This software is designed to manage all devices connecting and connected to a network by integrating with a RADIUS server.
It can allow/deny access, manage network rules, authentication, and SSO as well to push configuration and apps to smart devices within the network.
AirWatch provides information on devices and their management state. Aruba Policy Manager is able to use this information and apply rules and policies to the device.Simple cases include denying access to non managed device or to redirect any non managed device to the enrollment page.The REST API information is quite extensive so advanced rules and operations can be designed.
- Airwatch 6+
- Aruba Policy Manager 6.2+
Configuration in AirWatch
AirWatch information to setup and know for the Aruba client:
- REST API key
- Authentication type
- API server URL
- Admin user credentials
AirWatch console Setup:
- Go to: System / Advanced / API / REST tab general, select Enable API Access
- Go to: System / Advanced / API / REST tab authentication, check only Basic
- API server URL: e.g. as503.awmdm.co.uk
- Create an administrator Role and Account that will be used only for communicating with Aruba
- Role needs to have: all the options for REST API MDM + SOAP API
- Administrative account that will be part of the above role
Configuration in Aruba
Aruba console Setup:
Go to Administration\\External Servers\\Endpoint Context Servers
Enter the following information
- MDM Vendor: airwatch
- API server URL
- AirWatch Admin Username
- AirWatch Admin Password *2
- Update frequency (default: 60 minutes)
- Rest API key
Verification of Integration
The following steps are showing two ways to verify if Aruba Policy Manager is properly reading information form AirWatch
- Go to Aruba Policy Manager go to Monitoring\\Live Monitoring\\Access Tracker
- This will display the list of devices that are currently connected to the Aruba Radius.
- Click on the IP address of the device to inspect
- Go to the Input tab and scroll down to the bottom
- Example of a non managed device; no Endpoint tags
- Example of a device managed by Airwatch; notice the Endpoint tags
- Finding the device
Go to Aruba Policy Manager go to Configuration\\Identity\\Endpoints
This will display the list of devices that are managed by the Aruba Radius by MAC address.
- Viewing the information
Using the information from AirWatch in Aruba Policy Manager
In order to use the data provided by AirWatch, appropriate policies need to be setup.
- Go to Aruba Policy Manager go to Configuration\\Enforcement\\Policies
- Create or modify an existing policy.
- Go to the tab Rules
- In the Conditions section, for example select:
- Type: Endpoint (this will bring the AirWatch data)
- Name: MDM Enabled (aka Enrolled; scroll to the bottom of the drop-down to find the parameters provided by AirWatch)
- Operator: e.g. NOT_EQUALS
- Value: e.g. Enrolled (note that this value may be pre-populated from AirWatch)