Good Morning friends,
I am seeking information in regard to ClearPass and Chromebooks.
Our district over the years has adopted the use of Chromebooks. When these devices first arrived a unique AD ID was assigned to each Chromebook in order for that specific Chromebook device to authenticate via EAP-PEAP and then placed in a specific VLAN and role on campus wireless controllers.
As we approach 200,000 chromebooks, AD and InfoSec considerations have revealed themselves and we need to investigate certificate based authentication. All these devices are student devices and an automated solution along with the use of our current Google Admin which all these devices are managed, is desired. I have begun to research and have engaged our Google Admin team here as well as our Aruba/TAC resources. I do not want to ever revisit this again for the foreseeable future.
I seek resources for best practices to continue to investigate to determine the best permanent solution. Like everyone out there we have a unique network. Onboarding is in use for Staff devices only. Our guest network is secured allowing for captive portal and google play store access only. Once onboarded faculty devices are placed in a specific vlan.
Three use cases have emerged.
1. How do we automate current connected chromebooks from EAP-PEAP to Cert based EAP-TLS?
2. We need Cert and EAP-TLS deployment via manufacturer"pre-enrollment" processes.
3. Certificates will need to be renewed annually. How do we re-deploy?