Using OnGuard for students who need direct network access to databases and/or remote desktop

Important:
Indiana University students running Windows or Mac OS X who need special access to the wireless network must install and run ClearPass OnGuard to ensure their computers are correctly configured to securely access the IU campus network. At all campuses, students who do not need special access to the wireless network do not need to install nor run ClearPass OnGuard.

On this page:


Direct network access for students

For security purposes, access to certain protocols (e.g., remote desktop, direct access to databases) are not normally allowed for students on the IU network. If you need access to such services, access may be available via IUanyWare, or an exception may be granted by following both these steps:

  1. Email the University Information Policy Office (UIPO) requesting an exception for student wireless access, including the reason you need the exception.
  2. After UIPO notifies you that your exception has been granted, you will then need to install and run ClearPass Onguard, available from IUware.

Install and run ClearPass OnGuard

After installation, OnGuard will run a health check on your system; either a "healthy" or an "unhealthy" result will be displayed. If unhealthy, a message will be display as to the cause(s).

  • Healthy will grant your exception
  • Unhealthy will not grant the exception, but you will be given limited wireless access. You will then need to take measures to fix the reasons for the unhealthy state, and then re-run OnGuard.

Windows

  1. Download the ClearPass OnGuard client for Windows.
  2. Double-click the .exe file to open it.
  3. When the installer window opens, select your language, and then click OK.
  4. The next window is the introduction to the Clearpass OnGuard set up. Click Next.
  5. Read the end user license agreement. If you accept it, check the I Accept box, and then click Install.
  6. After installing, a window will pop up letting you know that the installation has finished. Check the box for Run Clearpass, and then click Finish.
  7. The ClearPass OnGuard window will appear, showing that it is collecting the health information about your machine (firewall, updates, and antivirus).
  8. When the health check is completed, you will see a message indicating whether your system is healthy or unhealthy.

Mac OS X

  1. Download the ClearPass OnGuard client for Mac.
  2. Double-click the .dmg file to open it, and then double-click the ClearPassOnGuard.pkg icon.

    If you receive an error message indicating the file can't be opened because it is from an unidentified developer, follow the steps in OS X: About the application firewall before continuing.

  3. When the installer opens, click Continue.
  4. Read the end user license agreement. If you accept, click Continue.
  5. If you are prompted for your computer's username and password, enter your credentials. Click Install Software.
  6. A window will pop up to let you know when the installation has finished. Click Close.
  7. The ClearPass OnGuard window will appear, showing that it is collecting the health information about your machine (firewall, updates, and antivirus).
  8. When the health check is completed, you will see a message indicating whether your system is healthy or unhealthy.

Linux

Download the ClearPass OnGuard client for Linux.

OnGuard details

ClearPass OnGuard performs vital endpoint health checks and posture assessments automatically to ensure that all laptops are fully compliant with industry and internal requirements before they connect to wired and/or wireless networks.

In addition to system-wide per-session NAC protection, you can specify whether to allow or deny peer-to-peer applications or USB storage devices. Network access can be denied if storage is not encrypted and IT can be sure that laptops brought to the help desk have the latest patches and hot fixes.

You can automatically remediate or quarantine endpoints that are not in compliance with corporate posture policies. Using the administrator dashboard, it's easy to keep an eye out for non-compliant devices, users, and the reasons for non-compliance.

Real-time endpoint compliance

Depending on operating system type, OnGuard performs the following level of posture and health checks:

Windows Mac OS X
Installed applications X X
Antivirus X X
Antispyware X X
Firewall X X
Disk encryption X X
Network connections X X
Processes X X
Patch management X X
Peer to peer X X
Services X X
Virtual machines X X
Windows hotfixes X
USB devices X X
File check X X
Note:
The above table reflects ClearPass version 6.6 functionality. Not all checks are supported across operating systems and agent types.

System requirements

Windows:

  • Support for Windows 7 and above
  • Can be run as a service

Mac OS X:

  • Support for Mac OS X 10.7 and above

Linux:

  • Support for Red Hat Enterprise Linux 4 or above
  • Ubuntu 12.x LTS and 14.x LTS
  • Community Enterprise Operation System (CentOS) 4 or above
  • Fedora Core 5 or above
  • SUSE Linux 10.x

Support agents

Note:
Auto-remediation is supported only by persistent agents.
OnGuard persistent agent OnGuard dissolvable agent Microsoft's NAP agent
Windows X X X
Mac OS X X X
Linux* X* X

*Persistent agent supported on Ubuntu endpoints running 12.x LTS or 14.x LTS

This is document bfni in the Knowledge Base.
Last modified on 2017-07-18 17:49:50.

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.