Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Posture Architecture and Flow
Policy Manager supports two types of posture checking: posture policies and audit servers.
Posture Policy
Policy Manager supports four preconfigured posture plug-ins for Windows, one plug-in for Linux, and one plug-in for macOS. Administrators can configure rules against these policies that test for specific attributes of client health and correlate the results to return application posture tokens for processing by enforcement policies.
| A service can be configured without any posture policy. |
Audit Servers
Audit servers provide posture checking for unmanageable devices, such as devices lacking adequate posture agents or supplicants. In the case of such clients, the audit server’s post-audit rules map clients to roles.
Policy Manager supports two types of audit servers:
: Primarily used to derive roles from post-audit rules.
: Primarily used for vulnerability scans (and, optionally, post-audit rules).
Figure 1 Posture Evaluation Process
Assessing Client Consistency
ClearPass Policy Manager uses posture evaluation to assess client consistency with enterprise endpoint health policies, specifically with respect to:
Operating system version/type
Registry keys/services present (or absent)
Antivirus or firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. configuration
Patch level of software components
Peer-to-Peer (P2P) application checks
Services to be running or not running
Processes to be running or not running
Application Token
Each configured health check returns an application token representing health:
Healthy. Client is compliant: there are no restrictions on network access.
Checkup. Client is compliant; however, there is an update available. This can be used proactively to remediate to a healthy state.
Transient. Client evaluation is in progress; typically associated with auditing a client. The network access granted is interim.
Quarantine. Client is out of compliance; restrict network access so the client only has access to the remediation servers.
Infected. Client is infected and is a threat to other systems in the network; network access should be denied or severely restricted.
Unknown. The posture token of the client is unknown.
System Token
Upon completion of the configured posture checks, Policy Manager evaluates all application tokens and calculates a , equivalent to the most restrictive rating for all returned application tokens. The system token provides the health posture component for input to the enforcement policy.