MAC_ AUTH method is selected, Policy Manager: (1) makes internal checks to verify that the request is indeed a MAC Authentication request (and not a spoofed request) and (2) makes sure that the MAC address of the device is present in the authentication source. Some Services (for example, TACACS+) contain internal authentication methods; in such cases, Policy Manager does not make this tab available. B - Authentication Source Zero or more per service An Authentication Source is the identity repository against which Policy Manager verifies identity. It supports these Authentication Source types: l Microsoft Active Directory l and LDAP compliant directory l RSA or other RADIUS-based token servers l SQL database, including the local user store. l Static Host Lists, in the case of MAC-based Authentication of managed devices. C - Authorization Source One or more per Authentication Source and zero or more per service An Authorization Source collects attributes for use in Role Mapping Rules. You specify the attributes you want to collect when you configure the authentication source. Policy Manager supports the following authorization source types: l Microsoft Active Directory l any LDAP compliant directory l RSA or other RADIUS-based token servers l SQL database, including the local user store. Table 1: Policy Manager Service Components 2 ClearPass Policy Model | An Introduction
Component Service: component ratio Description C - Role Mapping Policy Zero or one per service Policy Manager evaluates Requests against Role Mapping Policy rules to match Clients to Role(s). All rules are evaluated and Policy Manager may return more than one Role. If no rules match, the request takes the configured Default Role. Some Services (for example, MAC-based Authentication) may handle role mapping differently: l For MAC-based Authentication Services, where role information is not available from an authentication source, an Audit Server can determine role by applying post-audit rules against the client attributes gathered during the audit. D - Internal Posture Policies Zero or more per service An Internal Posture Policy tests Requests against internal Posture rules to assess health. Posture rule conditions can contain attributes present in vendor- specific posture dictionaries. E - Posture Servers Zero or more per service Posture servers evaluate client health based on specified vendor-specific posture credentials, typically posture credentials that cannot be evaluated internally by Policy Manager (that is, not by internal posture policies). Currently, Policy Manager supports two forms of posture server interfaces: HCAP, RADIUS, and GAMEv2 posture servers. F - Audit Servers Zero or more per service Audit servers evaluate the health of clients that do not have an installed agent, or which cannot respond to Policy Manager interactions. Audit servers typically operate in lieu of authentication methods, authentication sources, internal posture policies, and posture server. In addition to returning posture tokens, Audit Servers can contain post-audit rules that map results from the audit into Roles. G - Enforcement Policy One per service (mandatory) Policy Manager tests Posture Tokens, Roles (and system time) against Enforcement Policy rules to return one or more matching Enforcement Policy rules to return one or more matching Enforcement Profiles (that define scope of access for the client). H - Enforcement Profile One or more per service Enforcement Policy Profiles contain attributes that define a client's scope of access for the session. Policy Manager returns these Enforcement Profile attributes to the switch. Table 1: Policy Manager Service Components (Continued) ClearPass Policy Model | An Introduction 3
Copyright Information Copyright © 2014 Aruba Networks, Inc. Aruba Networks trademarks include the Aruba Networks logo, Aruba Networks®, Aruba Wireless Networks®, the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System®, Mobile Edge Architecture®, People Move. Networks Must Follow®, RFProtect®, Green Island®. All rights reserved. All other trademarks are the property of their respective owners. Open Source Code Certain Aruba products include Open Source software code developed by third parties, including software code subject to the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open Source Licenses. Includes software from Litech Systems Design. The IF-MAP client library copyright 2011 Infoblox, Inc. All rights reserved. This product includes software developed by Lars Fenneberg et al. Legal Notice The use of Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, to terminate other vendors’ VPN client devices constitutes complete acceptance of liability by that individual or corporation for this action and indemnifies, in full, Aruba Networks, Inc. from any and all legal actions that might be taken against it with respect to infringement of copyright on behalf of those vendors. Warranty This hardware product is protected by an Aruba warranty. For details, see the Aruba Networks standard warranty terms and conditions. 4 ClearPass Policy Model | An Introduction

Recommended

Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallAruba, a Hewlett Packard Enterprise company
 
Large scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passLarge scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passAruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsAruba, a Hewlett Packard Enterprise company
 
Aruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassAruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassPaulo Eduardo Sibalde
 
Aruba 802.11n Networks Validated Reference Design
Aruba 802.11n Networks Validated Reference DesignAruba 802.11n Networks Validated Reference Design
Aruba 802.11n Networks Validated Reference DesignAruba, a Hewlett Packard Enterprise company
 
Advanced ClearPass Workshop
Advanced ClearPass WorkshopAdvanced ClearPass Workshop
Advanced ClearPass WorkshopAruba, a Hewlett Packard Enterprise company
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOSAruba, a Hewlett Packard Enterprise company
 

Recommended

Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallAruba, a Hewlett Packard Enterprise company
 
Large scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passLarge scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passAruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsAruba, a Hewlett Packard Enterprise company
 
Aruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassAruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassPaulo Eduardo Sibalde
 
Aruba 802.11n Networks Validated Reference Design
Aruba 802.11n Networks Validated Reference DesignAruba 802.11n Networks Validated Reference Design
Aruba 802.11n Networks Validated Reference DesignAruba, a Hewlett Packard Enterprise company
 
Advanced ClearPass Workshop
Advanced ClearPass WorkshopAdvanced ClearPass Workshop
Advanced ClearPass WorkshopAruba, a Hewlett Packard Enterprise company
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOSAruba, a Hewlett Packard Enterprise company
 
Advanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAdvanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAruba, a Hewlett Packard Enterprise company
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba, a Hewlett Packard Enterprise company
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass OverviewJoAnna Cheshire
 
Getting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement FirewallGetting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement FirewallAruba, a Hewlett Packard Enterprise company
 
ClearPass Insight 6.3 User Guide
ClearPass Insight 6.3 User GuideClearPass Insight 6.3 User Guide
ClearPass Insight 6.3 User GuideAruba, a Hewlett Packard Enterprise company
 
Managing and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANsManaging and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANsAruba, a Hewlett Packard Enterprise company
 
Aruba Remote Access Point (RAP) Networks Validated Reference Design
Aruba Remote Access Point (RAP) Networks Validated Reference DesignAruba Remote Access Point (RAP) Networks Validated Reference Design
Aruba Remote Access Point (RAP) Networks Validated Reference DesignAruba, a Hewlett Packard Enterprise company
 
Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesAruba, a Hewlett Packard Enterprise company
 
Campus Network Design version 8
Campus Network Design version 8Campus Network Design version 8
Campus Network Design version 8Aruba, a Hewlett Packard Enterprise company
 
Aruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba, a Hewlett Packard Enterprise company
 
Airwaveand arubabestpracticesguide
Airwaveand arubabestpracticesguideAirwaveand arubabestpracticesguide
Airwaveand arubabestpracticesguideAruba, a Hewlett Packard Enterprise company
 
Aruba instant 6.4.0.2 4.1 user guide
Aruba instant 6.4.0.2 4.1 user guideAruba instant 6.4.0.2 4.1 user guide
Aruba instant 6.4.0.2 4.1 user guideAruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xEMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xAruba, a Hewlett Packard Enterprise company
 
Aruba Mobility Controllers
Aruba Mobility ControllersAruba Mobility Controllers
Aruba Mobility ControllersAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP DeploymentEMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP DeploymentAruba, a Hewlett Packard Enterprise company
 
Aruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentalsAruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentalsAruba, a Hewlett Packard Enterprise company
 
ClearPass Policy Manager 6.3 User Guide
ClearPass Policy Manager 6.3 User GuideClearPass Policy Manager 6.3 User Guide
ClearPass Policy Manager 6.3 User GuideAruba, a Hewlett Packard Enterprise company
 
Rap installation updated
Rap installation updatedRap installation updated
Rap installation updatedAruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAruba, a Hewlett Packard Enterprise company
 
Aruba OS 7.3 User Guide
Aruba OS 7.3 User GuideAruba OS 7.3 User Guide
Aruba OS 7.3 User GuideAruba, a Hewlett Packard Enterprise company
 
Aruba VIA 2.0 User Guide
Aruba VIA 2.0 User GuideAruba VIA 2.0 User Guide
Aruba VIA 2.0 User GuideAruba, a Hewlett Packard Enterprise company
 

More Related Content

What's hot

What's hot (20)

Advanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAdvanced Aruba ClearPass Workshop
Advanced Aruba ClearPass Workshop
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User Guide
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass Overview
 
Getting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement FirewallGetting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement Firewall
 
ClearPass Insight 6.3 User Guide
ClearPass Insight 6.3 User GuideClearPass Insight 6.3 User Guide
ClearPass Insight 6.3 User Guide
 
Managing and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANsManaging and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANs
 
Aruba Remote Access Point (RAP) Networks Validated Reference Design
Aruba Remote Access Point (RAP) Networks Validated Reference DesignAruba Remote Access Point (RAP) Networks Validated Reference Design
Aruba Remote Access Point (RAP) Networks Validated Reference Design
 
Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment Challenges
 
Campus Network Design version 8
Campus Network Design version 8Campus Network Design version 8
Campus Network Design version 8
 
Aruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_final
 
Airwaveand arubabestpracticesguide
Airwaveand arubabestpracticesguideAirwaveand arubabestpracticesguide
Airwaveand arubabestpracticesguide
 
Aruba instant 6.4.0.2 4.1 user guide
Aruba instant 6.4.0.2 4.1 user guideAruba instant 6.4.0.2 4.1 user guide
Aruba instant 6.4.0.2 4.1 user guide
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPass
 
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xEMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
 
Aruba Mobility Controllers
Aruba Mobility ControllersAruba Mobility Controllers
Aruba Mobility Controllers
 
EMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP DeploymentEMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP Deployment
 
Aruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentalsAruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentals
 
ClearPass Policy Manager 6.3 User Guide
ClearPass Policy Manager 6.3 User GuideClearPass Policy Manager 6.3 User Guide
ClearPass Policy Manager 6.3 User Guide
 
Rap installation updated
Rap installation updatedRap installation updated
Rap installation updated
 
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
 

Viewers also liked

Aos & cppm integration & testing document for eap tls & eap peap
Aos & cppm integration & testing document for eap tls & eap peapAos & cppm integration & testing document for eap tls & eap peap
Aos & cppm integration & testing document for eap tls & eap peapJulia Ostrowski
 

Viewers also liked (20)

Aruba OS 7.3 User Guide
Aruba OS 7.3 User GuideAruba OS 7.3 User Guide
Aruba OS 7.3 User Guide
 
Aruba VIA 2.0 User Guide
Aruba VIA 2.0 User GuideAruba VIA 2.0 User Guide
Aruba VIA 2.0 User Guide
 
ClearPass Guest 6.4 User Guide
ClearPass Guest 6.4 User GuideClearPass Guest 6.4 User Guide
ClearPass Guest 6.4 User Guide
 
Aruba OS 6.4 User Guide
Aruba OS 6.4 User GuideAruba OS 6.4 User Guide
Aruba OS 6.4 User Guide
 
ClearPass 6.3.5 Release Notes
ClearPass 6.3.5 Release NotesClearPass 6.3.5 Release Notes
ClearPass 6.3.5 Release Notes
 
ClearPass 6.3.6 Release Notes
ClearPass 6.3.6 Release NotesClearPass 6.3.6 Release Notes
ClearPass 6.3.6 Release Notes
 
ClearPass 6.4.0 Release Notes
ClearPass 6.4.0 Release NotesClearPass 6.4.0 Release Notes
ClearPass 6.4.0 Release Notes
 
Aruba MeshOS 4.7 User Guide
Aruba MeshOS 4.7 User GuideAruba MeshOS 4.7 User Guide
Aruba MeshOS 4.7 User Guide
 
Aruba Activate User Guide
Aruba Activate User GuideAruba Activate User Guide
Aruba Activate User Guide
 
Aos & cppm integration & testing document for eap tls & eap peap
Aos & cppm integration & testing document for eap tls & eap peapAos & cppm integration & testing document for eap tls & eap peap
Aos & cppm integration & testing document for eap tls & eap peap
 
Aruba OS 6.4 Command Line Interface Reference Guide
Aruba OS 6.4 Command Line Interface Reference GuideAruba OS 6.4 Command Line Interface Reference Guide
Aruba OS 6.4 Command Line Interface Reference Guide
 
ClearPass 6.4.2 Release Notes
ClearPass 6.4.2 Release NotesClearPass 6.4.2 Release Notes
ClearPass 6.4.2 Release Notes
 
Aruba VIA 2.0 (Mac) User Guide
Aruba VIA 2.0 (Mac) User GuideAruba VIA 2.0 (Mac) User Guide
Aruba VIA 2.0 (Mac) User Guide
 
ClearPass Policy Manager 6.3 User Guide
ClearPass Policy Manager 6.3 User GuideClearPass Policy Manager 6.3 User Guide
ClearPass Policy Manager 6.3 User Guide
 
ClearPass 6.3.2 Release Notes
ClearPass 6.3.2 Release NotesClearPass 6.3.2 Release Notes
ClearPass 6.3.2 Release Notes
 
Aruba VIA 2.0.1 User Guide Linux Edition
Aruba VIA 2.0.1 User Guide Linux EditionAruba VIA 2.0.1 User Guide Linux Edition
Aruba VIA 2.0.1 User Guide Linux Edition
 
Aruba OS 6.3 Command Line Interface Reference Guide
Aruba OS 6.3 Command Line Interface Reference GuideAruba OS 6.3 Command Line Interface Reference Guide
Aruba OS 6.3 Command Line Interface Reference Guide
 
ArubaOS 6.3.x Quick Start Guide
ArubaOS 6.3.x Quick Start GuideArubaOS 6.3.x Quick Start Guide
ArubaOS 6.3.x Quick Start Guide
 
Aruba OS 6.3 User Guide
Aruba OS 6.3 User GuideAruba OS 6.3 User Guide
Aruba OS 6.3 User Guide
 
Airwave 7.7.9 Release Notes
Airwave 7.7.9 Release NotesAirwave 7.7.9 Release Notes
Airwave 7.7.9 Release Notes
 

Similar to ClearPass Policy Model - An Introduction

Middleware Soa Qualification Process Ver 2
Middleware Soa Qualification Process Ver 2Middleware Soa Qualification Process Ver 2
Middleware Soa Qualification Process Ver 2David Stephenson
 
From Cisco ACS to ISE
From Cisco ACS to ISE From Cisco ACS to ISE
From Cisco ACS to ISE Mahzad Zahedi
 
Layer 7: Fine Grained Authorization for Web Services
Layer 7: Fine Grained Authorization for Web ServicesLayer 7: Fine Grained Authorization for Web Services
Layer 7: Fine Grained Authorization for Web ServicesCA API Management
 
SAP BI Security Features
SAP BI Security FeaturesSAP BI Security Features
SAP BI Security Featuresdw_anil
 
An expert guide to new sap bi security features
An expert guide to new sap bi security featuresAn expert guide to new sap bi security features
An expert guide to new sap bi security featuresShazia_Sultana
 
Transitioning Enterprise Architectures to Service Oriented Architectures
Transitioning Enterprise Architectures to Service Oriented ArchitecturesTransitioning Enterprise Architectures to Service Oriented Architectures
Transitioning Enterprise Architectures to Service Oriented ArchitecturesNathaniel Palmer
 
Transitioning Enterprise Architectures to Service Oriented Architectures
Transitioning Enterprise Architectures to Service Oriented ArchitecturesTransitioning Enterprise Architectures to Service Oriented Architectures
Transitioning Enterprise Architectures to Service Oriented ArchitecturesNathaniel Palmer
 
TrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security AuthorizationTrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security AuthorizationTuan Phan
 
To SPLA or Not to SPLA - Microsoft Licensing for the Hosting Services Provider
To SPLA or Not to SPLA - Microsoft Licensing for the Hosting Services ProviderTo SPLA or Not to SPLA - Microsoft Licensing for the Hosting Services Provider
To SPLA or Not to SPLA - Microsoft Licensing for the Hosting Services ProviderScott & Scott, LLP
 
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...Good Dog Labs, Inc.
 
SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...Steffan Stringer
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...Zara Nawaz
 
Micro Service automation by Srijit Jain
Micro Service automation by Srijit JainMicro Service automation by Srijit Jain
Micro Service automation by Srijit JainSoftware Testing Board
 
Odca interop across_clouds_standard units of measurement for iaa_s
Odca interop across_clouds_standard units of measurement for iaa_sOdca interop across_clouds_standard units of measurement for iaa_s
Odca interop across_clouds_standard units of measurement for iaa_sSeanscs
 
Control Implementation Summary (CIS) Template
Control Implementation Summary (CIS) TemplateControl Implementation Summary (CIS) Template
Control Implementation Summary (CIS) TemplateGovCloud Network
 
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROsWebinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROsStatistics & Data Corporation
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討Timothy Chen
 

Similar to ClearPass Policy Model - An Introduction (20)

Middleware Soa Qualification Process Ver 2
Middleware Soa Qualification Process Ver 2Middleware Soa Qualification Process Ver 2
Middleware Soa Qualification Process Ver 2
 
From Cisco ACS to ISE
From Cisco ACS to ISE From Cisco ACS to ISE
From Cisco ACS to ISE
 
AAA Protocol
AAA ProtocolAAA Protocol
AAA Protocol
 
Layer 7: Fine Grained Authorization for Web Services
Layer 7: Fine Grained Authorization for Web ServicesLayer 7: Fine Grained Authorization for Web Services
Layer 7: Fine Grained Authorization for Web Services
 
SAP BI Security Features
SAP BI Security FeaturesSAP BI Security Features
SAP BI Security Features
 
An expert guide to new sap bi security features
An expert guide to new sap bi security featuresAn expert guide to new sap bi security features
An expert guide to new sap bi security features
 
SAP BI 7 security concepts
SAP BI 7 security conceptsSAP BI 7 security concepts
SAP BI 7 security concepts
 
Transitioning Enterprise Architectures to Service Oriented Architectures
Transitioning Enterprise Architectures to Service Oriented ArchitecturesTransitioning Enterprise Architectures to Service Oriented Architectures
Transitioning Enterprise Architectures to Service Oriented Architectures
 
Transitioning Enterprise Architectures to Service Oriented Architectures
Transitioning Enterprise Architectures to Service Oriented ArchitecturesTransitioning Enterprise Architectures to Service Oriented Architectures
Transitioning Enterprise Architectures to Service Oriented Architectures
 
TrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security AuthorizationTrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security Authorization
 
To SPLA or Not to SPLA - Microsoft Licensing for the Hosting Services Provider
To SPLA or Not to SPLA - Microsoft Licensing for the Hosting Services ProviderTo SPLA or Not to SPLA - Microsoft Licensing for the Hosting Services Provider
To SPLA or Not to SPLA - Microsoft Licensing for the Hosting Services Provider
 
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
 
SDP Glossary v2.0
SDP Glossary v2.0 SDP Glossary v2.0
SDP Glossary v2.0
 
SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...
 
Micro Service automation by Srijit Jain
Micro Service automation by Srijit JainMicro Service automation by Srijit Jain
Micro Service automation by Srijit Jain
 
Odca interop across_clouds_standard units of measurement for iaa_s
Odca interop across_clouds_standard units of measurement for iaa_sOdca interop across_clouds_standard units of measurement for iaa_s
Odca interop across_clouds_standard units of measurement for iaa_s
 
Control Implementation Summary (CIS) Template
Control Implementation Summary (CIS) TemplateControl Implementation Summary (CIS) Template
Control Implementation Summary (CIS) Template
 
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROsWebinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討
 

More from Aruba, a Hewlett Packard Enterprise company

More from Aruba, a Hewlett Packard Enterprise company (20)

Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAirheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
 
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAirheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.x
 
EMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba CentralEMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba Central
 
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.xEMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
 
EMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS SwitchEMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS Switch
 
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchEMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
 
Introduction to AirWave 10
Introduction to AirWave 10Introduction to AirWave 10
Introduction to AirWave 10
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
 
EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant AP
 
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.xEMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
 
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPMEMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
 
EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2 EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2
 
Airheads Meetups: 8400 Presentation
Airheads Meetups: 8400 PresentationAirheads Meetups: 8400 Presentation
Airheads Meetups: 8400 Presentation
 
Airheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau PresentationAirheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau Presentation
 
Airheads Meetups- High density WLAN
Airheads Meetups- High density WLANAirheads Meetups- High density WLAN
Airheads Meetups- High density WLAN
 
Airheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes ArubaAirheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes Aruba
 
EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x
 
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) TroubleshootingEMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
 
EMEA Airheads - Multi zone ap and centralized image upgrade
EMEA Airheads - Multi zone ap and centralized image upgradeEMEA Airheads - Multi zone ap and centralized image upgrade
EMEA Airheads - Multi zone ap and centralized image upgrade
 

Recently uploaded

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 

Recently uploaded (20)

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 

ClearPass Policy Model - An Introduction

  • 1. ClearPass Policy Model An Introduction Services Paradigm Services are the highest level element in the Policy Manager policy model. They have two purposes: Unique Categorization Rules (per Service) enable Policy Manager to test Access Requests (“Requests”) against available Services to provide robust differentiation of requests by access method, location, or other network vendor- specific attributes. Policy Manager ships configured with a number of basic Service types. You can flesh out these Service types, copy them for use as templates, import other Service types from another implementation (from which you have previously exported them), or develop new Services from scratch. By wrapping a specific set of Policy Components, a Service can coordinate the flow of a request, from authentication, to role and health evaluation, to determination of enforcement parameters for network access. The following image and table illustrate and describe the basic Policy Manager flow of control and its underlying architecture. Figure 1: Generic Policy Manager Service Flow of Control 0511601-00v1 | March 2014 1
  • 2. Component Service: component ratio Description A - Authentication Method Zero or more per service EAP or non-EAP method for client authentication. Policy Manager supports four broad classes of authentication methods: l EAP, tunneled: PEAP, EAP-FAST, or EAP-TTLS. l EAP, non-tunneled: EAP-TLS or EAP-MD5. l Non-EAP, non-tunneled: CHAP, MS-CHAP, PAP, or MAC-AUTH. l MAC_AUTH must be used exclusively in a MAC- based Authentication Service. When the MAC_ AUTH method is selected, Policy Manager: (1) makes internal checks to verify that the request is indeed a MAC Authentication request (and not a spoofed request) and (2) makes sure that the MAC address of the device is present in the authentication source. Some Services (for example, TACACS+) contain internal authentication methods; in such cases, Policy Manager does not make this tab available. B - Authentication Source Zero or more per service An Authentication Source is the identity repository against which Policy Manager verifies identity. It supports these Authentication Source types: l Microsoft Active Directory l and LDAP compliant directory l RSA or other RADIUS-based token servers l SQL database, including the local user store. l Static Host Lists, in the case of MAC-based Authentication of managed devices. C - Authorization Source One or more per Authentication Source and zero or more per service An Authorization Source collects attributes for use in Role Mapping Rules. You specify the attributes you want to collect when you configure the authentication source. Policy Manager supports the following authorization source types: l Microsoft Active Directory l any LDAP compliant directory l RSA or other RADIUS-based token servers l SQL database, including the local user store. Table 1: Policy Manager Service Components 2 ClearPass Policy Model | An Introduction
  • 3. Component Service: component ratio Description C - Role Mapping Policy Zero or one per service Policy Manager evaluates Requests against Role Mapping Policy rules to match Clients to Role(s). All rules are evaluated and Policy Manager may return more than one Role. If no rules match, the request takes the configured Default Role. Some Services (for example, MAC-based Authentication) may handle role mapping differently: l For MAC-based Authentication Services, where role information is not available from an authentication source, an Audit Server can determine role by applying post-audit rules against the client attributes gathered during the audit. D - Internal Posture Policies Zero or more per service An Internal Posture Policy tests Requests against internal Posture rules to assess health. Posture rule conditions can contain attributes present in vendor- specific posture dictionaries. E - Posture Servers Zero or more per service Posture servers evaluate client health based on specified vendor-specific posture credentials, typically posture credentials that cannot be evaluated internally by Policy Manager (that is, not by internal posture policies). Currently, Policy Manager supports two forms of posture server interfaces: HCAP, RADIUS, and GAMEv2 posture servers. F - Audit Servers Zero or more per service Audit servers evaluate the health of clients that do not have an installed agent, or which cannot respond to Policy Manager interactions. Audit servers typically operate in lieu of authentication methods, authentication sources, internal posture policies, and posture server. In addition to returning posture tokens, Audit Servers can contain post-audit rules that map results from the audit into Roles. G - Enforcement Policy One per service (mandatory) Policy Manager tests Posture Tokens, Roles (and system time) against Enforcement Policy rules to return one or more matching Enforcement Policy rules to return one or more matching Enforcement Profiles (that define scope of access for the client). H - Enforcement Profile One or more per service Enforcement Policy Profiles contain attributes that define a client's scope of access for the session. Policy Manager returns these Enforcement Profile attributes to the switch. Table 1: Policy Manager Service Components (Continued) ClearPass Policy Model | An Introduction 3
  • 4. Copyright Information Copyright © 2014 Aruba Networks, Inc. Aruba Networks trademarks include the Aruba Networks logo, Aruba Networks®, Aruba Wireless Networks®, the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System®, Mobile Edge Architecture®, People Move. Networks Must Follow®, RFProtect®, Green Island®. All rights reserved. All other trademarks are the property of their respective owners. Open Source Code Certain Aruba products include Open Source software code developed by third parties, including software code subject to the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open Source Licenses. Includes software from Litech Systems Design. The IF-MAP client library copyright 2011 Infoblox, Inc. All rights reserved. This product includes software developed by Lars Fenneberg et al. Legal Notice The use of Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, to terminate other vendors’ VPN client devices constitutes complete acceptance of liability by that individual or corporation for this action and indemnifies, in full, Aruba Networks, Inc. from any and all legal actions that might be taken against it with respect to infringement of copyright on behalf of those vendors. Warranty This hardware product is protected by an Aruba warranty. For details, see the Aruba Networks standard warranty terms and conditions. 4 ClearPass Policy Model | An Introduction