SLIDE 1
Conference 2018 ¡
Presenter Introductions
¡
Introduction to Aruba and Clear Pass Policy Manager
¡
BCIT adoption of CPPM – Use Cases and Experience
¡
Other Higher Education CPPM use cases
Implementing Aruba ClearPass at BCIT Use Cases and Experience ABOUT - - PowerPoint PPT Presentation
Implementing Aruba ClearPass at BCIT Use Cases and Experience ABOUT - - PowerPoint PPT Presentation
Conference 2018 Conference 2018 Implementing Aruba ClearPass at BCIT Use Cases and Experience ABOUT ARUBA Agenda Presenter Introductions Introduction to Aruba and Clear Pass Policy Manager BCIT adoption of CPPM Use Cases and
SLIDE 2
SLIDE 3
Conference 2018
Presenter Introductions
¡ Joubin Moshrefzadeh - BCIT ¡ Jason Fernyc - Aruba ¡ Marko Majkic - Aruba
SLIDE 4
Conference 2018
About Aruba
SLIDE 5
Conference 2018
Products Overview
Mobile First | Secure | Open | Insightful and Autonomous
BEST-IN-CLASS ECOSYSTEM
IT SERVICES BUSINESS AND USER FACING APPLICATIONS WIRED ACCESS WAN
SECURE INFRASTRUCTURE SOFTWARE PLATFORM
ClearPass AirWave Central Meridian Aruba OS WIRED CORE/AGG Wi-Fi | BLE | TAGS VIA CLIENT REMOTE ACCESS NetInsight
MANAGEMENT SECURITY LOCATION
IntroSpect
MOBILE FIRST ARCHITECTURE
SLIDE 6
Conference 2018
What Is Clear Pass Policy Manager (CPPM)
SLIDE 7
Conference 2018
CPPM Secure NAC Solution
2
VISIBILITY
- Know what's connected, connecting in your wired &wireless multivendor
environment
CONTROL
- Reduce risk and workload through Automation – All devices Authenticated or
Authorized – NO UKNOWN DEVICES
RESPONSE
- Adaptive response brokering best of breed security solutions
SLIDE 8
Conference 2018
Internet of Things (IoT) BYOD and corporate owned REST API, Syslog
Security monitoring and threat prevention Device management and multi-factor authentication Helpdesk and voice/SMS service in the cloud
Multi-vendor switching Multi-vendor WLANs Aruba ClearPass with Exchange Ecosystem
CPPM Exchange: End to End Control
SLIDE 9
Conference 2018
¡ Main drivers for ClearPass ¡ Initial Implementation ¡ Additional services integrated ¡ Benefits gained (and challenges)
BCIT Implementation of CPPM
2
SLIDE 10
Conference 2018
¡ Wireless guest self-registration ¡ Easier guest account management ¡ Decoupling guest accounts from institute directory ¡ Standard approach to varying authentication sources ¡ Reducing complexity
Main Drivers for ClearPass
2
SLIDE 11
Conference 2018
Before ClearPass BCIT
§
Open Captive Portal-based network for guests and non-802.1x clients
§
LDAP via Active Directory
BCIT_Secure
§
802.1x network for staff and students
§
Radius via AD-joined NPS server
eduroam
§
802.1x network for staff, students, and visitors
§
Radius via Radiator on Windows Server
After ClearPass BCIT_Connect
§
Guest self-registration and access
§
Client auto-configuration for our secure networks (via QuickConnect)
§
Radius with MAC caching via ClearPass (guest DB)
BCIT_Secure
§
Radius via ClearPass (AD joined + LDAP)
eduroam
§
Radius via ClearPass (AD joined + LDAP)
Initial Implementation
SLIDE 12
Conference 2018
Residence PPPoE Service
¡ Radius auth against ClearPass (SQL lookup in Banner)
BCIT_IOTNet Network
¡ WPA2-PSK network with MAC auth (static host lists)
Juniper User Access and Authentication
¡ Radius auth against ClearPass (local DB)
Additional Services Integrated
2
SLIDE 13
Conference 2018
Easier troubleshooting
¡ One system to troubleshoot ¡ Easy to access logging and tracking information
Stronger policy enforcement
¡ Re-use same policies/profiles across multiple services
Single authentication frontend to varied backend repositories
¡ AD, SQL, local DB, local static host lists
Benefits Gained
2
SLIDE 14
Conference 2018
SLIDE 15
Conference 2018
SLIDE 16
Conference 2018
SLIDE 17
Conference 2018
SLIDE 18
Conference 2018
SLIDE 19
Conference 2018
SLIDE 20
Conference 2018
SLIDE 21
Conference 2018
Easier troubleshooting
¡ One system to troubleshoot ¡ Easy to access logging and tracking information
Stronger policy enforcement
¡ Re-use same policies/profiles across multiple services
Single authentication frontend to varied backend repositories
¡ AD, SQL, local DB, local static host lists
Benefits Gained
2
SLIDE 22
Conference 2018
SLIDE 23
Conference 2018
SLIDE 24
Conference 2018
Easier troubleshooting
¡ One system to troubleshoot ¡ Easy to access logging and tracking information
Stronger policy enforcement
¡ Re-use same policies/profiles across multiple services
Single authentication frontend to varied backend repositories
¡ AD, SQL, local DB, local static host lists
Benefits Gained
2
SLIDE 25
Conference 2018
SLIDE 26
Conference 2018
Steep learning curve
¡ Four products (Policy Manager, Guest, Insight, Onboard) ¡ There are a lot of features and options
Redundancy can be complex
¡ Opted for geographically split HA cluster with Virtual IP
Challenges
2
SLIDE 27
Conference 2018
ENABLING COLLABORATION
2
Challenge #1
Collaboration/AV Systems are Expensive to deploy, configure & maintain across the Campus.
Challenge #2
Collaboration/AV Systems are difficult for Faculty, Staff & Student End-Users to understand & leverage.
Challenge #3
Collaboration/AV Systems are difficult to Secure and Control.
SLIDE 28
Conference 2018
ENABLING COLLABORATION
SLIDE 29
Conference 2018
ARUBA ENABLING COLLABORATION
SLIDE 30
Conference 2018
CONTROL OF WIRED & IOT NETWORKS
2
Challenge #1
Legacy networks aren’t designed to easily support critical building, dormitory, classroom, and IoT systems. Non-Traditional devices (beyond laptops, tablets and smartphones) will soon out number traditional devices by a significant margin.
Challenge #3
IoT systems – both open and closed - have vulnerable attack surfaces that can expose systems, users, and facilities to security and privacy breaches
Challenge #2
Most fixed Wired Devices are not in traditional data stores (e.g. Active Directory), nor are they managed via the same mechanisms (e.g. Group Policy)
SLIDE 31
Conference 2018
ARUBA CENTRALIZED POLICY CONTROL
for IOT
Printer VLAN Student VLAN
Aruba ClearPass
SLIDE 32
Conference 2018
POSTURE CONTROL OF CLIENTS
2
Challenge #1
Clients of all kinds can easily be infected by Malware, Spyware, Virus and/or Ransomware.
Challenge #2
How to be enforce a uniform set of security requirements across client base, including
- rganization owned and personally owned devices.
SLIDE 33
Conference 2018
ARUBA POSTURE CONTROL OF CLIENTS
Enforce Uniform Policy
- Block access to network resources
across wired, wireless & remote
- Auto-Remediate the device
Minimizes Risk to Network
Access Network ClearPass OnGuard
VPN
SLIDE 34
Conference 2018
ARUBA POSTURE CONTROL OF CLIENTS
Persistent and dissolvable agents for laptops and desktops.
SLIDE 35
Conference 2018
OPTIMIZING IT OPERATIONS
2
Challenge #1
IT Personnel & Resources are stretched to keep up with current network requirements incorporating laptops, tablets, and smartphones as devices per user, and BYOD trends continue to ramp.
Challenge #2
IoT deployments will further stretch existing resources and budgets due to exponential and unprecedented “non-traditional” device types with limited user interfaces.
SLIDE 36
Conference 2018
ARUBA IT OPERATIONS AUTOMATION
2
NETWORK INFRASTRUCTURE PERIMETER PROTECTION SECURITY INTELLIGENCE MDM / EMM UEBA SYSTEMS / DB
SLIDE 37