Currently have a requirement based on wireless location tracking in that we are able to successfully create areas in OneView and have NAC dynamically push policy changes when moving in and out of said areas....
The additional feature we require is the ability to push that information to a 3rd party application like a MDM solution.
My perception of the API is that you can query and send change requests, but there is no method that automatically pushes data out of the API, say when there is a area change to assist in dynamic 3rd party engagement.
My thoughts around this is that you can poll the OneFabric connect API with say a specific username or IP address and look at the policy in use, if it changes, then you could react. Problem with this is that it doesn't scale well.
Interested in any thoughts.
One thing that you may be able to take advantage of is the Notification Engine in NAC. It can be triggered by multiple events and conditions can be applied that are based on the current state of an end system and any rule components. Based on those events and conditions being matched, multiple actions can be taken. Some of those actions include a Syslog message, SNMP Trap, Email, or a custom script being executed.
This may be a method that you could use to send information from NAC to an external service.
Thanks for posting.
If what you are saying is that the MDM integration can automatically react to an end systems policy change, that would be perfect as it surmounts to the something effectively.
This is because we have already been successful in making policy changes on area location changes via NAC, the problem we have been trying to solve is marrying this great Extreme wireless feature with the integration of MDM. As an example, if you move into a new area and block the use of SSH and HTTP via policy, we need at the exact same time to be able to block the use of the camera through the MDM solution. As the policy of the end system has changed anyway via NAC through area change, it therefore makes no odds that we are notifying on an end systems policy change then an end systems location.
Is that possible or are we able to do this by any other means?
We are able to do this via other means but are looking for a more lean way of solving the problem.
Many thanks in advance.
Just wanted to report that a fully integrated solution is now being provided by development of a custom API. I also wanted to comment that its shortly become quite apparent how powerful the Extreme SDN solution is and how the vision of SDN is here, now and being put into use!