Implementing Posture Checks

Hi Ziti Team, I am having trouble understanding how to implement a Posture Check and what exactly it does. How can I implement a posture check that will only allow for Mac operating systems?

Hi @Rocket. Were you able to find Posture Checks | OpenZiti ?

To make a posture check that only permits MacOS you would:

  • ziti edge create posture-check os MacOS-Only-Posture-Check --os "macOS"
  • refer to the posture check when you make a service-policy: create service-policy MacOS-Only-Service-Bind Bind --posture-check-roles "@MacOS-Only-Posture-Check"

That give you enough information? As to what exactly it’ll do, it’ll make sure you are using MacOS in order to Bind/Dial the service. There are numerous kinds of posture checks you can add, you can add the version if you want to check that, etc.

I am using Windows and I want to test that if I create a posture check for a MacOS only that I wouldn’t be able to access the service via my Windows client. Could you assist me in showing me how I could create this posture check via the ziti console?

Thank you for all your help

Sure thing; in your console, navigate to "Recipes" and select the "Posture Check" tab.

Here, I've created a posture check to only allow identities with Mac OS 10.5 or greater.

In order to apply this to a service, you would create a service policy and select the posture check you want to apply. Here I've created a bind policy, so this will only allow a Mac OS device to bind to this service. Alternatively, this could be a dial service if you only want Mac users to be able to access this service.

Hopefully, this gets you where you need to be, let me know if you need more help with this.