ARCHIVED: Use OnGuard for students who need direct network access to databases and/or remote desktop

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.
Important:
Indiana University students running Windows or macOS who need special access to the wireless network must install and run ClearPass OnGuard to ensure their computers are correctly configured to securely access the IU campus network. At all campuses, students who do not need special access to the wireless network do not need to install nor run ClearPass OnGuard.

On this page:

Direct network access for students

For security purposes, access to certain protocols (for example, remote desktop, direct access to databases) are not normally allowed for students on the IU network. If you need access to such services, access may be available via IUanyWare, or an exception may be granted by following both these steps:

  1. Email the University Information Policy Office (UIPO) requesting an exception for student wireless access, including the reason you need the exception.
  2. After UIPO notifies you that your exception has been granted, you will then need to install and run ClearPass Onguard, available from IUware.

Install and run ClearPass OnGuard

After installation, OnGuard will run a health check on your system; either a "healthy" or an "unhealthy" result will be displayed. If unhealthy, a message will be display as to the cause(s).

  • Healthy will grant your exception
  • Unhealthy will not grant the exception, but you will be given limited wireless access. You will then need to take measures to fix the reasons for the unhealthy state, and then re-run OnGuard.

Windows

  1. Download the ClearPass OnGuard client for Windows.
  2. Double-click the .exe file to open it.
  3. When the installer window opens, select your language, and then click OK.
  4. The next window is the introduction to the Clearpass OnGuard set up. Click Next.
  5. Read the end user license agreement. If you accept it, check the I Accept box, and then click Install.
  6. After installing, a window will pop up letting you know that the installation has finished. Check the box for Run Clearpass, and then click Finish.
  7. The ClearPass OnGuard window will appear, showing that it is collecting the health information about your machine (firewall, updates, and antivirus).
  8. When the health check is completed, you will see a message indicating whether your system is healthy or unhealthy.

macOS

  1. Download the ClearPass OnGuard client for Mac.

  2. Double-click the .dmg file to open it, and then double-click the ClearPassOnGuard.pkg icon.

    If you receive an error message indicating the file can't be opened because it is from an unidentified developer, follow the steps in About the application firewall before continuing.

  3. When the installer opens, click Continue.
  4. Read the end user license agreement. If you accept, click Continue.
  5. If you are prompted for your computer's username and password, enter your credentials. Click Install Software.
  6. A window will pop up to let you know when the installation has finished. Click Close.
  7. The ClearPass OnGuard window will appear, showing that it is collecting the health information about your machine (firewall, updates, and antivirus).
  8. When the health check is completed, you will see a message indicating whether your system is healthy or unhealthy.

Linux

Download the ClearPass OnGuard client for Linux.

OnGuard details

ClearPass OnGuard performs vital endpoint health checks and posture assessments automatically to ensure that all laptops are fully compliant with industry and internal requirements before they connect to wired and/or wireless networks.

In addition to system-wide per-session NAC protection, you can specify whether to allow or deny peer-to-peer applications or USB storage devices. Network access can be denied if storage is not encrypted and IT can be sure that laptops brought to the help desk have the latest patches and hot fixes.

You can automatically remediate or quarantine endpoints that are not in compliance with corporate posture policies. Using the administrator dashboard, it's easy to keep an eye out for non-compliant devices, users, and the reasons for non-compliance.

Real-time endpoint compliance

Depending on operating system type, OnGuard performs the following level of posture and health checks:

Windows macOS
Installed applications X X
Antivirus X X
Antispyware X X
Firewall X X
Disk encryption X X
Network connections X X
Processes X X
Patch management X X
Peer to peer X X
Services X X
Virtual machines X X
Windows hotfixes X
USB devices X X
File check X X
Note:
The above table reflects ClearPass version 6.6 functionality. Not all checks are supported across operating systems and agent types.

System requirements

Windows:

  • Support for Windows 10 and Windows 8.x
  • Can be run as a service

Mac:

  • Support for macOS

Linux:

  • Support for Red Hat Enterprise Linux 4 or above
  • Ubuntu 12.x LTS and 14.x LTS
  • Community Enterprise Operation System (CentOS) 4 or above
  • Fedora Core 5 or above
  • SUSE Linux 10.x

Support agents

Note:
Auto-remediation is supported only by persistent agents.
OnGuard persistent agent OnGuard dissolvable agent Microsoft's NAP agent
Windows X X X
macOS X X
Linux* X* X

*Persistent agent supported on Ubuntu endpoints running 12.x LTS or 14.x LTS

This is document bfni in the Knowledge Base.
Last modified on 2020-03-06 14:14:29.