Higher Education

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
Highlighted
New Contributor
Posts: 11
Registered: ‎08-18-2015
Endpoint Profiler

Any idea why Apple TV's are showing up under the SmartDevice catagory instead of Home Audio/video Equipment?

Guru Elite
Posts: 8,457
Registered: ‎09-08-2010
Re: Endpoint Profiler
Unfortunately Apple uses the same DHCP fingerprint, OUI blocks and operating system on the Apple TV and it will sometimes get profiled as a generic iOS device.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 500
Registered: ‎04-03-2007
Re: Endpoint Profiler
How can we reliably get appletvs profiled? They require specific inbound permissions and therefore specific policy enforcement, so it's necessary to profile these correctly. Advice?

===========
Ryan Holland
(sent while mobile)
==========
Ryan Holland, ACDX #1 ACMX #1
The Ohio State University
Guru Elite
Posts: 8,457
Registered: ‎09-08-2010
Re: Endpoint Profiler
We have not found and distinct profile information on many models. The general recommendation has been to leverage Device Registration or use EAP-TLS on these devices and leverage certificate properties for policy.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 500
Registered: ‎04-03-2007
Re: Endpoint Profiler
For device registration though, how do we ensure the device being registered as an AppleTV is actually an AppleTV?
For EAP-TLS, what methodology do you recommend to create a certificate for the device with the appropriate properties since the AppleTV cannot “click through” any on boarding workflow?
==========
Ryan Holland, ACDX #1 ACMX #1
The Ohio State University
Guru Elite
Posts: 8,457
Registered: ‎09-08-2010
Re: Endpoint Profiler
In policy, you can leverage the IF-MAP data that will confirm it's an Apple TV and compare that to how it was registered.

For the certificate piece, university ATVs can be enrolled using Apple Configurator.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II
Posts: 143
Registered: ‎05-12-2010
Re: Endpoint Profiler
What about student or faculty owned devices?

Bruce Osborne
Sent from my iPhone
Bruce Osborne - Wireless Engineer
ACCP
Guru Elite
Posts: 8,457
Registered: ‎09-08-2010
Re: Endpoint Profiler
You can just leverage device registration with AirGroup for the personal devices.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II
Posts: 143
Registered: ‎05-12-2010
Re: Endpoint Profiler
Does that verify it is an Apple TV?

Bruce Osborne
Sent from my iPhone
Bruce Osborne - Wireless Engineer
ACCP
Guru Elite
Posts: 8,457
Registered: ‎09-08-2010
Re: Endpoint Profiler
You would let the use register it as a media player and then in policy verify the profile and IF-MAP data. This is a common deployment.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480