emea airheads- clearpass extensions and how they can help

CLEARPASS EXTENSIONS

Technical Climb Webinar10:00 GMT | 11:00 CET | 13:00 GSTMarch 28th, 2017

Presenter: Chandrakanth Narayanabhatla

Principal Network Engineer

chandrakanthn@hpe.com

INTRODUCTION TO EXTENSIONS

3

What are ClearPass Extensions

Extensions are like add-ons to ClearPass which run independently, allowing ClearPass to interact with any internal/external applications in real-time, enabling it to deliver different kinds of services

Some examples of ClearPass Extensions

• ClearPass Envoy Integration• Intel McAfee ePolicy Orchestrator Integration• Microsoft Intune MDM Integration• Amazon Alexa Integration• RadSec Proxy

4

Features of Extensions

− They allow ClearPass to interact with most applications that support APIs− You don’t have to wait for the software release cycle of ClearPass to integrate

with a new 3rd party application− Data is fetched in real time without having to wait for a polling interval− Ability to install only the extensions we are interested in− Monitor/debug/restart specific extensions linked to a functionality without

affecting ClearPass core functions.− Extend the core functionality of modules like Radius in features like RadSec

where the extension can act as a bridge between NAD devices and the Radius module

ARCHITECTURE OF EXTENSIONS

6

How do Extensions work

• Each ClearPass extension is a Docker container running independently

• Docker is an open platform to build, ship and run distributed applications

• A Docker container is a package of applications designated to run for a specific purpose

7

Interacting with Clearpass Extensions

The API Explorer can be accessed using https://<ClearPass IP/Hostname>/api-docs

STEPS FOR INSTALLING AN EXTENSION

9

Prerequisites for installing an Extension

• Extensions are available on ClearPass starting from version 6.6

• An operator profile with privileges to install and work with extensions needs to be created

• * Please note that the privileges needed for the operator profile could vary slightly depending on the Extension

10

Prerequisites for installing an Extension

• Using that operator profile we need to create an API client

11

Prerequisites for installing an Extension

• Once the API Client is created you should see an option called “Generate Access Token” which should generate an oauth access token that can be used to make the REST API calls

12

Prerequisites for installing an Extension

• Before we make the required api call to install the Extension, we need to know the store_id of the extension we are planning to install, for instance the store_id for the Intune MDM Extension is b3b8622c-be88-4846-847a-7e10ac74bc0f

• We also need to make sure ClearPass has access to the following destinations when installing an Extension

extensions.clearpassbeta.com *.docker.io *.cloudfront.net

EXTENSION INSTALLATION DEMO

WORKING OF AN EXTENSIONDEMO

MONITORING AND DEBUGGING EXTENSIONS