ClearPass Policy Manager Platform
Table Of Contents
QuickSpecs
Aruba ClearPass Policy Manager Platform
Overview
Page
3
Aruba 360 Security Exchange Program
Integrate with security and workflow systems
Support for the Aruba 360 Security Exchange Program is an integrated component of ClearPass. Using features like REST
-based
APIs, RADIUS Accounting Proxy, and Syslog ingestion help facilitate workflows with EMM/MDM,
SIEM, firewalls, help-desk systems
and more. Context is shared between each component for end
-to-end policy enforcement and visibility.
The ClearPass Ingress Event Engine provides 3rd party systems the means to share information in real
-time using Syslog. This
enables ClearPass to respond to changing threats for users and devices after they have authenticated to the network. By utili
zing
an open dictionary approach, anyone can write a parsing ruleset without the need for costly add
-ons or locked in 3rd party
ecosystems.
Advanced Reporting and Alerting
ClearPass Insight provides advanced reporting capabilities via customizable reports. Information about authentication trends,
profiled devices, guest data, on
-boarded devices, and endpoint health can also be viewed in an easy to use dashboard. Insight also
has support for granular alerts and a watchlist to monitor specific authentication failures.
Specifications
Appliances
ClearPass is available as hardware or as a virtual appliance.
Virtual appliances are supported on VMware vSphere Hypervisor (ESXi
), Microsoft Hyper-V, CentOS KVM & Amazon EC2.
• VMware ESXi 5.5 up to 6.5 Update 1
• Microsoft Hyper-V 2012/2016 R2 and Windows 2012/2016 R2 Enterprise
• KVM on CentOS 6.6, 6.7 and 6.8
• Amazon EC2
Platform
• Deployment templates for any network type, identity store and endpoint
• 802.1X, MAC authentication and captive portal support
• ClearPass OnConnect for SNMP-based enforcement on wired switches
• Advanced reporting, analytics and troubleshooting tools
• Interactive policy simulation and monitor mode utilities
• Multiple device registration portals - Guest, Aruba AirGroup, BYOD, and un-managed devices
• Admin/operator access security via CAC and TLS certificates
Framework and protocol support
• RADIUS, RADIUS CoA, TACACS+, web authentication, SAML v2.0
• EAP-FAST (EAP-MSCHAPv2, EAP-GTC, EAP-TLS)
• PEAP (EAP-MSCHAPv2, EAP-GTC, EAP-TLS, EAP-PEAP-Public, EAP-PWD)
• TTLS (EAP-MSCHAPv2, EAP-GTC, EAP- TLS, EAP-MD5, PAP, CHAP)
• EAP-TLS
• PAP, CHAP, MSCHAPv1 and 2, EAP-MD5
• OAuth2
• Windows machine authentication
• SMB v2/v3
• Online Certificate Status Protocol (OCSP)
• SNMP generic MIB, SNMP private MIB
• Common Event Format (CEF), Log Event Extended Format (LEEF)
Supported identity stores
• Microsoft Active Directory
• RADIUS
• Any LDAP compliant directory