Title slide with picture
Introduction to Aruba ClearPass Tim Cappalli & Angel Vidal
Please give me your feedback Session ID: HOL12769
Speaker: Tim Cappalli, Angel Vidal
Use the mobile app to complete a session survey 1.
Access “My schedule”
2.
Click on the session detail page
3.
Scroll down to “Feedback” – If the session is not on your schedule, just find it via the app’s “Session Schedule” – If you don’t have the app, go to your phone’s app store and search for “HPE Discover 2017”
To access the session survey online, go to the Agenda Builder in the event content catalog and click on your session Thank you for providing your feedback, which helps us enhance content for future events. 3
3
Introduction To Aruba ClearPass
4
ClearPass Policy Manager and NAC Solution CLEARPASS POLICY MGR
Built-in: • Policy Engine • RADIUS/CoA/TACACS • Profiling • Accounting/reports • Identity store
REMOTE LOCATION
Expandable Applications
• BYOD onboarding • Simple guest access • Health assessments
Onboard
Guest
OnGuard 5
ClearPass Core Functionality Visitor
Administrator Employee
USERS
IDENTITY SOURCES
NETWORK EDGE Multi-Vendor Wired/Wireless/VPN
PKI Token
NETWORK CORE
Profiler
AAA/RADIUS NAC Cert. Authority
Contractor Headless Devices Employee BYOD
Onboarding
AD/LDAP
ClearPass SQL
Policy – Visibility - Workflow Time/Day
Guest Location
Device Registration
Device Type/Health User/Role
CONTEXT 6
6
What’s Inside VISIBILITY
WORKFLOW
RULES
Device Profiling
Onboarding and Self-registration
Context-based
Troubleshooting
Guest Management
Device Posture Checks
Per Session Tracking
MDM/EMM Integration
Built-in Certificate Authority
7
ClearPass Terminology
8
Service – Highest level in the Policy Manager configuration model – Matches authentication requests based on – Access method – Location – Other standard or vendor-specific attributes
– Defines the flow of an authentication request – Authentication – Authorization – Role evaluation – Posture assessment – Device auditing/profiling – Enforcement
– Resulting in a specific level of network access 9
9
Enforcement Policy Authentication
Authorization
Service Rules
System Time
Roles
Enforcement Policies
Posture
Enforcement Profiles 10
10
Enforcement Profile – Lowest level in the Policy Configuration model – Defines the ACTIONS to take as a result of policy – Numerous types – RADIUS return attributes – Posture agent – CLI commands – Update internal ClearPass info – HTTP (ClearPass Exchange) – Etc.
11
11
Labs Overview
12
ClearPass Labs – Time permitting, you will complete 3 labs during this two hour session – Aruba Wireless 802.1X – Guest Self-Registration – Onboarding
13
13
What we will NOT cover
– Installation – Licensing
Why? Not Enough Time
– Clustering – OnGuard – Insight – ClearPass Extensions – ClearPass APIs – Tons of other stuff 14
Get more information
Attend these sessions – B12763: Gain visibility and control over IoT, including the users, systems and all the “things”
Visit these demos – DEMO802: Adaptive Threat Response using Aruba ClearPass – DEMO801: Niara Security Analytics and UEBA
Follow us on Social Media – @ArubaNetworks – facebook.com/arubanetworks
Thanks!
15
15
Please give me your feedback Session ID: HOL12769
Speaker: Tim Cappalli, Angel Vidal
Use the mobile app to complete a session survey 1.
Access “My schedule”
2.
Click on the session detail page
3.
Scroll down to “Feedback” – If the session is not on your schedule, just find it via the app’s “Session Schedule” – If you don’t have the app, go to your phone’s app store and search for “HPE Discover 2017”
To access the session survey online, go to the Agenda Builder in the event content catalog and click on your session Thank you for providing your feedback, which helps us enhance content for future events. 16
16
Thank you [email protected], [email protected]
Please give me your feedback Session ID: HOL12769
Speaker: Tim Cappalli, Angel Vidal
Use the mobile app to complete a session survey 1.
Access “My schedule”
2.
Click on the session detail page
3.
Scroll down to “Feedback” – If the session is not on your schedule, just find it via the app’s “Session Schedule” – If you don’t have the app, go to your phone’s app store and search for “HPE Discover 2017”
To access the session survey online, go to the Agenda Builder in the event content catalog and click on your session Thank you for providing your feedback, which helps us enhance content for future events. 3
3
Introduction To Aruba ClearPass
4
ClearPass Policy Manager and NAC Solution CLEARPASS POLICY MGR
Built-in: • Policy Engine • RADIUS/CoA/TACACS • Profiling • Accounting/reports • Identity store
REMOTE LOCATION
Expandable Applications
• BYOD onboarding • Simple guest access • Health assessments
Onboard
Guest
OnGuard 5
ClearPass Core Functionality Visitor
Administrator Employee
USERS
IDENTITY SOURCES
NETWORK EDGE Multi-Vendor Wired/Wireless/VPN
PKI Token
NETWORK CORE
Profiler
AAA/RADIUS NAC Cert. Authority
Contractor Headless Devices Employee BYOD
Onboarding
AD/LDAP
ClearPass SQL
Policy – Visibility - Workflow Time/Day
Guest Location
Device Registration
Device Type/Health User/Role
CONTEXT 6
6
What’s Inside VISIBILITY
WORKFLOW
RULES
Device Profiling
Onboarding and Self-registration
Context-based
Troubleshooting
Guest Management
Device Posture Checks
Per Session Tracking
MDM/EMM Integration
Built-in Certificate Authority
7
ClearPass Terminology
8
Service – Highest level in the Policy Manager configuration model – Matches authentication requests based on – Access method – Location – Other standard or vendor-specific attributes
– Defines the flow of an authentication request – Authentication – Authorization – Role evaluation – Posture assessment – Device auditing/profiling – Enforcement
– Resulting in a specific level of network access 9
9
Enforcement Policy Authentication
Authorization
Service Rules
System Time
Roles
Enforcement Policies
Posture
Enforcement Profiles 10
10
Enforcement Profile – Lowest level in the Policy Configuration model – Defines the ACTIONS to take as a result of policy – Numerous types – RADIUS return attributes – Posture agent – CLI commands – Update internal ClearPass info – HTTP (ClearPass Exchange) – Etc.
11
11
Labs Overview
12
ClearPass Labs – Time permitting, you will complete 3 labs during this two hour session – Aruba Wireless 802.1X – Guest Self-Registration – Onboarding
13
13
What we will NOT cover
– Installation – Licensing
Why? Not Enough Time
– Clustering – OnGuard – Insight – ClearPass Extensions – ClearPass APIs – Tons of other stuff 14
Get more information
Attend these sessions – B12763: Gain visibility and control over IoT, including the users, systems and all the “things”
Visit these demos – DEMO802: Adaptive Threat Response using Aruba ClearPass – DEMO801: Niara Security Analytics and UEBA
Follow us on Social Media – @ArubaNetworks – facebook.com/arubanetworks
Thanks!
15
15
Please give me your feedback Session ID: HOL12769
Speaker: Tim Cappalli, Angel Vidal
Use the mobile app to complete a session survey 1.
Access “My schedule”
2.
Click on the session detail page
3.
Scroll down to “Feedback” – If the session is not on your schedule, just find it via the app’s “Session Schedule” – If you don’t have the app, go to your phone’s app store and search for “HPE Discover 2017”
To access the session survey online, go to the Agenda Builder in the event content catalog and click on your session Thank you for providing your feedback, which helps us enhance content for future events. 16
16
Thank you [email protected], [email protected]
