I wanted to see what is the current deployment scenarios/options for deploying BYOD with ClearPass.
We want to be able to identify if the device is a corporate device or personal device. Can anyone give me some options that you are using or that are recommmended by Aruba?
Do you have an MDM solution in your environment ?
No MDM solution in plan. However, we made use one in the future. Can you provide some information on this?
What device are you trying to Onboard? Corporate or Non-Corporate
Both. We want to be able to identify if the device is a personal device or corporate device (phone/laptop/ tablet/etc)
Should we have two SSIDs? One that allow corporate devices that has the trusted corporate device and another SSID for BYOD that deploys/onboards another certificate?
What devices do you guys use for Corporate ? Windows Domain , MacOSX , etc..
On corporate we have Windows/MAC/iPhone.
Windows/MACs machine are joined to the our Windows' Domain
You will always need some type of authoritative source of information on the ownership of the device. Many times this is from an MDM where a device can be flagged as personal or corporate, or in some cases, only corporate devices are enrolled in the MDM.
Another option is to deploy certificates to your corporate devices and use that as a source of authorization. You could also issue certificates to all devices, regardless of ownership, but utilize a different CA structure to determine ownership.
I recommend you reach out to your Aruba ClearPass partner to have a discussion about this. There are many ways of doing this and it varies by environment.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.