Security

I wanted to see what is the current deployment scenarios/options for deploying BYOD with ClearPass.

 

We want to be able to identify if the device is a corporate device or personal device.  Can anyone give me some options that you are using or that are recommmended by Aruba?

 

Thanks! 

Are your corporate devices managed by an MDM and/or joined to Active
Directory?

Do you have an MDM solution in your environment ?
What device are you trying to Onboard? Corporate or Non-Corporate
What devices do you guys use for Corporate ? Windows Domain , MacOSX , etc..

Hi Victor,

 

Do you have an MDM solution in your environment ?

 

No MDM solution in plan. However, we made use one in the future. Can you provide some information on this?

What device are you trying to Onboard? Corporate or Non-Corporate

 

Both. We want to be able to identify if the device is a personal device or corporate device (phone/laptop/ tablet/etc) 

 

Should we have two SSIDs? One that allow corporate devices that has the trusted corporate device and another SSID for BYOD that deploys/onboards another certificate?

What devices do you guys use for Corporate ? Windows Domain , MacOSX , etc.. 

On corporate we have Windows/MAC/iPhone. 

 

Windows/MACs machine are joined to the our Windows' Domain

 

You will always need some type of authoritative source of information on the ownership of the device. Many times this is from an MDM where a device can be flagged as personal or corporate, or in some cases, only corporate devices are enrolled in the MDM.

 

Another option is to deploy certificates to your corporate devices and use that as a source of authorization. You could also issue certificates to all devices, regardless of ownership, but utilize a different CA structure to determine ownership.

 

I recommend you reach out to your Aruba ClearPass partner to have a discussion about this. There are many ways of doing this and it varies by environment.