Security

last person joined: 15 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Authorization Sources:

This thread has been viewed 20 times

  • 1.  Clearpass Authorization Sources:

    Posted May 24, 2018 03:26 PM

    non-essential background info:

     

    I just recently went through a major upgrade to our CPPM environment from a previous "regime." Things are interesting with the way things work running on our environment....most recent is Safari issues on their latest code release.  The way the configs are setup, we have those guests using safari pointing to 2 different DBs. We have a second guest network running, and it appears as though those client are working fine.

     

    To the point question:

    CPPM has multiple DBs to use.  Insight, Endpoint Repository, Local User, etc.  We have about 12 - 13 different DBs.  

    a.  why so many?

    b.  if defined, when a guest registers, which db will they get placed into by default?

    c.  is it possible they will get inserted into 2 based on the configuration?

    d.  Can you define a policy that will search more than DB to define the guest?

    e.  Can you create your own customized DB (I'm assuming yes)?

     

    I'm sure I will have more to come.  I've searched the help for what each named DB does/should be responsible for and I haven't found it yet.

     

    Many thanks!



  • 2.  RE: Clearpass Authorization Sources:

    EMPLOYEE
    Posted May 24, 2018 03:29 PM

    a.  Because they store different data and are used for different purposes

    b.  Guest User Repository

    c.  No

    d.  Each authentication source will be checked until the user is found

    e.  Internal, no. External, yes.



  • 3.  RE: Clearpass Authorization Sources:

    Posted May 24, 2018 04:53 PM

    Is there an online document/resources that gives this information?  If so, would you mind placing a link?

     

    Perhaps a random question; is the Guest User repository tied to the Clearpass Licenses?

     

    Whats the Difference between Guest User repository, Guest Device Repository, and Endpoints Repository?  Why would I choose one over the other?

     

    Oh yeah, this abyss gets deeper....  

     

    Thank you guys!

     



  • 4.  RE: Clearpass Authorization Sources:

    EMPLOYEE
    Posted May 24, 2018 04:56 PM

    Documentation for what? I’m not sure what you’re asking.

     

    Guest licenses are gone in ClearPass 6.7 and are included as part of the access license.

    Guest User repository holds guest user accounts.
    Guest Device Repository holds device registrations
    Endpoints Repository holds system and custom attributes about devices (profiling, EMM sync, etc).

    I’m not sure what you mean by choosing one over the other. It’s dictated by the workflow you’re using.



  • 5.  RE: Clearpass Authorization Sources:

    Posted May 24, 2018 05:05 PM

    I'm just curious to know where I can find documentation pertaining to what each DB is used for, or what their purpose is. 

     

    I have a feeling some of the Authorization sources are being mis-used etc.  We use 2 different "Guest accounts" and given the size of our company with Global footprint, we are on 6.6.5 so the Guest Licenses still apply to us.  As example, we are licensed for 50K Policy Manager Licenses; 15K Guest licenses...and using a percentage of each.

     

     

     

     

     

     

     

     



  • 6.  RE: Clearpass Authorization Sources:

    EMPLOYEE
    Posted May 24, 2018 05:07 PM
    Each device authenticated against a guest user account consumes a guest license prior to 6.7