Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass 6.6.1: AirWatch: Enable to fetch Endpoint Security Info

This thread has been viewed 1 times

  • 1.  ClearPass 6.6.1: AirWatch: Enable to fetch Endpoint Security Info

    MVP GURU
    Posted Jul 25, 2016 10:33 AM

    Hi,

     

    It is possible to have more information about this new option with ClearPass 6.6.1 ? when setting a AirWatch Endpoint Context Server

     

    Because the documentation is (not) yet update : http://www.arubanetworks.com/techdocs/ClearPass/6.6/PolicyManager/index.htm#CPPM_UserGuide/Admin/EndpointContextServersAdd_airwatch.htm?Highlight=airwatch



  • 2.  RE: ClearPass 6.6.1: AirWatch: Enable to fetch Endpoint Security Info

    EMPLOYEE
    Posted Jul 25, 2016 10:38 AM

    From the 6.6.1 release notes:

     

    airwatch-release-notes.PNG



  • 3.  RE: ClearPass 6.6.1: AirWatch: Enable to fetch Endpoint Security Info

    MVP GURU
    Posted Jul 25, 2016 10:43 AM

    Yes, i have read the release note...

     

    But what is the "Security Info" ?



  • 4.  RE: ClearPass 6.6.1: AirWatch: Enable to fetch Endpoint Security Info

    EMPLOYEE
    Posted Jul 25, 2016 10:50 AM

    If you check the box, it will pull in all of the extra attributes from AirWatch.



  • 5.  RE: ClearPass 6.6.1: AirWatch: Enable to fetch Endpoint Security Info

    MVP GURU
    Posted Jul 25, 2016 12:12 PM
    @cappalli wrote:

    If you check the box, it will pull in all of the extra attributes from AirWatch.

    Ok, What this extra attributes ?



  • 6.  RE: ClearPass 6.6.1: AirWatch: Enable to fetch Endpoint Security Info

    Posted Jul 25, 2016 05:24 PM

    Let me answer as this is an enhancement that as driven by myself.

     

    We poll for the summary and page in the data we get, parsing this and writing it into our Endpoint DB, we then make secondary calls for every endpoint for more security/policy specific attributes. Their are SIX TAGS in the device XML we get,
     
    IsCompromised
    DataProtectionEnabled
    BlockLevelEncryption
    FileLevelEncryption
    IsPasscodePresent
    IsPasscodeCompliant
     
     
    Now one of these XML TAG attributes <IsCompromised> is also available in the summary poll, its called <CompromisedStatus>.
     
    So by not polling for the security data we save a HUGE amount of extra polling but we do lose the ability to have certain endpoint attributes data available to be used by CPPM in its enforcement process.
     
    But, I've had a number of very large customers 75K+ devices who don't care about the security data but do care about the large overhead of the secondary polling, plus it absolutely kills Airwatch servers.
     
    HTH