Ludovic Marcotte
2014-12-17 17:30:32 UTC
Hello,
Since we are approaching the end of the year, we thought we should send
you a small update of the projects we have been working on at Inverse
for PacketFence.
1.
*Multimaster Configuration*- while it is possible to separate and
distribute components used in PacketFence on multiple servers,
having multimaster support really simplify deployments on
large-scale infrastructures. By integrating proven technologies such
as HAProxy, MariaDB Galera Cluster, keepalived and others, we added
horizontal deployment capabilities to PacketFence. You have more
users to handle, you add an other server and it will automatically
integrate the cluster and obtain its configuration!
2.
*Fingerbank Integration*- a few months ago, we announced a major
overhaul of the Fingerbank project. We have been working on
integrating the new version in PacketFence itself. This will greatly
ease the update and sharing process of fingerprints and also
simplify their usage in PacketFence. The current Fingerbank database
has 25 000 combinations and it's growing by thousands every week!
3.
*Dashboard*- this project is a complete overhaul of the PacketFence
dashboard which would allow easy integrating of performance
indicators. The current dashboard lack such information and has
issues coping with a large datasets. By integrating in PacketFence
proven technologies such as Graphite, collectd and StatsD we can now
generate stunning graphs while handling tons of data! Folks can also
use their frontend if they prefer - as shown below with Tessera!
4.
*PKI*- sometimes, organizations want to generate a per-device TLS
certificate during the registration/on-boarding. To meet this
requirement, we have created a small PKI solution that integrates
with PacketFence's registration process. This project gives
efficient yet elegant certificates management capabilities to
PacketFence!
5.
*Provisioning Agents*- While our current provisioning agents do the
job for EAP-PEAP, they currently lack EAP-TLS support and the
configuration is not automated within PacketFence. We have greatly
improved them by adding EAP-TLS support, integration with our PKI
and improved the configuration and management options from the Web
administrative interface of PacketFence.
6.
*Software Defined Networking (SDN)*- SDN and OpenFlow are
interesting technologies and vendors are now pushing them on edge
switches and WiFi controllers. We have developed an OpenDayLight
plugin for PacketFence in order to support SDN-aware equipment. This
allows PacketFence to push OpenFlow flows for network enforcement
and thus, not rely on RADIUS or anything else. SDN will most likely
play an important role in future network and PacketFence will be
ready once again.
7.
*WMI Integration*- PacketFence already integrates well with
vulnerability scanners and MDM/security agents. We have extended our
compliance check capabilities by adding Windows Management
Instrumentation (WMI) support in PacketFence. This means that
PacketFence is now able to execute a set of WMI scripts on endpoints
and based on the results, proceed with an action such as
auto-registering the device, quarantining it and more.
8.
*Checkpoint Integration*- We currently support firewall-SSO with
Barracuda, Fortigate and PaloAlto firewalls. This project extends
our current support to include Checkpoint-based firewalls for SSO.
As you can see with all these projects, the team has worked pretty hard!
At the beginning of 2015, we will start integrating these solutions and
release the PacketFence v5 series gradually with these features. In the
meantime, all our developments are available on GitHub.
Thanks!
Since we are approaching the end of the year, we thought we should send
you a small update of the projects we have been working on at Inverse
for PacketFence.
1.
*Multimaster Configuration*- while it is possible to separate and
distribute components used in PacketFence on multiple servers,
having multimaster support really simplify deployments on
large-scale infrastructures. By integrating proven technologies such
as HAProxy, MariaDB Galera Cluster, keepalived and others, we added
horizontal deployment capabilities to PacketFence. You have more
users to handle, you add an other server and it will automatically
integrate the cluster and obtain its configuration!
2.
*Fingerbank Integration*- a few months ago, we announced a major
overhaul of the Fingerbank project. We have been working on
integrating the new version in PacketFence itself. This will greatly
ease the update and sharing process of fingerprints and also
simplify their usage in PacketFence. The current Fingerbank database
has 25 000 combinations and it's growing by thousands every week!
3.
*Dashboard*- this project is a complete overhaul of the PacketFence
dashboard which would allow easy integrating of performance
indicators. The current dashboard lack such information and has
issues coping with a large datasets. By integrating in PacketFence
proven technologies such as Graphite, collectd and StatsD we can now
generate stunning graphs while handling tons of data! Folks can also
use their frontend if they prefer - as shown below with Tessera!
4.
*PKI*- sometimes, organizations want to generate a per-device TLS
certificate during the registration/on-boarding. To meet this
requirement, we have created a small PKI solution that integrates
with PacketFence's registration process. This project gives
efficient yet elegant certificates management capabilities to
PacketFence!
5.
*Provisioning Agents*- While our current provisioning agents do the
job for EAP-PEAP, they currently lack EAP-TLS support and the
configuration is not automated within PacketFence. We have greatly
improved them by adding EAP-TLS support, integration with our PKI
and improved the configuration and management options from the Web
administrative interface of PacketFence.
6.
*Software Defined Networking (SDN)*- SDN and OpenFlow are
interesting technologies and vendors are now pushing them on edge
switches and WiFi controllers. We have developed an OpenDayLight
plugin for PacketFence in order to support SDN-aware equipment. This
allows PacketFence to push OpenFlow flows for network enforcement
and thus, not rely on RADIUS or anything else. SDN will most likely
play an important role in future network and PacketFence will be
ready once again.
7.
*WMI Integration*- PacketFence already integrates well with
vulnerability scanners and MDM/security agents. We have extended our
compliance check capabilities by adding Windows Management
Instrumentation (WMI) support in PacketFence. This means that
PacketFence is now able to execute a set of WMI scripts on endpoints
and based on the results, proceed with an action such as
auto-registering the device, quarantining it and more.
8.
*Checkpoint Integration*- We currently support firewall-SSO with
Barracuda, Fortigate and PaloAlto firewalls. This project extends
our current support to include Checkpoint-based firewalls for SSO.
As you can see with all these projects, the team has worked pretty hard!
At the beginning of 2015, we will start integrating these solutions and
release the PacketFence v5 series gradually with these features. In the
meantime, all our developments are available on GitHub.
Thanks!
--
Ludovic Marcotte
***@inverse.ca :: +1.514.755.3630 :: http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org)
Ludovic Marcotte
***@inverse.ca :: +1.514.755.3630 :: http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org)