SlideShare ist ein Scribd-Unternehmen logo

Clear pass policy manager advanced_ashwath murthy

•
•
Aruba, a Hewlett Packard Enterprise company
Aruba, a Hewlett Packard Enterprise company
BusinessTechnologie
1 von 44
Downloaden Sie, um offline zu lesen
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 1 #airheadsconf#airheadsconf ClearPass Policy Manager – Advanced Ashwath Murthy 03/15/2013
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 2 #airheadsconf ClearPass – Policy Model Authorization – What and Why? Profile – How does it work? Clustering & Deployment Q & A Agenda
CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 3 #airheadsconf#airheadsconf3 ClearPass Policy Model
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 4 #airheadsconf •  What constitutes the policy model? •  How does it work? •  What are the interactions between various components? •  How does the policy model affect configuration & deployment? ClearPass Policy Model
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 5 #airheadsconf ClearPass Policy Model Policy Identity Health Device Conditions • Role • Department • Group •  AV, AS, FW • Registry Keys • Services… • Device type, status, health • Address, O/S • Corp. Owned • Time • Location • Day of Week
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 6 #airheadsconf What’s the flow? Authenticate • Valid Authentication Authorize • Find Out What’s Allowed Associate Context • Device, Time, Location, Posture Enforce on NAS • Roles, ACLs, VLANs
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 7 #airheadsconf What Are The Interactions? RADIUS Server – Authenticate Policy Server – Authorize Policy Server – Associate Context Policy Server – Decision Tree RADIUS Server – Enforce
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 8 #airheadsconf Service Flow – 802.1X Layer 2 RADIUS Request Layer 2 Authentication Layer 2 Authorization Layer 2 Role Derivation Layer 2 RADIUS Enforcement Layer 3 Profile Layer 2 NAP Layer 3 OnGuard
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 9 #airheadsconf •  Layer 2 Authentications are completed first –  Full Authorization –  Role Derivation –  NAP (if enabled) –  Layer 2 Enforcement •  Layer 3 : Profile next –  DHCP Request, DHCP Offer –  RFC 3576 – Change of Authorization •  Another Layer 2 authentication! –  No RFC 3576 message if “fingerprint” does not change •  Layer 3 : Collect Posture last (OnGuard) –  Posture over HTTPS –  RFC 3576 based on policy •  Another Layer 2 authentication! Service Flow – Implications
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 10 #airheadsconf#airheadsconf10 Authorization – What and Why?
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 11 #airheadsconf •  Authentication vs. Authorization •  Authorization & ClearPass •  Use Cases Authorization – What and Why?
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 12 #airheadsconf Authorization & ClearPass •  “Authorization” Sources in ClearPass –  Where do I find them? –  How do I use them? –  How often does ClearPass talk to an authorization source? –  What happens in case something goes wrong?
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 13 #airheadsconf •  An “Authentication Source” is an “Authorization Source” –  RADIUS Server vs. Policy Server Authorization Sources – Where?
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 14 #airheadsconf Authorization Sources – How? Authentication Sources are automatic Authorization Sources Additional Authorization Sources enabled per Service No Authorization unless used in Roles!
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 15 #airheadsconf Authorization Sources – How? Authorize with Active Directory Authorize with Profile Data Rule Algorithm : Evaluate All
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 16 #airheadsconf •  Ok, great. But will ClearPass flood my AD with authorization requests? –  Authorization data is cached per user –  New request made to fetch data once the cache expires –  Cache timers can be tuned Authorization – How? Cache Timeout Default: 10 hours
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 17 #airheadsconf •  Got it •  But I just made a bunch of changes on my AD. Should I need to wait 10 hours? –  Tune the cache timers –  “Clear Cache” button on the Authentication Source •  Wipes out cache for all users –  “Save” button on the Authentication Source •  Wipes out cache for all users –  Restart Policy Server •  BAD IDEA!!! Authorization – How?
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 18 #airheadsconf •  If an Authentication/Authorization Source is not reachable –  Configure Backup Servers –  Configure Fail-Over Timeout Authorization – Uh-Oh! Fail-Over Timeout Backup Servers
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 19 #airheadsconf Use Cases – Mergers & Acquisitions Active Directory Domain – avendasys.com Active Directory Domain – arubanetworks.com
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 20 #airheadsconf Authentication & Authorization Sources for TLS Certificate Details used for Authorization Enable Authorization – Source specified in the Service Compare Certificate – Source specified in the Service Use Cases – Certificates & TLS
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 21 #airheadsconf •  LDAP/SQL Interface to Asset Databases –  Key : MAC Address –  Authorization Attributes •  Ownership – Corporate vs. Personal •  Compliance Status – In/Out of compliance –  Identify corporate-owned non-Windows devices Use Cases – Asset Databases
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 22 #airheadsconf#airheadsconf22 Profile – How does it work?
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 23 #airheadsconf •  Profile & Network Data •  Automatic Profile “upgrades” •  Using Profile data in policy •  Configuring Profile –  DHCP? HTTP? SNMP? •  Use Cases Profile – How does it work?
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 24 #airheadsconf •  What does ClearPass use to profile? –  MAC OUIs –  DHCP Request, DHCP Offer –  HTTP User-Agent –  MDM Fingerprints –  Device Interrogation –  SNMP/CDP/LLDP Data Profile & Network Data
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 25 #airheadsconf Fingerprint Updates •  Subscribe to Fingerprint Updates –  Automatic reclassification –  Updated frequently •  Tell Aruba! –  Create policy exceptions –  Grab fingerprints from UI –  Send fingerprints to Aruba –  Crowd-sourced, community oriented
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 26 #airheadsconf •  Automatic 3-level categorization –  Device Category, OS Family, Device Name •  Using raw profile data –  DHCP Data, HTTP User-Agent, SNMP Data •  Role Mapping –  What should I use? •  Enforcement –  How do I enforce? –  What are the benefits? Using Profile data in policy
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 27 #airheadsconf •  DHCP Relay –  Where should I setup DHCP relays? •  Captive Portal Configuration –  Is there a knob for this? •  Reading SNMP Data –  CDP –  LLDP –  HR MIB –  SysDescr MIB Configuring Profile – Network Considerations
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 28 #airheadsconf •  Policy – CEOs & iPads •  Policy – “Headless” Devices •  Visibility – Demystifying BYODs Use Cases
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 29 #airheadsconf Use Cases – CEOs & iPads Assign Roles Enforce Access
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 30 #airheadsconf Use Cases – Headless Devices Identify & Assign Roles To Headless Devices
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 31 #airheadsconf Use Cases – Visibility
CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 32 #airheadsconf#airheadsconf32 Clustering & Deployment
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 33 #airheadsconf •  Clustering Technology –  What’s replicated? What’s not? •  Deploying ClearPass Clusters –  Considerations •  Operations & Maintenance –  What happens when a ClearPass node is down? –  Events & Alerts –  Rescue & Recovery Clustering & Deployment
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 34 #airheadsconf •  What’s replicated? –  All policy configuration elements –  All Audit data –  All identity store data •  Guest Accounts, Endpoints, Profile data –  Runtime Information •  Authorization status, Posture status, Roles •  Connectivity Information, NAS Details –  Database replication on port# 5432 over SSL –  Runtime replication on port# 443 over SSL Clustering Technology
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 35 #airheadsconf •  What’s not replicated? –  Log files –  Authentication Records –  Accounting Records –  System Events –  System Monitor Data Clustering Technology
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 36 #airheadsconf •  How do they connect? –  Requires IP connectivity (bi-directional) •  Port # 5432 (Database over SSL) •  Port# 80 (HTTP) •  Port #443 (HTTPS) •  Port #123 (NTP) •  How much data should we expect to see crossing the wire? –  Only elements in the configuration database –  First sync is a full database copy –  Subsequent sync – Delta changes propagated Clustering – Considerations
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 37 #airheadsconf Clustering – Considerations PUBLISHER SUBSCRIBER 1 SUBSCRIBER 2 SUBSCRIBER 3 SUBSCRIBER 4 SUBSCRIBER 5 SUBSCRIBER 6 Hub & Spoke
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 38 #airheadsconf Clustering – Considerations CPPM – Publisher DNS DHCP Identity Stores Main Data Center Mid-size Branch Regional Office DMZ CPPM Subscriber VM CP Guest CP Onboard CPPM Subscriber CPPM Subscriber •  Central / Distributed Admin Domains •  Redundancy/Load Balancing •  Cluster wide licenses
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 39 #airheadsconf •  What happens when a node goes down? –  Operations •  If Deployed Right – Nothing •  RADIUS Backup settings on the NAS –  If the Publisher goes down •  No Database Writes Allowed!! •  Promote a Subscriber to a Publisher •  Resume configuration updates Operations & Maintenance
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 40 #airheadsconf •  How long before ClearPass figures out something’s wrong? –  24 hours before it automatically “drops” a node from the cluster –  Cluster Synchronization Warnings •  1 event every hour x 24 hours = 24 events –  CPU/Memory Usage Warnings  Every 2 Minutes –  Server Certificate Warnings  Every 24 Hours –  Service Alerts  Immediate •  Email/SMS Alerts using Insight, Syslog & SNMP Events & Alerts
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 41 #airheadsconf •  Rescue & Recovery –  Establish cluster connectivity •  Database sync will ensue. Watch for “Last Sync Time” –  Restore certificates •  Server Certificates are not installed as a part of the sync –  Restore log entries (If necessary) •  Caveat : High disk activity for an extended period of time –  Verify fail-back on the NAS •  NAS fail-back timers should kick in Operations & Maintenance
CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 42 #airheadsconf#airheadsconf42 Q & A
CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 43 #airheadsconf#airheadsconf Thank You
CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 44 #airheadsconf#airheadsconf44

Empfohlen

Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPass
Aruba, a Hewlett Packard Enterprise company
 
Adapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear passAdapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear pass
Aruba, a Hewlett Packard Enterprise company
 
Advanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAdvanced Aruba ClearPass Workshop
Advanced Aruba ClearPass Workshop
Aruba, a Hewlett Packard Enterprise company
 
Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewall
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.xEMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.x
Aruba, a Hewlett Packard Enterprise company
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass Overview
JoAnna Cheshire
 
Useful cli commands v1
Useful cli commands v1Useful cli commands v1
Useful cli commands v1
Aruba, a Hewlett Packard Enterprise company
 
Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6
Aruba, a Hewlett Packard Enterprise company
 

Empfohlen

Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPass
Aruba, a Hewlett Packard Enterprise company
 
Adapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear passAdapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear pass
Aruba, a Hewlett Packard Enterprise company
 
Advanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAdvanced Aruba ClearPass Workshop
Advanced Aruba ClearPass Workshop
Aruba, a Hewlett Packard Enterprise company
 
Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewall
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.xEMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.x
Aruba, a Hewlett Packard Enterprise company
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass Overview
JoAnna Cheshire
 
Useful cli commands v1
Useful cli commands v1Useful cli commands v1
Useful cli commands v1
Aruba, a Hewlett Packard Enterprise company
 
Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6
Aruba, a Hewlett Packard Enterprise company
 
ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirements
Aruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAirheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Aruba, a Hewlett Packard Enterprise company
 
Getting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement FirewallGetting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement Firewall
Aruba, a Hewlett Packard Enterprise company
 
Large scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passLarge scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear pass
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant AP
Aruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Aruba, a Hewlett Packard Enterprise company
 
Aruba wireless and clear pass 6 integration guide v1.3
Aruba wireless and clear pass 6 integration guide v1.3Aruba wireless and clear pass 6 integration guide v1.3
Aruba wireless and clear pass 6 integration guide v1.3
Aruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAirheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Aruba, a Hewlett Packard Enterprise company
 
Aruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_final
Aruba, a Hewlett Packard Enterprise company
 
Aruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentalsAruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentals
Aruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPass
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x
Aruba, a Hewlett Packard Enterprise company
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User Guide
Aruba, a Hewlett Packard Enterprise company
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOS
Aruba, a Hewlett Packard Enterprise company
 
Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC
Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC
Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
EMEA Airheads- ArubaOS - Rogue AP troubleshootingEMEA Airheads- ArubaOS - Rogue AP troubleshooting
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
Aruba, a Hewlett Packard Enterprise company
 
Base Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference DesignBase Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference Design
Aruba, a Hewlett Packard Enterprise company
 
Managing and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANsManaging and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANs
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) TroubleshootingEMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issuesEMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issues
Aruba, a Hewlett Packard Enterprise company
 
Designing for the all wireless office ash chowdappa-kelly griffin
Designing for the all wireless office ash chowdappa-kelly griffinDesigning for the all wireless office ash chowdappa-kelly griffin
Designing for the all wireless office ash chowdappa-kelly griffin
Aruba, a Hewlett Packard Enterprise company
 
3 air wave practical workshop_mike bruno_matt sidhu
3 air wave practical workshop_mike bruno_matt sidhu3 air wave practical workshop_mike bruno_matt sidhu
3 air wave practical workshop_mike bruno_matt sidhu
Aruba, a Hewlett Packard Enterprise company
 

Weitere ähnliche Inhalte

Was ist angesagt?

Large scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passLarge scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear pass
Aruba, a Hewlett Packard Enterprise company
 
Managing and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANsManaging and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANs
Aruba, a Hewlett Packard Enterprise company
 

Was ist angesagt? (20)

ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirements
 
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAirheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
 
Getting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement FirewallGetting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement Firewall
 
Large scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passLarge scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear pass
 
EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant AP
 
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
 
Aruba wireless and clear pass 6 integration guide v1.3
Aruba wireless and clear pass 6 integration guide v1.3Aruba wireless and clear pass 6 integration guide v1.3
Aruba wireless and clear pass 6 integration guide v1.3
 
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAirheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.x
 
Aruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_final
 
Aruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentalsAruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentals
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPass
 
EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User Guide
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOS
 
Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC
Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC
Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC
 
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
EMEA Airheads- ArubaOS - Rogue AP troubleshootingEMEA Airheads- ArubaOS - Rogue AP troubleshooting
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
 
Base Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference DesignBase Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference Design
 
Managing and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANsManaging and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANs
 
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) TroubleshootingEMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
 
EMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issuesEMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issues
 

Andere mochten auch

Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Aruba, a Hewlett Packard Enterprise company
 
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Aruba, a Hewlett Packard Enterprise company
 
8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...
Aruba, a Hewlett Packard Enterprise company
 

Andere mochten auch (20)

Designing for the all wireless office ash chowdappa-kelly griffin
Designing for the all wireless office ash chowdappa-kelly griffinDesigning for the all wireless office ash chowdappa-kelly griffin
Designing for the all wireless office ash chowdappa-kelly griffin
 
3 air wave practical workshop_mike bruno_matt sidhu
3 air wave practical workshop_mike bruno_matt sidhu3 air wave practical workshop_mike bruno_matt sidhu
3 air wave practical workshop_mike bruno_matt sidhu
 
2 top10 tips from aruba tac rizwan shaikh
2 top10 tips from aruba tac rizwan shaikh2 top10 tips from aruba tac rizwan shaikh
2 top10 tips from aruba tac rizwan shaikh
 
1 voice and video over wi fi-balajee krishnamurthy
1 voice and video over wi fi-balajee krishnamurthy1 voice and video over wi fi-balajee krishnamurthy
1 voice and video over wi fi-balajee krishnamurthy
 
Rf troubleshooting advanced kelly griffin_peter lane
Rf troubleshooting advanced kelly griffin_peter laneRf troubleshooting advanced kelly griffin_peter lane
Rf troubleshooting advanced kelly griffin_peter lane
 
2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals
 
2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentals2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentals
 
Mac authentication amigopod radius
Mac authentication amigopod radiusMac authentication amigopod radius
Mac authentication amigopod radius
 
Gigabit wifi 802.11 ac in depth_peter thornycroft
Gigabit wifi 802.11 ac in depth_peter thornycroftGigabit wifi 802.11 ac in depth_peter thornycroft
Gigabit wifi 802.11 ac in depth_peter thornycroft
 
Creating an 802 1 xv3
Creating an 802 1 xv3Creating an 802 1 xv3
Creating an 802 1 xv3
 
Spectralink airheads 2013
Spectralink airheads 2013Spectralink airheads 2013
Spectralink airheads 2013
 
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
 
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
 
8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...
 
Aruba networks webinar_wi-fi_without_interruption_sep20_2012
Aruba networks webinar_wi-fi_without_interruption_sep20_2012Aruba networks webinar_wi-fi_without_interruption_sep20_2012
Aruba networks webinar_wi-fi_without_interruption_sep20_2012
 
2012 ah emea advanced mobility design
2012 ah emea advanced mobility design2012 ah emea advanced mobility design
2012 ah emea advanced mobility design
 
Do d directives regarding wireless lan
Do d directives regarding wireless lanDo d directives regarding wireless lan
Do d directives regarding wireless lan
 
2012 ah vegas top10 tips from aruba tac
2012 ah vegas top10 tips from aruba tac2012 ah vegas top10 tips from aruba tac
2012 ah vegas top10 tips from aruba tac
 
Aruba instant the easy button for wireless gokul rajagopalan
Aruba instant the easy button for wireless gokul rajagopalanAruba instant the easy button for wireless gokul rajagopalan
Aruba instant the easy button for wireless gokul rajagopalan
 
2012 ah vegas unified access fundamentals
2012 ah vegas unified access fundamentals2012 ah vegas unified access fundamentals
2012 ah vegas unified access fundamentals
 

Ähnlich wie Clear pass policy manager advanced_ashwath murthy

Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Aruba, a Hewlett Packard Enterprise company
 

Ähnlich wie Clear pass policy manager advanced_ashwath murthy (20)

Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
 
Access Management with Aruba ClearPass #AirheadsConf Italy
Access Management with Aruba ClearPass #AirheadsConf ItalyAccess Management with Aruba ClearPass #AirheadsConf Italy
Access Management with Aruba ClearPass #AirheadsConf Italy
 
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
 
Shanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPassShanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPass
 
Defining Advanced AAA Policies for Access Networks
Defining Advanced AAA Policies for Access NetworksDefining Advanced AAA Policies for Access Networks
Defining Advanced AAA Policies for Access Networks
 
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf ItalyAdvanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
 
BYOD with ClearPass
BYOD with ClearPassBYOD with ClearPass
BYOD with ClearPass
 
Building an aruba proof of concept lab javier urtubia
Building an aruba proof of concept lab javier urtubiaBuilding an aruba proof of concept lab javier urtubia
Building an aruba proof of concept lab javier urtubia
 
Breakout - Airheads Macau 2013 - BYOD, MDM, and MAM
Breakout - Airheads Macau 2013 - BYOD, MDM, and MAM Breakout - Airheads Macau 2013 - BYOD, MDM, and MAM
Breakout - Airheads Macau 2013 - BYOD, MDM, and MAM
 
Security advanced rich langston_jon green
Security advanced rich langston_jon greenSecurity advanced rich langston_jon green
Security advanced rich langston_jon green
 
Encryption authentication access_control_jon green
Encryption authentication access_control_jon greenEncryption authentication access_control_jon green
Encryption authentication access_control_jon green
 
Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment Challenges
 
Shanghai Breakout: Wireless LAN Security Fundamentals
Shanghai Breakout: Wireless LAN Security Fundamentals Shanghai Breakout: Wireless LAN Security Fundamentals
Shanghai Breakout: Wireless LAN Security Fundamentals
 
Remote Wireless LANs
Remote Wireless LANsRemote Wireless LANs
Remote Wireless LANs
 
Mobility switch security architecture scott calzia madani adjali
Mobility switch security architecture scott calzia madani adjaliMobility switch security architecture scott calzia madani adjali
Mobility switch security architecture scott calzia madani adjali
 
Next generation remote networks aruba instant gokul rajagopalan
Next generation remote networks aruba instant gokul rajagopalanNext generation remote networks aruba instant gokul rajagopalan
Next generation remote networks aruba instant gokul rajagopalan
 
Enabling the Virtual Enterprise
Enabling the Virtual EnterpriseEnabling the Virtual Enterprise
Enabling the Virtual Enterprise
 
Unified access with Aruba Mobility Access Switches – Live Demo
Unified access with Aruba Mobility Access Switches – Live DemoUnified access with Aruba Mobility Access Switches – Live Demo
Unified access with Aruba Mobility Access Switches – Live Demo
 
Wireless LAN Security Fundamentals #AirheadsConf Italy
Wireless LAN Security Fundamentals #AirheadsConf ItalyWireless LAN Security Fundamentals #AirheadsConf Italy
Wireless LAN Security Fundamentals #AirheadsConf Italy
 
Industry breakout government military forum_jon green_stuart schulte
Industry breakout government military forum_jon green_stuart schulteIndustry breakout government military forum_jon green_stuart schulte
Industry breakout government military forum_jon green_stuart schulte
 

Mehr von Aruba, a Hewlett Packard Enterprise company

Mehr von Aruba, a Hewlett Packard Enterprise company (20)

EMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba CentralEMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba Central
 
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.xEMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
 
EMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS SwitchEMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS Switch
 
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchEMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
 
Introduction to AirWave 10
Introduction to AirWave 10Introduction to AirWave 10
Introduction to AirWave 10
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
 
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.xEMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
 
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPMEMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
 
EMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP DeploymentEMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP Deployment
 
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xEMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
 
EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2 EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2
 
Airheads Meetups: 8400 Presentation
Airheads Meetups: 8400 PresentationAirheads Meetups: 8400 Presentation
Airheads Meetups: 8400 Presentation
 
Airheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau PresentationAirheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau Presentation
 
Airheads Meetups- High density WLAN
Airheads Meetups- High density WLANAirheads Meetups- High density WLAN
Airheads Meetups- High density WLAN
 
Airheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes ArubaAirheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes Aruba
 
EMEA Airheads - Multi zone ap and centralized image upgrade
EMEA Airheads - Multi zone ap and centralized image upgradeEMEA Airheads - Multi zone ap and centralized image upgrade
EMEA Airheads - Multi zone ap and centralized image upgrade
 
Bringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access PointBringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access Point
 
EMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
EMEA Airheads- Aruba 8.x Architecture overview & UI NavigationEMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
EMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
 
EMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN TroubleshootingEMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN Troubleshooting
 

KĂźrzlich hochgeladen

Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Puja Sharma
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptx
Roofing Contractor
 
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
daisycvs
 
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptxQSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
DitasDelaCruz
 
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in PakistanChallenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
vineshkumarsajnani12
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
pr788182
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
daisycvs
 
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book nowPARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
 
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
pr788182
 

KĂźrzlich hochgeladen (20)

Puri CALL GIRL ❤️8084732287❤️ CALL GIRLS IN ESCORT SERVICE WE ARW PROVIDING
Puri CALL GIRL ❤️8084732287❤️ CALL GIRLS IN ESCORT SERVICE WE ARW PROVIDINGPuri CALL GIRL ❤️8084732287❤️ CALL GIRLS IN ESCORT SERVICE WE ARW PROVIDING
Puri CALL GIRL ❤️8084732287❤️ CALL GIRLS IN ESCORT SERVICE WE ARW PROVIDING
 
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptx
 
Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...
Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...
Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...
 
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
 
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptxQSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
 
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in PakistanChallenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAIGetting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTSDurg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
 
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book nowPARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business Potential
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 

Clear pass policy manager advanced_ashwath murthy

  • 1. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 1 #airheadsconf#airheadsconf ClearPass Policy Manager – Advanced Ashwath Murthy 03/15/2013
  • 2. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 2 #airheadsconf ClearPass – Policy Model Authorization – What and Why? Profile – How does it work? Clustering & Deployment Q & A Agenda
  • 3. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 3 #airheadsconf#airheadsconf3 ClearPass Policy Model
  • 4. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 4 #airheadsconf •  What constitutes the policy model? •  How does it work? •  What are the interactions between various components? •  How does the policy model affect configuration & deployment? ClearPass Policy Model
  • 5. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 5 #airheadsconf ClearPass Policy Model Policy Identity Health Device Conditions • Role • Department • Group •  AV, AS, FW • Registry Keys • Services… • Device type, status, health • Address, O/S • Corp. Owned • Time • Location • Day of Week
  • 6. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 6 #airheadsconf What’s the flow? Authenticate • Valid Authentication Authorize • Find Out What’s Allowed Associate Context • Device, Time, Location, Posture Enforce on NAS • Roles, ACLs, VLANs
  • 7. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 7 #airheadsconf What Are The Interactions? RADIUS Server – Authenticate Policy Server – Authorize Policy Server – Associate Context Policy Server – Decision Tree RADIUS Server – Enforce
  • 8. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 8 #airheadsconf Service Flow – 802.1X Layer 2 RADIUS Request Layer 2 Authentication Layer 2 Authorization Layer 2 Role Derivation Layer 2 RADIUS Enforcement Layer 3 Profile Layer 2 NAP Layer 3 OnGuard
  • 9. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 9 #airheadsconf •  Layer 2 Authentications are completed first –  Full Authorization –  Role Derivation –  NAP (if enabled) –  Layer 2 Enforcement •  Layer 3 : Profile next –  DHCP Request, DHCP Offer –  RFC 3576 – Change of Authorization •  Another Layer 2 authentication! –  No RFC 3576 message if “fingerprint” does not change •  Layer 3 : Collect Posture last (OnGuard) –  Posture over HTTPS –  RFC 3576 based on policy •  Another Layer 2 authentication! Service Flow – Implications
  • 10. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 10 #airheadsconf#airheadsconf10 Authorization – What and Why?
  • 11. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 11 #airheadsconf •  Authentication vs. Authorization •  Authorization & ClearPass •  Use Cases Authorization – What and Why?
  • 12. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 12 #airheadsconf Authorization & ClearPass •  “Authorization” Sources in ClearPass –  Where do I find them? –  How do I use them? –  How often does ClearPass talk to an authorization source? –  What happens in case something goes wrong?
  • 13. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 13 #airheadsconf •  An “Authentication Source” is an “Authorization Source” –  RADIUS Server vs. Policy Server Authorization Sources – Where?
  • 14. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 14 #airheadsconf Authorization Sources – How? Authentication Sources are automatic Authorization Sources Additional Authorization Sources enabled per Service No Authorization unless used in Roles!
  • 15. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 15 #airheadsconf Authorization Sources – How? Authorize with Active Directory Authorize with Profile Data Rule Algorithm : Evaluate All
  • 16. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 16 #airheadsconf •  Ok, great. But will ClearPass flood my AD with authorization requests? –  Authorization data is cached per user –  New request made to fetch data once the cache expires –  Cache timers can be tuned Authorization – How? Cache Timeout Default: 10 hours
  • 17. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 17 #airheadsconf •  Got it •  But I just made a bunch of changes on my AD. Should I need to wait 10 hours? –  Tune the cache timers –  “Clear Cache” button on the Authentication Source •  Wipes out cache for all users –  “Save” button on the Authentication Source •  Wipes out cache for all users –  Restart Policy Server •  BAD IDEA!!! Authorization – How?
  • 18. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 18 #airheadsconf •  If an Authentication/Authorization Source is not reachable –  Configure Backup Servers –  Configure Fail-Over Timeout Authorization – Uh-Oh! Fail-Over Timeout Backup Servers
  • 19. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 19 #airheadsconf Use Cases – Mergers & Acquisitions Active Directory Domain – avendasys.com Active Directory Domain – arubanetworks.com
  • 20. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 20 #airheadsconf Authentication & Authorization Sources for TLS Certificate Details used for Authorization Enable Authorization – Source specified in the Service Compare Certificate – Source specified in the Service Use Cases – Certificates & TLS
  • 21. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 21 #airheadsconf •  LDAP/SQL Interface to Asset Databases –  Key : MAC Address –  Authorization Attributes •  Ownership – Corporate vs. Personal •  Compliance Status – In/Out of compliance –  Identify corporate-owned non-Windows devices Use Cases – Asset Databases
  • 22. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 22 #airheadsconf#airheadsconf22 Profile – How does it work?
  • 23. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 23 #airheadsconf •  Profile & Network Data •  Automatic Profile “upgrades” •  Using Profile data in policy •  Configuring Profile –  DHCP? HTTP? SNMP? •  Use Cases Profile – How does it work?
  • 24. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 24 #airheadsconf •  What does ClearPass use to profile? –  MAC OUIs –  DHCP Request, DHCP Offer –  HTTP User-Agent –  MDM Fingerprints –  Device Interrogation –  SNMP/CDP/LLDP Data Profile & Network Data
  • 25. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 25 #airheadsconf Fingerprint Updates •  Subscribe to Fingerprint Updates –  Automatic reclassification –  Updated frequently •  Tell Aruba! –  Create policy exceptions –  Grab fingerprints from UI –  Send fingerprints to Aruba –  Crowd-sourced, community oriented
  • 26. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 26 #airheadsconf •  Automatic 3-level categorization –  Device Category, OS Family, Device Name •  Using raw profile data –  DHCP Data, HTTP User-Agent, SNMP Data •  Role Mapping –  What should I use? •  Enforcement –  How do I enforce? –  What are the benefits? Using Profile data in policy
  • 27. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 27 #airheadsconf •  DHCP Relay –  Where should I setup DHCP relays? •  Captive Portal Configuration –  Is there a knob for this? •  Reading SNMP Data –  CDP –  LLDP –  HR MIB –  SysDescr MIB Configuring Profile – Network Considerations
  • 28. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 28 #airheadsconf •  Policy – CEOs & iPads •  Policy – “Headless” Devices •  Visibility – Demystifying BYODs Use Cases
  • 29. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 29 #airheadsconf Use Cases – CEOs & iPads Assign Roles Enforce Access
  • 30. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 30 #airheadsconf Use Cases – Headless Devices Identify & Assign Roles To Headless Devices
  • 31. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 31 #airheadsconf Use Cases – Visibility
  • 32. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 32 #airheadsconf#airheadsconf32 Clustering & Deployment
  • 33. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 33 #airheadsconf •  Clustering Technology –  What’s replicated? What’s not? •  Deploying ClearPass Clusters –  Considerations •  Operations & Maintenance –  What happens when a ClearPass node is down? –  Events & Alerts –  Rescue & Recovery Clustering & Deployment
  • 34. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 34 #airheadsconf •  What’s replicated? –  All policy configuration elements –  All Audit data –  All identity store data •  Guest Accounts, Endpoints, Profile data –  Runtime Information •  Authorization status, Posture status, Roles •  Connectivity Information, NAS Details –  Database replication on port# 5432 over SSL –  Runtime replication on port# 443 over SSL Clustering Technology
  • 35. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 35 #airheadsconf •  What’s not replicated? –  Log files –  Authentication Records –  Accounting Records –  System Events –  System Monitor Data Clustering Technology
  • 36. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 36 #airheadsconf •  How do they connect? –  Requires IP connectivity (bi-directional) •  Port # 5432 (Database over SSL) •  Port# 80 (HTTP) •  Port #443 (HTTPS) •  Port #123 (NTP) •  How much data should we expect to see crossing the wire? –  Only elements in the configuration database –  First sync is a full database copy –  Subsequent sync – Delta changes propagated Clustering – Considerations
  • 37. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 37 #airheadsconf Clustering – Considerations PUBLISHER SUBSCRIBER 1 SUBSCRIBER 2 SUBSCRIBER 3 SUBSCRIBER 4 SUBSCRIBER 5 SUBSCRIBER 6 Hub & Spoke
  • 38. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 38 #airheadsconf Clustering – Considerations CPPM – Publisher DNS DHCP Identity Stores Main Data Center Mid-size Branch Regional Office DMZ CPPM Subscriber VM CP Guest CP Onboard CPPM Subscriber CPPM Subscriber •  Central / Distributed Admin Domains •  Redundancy/Load Balancing •  Cluster wide licenses
  • 39. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 39 #airheadsconf •  What happens when a node goes down? –  Operations •  If Deployed Right – Nothing •  RADIUS Backup settings on the NAS –  If the Publisher goes down •  No Database Writes Allowed!! •  Promote a Subscriber to a Publisher •  Resume configuration updates Operations & Maintenance
  • 40. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 40 #airheadsconf •  How long before ClearPass figures out something’s wrong? –  24 hours before it automatically “drops” a node from the cluster –  Cluster Synchronization Warnings •  1 event every hour x 24 hours = 24 events –  CPU/Memory Usage Warnings  Every 2 Minutes –  Server Certificate Warnings  Every 24 Hours –  Service Alerts  Immediate •  Email/SMS Alerts using Insight, Syslog & SNMP Events & Alerts
  • 41. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 41 #airheadsconf •  Rescue & Recovery –  Establish cluster connectivity •  Database sync will ensue. Watch for “Last Sync Time” –  Restore certificates •  Server Certificates are not installed as a part of the sync –  Restore log entries (If necessary) •  Caveat : High disk activity for an extended period of time –  Verify fail-back on the NAS •  NAS fail-back timers should kick in Operations & Maintenance
  • 42. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 42 #airheadsconf#airheadsconf42 Q & A
  • 43. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 43 #airheadsconf#airheadsconf Thank You
  • 44. CONFIDENTIAL Š Copyright 2013. Aruba Networks, Inc. All rights reserved 44 #airheadsconf#airheadsconf44