03-20-2014 12:16 PM
Another new feature of ClearPass 6.3 is the ability to specify HTTP enforcement actions for Endpoint Context Servers in addition to any RADIUS enforcement already specified. This allows ClearPass to integrate with a variety of web-services enabled systems and leverage the context gathered during network authentication to trigger additional activity. This new capability to integrate with web-services enabled systems is called ClearPass Exchange.
This was showcased at Airheads 2014 where we leveraged RESTful APIs to talk with a mobile device management solution to trigger new actions as well as remediation when a jailbroken device attempted to connect to the network. We used the native push messaging capabilities of the MDM solution to notify the user or this policy violation and leveraged a further integration with the carrier to send a voice message to the user as well. Lastly, our scenario auto-populated a new helpdesk ticket to inform IT of what had happened and what was done. A new video was created to help demonstrate how to use this new Exchange functionality in ClearPass.
The video can be found here. Take a look and feel free to share your thoughts and/or experiences leveraging this new capability within your network to create new automated workflows.
03-20-2014 12:22 PM
Did I also see that it can pass user credentials from the network to a Palo Alto firewall?
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
03-20-2014 12:28 PM
Yes - we have a separate integration with Palo Alto Networks, leveraging an API they recently opened in their OS. The integration with PAN is different in that we are pushing UserID and DeviceID information to them to allow them to leverage in their Policy Engine. What this allows them to do is leverage the ability of CPPM to integrate with multiple ID stores (instead of just AD) and resolve user id information that they didn't see before, as well as leverage our device profiling capabilities to incorporate device details into the Policy Engine (instead of just IP addresses). We have a separate tech note about the integration, which you can find here.