Security

Reply
Occasional Contributor I
Posts: 5
Registered: ‎05-28-2015

Deployment Options for identifying personal devices and corporate devices on network

I wanted to see what is the current deployment scenarios/options for deploying BYOD with ClearPass.

 

We want to be able to identify if the device is a corporate device or personal device.  Can anyone give me some options that you are using or that are recommmended by Aruba?

 

Thanks! 

Guru Elite
Posts: 8,732
Registered: ‎09-08-2010

Re: Deployment Options for identifying personal devices and corporate devices on network

Are your corporate devices managed by an MDM and/or joined to Active
Directory?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 4,307
Registered: ‎07-20-2011

Re: Deployment Options for identifying personal devices and corporate devices on network

Do you have an MDM solution in your environment ?
What device are you trying to Onboard? Corporate or Non-Corporate
What devices do you guys use for Corporate ? Windows Domain , MacOSX , etc..
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor I
Posts: 5
Registered: ‎05-28-2015

Re: Deployment Options for identifying personal devices and corporate devices on network

Hi Victor,

 

Do you have an MDM solution in your environment ?

 

No MDM solution in plan. However, we made use one in the future. Can you provide some information on this?


What device are you trying to Onboard? Corporate or Non-Corporate

 

Both. We want to be able to identify if the device is a personal device or corporate device (phone/laptop/ tablet/etc) 

 

Should we have two SSIDs? One that allow corporate devices that has the trusted corporate device and another SSID for BYOD that deploys/onboards another certificate?


What devices do you guys use for Corporate ? Windows Domain , MacOSX , etc.. 

On corporate we have Windows/MAC/iPhone. 

 

Windows/MACs machine are joined to the our Windows' Domain

 

Guru Elite
Posts: 8,732
Registered: ‎09-08-2010

Re: Deployment Options for identifying personal devices and corporate devices on network

You will always need some type of authoritative source of information on the ownership of the device. Many times this is from an MDM where a device can be flagged as personal or corporate, or in some cases, only corporate devices are enrolled in the MDM.

 

Another option is to deploy certificates to your corporate devices and use that as a source of authorization. You could also issue certificates to all devices, regardless of ownership, but utilize a different CA structure to determine ownership.

 

I recommend you reach out to your Aruba ClearPass partner to have a discussion about this. There are many ways of doing this and it varies by environment.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: