Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

Component Service:

Component

Ratio

Description

l For MAC-based authentication services, where role

information is not available from an authentication

source, an audit server can determine the role by

applying post-audit rules against the client attributes

gathered during the audit.

D - Internal Posture Policies Zero or more per

service

An internal posture policy tests requests against internal

posture rules to assess health. Posture rule conditions

contain attributes present in vendor-specific posture

dictionaries.

E - Posture Servers Zero or more per

service

Posture servers evaluate client health based on specified

vendor-specific posture credentials. These posture

credentials cannot be evaluated internally by Policy Manager

(that is, not by internal posture policies).

Currently, Policy Manager supports the following forms of

posture server interfaces:

l HCAP

l RADIUS

l GAMEv2

F - Audit Servers Zero or more per

service

Audit servers evaluate the health of clients that do not have

an installed agent, or that cannot respond to Policy Manager

interactions. Audit servers typically operate instead of

authentication methods, authentication sources, internal

posture policies, and posture server.

In addition to returning posture tokens, audit servers can

contain post-audit rules that map results from the audit into

roles.

G - Enforcement Policy One per service

(mandatory)

Policy Manager tests posture tokens, roles, and system time

against the enforcement policy rules to return one or more

matching the enforcement policy rules and to return one or

more matching enforcement profiles that define scope of

access for the client.

H - Enforcement Profile One or more per

service

Enforcement profiles contain attributes that define a client's

scope of access for the session. Policy Manager returns

these enforcement profile attributes to the switch.

Table 1:

Policy Manager Service Components (Continued)

Services Architecture and Flow

Architecturally, Policy Manager services are classified into the following:

l Parents of their policy components, which are wrapped (hierarchically) and coordinated in processing

requests.

l Siblings of other Policy Manager services within an order that determines the sequence in which they are

tested against requests.

Dell Networking W-ClearPass Policy Manager 6.5 | User Guide About Dell Networking W-ClearPass Policy Manager | 29