Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

74 | Policy Manager PolicyModel Dell Networking W-ClearPass Policy Manager 6.3 |User Guide

Component Service:

component ratio

Description

C - Role Mapping Policy Zero or one per

service

Policy Manager evaluates Requests against Role

Mapping Policy rules to match Clients to Role(s). All

rules are evaluated and Policy Manager may return

more than one Role. If no rules match, the request takes

the configured Default Role.

Some Services (for example,

MAC-based

Authentication

) may handle role mapping differently:

l For

MAC-based Authentication

Services, where role

information is not available from an authentication

source, an Audit Server can determine role by

applying post-audit rules against the client attributes

gathered during the audit.

D - Internal Posture Policies Zero or more per

service

An Internal Posture Policy tests Requests against

internal Posture rules to assess health. Posture rule

conditions can contain attributes present in vendor-

specific posture dictionaries.

E - Posture Servers Zero or more per

service

Posture servers evaluate client health based on

specified vendor-specific posture credentials, typically

posture credentials that cannot be evaluated internally

by Policy Manager (that is, not by internal posture

policies).

Currently, Policy Manager supports two forms of

posture server interfaces:

HCAP

RADIUS

, and

GAMEv2

posture servers.

F - Audit Servers Zero or more per

service

Audit servers evaluate the health of clients that do not

have an installed agent, or which cannot respond to

Policy Manager interactions. Audit servers typically

operate in lieu of authentication methods,

authentication sources, internal posture policies, and

posture server.

In addition to returning posture tokens, Audit Servers

can contain post-audit rules that map results from the

audit into Roles.

G - Enforcement Policy One per service

(mandatory)

Policy Manager tests Posture Tokens, Roles (and

system time) against Enforcement Policy rules to return

one or more matching Enforcement Policy rules to

return one or more matching Enforcement Profiles (that

define scope of access for the client).

H - Enforcement Profile One or more per

service

Enforcement Policy Profiles contain attributes that

define a client's scope of access for the session. Policy

Manager returns these Enforcement Profile attributes to

the switch.

Table 25:

Policy Manager Service Components (Continued)