openNAC + Air Watch MDM

It was defined to check if the customer’s device exists inside the vmware’s Air Watch MDM, so considering this device as compliance.

Integration Advantages

The MDM software is the customer’s tool to guarantee that all of its mobile equipment will be configured and following all of its compliance guidelines.

It usually have its own agent that is able to get all of the device information, such as: IMEI, MAC Address, installed applications, configurations, etc…

By being able to integrate with these kind of management solution, we gain the ability to check for device compliance without needing to install a new agent into the customer’s devices.

Environment

../../../../_images/AirWatch.png

Air Watch Connection Data

AirWatch Address: IP or DNS name for AirWatch server.

Enable HTTPS: Either we need to use HTTPS or HTTP to connect to the air watch server.

Air Watch API Key: Air Watch API Key with “admin” Account Type.

Air Watch Username: Username for a read-only Air Watch user.

Air Watch Password: Password for Air Watcher User.

Air Watch – Generate API Key

When logged in to AirWatch console, the first parameter to note down is the URL, which we will need to configurate openNAC (step 1)

(Step 2) Now, to generate the API Key, click on “Settings”.

../../../../_images/AirWatch1.png
  1. Inside System, click on “Advanced”
  2. Inside Advanced, click on “API”
  3. Inside API, click on “REST API”;
../../../../_images/AirWatch2.png
  1. Select “Authentication”
  2. Make sure that the “Basic” is “Enabled”
  3. Click on Save
../../../../_images/AirWatch3.png
  1. Select “General”
  2. Make sure that “Enable API Access” is “Enabled”
  3. Click on “Add”
  4. Select a Service identificator (a name)
  5. Account Type: “Admin”
  6. Copy the API Key for later use, when configuring openNAC
  7. Click on Save
../../../../_images/AirWatch4.png

openNAC – Configure Plugin

  1. Configuration
  2. Configuration vars
  3. Plugins
  4. Activate airwatchSync / airwatch

5.Edit Plugins

../../../../_images/AirWatch5.png

openNAC – Configure Synchronous Plugin

  1. Insert Air Watch server’s IP or DNS name
  2. Choose either or not to enable HTTPS
  3. Insert Air Watch API Key
  4. Insert Air Watch username
  5. Insert Air Watch username’s password
  6. Click on Accept
../../../../_images/AirWatch6.png
  1. Insert Air Watch server’s IP or DNS name
  2. Choose either or not to enable HTTPS
  3. Insert Air Watch API Key
  4. Insert Air Watch username
  5. Insert Air Watch username’s password
  6. Insert the interval time for the plugin to be re-run
  7. Click on Accept
../../../../_images/AirWatch7.png

openNAC – Configure Policy to use the Plugin

  1. Click on “ON NAC”
  2. Click on Policies
  3. Click on “+ Add new”
../../../../_images/AirWatch8.png
  1. Name: Choose a name for your policy
  2. Enabled: Yes
  3. Comment: A comment to describe what this policy does
  4. Set VLAN: To which VLAN the devices that fulfill this policy should be sent
../../../../_images/AirWatch9.png
  1. Plugins: Click on the drop- down menu
  2. Select which plugins should be activated
  3. Auto Learn of User Devices: Yes
  4. Accept
../../../../_images/AirWatch10.png

openNAC - Results

Here we can see our Business Profile “AirWatch” with one device authenticated

../../../../_images/AirWatch11.png

On the User Device details, we can see which the TAGs that where added, and more detailed information about the User Device

../../../../_images/AirWatch12.png