https://community.cisco.com/t5/network-access-control/authentication-authorization-with-vdi/m-p/3899335#M496976 <P>Yes I believe this is the context for the requester.</P> <P>&nbsp;</P> <P>Regards</P> <P>&nbsp;</P> Mon, 29 Jul 2019 14:37:58 GMT mpeeters 2019-07-29T14:37:58Z https://community.cisco.com/t5/network-access-control/authentication-authorization-with-vdi/m-p/3899275#M496949 <P>&nbsp;</P> <P>I am looking for Cisco’s best practices around providing authentication/authorizing solution similar to ISE for physical, but how do we do that for VDI environment?&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>Do we have any documents, white papers, or suggestions ?</P> <P>&nbsp;</P> <P>Thx</P> <P>&nbsp;</P> Fri, 21 Feb 2020 19:08:21 GMT https://community.cisco.com/t5/network-access-control/authentication-authorization-with-vdi/m-p/3899275#M496949 mpeeters 2020-02-21T19:08:21Z https://community.cisco.com/t5/network-access-control/authentication-authorization-with-vdi/m-p/3899307#M496958 <P>What are you asking for best practice on?&nbsp; Authenticating the VDI thin clients?</P> Mon, 29 Jul 2019 14:01:34 GMT https://community.cisco.com/t5/network-access-control/authentication-authorization-with-vdi/m-p/3899307#M496958 paul 2019-07-29T14:01:34Z https://community.cisco.com/t5/network-access-control/authentication-authorization-with-vdi/m-p/3899335#M496976 <P>Yes I believe this is the context for the requester.</P> <P>&nbsp;</P> <P>Regards</P> <P>&nbsp;</P> Mon, 29 Jul 2019 14:37:58 GMT https://community.cisco.com/t5/network-access-control/authentication-authorization-with-vdi/m-p/3899335#M496976 mpeeters 2019-07-29T14:37:58Z https://community.cisco.com/t5/network-access-control/authentication-authorization-with-vdi/m-p/3899337#M496989 If you are talking about the thin clients then you have two options:<BR /><BR /><BR /><BR />1) You can look at the thin client and see if they support 802.1x.<BR /><BR />2) Use profiling (usually DHCP attributes, MAC OUI and/or NMAP data) to identify the devices.<BR /><BR /><BR /><BR />Most times #1 is not worth the trouble as you can easily craft a DACL to limit the thin client access. The thin clients should only need access to the VDI server farm plus a few other things so the DACL should be very concise.<BR /><BR /><BR /> Mon, 29 Jul 2019 14:43:01 GMT https://community.cisco.com/t5/network-access-control/authentication-authorization-with-vdi/m-p/3899337#M496989 paul 2019-07-29T14:43:01Z https://community.cisco.com/t5/network-access-control/authentication-authorization-with-vdi/m-p/3899608#M496995 Yes I believe this is the context being asked about.<BR /><BR /> Mon, 29 Jul 2019 22:03:35 GMT https://community.cisco.com/t5/network-access-control/authentication-authorization-with-vdi/m-p/3899608#M496995 mpeeters 2019-07-29T22:03:35Z