关于作者
Mobility Architect | CWNE #215 | CWNT | Ekahau Master #23 | Member, CWNE Board of Advisors
Full bioAutomation has been the top topic in the networking world for a few years now. With technologies like Puppet, Chef, Ansible, the SDN flavor of the week and more out there making large scale networks easier to manage why wouldn't it be? Who doesn't love giving up menial, repetitive tasks in favor of intelligent systems that do it for you and let you as the admin/engineer/architect deal with the real problems? Unfortunately, in the wireless space, much of this has passed us by. Now that's not to say there isn't some great stuff out there for us, but anyone who has configured an end-to-end wireless solution knows there's a lot of typing and clicking involved.
然后2016年的气氛发生了……...也许我应该说的是,然后HPE发生了。
HPE(回到HP时)为网络世界贡献了一系列技术。众所周知,最著名的是与SDN的前身合作,并创建了开放网络基金会。这些第一步贡献了我们今天在有线网络自动化中看到的革命的贡献。爱他们或恨他们,他们承担了一些早期的风险,几乎所有其他供应商都符合理想的统治。
Now, you may be asking yourself "What has this got to do with wireless?" Honestly? Not a whole lot at the moment. What it does have a lot to do with is the evolution of the back end products that secure and support the networks we deploy. Specifically ClearPass. ClearPass 6.6, announced this past March in Las Vegas, is, in my mind, the product of a beautiful marriage of two companies that are willing to take risks and lead the way in new approaches to old problems.
我如此迷惑什么新功能?让我们看一下一些增强功能(按我的兴奋顺序)的快速摘要:
洞察新界面
Insight is the reporting tool for ClearPass which offers real-time visibility and analytics of what's going on in your network giving you the ability to quickly troubleshoot and fix any issues that may arise. Following along with AirWave and the wireless controllers, Clearpass Insight is getting a fresh new makeover - and it's gorgeous.
Ingress Event Engine
ClearPass现在将能够作为系统log接收器操作。来自外部设备的消息现在可以在ClearPass内触发事件或警报。通过基于Syslog事件对网络的威胁或更改响应,ClearPass可以为网络的有线,无线和远程访问组件添加另一层安全性。
Automatic Network Device Discovery
In what is sure to be one of my favorite features, ClearPass will now crawl the network segments you configure and discover new devices automagically. No more csv files or manual entry for network access devices! This feature is vendor agnostic, reads directly from SNMP, show device capabilities and info such as OS and software version (or anything else that can be gleaned from SNMP), and allows for quick and easy import. Additionally, you can assign profiles based on a number of factors like subnet, type, or vendor and automatically deploy differing policies - secure your network with even more context.
自定义设备指纹印刷
Updating MAC OUI files, waiting for fingerprints to be released in the next update, not knowing if that device is really an AppleTV or not Not anymore. ClearPass 6.6 introduces the ability to create your own device fingerprints. We're just seeing the beginning of the "IoT explosion" and devices are coming out faster than most can keep up with. Not only that, people are creating their own devices (me included) with the capabilities to do amazing, and amazingly destructive, things on your network. Being able to profile, identify, categorize, contain, or deny access is more important than ever.
ClearPassExchange
ClearPass Exchange是第三方应用程序如何与ClearPass集成以通过多种方式提供增强功能。Exchange Integrations使用ClearPass API和Syslog相关性来创建网络可用的新功能。
一个快速的例子是Infoblox integration capabilities. ClearPass can share the username and MAC of a user through a set of APIs into your IPAM appliances allowing IP/MAC based policies, profiles, and reporting to be correlated and tied to specific users and devices. In the future, more of the available information could be shared from ClearPass to enhance these capabilities even further and who knows what functionality could be added.
列出了令人印象深刻的合作伙伴,包括帕洛阿尔托,谷歌,splunk等公司,您可以增强MDM/EMM推出,添加2FA,SSO和许多其他首字母缩写词。Aruba为身份管理和网络环境意识奠定了基础。在网络世界中,这是一件大事。如今,大多数公司都以“我做的这个真的,也许我应该给那a try too" attitude instead of doing这个even better and work with those who do那真的已经很好,而不是作为游戏的后期竞争。
But the integrations get even better (this is the part that ties back into all the HPE rambling at the beginning of this post)
ClearPassExtensions
ClearPass扩展是从多个供应商的紧密集成系统的新方法。类似于ClearPass Exchange,但完全不同。扩展提供更深的联系,更多的安全性,更少的活动部件和更快的设置。
这是一个改变游戏规则的人。不仅是因为易用性。不仅是因为灵活性。这是尝试新方法和采用新技术的意愿。
How can you quickly enable these apps, deploy them so easily, and be sure they are safe, secure, and won't affect your ClearPass installation?Docker。Docker是一个容器化系统,用于在沙盒环境中快速部署应用程序及其依赖项。从他们的网站:
“ Docker容器在完整的文件系统中包含一块软件,其中包含它运行所需的所有内容:代码,运行时,系统工具,系统库 - 您可以在服务器上安装的任何内容。这可以确保它始终将其运行相同,无论如何它正在运行的环境。”
I have only recently taken the dive into using Docker myself but it's clear the ClearPass team put a lot of thought into the best possible way to deploy this feature. No infrastructure to stand up for 3rd party integrations, no cluster of VMs, no messing with installation guides. Just point, click, secure.
目前,ClearPass扩展程序将逐案开发,但是随着时间的流逝,可能会向合作伙伴和客户提供的更大的申请社区开放。我不同意这一举动,您不想只打开闸门并让任何人进入,直到您弄清楚如何确保来源值得信赖和稳定,但我希望这比晚些时候 - 开放时 -建立一个优秀的平台作为基础,并允许人们建立在基础上,您会为他们的想法感到惊讶。
In my opinion, the bleeding edge heritage of HPE mixed with the brilliant team at Aruba are mixing to create a nearly unstoppable force in the wireless world, much to the dismay of the many naysayers.
