ClearPass Policy Manager Data Sheet

ManualsBrandsARUBA ManualsApplicationsHPE ClearPass New Licensing Access licence - 50000 concurrent endpoints - Licence Qty: 50000 concurrent endpoints - Licensing Details: ESD

DATA SHEET

ARUBA CLEARPASS POLICY MANAGER

ADVANCED POLICY MANAGEMENT

Enforcement and visibility for wired and wireless

With ClearPass, organizations can deploy wired or wireless

using standards-based 802.1X enforcement for secure

authentication. ClearPass also supports MAC address

authentication for IoT and headless devices that may lack

support for 802.1X. For wired environments where RADIUS

based authentication cannot be deployed, OnConnect, oers

an alternative using SNMP based enforcement.

Authentication methods can be used to concurrently support

a variety of use-cases. It also includes support for multi-

factor authentication based on log-in times, posture checks,

and other context such as new user, new device, and more.

Attributes from multiple identity stores such as Microsoft Active

Directory, LDAP-compliant directory, ODBC-compliant SQL

database, token servers and internal databases across domains

can be used within a single policy for ne- grained control.

Contextual data from these proled devices allows for IT

to dene what devices can access either the wired, VPN, or

wireless network. Device prole changes are dynamically

used to modify authorization privileges. For example, if a

Windows laptop appears as a printer, ClearPass policies can

automatically deny access.

Secure device conguration of personal devices

ClearPass Onboard provides automated provisioning of any

Windows, macOS, iOS, Android, Chromebook, and Ubuntu

devices via a user driven self-guided portal. Network details,

security settings and unique device identity certicates

are automatically congured on authorized devices. Cloud

identity services like Microsoft Azure Active Directory, Google

G Suite and Okta can also be leveraged as identity providers

with Onboard for secure certicate enrollment.

Device health checks

ClearPass OnGuard delivers endpoint posture assessments

over wireless, wired and VPN connections. OnGuard’s

health-check capabilities ensure endpoints meet security

and compliance policies before they connect to the

network. OnGuard oers a variety of exible deployment

options including agentless, disolvable agents and agent-

based conguration.

Customizable visitor management

ClearPass Guest simplies visitor workow processes to

enable employees, receptionists, and other non-IT sta to

create temporary guest accounts for secure wireless and

wired access. Highly customizable, mobile friendly portals

provide easy-to-use login processes that include self-

registration, sponsor approval, and bulk credential creation

support any visitor needs – enterprise, retail, education,

large public venue. Credentials can be delivered by SMS,

email, printed badges, or input directly through cloud identity

providers such as Facebook or Twitter.

Built in support for commercial oriented guest Wi-Fi hotspots

with credit card billing and 3rd party advertising driven workows

make it simple to integrate into a wide variety of environments.

ARUBA 360 SECURITY EXCHANGE PROGRAM

Integrate with security and workow systems

Support for the Aruba 360 Security Exchange Program is an

integrated component of ClearPass. Using features like REST-

based APIs, RADIUS Accounting Proxy, and Syslog ingestion

help facilitate workows with EMM/MDM, SIEM, rewalls,

help-desk systems and more. Context is shared between each

component for end-to-end policy enforcement and visibility.

The ClearPass Ingress Event Engine provides 3rd party

systems the means to share information in real-time using

Syslog. This enables ClearPass to respond to changing

threats for users and devices after they have authenticated

to the network. By utilizing an open dictionary approach,

anyone can write a parsing ruleset without the need for

costly add-ons or locked in 3rd party ecosystems.

ADVANCED REPORTING AND ALERTING

ClearPass Insight provides advanced reporting capabilities

via customizable reports. Information about authentication

trends, proled devices, guest data, on-boarded devices,

and endpoint health can also be viewed in an easy to use

dashboard. Insight also has support for granular alerts and a

watchlist to monitor specic authentication failures.