Security

I'm playing around with adding my Filewave MDM server into ClearPass as a Context Endpoint Server. The File wave server support RESTful JSON web based queries and such.

I see where I can set up a "send" message to notify Filewave of information about my clinet, however, I would like to query the filewave server from clear pass and store the results as attributes that I can manipulate for enforcement polices.

I can send the FIlewave server the MAC address of the attaching client.

Filewave returns the machine type, OS version, if the device has been stolen or other information.

I would like to take that JSON result and store each attribute and do some enforcement on it.

Bascially, I just want to send out some JSON and store the returning JSON data and do some stuff with it.

Is this possible?

Today the CPPM Exchange Framework is OUTBOUND. Its one of the items we are looking at developing in the future.

If the Filewave offer a SQL interface we could look at using SQL to grab the data?

The Filewave database is a Postgresql DB and they do support direct ODBC access.

That was going to be my next path to go down. Thoughts and suggestions would be appreciated.

OK... Its not something I can put in an email but........

You'll need to add the MDM as an authentication source to start with. You'll need your port#, DB name, Login Name etc. and hopefully the DB has been opened up to allowing ODBC queries.....

Then your going to have to craft a SQL statement to return what ever attributes you require and want to check....

SELECT FROM XXXXX AS 'MDMPOLICY' FROM MY_DB WHERE BLAH BLAH BLAH BLAH OR BLAH BLAH BLAH OR BLAH BLAH AND BLAH BLAH

Add the this new Auth Source to your service....

Maybe add this also as an Authz source and then define a role  'MDMPOLICY'  = 'XXX' set a ROLE of 'MDM Enrolled'....

Some ideas.......

HTH...!!!!

That's how I thought it would work.

Thanks,

Chris

Chris,

I'm keen to explore this a little deper with you.

Please email me at danny@arubanetworks.com when you have time.