Security

last person joined: yesterday 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Deployment Options for identifying personal devices and corporate devices on network

  • 1.  Deployment Options for identifying personal devices and corporate devices on network

    Posted Nov 10, 2016 12:08 PM

    I wanted to see what is the current deployment scenarios/options for deploying BYOD with ClearPass.

     

    We want to be able to identify if the device is a corporate device or personal device.  Can anyone give me some options that you are using or that are recommmended by Aruba?

     

    Thanks! 



  • 2.  RE: Deployment Options for identifying personal devices and corporate devices on network

    Posted Nov 10, 2016 12:23 PM
    Are your corporate devices managed by an MDM and/or joined to Active
    Directory?


  • 3.  RE: Deployment Options for identifying personal devices and corporate devices on network

    Posted Nov 10, 2016 12:24 PM
    Do you have an MDM solution in your environment ?
    What device are you trying to Onboard? Corporate or Non-Corporate
    What devices do you guys use for Corporate ? Windows Domain , MacOSX , etc..


  • 4.  RE: Deployment Options for identifying personal devices and corporate devices on network

    Posted Nov 10, 2016 12:31 PM

    Hi Victor,

     

    Do you have an MDM solution in your environment ?

     

    No MDM solution in plan. However, we made use one in the future. Can you provide some information on this?


    What device are you trying to Onboard? Corporate or Non-Corporate

     

    Both. We want to be able to identify if the device is a personal device or corporate device (phone/laptop/ tablet/etc) 

     

    Should we have two SSIDs? One that allow corporate devices that has the trusted corporate device and another SSID for BYOD that deploys/onboards another certificate?


    What devices do you guys use for Corporate ? Windows Domain , MacOSX , etc.. 

    On corporate we have Windows/MAC/iPhone. 

     

    Windows/MACs machine are joined to the our Windows' Domain

     



  • 5.  RE: Deployment Options for identifying personal devices and corporate devices on network

    Posted Nov 10, 2016 12:45 PM

    You will always need some type of authoritative source of information on the ownership of the device. Many times this is from an MDM where a device can be flagged as personal or corporate, or in some cases, only corporate devices are enrolled in the MDM.

     

    Another option is to deploy certificates to your corporate devices and use that as a source of authorization. You could also issue certificates to all devices, regardless of ownership, but utilize a different CA structure to determine ownership.

     

    I recommend you reach out to your Aruba ClearPass partner to have a discussion about this. There are many ways of doing this and it varies by environment.