Can OneFabric Connect Push information?

  • 0
  • 2
  • Question
  • Updated 3 years ago
  • Answered

Currently have a requirement based on wireless location tracking in that we are able to successfully create areas in OneView and have NAC dynamically push policy changes when moving in and out of said areas....

The additional feature we require is the ability to push that information to a 3rd party application like a MDM solution.

My perception of the API is that you can query and send change requests, but there is no method that automatically pushes data out of the API, say when there is a area change to assist in dynamic 3rd party engagement.

My thoughts around this is that you can poll the OneFabric connect API with say a specific username or IP address and look at the policy in use, if it changes, then you could react. Problem with this is that it doesn't scale well.

Interested in any thoughts.

Photo of Martin Flammia

Martin Flammia

  • 5,724 Points 5k badge 2x thumb

Posted 3 years ago

  • 0
  • 2
Photo of Tyler Marcotte

Tyler Marcotte, Official Rep

  • 2,700 Points 2k badge 2x thumb
Martin,

One thing that you may be able to take advantage of is the Notification Engine in NAC. It can be triggered by multiple events and conditions can be applied that are based on the current state of an end system and any rule components. Based on those events and conditions being matched, multiple actions can be taken. Some of those actions include a Syslog message, SNMP Trap, Email, or a custom script being executed.

This may be a method that you could use to send information from NAC to an external service.

Tyler
Photo of Martin Flammia

Martin Flammia

  • 5,724 Points 5k badge 2x thumb

Hi Tyler,

That's a fantastic answer. Just in the process of seeing if that is a viable solution and will post back.

Many thanks.

Photo of James A

James A, Embassador

  • 6,510 Points 5k badge 2x thumb
Which MDM do you want to integrate with? There are some OFConnect modules that push information, generally user identification to other network security products.
Photo of Martin Flammia

Martin Flammia

  • 5,724 Points 5k badge 2x thumb

Hi James, thanks for posting....

MobileIron, which I know there is already a module for but what I don't know is if / how we can push Extreme's Wireless Location Tracking feature to it?

Photo of Nispel, Markus

Nispel, Markus, Employee

  • 212 Points 100 badge 2x thumb
Martin, we don't push location in a way that would allow MobileIron to react at this time. but you can use the area feature in wireless in conjunction with NAC to provide location based policies. this can be still combined with the MDM integration. would do the job as well imho.
Photo of Martin Flammia

Martin Flammia

  • 5,724 Points 5k badge 2x thumb

Hi Markus,

Thanks for posting.

If what you are saying is that the MDM integration can automatically react to an end systems policy change, that would be perfect as it surmounts to the something effectively.

This is because we have already been successful in making policy changes on area location changes via NAC, the problem we have been trying to solve is marrying this great Extreme wireless feature with the integration of MDM. As an example, if you move into a new area and block the use of SSH and HTTP via policy, we need at the exact same time to be able to block the use of the camera through the MDM solution. As the policy of the end system has changed anyway via NAC through area change, it therefore makes no odds that we are notifying on an end systems policy change then an end systems location.

Is that possible or are we able to do this by any other means?

We are able to do this via other means but are looking for a more lean way of solving the problem.

Many thanks in advance.


Photo of Nispel, Markus

Nispel, Markus, Employee

  • 212 Points 100 badge 2x thumb
Ah. Understood. then it goes back to the suggestion of Tyler to use the NAC notification engine for this. Best option i think but i have no idea how MoblieIron could process that. do you have insight into that part of the API? Regards
Markus
Photo of Martin Flammia

Martin Flammia

  • 5,724 Points 5k badge 2x thumb

Just wanted to report that a fully integrated solution is now being provided by development of a custom API. I also wanted to comment that its shortly become quite apparent how powerful the Extreme SDN solution is and how the vision of SDN is here, now and being put into use!