Solved: Re: authentication authorization with VDI

mpeeters · ‎07-29-2019

I am looking for Cisco’s best practices around providing authentication/authorizing solution similar to ISE for physical, but how do we do that for VDI environment?

Do we have any documents, white papers, or suggestions ?

Thx

paul · ‎07-29-2019

If you are talking about the thin clients then you have two options:

1) You can look at the thin client and see if they support 802.1x.

2) Use profiling (usually DHCP attributes, MAC OUI and/or NMAP data) to identify the devices.

Most times #1 is not worth the trouble as you can easily craft a DACL to limit the thin client access. The thin clients should only need access to the VDI server farm plus a few other things so the DACL should be very concise.

View solution in original post

paul · ‎07-29-2019

What are you asking for best practice on? Authenticating the VDI thin clients?

mpeeters · ‎07-29-2019

Yes I believe this is the context for the requester.

Regards

paul · ‎07-29-2019

If you are talking about the thin clients then you have two options:

1) You can look at the thin client and see if they support 802.1x.

2) Use profiling (usually DHCP attributes, MAC OUI and/or NMAP data) to identify the devices.

Most times #1 is not worth the trouble as you can easily craft a DACL to limit the thin client access. The thin clients should only need access to the VDI server farm plus a few other things so the DACL should be very concise.

mpeeters · ‎07-29-2019

Yes I believe this is the context being asked about.