Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass integration with SAP Afaria

This thread has been viewed 0 times

  • 1.  Clearpass integration with SAP Afaria

    Posted Nov 18, 2013 09:29 PM

    Hi there,

     

              I am handling a new project here and there is a specific requirement where the Aruba Clearpass Onboard will have to work with SAP Afaria for BYOD and Onboarding. 

     

            All i can think of would be that the Clearpass can pool the MAC Address tables from the Afaria Server and once the device is authenticated , Clearpass will issue the certificate to allow access into the wireless network. 

     

           Or is it possible that the Onboard can replace the SAP Afaria altogether? 

     

           Please advice.



  • 2.  RE: Clearpass integration with SAP Afaria
    Best Answer

    Posted Nov 20, 2013 11:12 PM

    ClearPass does not support MDM integration with SAP Afaria.  MDM integration allows you to add a supported MDM server as an "external context server".  ClearPass polls context servers on an interval, grabbing various attributes about your enrolled devices.  These attributes can then be used to make policy decisions.  Some of the more well known MDM products are supported: JAMF, MobileIron, Airwatch, etc.

     

    There may be other creative ways of integrating with SAP Afaria.  If there's a database on the server that can be queried, you could add it as an authorization source.  I'm not very experienced with that, but someone else could chime in with the details.

     

    And yes, ClearPass could replace your MDM solution.  CP has WorkSpace, which requires additional licensing.  Here's some information about it: http://www.arubanetworks.com/products/clearpass/personal-byod-portal/



  • 3.  RE: Clearpass integration with SAP Afaria

    Posted Nov 21, 2013 01:47 AM

    Thanks very much for the information on this. 

     

     Now there is actually an change of requirement and in fact, the customer is using MobileIron instead. 

     

    The question and confusion I have right now is:

     

    1) Since the MDM is MobileIron and when the mobile devices are connected into the network, they are already authenticated by MobileIron, in this case, for Clearpass do we still need to have OnBoard License since Clearpass can just pool information from MobileIron

     

    2) Any documentation on how clearpass can retrieve information from Mobileiron?

     

     

    Thanks in advance!



  • 4.  RE: Clearpass integration with SAP Afaria
    Best Answer

    EMPLOYEE
    Posted Nov 21, 2013 02:22 AM


    The question and confusion I have right now is:



    1) Since the MDM is MobileIron and when the mobile devices are connected into the network, they are already authenticated by MobileIron, in this case, for Clearpass do we still need to have OnBoard License since Clearpass can just pool information from MobileIron

    Tarnold: you only need an onboard lic if you have ClearPass provision the certificate.


    2) Any documentation on how clearpass can retrieve information from Mobileiron?

    Tarnold: there is an integration guide on the arubapedia for partners.

    Tech_Note_-_ClearPass_MDM_Integration.pdf


  • 5.  RE: Clearpass integration with SAP Afaria

    Posted Nov 21, 2013 02:33 AM

    Thank you! I didnt know Arubapedia exist until you pointed me there! 

     

    I will have lots of fun there. Cheers everyone!