Security

I have a cluster of devices across the world and I would like to have separate services running on the subscriber devices. Is this possible? it looks like the services are pushed out from the publisher and cannot be disabled/enabled on the subscriber.The issue here is that SSIDs etc will be the same in each region so devices in the US will match the same service as devices in the UK - however I would like them to authenticate to local sources. If I configure a service to point to the UK AD, devices in the US will authenticate against this source - traversing the WAN instead of locally. Will I need to find a way to match a service depending on where the NAD is located.

It would be a good solution if I could group all the UK NAD devices under Network>Device groups and then match the service on the group - can this be done i've looked under the service rule type/name but cant find a match.

That sounds like a good idea! You should create a feature request.

https://arubanetworkskb.secure.force.com/cp/ideas/ideaList.apexp

Yes, you can do this; I"ve used it many times.  The filter is:

Connection --> NAD-IP-Address --> BELONGS_TO_GROUP --> Name of your group 

This coupled with services for each region will allow UK controllers to authenticate against UK domain controllers and so on.

That seems to be exactly what I need - thanks for the solution.