Security

Reply
MVP
Posts: 1,414
Registered: ‎11-30-2011

ClearPass and MobileIron MDM integration

had some experience with the MDM integration (Endpoint Context Server) of MobileIron (VSP version 5.9) recently that i would like to share.

the configuration seems quite simple and it is. just fill in the Server Name (IP or FQDN) of the VSP. the Server Base URL hostname part has to match with the servername, the error was unclear but with some trial and error we figured it out (i.e you cant do vsp01 with https://vsp01.domain.ext). with an on premise (not cloud based) deployment of MobileIron the Server Base URL can be kept as is. the user needs to be added to the MobileIron VSP with the API role.

checking if it works correctly or not is done via the event viewer. you do need to see something, either an error or success. you should directly see something after you add the Endpoint Context Server or update the settings (even if you keep them the same)

if you see nothing there is an issue. this happened during this setup initially, tried a couple of things and in the end patched to 6.2.5. the behaviour in the capture was that the https session seemed to happen but then the MobileIron ended the session. after the upgrade the data ended up in the Endpoint repository fine.

Aruba
Posts: 1,548
Registered: ‎06-12-2012

Re: ClearPass and MobileIron MDM integration

Thank you for sharing. I'm sure others will benefit from this

 

Some of the MDM vendors decided to change the way you connect and require some type of sever validation so that was added in later versions of 6.2 and 6.3

 

mobileiron.png

 

One other piece that you will start hearing a lot about that was added in 6.3 is Clearpass Exchange. I will try to do a post later on this week with a little bit more detail, but essentially it gives you free range to integrate with many different 3 party vendors instead of having to wait for us to add it to the latest release.

 

One example is that you will now have to ability not only to get info from the MDM providers, but you will also be able to send commands (PUT, GET, POST, and DELETE).

 

With Mobile Iron you will now be able to send a remote wipe or lock to the device if they violate some policy you have in place.

 

commands.png

 

 

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: