implementing aruba clearpass at bcit
play

Implementing Aruba ClearPass at BCIT Use Cases and Experience ABOUT - PowerPoint PPT Presentation

Conference 2018 Conference 2018 Implementing Aruba ClearPass at BCIT Use Cases and Experience ABOUT ARUBA Agenda Presenter Introductions Introduction to Aruba and Clear Pass Policy Manager BCIT adoption of CPPM Use Cases and


  1. Conference 2018 Conference 2018 Implementing Aruba ClearPass at BCIT Use Cases and Experience

  2. ABOUT ARUBA Agenda Presenter Introductions ¡ Introduction to Aruba and Clear Pass Policy Manager ¡ BCIT adoption of CPPM – Use Cases and Experience ¡ Other Higher Education CPPM use cases ¡ Conference 2018

  3. Presenter Introductions ¡ Joubin Moshrefzadeh - BCIT ¡ Jason Fernyc - Aruba ¡ Marko Majkic - Aruba Conference 2018

  4. About Aruba Conference 2018

  5. Products Overview MOBILE FIRST ARCHITECTURE IT SERVICES BUSINESS AND USER FACING APPLICATIONS BEST-IN-CLASS ECOSYSTEM SECURITY MANAGEMENT LOCATION SOFTWARE PLATFORM AirWave ClearPass IntroSpect NetInsight Aruba OS Central Meridian SECURE INFRASTRUCTURE VIA CLIENT WIRED WIRED WAN Wi-Fi | BLE | TAGS REMOTE ACCESS ACCESS CORE/AGG Mobile First | Secure | Open | Insightful and Autonomous Conference 2018

  6. What Is Clear Pass Policy Manager (CPPM) Conference 2018

  7. CPPM Secure NAC Solution VISIBILITY • Know what's connected, connecting in your wired &wireless multivendor environment CONTROL • Reduce risk and workload through Automation – All devices Authenticated or Authorized – NO UKNOWN DEVICES RESPONSE • Adaptive response brokering best of breed security solutions 2 Conference 2018

  8. CPPM Exchange: End to End Control REST API, Security monitoring and Syslog threat prevention Internet of Things (IoT) Multi-vendor switching Device management and multi-factor authentication Aruba ClearPass with BYOD and Exchange Ecosystem Multi-vendor Helpdesk and voice/SMS corporate owned service in the cloud WLANs Conference 2018

  9. BCIT Implementation of CPPM ¡ Main drivers for ClearPass ¡ Initial Implementation ¡ Additional services integrated ¡ Benefits gained (and challenges) 2 Conference 2018

  10. Main Drivers for ClearPass ¡ Wireless guest self-registration ¡ Easier guest account management ¡ Decoupling guest accounts from institute directory ¡ Standard approach to varying authentication sources ¡ Reducing complexity 2 Conference 2018

  11. Initial Implementation Before ClearPass After ClearPass BCIT BCIT_Connect Open Captive Portal-based network for guests and Guest self-registration and access § § non-802.1x clients Client auto-configuration for our secure networks (via § LDAP via Active Directory QuickConnect) § Radius with MAC caching via ClearPass (guest DB) BCIT_Secure § BCIT_Secure 802.1x network for staff and students § Radius via AD-joined NPS server Radius via ClearPass (AD joined + LDAP) § § eduroam eduroam 802.1x network for staff, students, and visitors Radius via ClearPass (AD joined + LDAP) § § Radius via Radiator on Windows Server § Conference 2018

  12. Additional Services Integrated Residence PPPoE Service ¡ Radius auth against ClearPass (SQL lookup in Banner) BCIT_IOTNet Network ¡ WPA2-PSK network with MAC auth (static host lists) Juniper User Access and Authentication ¡ Radius auth against ClearPass (local DB) 2 Conference 2018

  13. Benefits Gained Easier troubleshooting ¡ One system to troubleshoot ¡ Easy to access logging and tracking information Stronger policy enforcement ¡ Re-use same policies/profiles across multiple services Single authentication frontend to varied backend repositories ¡ AD, SQL, local DB, local static host lists 2 Conference 2018

  14. Conference 2018

  15. Conference 2018

  16. Conference 2018

  17. Conference 2018

  18. Conference 2018

  19. Conference 2018

  20. Conference 2018

  21. Benefits Gained Easier troubleshooting ¡ One system to troubleshoot ¡ Easy to access logging and tracking information Stronger policy enforcement ¡ Re-use same policies/profiles across multiple services Single authentication frontend to varied backend repositories ¡ AD, SQL, local DB, local static host lists 2 Conference 2018

  22. Conference 2018

  23. Conference 2018

  24. Benefits Gained Easier troubleshooting ¡ One system to troubleshoot ¡ Easy to access logging and tracking information Stronger policy enforcement ¡ Re-use same policies/profiles across multiple services Single authentication frontend to varied backend repositories ¡ AD, SQL, local DB, local static host lists 2 Conference 2018

  25. Conference 2018

  26. Challenges Steep learning curve ¡ Four products (Policy Manager, Guest, Insight, Onboard) ¡ There are a lot of features and options Redundancy can be complex ¡ Opted for geographically split HA cluster with Virtual IP 2 Conference 2018

  27. ENABLING COLLABORATION Challenge #1 Collaboration/AV Systems are Expensive to deploy, configure & maintain across the Campus. Challenge #2 Collaboration/AV Systems are difficult for Faculty, Staff & Student End-Users to understand & leverage. Challenge #3 Collaboration/AV Systems are difficult to Secure and Control. 2 Conference 2018

  28. ENABLING COLLABORATION Conference 2018

  29. ARUBA ENABLING COLLABORATION Conference 2018

  30. CONTROL OF WIRED & IOT NETWORKS Challenge #1 Legacy networks aren’t designed to easily support critical building, dormitory, classroom, and IoT systems. Non-Traditional devices (beyond laptops, tablets and smartphones) will soon out number traditional devices by a significant margin. Challenge #2 Most fixed Wired Devices are not in traditional data stores (e.g. Active Directory), nor are they managed via the same mechanisms (e.g. Group Policy) Challenge #3 IoT systems – both open and closed - have vulnerable attack surfaces that can expose systems, users, and facilities to security and privacy breaches 2 Conference 2018

  31. ARUBA CENTRALIZED POLICY CONTROL for IOT Aruba ClearPass Student VLAN Printer VLAN Conference 2018

  32. POSTURE CONTROL OF CLIENTS Challenge #1 Clients of all kinds can easily be infected by Malware, Spyware, Virus and/or Ransomware. Challenge #2 How to be enforce a uniform set of security requirements across client base, including organization owned and personally owned devices. 2 Conference 2018

  33. ARUBA POSTURE CONTROL OF CLIENTS ClearPass OnGuard Access Network VPN Enforce Uniform Policy Minimizes Risk to Network • Block access to network resources across wired, wireless & remote • Auto-Remediate the device Conference 2018

  34. ARUBA POSTURE CONTROL OF CLIENTS Persistent and dissolvable agents for laptops and desktops. Conference 2018

  35. OPTIMIZING IT OPERATIONS Challenge #1 IT Personnel & Resources are stretched to keep up with current network requirements incorporating laptops, tablets, and smartphones as devices per user, and BYOD trends continue to ramp. Challenge #2 IoT deployments will further stretch existing resources and budgets due to exponential and unprecedented “non-traditional” device types with limited user interfaces. 2 Conference 2018

  36. ARUBA IT OPERATIONS AUTOMATION UEBA PERIMETER PROTECTION MDM / EMM SECURITY INTELLIGENCE SYSTEMS / DB NETWORK INFRASTRUCTURE 2 Conference 2018

  37. Conference 2018 Conference 2018 Thank You!

Recommend


More recommend