Security

 View Only
  • 1.  Solarwinds NCM Auto-Backup ClearPass Configuration

    Posted Oct 04, 2022 03:24 AM
    Hi All,

    Customer looking for a solution to integrate CPPM with Solarwinds NCM in terms of auto-backup, configuration comparison, and auto-deletion of old backup (sort of retention period).

    Is this achievable or anyone done this before ?

    Or is this can be done with help of API ?

    For the configuration comparison, is there any more sophisticated solution out there ?


  • 2.  RE: Solarwinds NCM Auto-Backup ClearPass Configuration

    Posted Oct 11, 2022 05:00 AM
    ClearPass has a built-in automatic backup system, with auto-deletion and the option to push the backup to an external server (SCP/SFTP/NFS from the top of my head).

    Configuration comparison will be hard because there is a lot of things changing in the ClearPass databases. You could use the Audit logs (and optionally send it to an external syslog server) to see individual changes by admin user id to the configuration and store/audit those.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: Solarwinds NCM Auto-Backup ClearPass Configuration

    Posted Oct 13, 2022 04:42 AM
      |   view attached
    Hi Herman, thanks as always.

    My customer wants three things to achieve, as they pursue to match my employer's contract agreement to them:
    - backup configuration -> auto-backup to external server
    - configuration management -> auto-delete the backup file and delta-configuration maintainer
    - compliance management -> like a hardening configuration maintainer

    For example pertaining to compliance management, can this API help ? Example if someone changes this config, can clearpass send some API to a server to notify this change ? Or will the HTTP context server actions help as well ?
    API Explorer - GlobalServerConfiguration-v1



  • 4.  RE: Solarwinds NCM Auto-Backup ClearPass Configuration

    Posted Oct 13, 2022 07:33 AM
    - backup configuration -> auto-backup to external server
    Natively supported in ClearPass
    - configuration management -> auto-delete the backup file and delta-configuration maintainer
    This would be handled by the external server. 

    - compliance management -> like a hardening configuration maintainer
    You can configure ClearPass to send syslogs for audit events (configuration changes) to an external syslog collector.



  • 5.  RE: Solarwinds NCM Auto-Backup ClearPass Configuration

    Posted Mar 01, 2023 05:31 AM

    Hi Herman,

    Config changes that we want to monitor for example:

    • show version (firmware version)
    • Banner MOTD at the /tips page
    • Password policy for local and admin users, is it still intact
    • Content Security Policy (CSP)
    • TLS 1.1 and 1.0 support under cluster-wide parameters
    • etc

    Attached the solarwinds GUI of the compliance report page. If anyone has done it, or if Aruba planned to integrate this feature, to solarwinds, please let us know.