Security

Reply
New Contributor
Posts: 3
Registered: ‎04-17-2013

How can I found which CPPM onboarded devices are not being in use for period of time?

How can I found which CPPM onboarded devices are not being in use for period of time?

 

We are getting very close to our onboard license limit, but we have way less devices then that. However, I have seen three different ways license usage is being cranked up:

 

1 - Leavers devices are not removed and use up licenses - my company have quite a high employees turnover and this is difficult to keep track on

2 - Users upgrading their personal devices (phones and tablets) fairly often and when new devices are added old devices are not removed

3 - Every time when devices OS is being upgraded, devices are being onboarded again. Because of that multiple certificates exist for same devices and (I believe) multiple onboard licenses are used.

 

I need to find the best way to get on top of this. 

Is there a "insight" report I can run that tells me which onboarded devices are not being used?

Any other suggestion to help me keep on top of this would be appreciated?

 

Thanks,

Sasa

MVP
Posts: 4,307
Registered: ‎07-20-2011

Re: How can I found which CPPM onboarded devices are not being in use for period of time?

 

On 6.3 there's a Authentication Source option called Time Source that could potentially help you address using it as an authorization source.

 

I have not played with this yet 

 

2014-02-13 11_49_32-ClearPass Policy Manager - Aruba Networks.png

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Guru Elite
Posts: 8,749
Registered: ‎09-08-2010

Re: How can I found which CPPM onboarded devices are not being in use for period of time?

Also, if you're using DHCP relay profiling and/or IF-MAP integration from the controllers, the "Updated At" attribute in the endpoint database could be a valuable tool.

 

updated-at.PNG


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor
Posts: 3
Registered: ‎04-17-2013

Re: How can I found which CPPM onboarded devices are not being in use for period of time?

Hi Victor,

 

Thanks for your post. Unfortunately we are not at 6.3 yet.

 

Cheers,

Sasa

New Contributor
Posts: 3
Registered: ‎04-17-2013

Re: How can I found which CPPM onboarded devices are not being in use for period of time?

Hi Tim,

 

Thanks for your post.

I have seen sme inacuraccy with profiler and I am not sure how much I can trust this data.

It is definitely worth looking at and I will definitely investigate this.

 

 

Cheers,

Sasa 

Aruba
Posts: 1,548
Registered: ‎06-12-2012

Re: How can I found which CPPM onboarded devices are not being in use for period of time?

[ Edited ]

There is a way to run a report in insight when a device hasn't been seen since a certain time. The issue is that it will list all endpoints not just the Onboarded.

 


I've asked engineering to see if there is something we can do that I dont know of, or is it in the roadmap.

In my example

1. I set it to search the past 6 months (screen shot 1)
2. Added Line two (screen Shot 2) Endpoint&>>>>updated at>>>>Less than or equals to>>>2014-02-01 00:00:00-00

 

I went back any endpoint that hasnt been see in the past 1 month.

 

screenshot_02 Feb. 15 00.30.gif

screenshot_03 Feb. 15 00.30.gif

 

screenshot_04 Feb. 15 00.30.gif

 

screenshot_01 Feb. 15 00.23.gif

 

 

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: