Trusted network detection (TND) enables the UCC to work with Umbrella virtual appliances (VAs) so that a network (for example, an on-premise network) protected by VAs can be trusted by the UCC.
With TND enabled, a Chromebook-specific policy can take precedence over other policies by using the Chromebook user's identity.
How trusted network detection works
When the UCC detects a VA in a network, it sends the Chromebook user's identity to the VA and then deactivates. The VA continues to handle DNS requests from Chromebooks by appending the users' identities to all requests to Umbrella resolvers.
When the UCC fails to detect a VA, the UCC directly sends DNS requests to Umbrella resolvers.
Prerequisites
Software Requirements
The following minimum software versions are required.
- UCC extension 1.2.0
- UCC app 1.2.5
- VA 2.3.2
Network Access
The following network access is required for TND to work.
443 (TCP)
Virtual Appliances
The UCC uses port 443 to communicate with VAs on the network.
Before you Begin
- You must have VAs deployed in your environment. Refer to the Virtual Appliance Setup Guide.
- The Cisco root certificate must be installed on all Chromebooks within your network. See Download the Certificate. This certificate can be deployed across your Chromebooks using the Google Admin console. Refer to Set up certificates from Google's documentation.
Deployment
To deploy trusted network detection, follow the instructions in the Umbrella Chromebook client deployment guide, with these exceptions:
- Use search strings above
- Add the section "vaIPs" (see below) to the downloaded configuration file.
To use trusted network detection, your configuration file must include:
- The "vaIPs" values in the format as shown below
- IP values must be each enclosed in double quotes, separated by a comma.
- All VAs on your network must be added. If a client encounters a VA not configured in its profile, the expected Chromebook-driven policy will not apply.
{
"organizationInfo":{
"Value":{
"organizationId":1234567,
"regToken":"GtTYPQfgSzQtGzYUrINmbjgTu5XriDtn"
}
},
"vaIPs":{
"Value":[
"192.168.100.10",
"192.168.100.11"
]
}
}
To use the G Suite identity service, update your config file with the G Suite flag as shown below:
{
"organizationInfo":{
"Value":{
"organizationId":1234567,
"regToken":"GtTYPQfgSzQtGzYUrINmbjgTu5XriDtn"
}
},
"vaIPs":{
"Value":[
"192.168.100.10",
"192.168.100.11"
]
},
"googleDirectoryService": {
"Value": true
}
}Configuring Chromebook Policies < Trusted Network Detection > FAQ: Chromebook Client
Updated about a month ago