ClearPass Policy Manager Data Sheet

ManualsBrandsARUBA ManualsApplicationsHPE ClearPass New Licensing Access licence - 50000 concurrent endpoints - Licence Qty: 50000 concurrent endpoints - Licensing Details: ESD

DATA SHEET

ARUBA CLEARPASS POLICY MANAGER

SPECIFICATIONS

Appliances

ClearPass is available as hardware or as a virtual appliance. Virtual

appliances are supported on VMware vSphere Hypervisor (ESXi),

Microsoft Hyper-V, CentOS KVM & Amazon EC2.

• VMware ESXi 6 up to 6.7

• Microsoft Hyper-V 2012/2016 R2 and Windows 2012/2016

R2 Enterprise

• KVM on CentOS 7.5

• Amazon AWS (EC2)

Platform

• Deployment templates for any network type, identity store

and endpoint

• 802.1X, MAC authentication and captive portal support

• ClearPass OnConnect for SNMP-based enforcement on

wired switches

• Advanced reporting, analytics and troubleshooting tools

• Interactive policy simulation and monitor mode utilities

• Multiple device registration portals – Guest, Aruba

AirGroup, BYOD, and un-managed devices

• Admin/operator access security via CAC and TLS certicates

Framework and protocol support

• RADIUS, RADIUS Dynamic Authorization, TACACS+, web

authentication, SAML v2.0

• RadSec

• EAP-FAST (EAP-MSCHAPv2, EAP-GTC, EAP-TLS)

• PEAP (EAP-MSCHAPv2, EAP-GTC, EAP-TLS, EAP-PEAP-

Public, EAP-PWD)

• TTLS (EAP-MSCHAPv2, EAP-GTC, EAP- TLS, EAP-MD5,

PAP, CHAP)

• EAP-TLS

• PAP, CHAP, MSCHAPv1, MSCHAPv2, EAP-MD5

• OAuth2

• WPA3

• Windows machine authentication

• SMB v2/v3

• Online Certicate Status Protocol (OCSP)

• SNMP generic MIB, SNMP private MIB

• Common Event Format (CEF), Log Event Extended Format

(LEEF)

Supported identity stores

• Microsoft Active Directory

• RADIUS

• Any LDAP compliant directory

• MySQL, Microsoft SQL, PostGRES and Oracle 11g

ODBC-compliant SQL server

• Token servers

• Built-in SQL store, static hosts list

• Kerberos

• Microsoft Azure Active Directory

• Google G Suite

RFC standards

2246, 2248, 2407, 2408, 2409, 2548, 2759, 2865, 2866, 2869,

2882, 3079, 3579, 3580, 3748, 3779, 4017, 4137, 4301, 4302,

4303, 4308, 4346, 4514, 4518, 4809, 4849, 4851, 4945, 5176,

5216, 5246, 5280, 5281, 5282, 5755, 5759, 6614, 6818, 6960,

7030, 7296, 7321, 7468, 7815, 8032, 8247

Internet drafts

Protected EAP Versions 0 and 1, Microsoft CHAP extensions,

dynamic provisioning using EAP-FAST, TACACS+, draft-ietf-

curdle-pkix-00 EdDSA, Ed25519, Ed448, Curve25519 and

Curve448 for X.509, draft-nourse-scep-23 (Simple Certicate

Enrollment Protocol)

Proling methods

• Active: Nmap, WMI, SSH, SNMP

• Passive: MAC OUI, DHCP, TCP, Netow v5/v10, IPFIX,

sFLOW, ‘SPAN’ Port, HTTP User-Agent, IF-MAP

• Integrated & 3rd Party: Onboard, OnGuard, ArubaOS,

EMM/MDM, Cisco device sensor

IPv6 Support

• Web and CLI based management

• IPv6 addressed authentication & authorization servers

• IPv6 accounting proxy

• IPv6 addressed endpoint context servers

• Syslog, DNS, NTP, IPsec IPv6 targets

• IPv6 Virtual IP for high availability

• HTTP Proxy

• Ingress Event Engine Syslog sources

Information assurance validations

• FIPS 140-2 – Certicate #2577

• Common Criteria NDcPP + Authentication Server

(ClearPass)