Cisco ISE 1.2 Mobile Device Management Integration

Slides:

Advertisements

Similar presentations

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 © 2010 Cisco and/or its affiliates. All rights reserved. 1 BYOD: Security, Policy.

Advertisements

Enable Bring Your Own Device with SCCM 2012 David Caddick Solutions Architect, Quest Software WCL315.

Avaya – Proprietary. Use pursuant to the terms of your signed agreement or Company policy. idEngines® Avaya Identity Engines And Mobile Device Management.

Meraki Mobile Device Management

Microsoft Ignite /16/2017 4:55 PM

Data Devices People 6.5B Wireless connections today >42% of global population owns smartphone by end of 2015 >50% User will go to tablet or smartphone.

Empower Enterprise Mobility. of employees use personal devices for work purposes.* of employees that typically work on employer premises, also frequently.

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Practical Steps to Secure your APIs for Mobile Mark O’Neill VP Innovation, Axway.

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Your storage on the ground; Your files in the cloud.

1 Directories and Policy-Based Networking - Strassner Directories & Policy-Based Networking 0827_02F8_c1 John Strassner Cisco Systems.

Enabling Embedded Systems to access Internet Resources.

Enterprise Identity Steve Plank – Microsoft Ivor Bright – Charteris Dave Nesbitt – Oxford Computer Group.

…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.

Lieberman Software Random Password Manager & Two-Factor Authentication.

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows

Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.

Access resources in a federation partner organization.

7.4 Update - ISE Session.

User and Device Management

Slavko Kukrika MVP Connect Windows 10 to the Cloud – Cloud Join.

Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 ISE BYOD Jim Kotantoulas Consulting Systems Engineer – Security Technologies.

BYOD Technical workshop Simon Bright - E2BN Philip Pearce – E2BN.

ORNL Site Report ESCC July 15, 2013 Susan Hicks David Wantland.

© 2014 IBM Corporation Mobile Customization & Administration IBM Connections 5.0 Workshop Author: Paul Godby IBM Ecosystem Development Duration: 30 minutes.

Tomaž Čebul Principal Consultant Microsoft Bring Your Own Device, kaj pa je to?

So how to identify exactly who and what is on your network at any point in time? Andrew Noonan, SE ForeScout February 2015.

Mobile Security Solution Solution Overview Check Point Mobile Threat Prevention is an innovative approach to mobile security that detects and stops advanced.

Secure Access and Mobility Jason Kunst, Technical Marketing Engineer March 2016 Location Based Services with Mobility Services Engine ISE Location Services.

Enabling the Modern Workstyle with Windows 10 & Azure Active Directory Venkatesh Gopalakrishnan 2016 Redmond Summit | Identity Without Boundaries May 25,

EMS in action Hugh Simpson-Wells and Mark Riley 2016 Redmond Summit | Identity Without Boundaries

Redmond Protocols Plugfest 2016 Randy Dong AD Family and BYOD Protocol Test Suite Updates Software Engineer.

Managing Devices in the Enterprise: From EMS zero to Hero in only 60 minutes Ken Goossens Herman Arnedo Mahr.

Selecting the Management Platform Cloud-based Management Standalone Windows Intune No existing Configuration Manager deployment Simplified policy.

Implementing and Managing Azure Multi-factor Authentication

MaaS360 MDM for iOS, Android & Windows Phone 7

CudaLaunch for Barracuda NG Firewall.

Hybrid Cloud Web Filtering Platform

Azure Active Directory - Business 2 Consumer

People-Centric Management

User-group-based Security Policy for Service Layer

Munix for Education Content Filter, Bandwidth Control, Location Mapping, Movement Analysis, User Self Management Portal, Time Analysis, and much more ….

Introduction to Windows Azure AppFabric

Enabling Secure Internet Access with TMG

Mobile Data Solutions Inc

Azure AD for the client management guy (or gal!)

Securing the Network Perimeter with ISA 2004

Power BI Security Best Practices

Enterprise Launch Cloud Networking Connected Experience

Introduction to Cisco Identity Services Engine (ISE)

Microsoft Intune MAM without Device Enrollment

2018 Real Cisco Dumps IT-Dumps

Cisco Real Exam Dumps IT-Dumps

Cloud Connect Seamlessly

Endpoint Security and Conditional Access

“Software like Microsoft Office 365 is the backbone of the enterprise

TechEd /7/ :16 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.

Matthew Levy Azure AD B2B vs B2C Matthew Levy

System Center Marketing

Latest Practice Test Dumps

Agenda Comware 5 and Comware 7 device based AAA:

IT Management, Simplified

Presentation transcript:

Cisco ISE 1.2 Mobile Device Management Integration Ravi Singh System Engineer February 26, 2013

Agenda The BYOD Solution Gap Bridging the BYOD Gap ISE vs MDM Enforce Policy for Resource Access Manage Device Compliance Bridging the BYOD Gap MDM Integration Requirements Configurations The Apple iOS User Experience

The BYOD Solution Gap

If Yes, then “Grant Access” Else “Deny” ISE 1.1 Cisco BYOD with Identity Services Engine

Context Aware Resource Access Context Defines Criteria for Access

Mobile Device Manager Enterprise Infrastructure Interoperability Centralized Management MDM Manage Mobile Apps Secure Content Distribution Secure and Manage Mobile Devices Secure, Manage and Enhance Collaboration on Mobile Devices

MDM Compliance Check Non-Compliant Apple iOS Policy as defined by IT Administrator

Pin Lock Non Compliance Reason for Device Non-Compliance “Pin-Lock Not Set on device”

Application Non Compliance

Bridging the Gap

Software Integration Requirements Version 7.1 Version 1.2 Version 6.2 Version 5.0 Version 2.3 Mobile Collaboration Management Services Version 1.0

Inserting MDM as New Context ISE 1.2 Inserting MDM as New Context Integrate ISE to MDM HERE no

ISE 1.2 Infrastructure Configuration MDM FQDN or IP Address MDM Admin User with API Access Sends HTTP GET https://mdm-server/ciscoise/mdminfo Start Here

Example: MDM Server GET Information Response: HTTP Headers HTTP/1.1 200 OK XML schema <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <xs:schema version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:element name="ise_api" type="ISEApiRegister"/> <xs:complexType name=" ISEApiRegister "> <xs:sequence> <xs:element name="name" type="NameType"/> <xs:element name="api_version" type="xs:string"/> <xs:element name="api_path" type="xs:string"/> <xs:element name="redirect_url" type="xs:string"/> <xs:element name=”query_max_size” type=”xs:integer” /> <xs:element name=”messaging_support” type=”xs:boolean” /> <xs:element name="vendor" type="xs:string"/> <xs:element name="product_name" type="xs:string"/> <xs:element name="product_version" type="xs:string"/> </xs:sequence> </xs:complexType> <xs:simpleType name='NameType' > <xs:restriction base='xs:string' > <xs:enumeration value='mdminfo' /> </xs:restriction> </xs:simpleType> </xs:schema> ISE Sends HTTP GET https://mdm.ip.addr/ciscoise/mdminfo

Example: MDM Server Get Info Reply ISE Sees XML ISE Polls MDM for Compliance Attributes API Defined by ISE 1.2 Product Group MDM Partner Integration Requires API Adoption

MDM Dictionaries Added to ISE 1.2 MDM Dictionary Attributes Enables Context for AuthZ Conditions

MDM Authorization Profile MDM Web Redirection Task Enables Context for AuthZ Conditions

WLC 7.2+ ACL Configuration MDM-redirect Access Control List ISE 1.2 MDM AuthZ Profile Permit DNS Permit ISE Permit MDM Deny All ACL – Generates MDM Redirect ACL Configurations will vary Access to Internet for cloud based MDM REQUIRED

Integrating MDM into the AuthZ Policy MDM AuthZ rules Active Directory User Group Based Authorized Access Levels Device Onboarding AuthZ Rule

iOS Employee Experience

Wireless MAC Address Onboarding “Wireless_MAB” Authorization Rule = Any Wireless Connection with a Layer 2 MAC Address redirect the session to central web authentication on ISE

ISE 1.2: iOS BYOD Onboarding

MDM Based Authorization Context Check MDM for Registration Status Check MDM for Compliance Status

Airwatch: iOS Enrollment Experience 2 1 3 4 5

Airwatch Example: Non-Compliance

Authorization Rules For Access Permit resource access based on Active Directory Groups

Take Away Integrating industry MDM BYOD with Cisco’s solution ISE 1.2 checks MDM for context MDM Partners Adopt ISE 1.2 API Additional MDM Onboarding Step New Authorization rules for MDM redirect portal Active Directory determines access levels

Reference TAC BYOD Troubleshooting Forum https://techzone.cisco.com Pre-Recorded ISE 1.2 to MDM Onboarding Video Demos http://wwwin.cisco.com/tech/snsbu/prod-sols/ise/#sectionName=4 Cisco BYOD CVD http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/U nified_Access/byoddg.html