Since we are approaching the end of the year, we thought we should send you a small update of the projects we have been working on at Inverse for PacketFence.
* Multimaster Configuration - while it is possible to separate and distribute components used in PacketFence on multiple servers, having multimaster support really simplify deployments on large-scale infrastructures. By integrating proven technologies such as HAProxy, MariaDB Galera Cluster, keepalived and others, we added horizontal deployment capabilities to PacketFence. You have more users to handle, you add an other server and it will automatically integrate the cluster and obtain its configuration!
* Fingerbank Integration - a few months ago, we announced a major overhaul of the Fingerbank project. We have been working on integrating the new version in PacketFence itself. This will greatly ease the update and sharing process of fingerprints and also simplify their usage in PacketFence. The current Fingerbank database has 25 000 combinations and it’s growing by thousands every week!
* Dashboard - this project is a complete overhaul of the PacketFence dashboard which would allow easy integrating of performance indicators. The current dashboard lack such information and has issues coping with a large datasets. By integrating in PacketFence proven technologies such as Graphite, collectd and StatsD we can now generate stunning graphs while handling tons of data! Folks can also use their frontend if they prefer - as shown below with Tessera!
* PKI - sometimes, organizations want to generate a per-device TLS certificate during the registration/on-boarding. To meet this requirement, we have created a small PKI solution that integrates with Packet``Fence’s registration process. This project gives efficient yet elegant certificates management capabilities to PacketFence!
* Provisioning Agents - While our current provisioning agents do the job for EAP-PEAP, they currently lack EAP-TLS support and the configuration is not automated within PacketFence. We have greatly improved them by adding EAP-TLS support, integration with our PKI and improved the configuration and management options from the Web administrative interface of PacketFence.
* Software Defined Networking (SDN) - SDN and OpenFlow are interesting technologies and vendors are now pushing them on edge switches and WiFi controllers. We have developed an OpenDayLight plugin for PacketFence in order to support SDN-aware equipment. This allows PacketFence to push OpenFlow flows for network enforcement and thus, not rely on RADIUS or anything else. SDN will most likely play an important role in future network and PacketFence will be ready once again.
* WMI Integration - PacketFence already integrates well with vulnerability scanners and MDM/security agents. We have extended our compliance check capabilities by adding Windows Management Instrumentation (WMI) support in PacketFence. This means that PacketFence is now able to execute a set of WMI scripts on endpoints and based on the results, proceed with an action such as auto-registering the device, quarantining it and more.
* Checkpoint Integration - We currently support firewall-SSO with Barracuda, Fortigate and PaloAlto firewalls. This project extends our current support to include Checkpoint-based firewalls for SSO.
As you can see with all these projects, the team has worked pretty hard! At the beginning of 2015, we will start integrating these solutions and release the PacketFence v5 series gradually with these features. In the meantime, all our developments are available on GitHub.
Back to 2014