Reference Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Hardware Appliances

0511287-02 | June 2013 1

Dell Networking W-ClearPass Policy Model 6.1

An Introduction

From the point of view of a network device or other entities that need authentication services, Policy Manager

appears as a RADIUS, TACACS+ or Web Authentication server; however, its rich and extensible policy model

allows it to broker security functions across a range of existing network infrastructure, identity stores, health/posture

services and client technologies within the Enterprise.

Services Paradigm

Services

are the highest level element in the Policy Manager policy model. They have two purposes:

l Unique Categorization Rules (per Service) enable Policy Manager to test Access Requests ("Requests") against

available Services to provide robust differentiation of requests by access method, location, or other network

vendor-specific attributes.

NOTE: Policy Manager ships with a number of configured basic Service types. You can flesh out these Service types, copy them for

use as templates, import other Service types from another implementation (from which you have previously exported them), or

develop new Services from scratch.

l By wrapping a specific set of Policy Components, a Service can coordinate the flow of a request, from

authentication, to role and health evaluation, to determination of enforcement parameters for network access.

Figure 1: Dell Networking W-ClearPass Policy Manager Flow of Control and Table 1: Policy Manager Service

Components illustrate and describe the basic Policy Manager flow of control and its underlying architecture.

Figure 1: Dell Networking W-ClearPass Policy Manager Flow of Control

Summary of content (4 pages)

PAGE 1
Dell Networking W-ClearPass Policy Model 6.1 An Introduction From the point of view of a network device or other entities that need authentication services, Policy Manager appears as a RADIUS, TACACS+ or Web Authentication server; however, its rich and extensible policy model allows it to broker security functions across a range of existing network infrastructure, identity stores, health/posture services and client technologies within the Enterprise.
PAGE 2
Table 1: Policy Manager Service Components Component Service: component ratio Description A - Authentication Method Zero or more per service EAP or non-EAP method for client authentication. Policy Manager supports four broad classes of authentication methods: l l l l EAP, tunneled: PEAP, EAP-FAST, or EAP-TTLS. EAP, non-tunneled: EAP-TLS or EAP-MD5. Non-EAP, non-tunneled: CHAP, MS-CHAP, PAP, or MACAUTH. MAC_AUTH must be used exclusively in a MAC-based Authentication Service.
PAGE 3
Component Service: component ratio Description audit. D - Internal Posture Policies Zero or more per service An Internal Posture Policy tests Requests against internal Posture rules to assess health. Posture rule conditions can contain attributes present in vendor-specific posture dictionaries.
PAGE 4
Copyright Information © 2013 Aruba Networks, Inc. Aruba Networks trademarks include the Aruba Networks logo, Aruba Networks®, Aruba Wireless Networks®, the registered Aruba the Mobile Edge Company logo, and Aruba Mobility Management System®. Dell™, the DELL™ logo, and PowerConnect™ are trademarks of Dell Inc. All rights reserved. Specifications in this manual are subject to change without notice. Originated in the USA. All other trademarks are the property of their respective owners.