HPE Aruba Networking ClearPass

Key features

• Role-based, unified network access enforcement across  multi-vendor wireless, wired and VPN networks.
• Intuitive policy configuration templates and visibility troubleshooting tools. 
• Supports multiple authentication/ authorization sources (AD, LDAP, SQL).
• Self-service device onboarding with built-in certificate authority (CA) for BYOD.
• Guest access with extensive customization, branding and sponsor-based approvals.
• HPE Aruba Networking’s ClearPass Policy Manager, part of the HPE Aruba Networking 360 Secure Fabric, provides role- and device-based secure network access control for IoT, BYOD, corporate devices, as well as employees, contractors and guests across any multivendor wired, wireless and VPN infrastructure. 
• With a built-in context-based policy engine, RADIUS, TACACS+, non-RADIUS enforcement using OnConnect, device profiling, posture assessment, onboarding, and guest access options, ClearPass is unrivaled as a foundation for network security for organizations of any size.
• For comprehensive integrated security coverage and response using firewalls, UEM and other existing solutions, ClearPass supports the HPE Aruba Networking 360 Security Exchange Program. This allows for automated threat detection and response workflows that integrate with third-party 
• The result is detailed visibility of all wired and wireless devices connecting to the enterprise, increased control through simplified and automated authentication or authorization of devices, and faster, better incident analysis and response through the integration and orchestration with third-party security solutions. This is achieved with a comprehensive and scalable policy management platform that goes beyond traditional AAA solutions to deliver extensive enforcement capabilities for  IT-owned and BYOD security requirements.

The ClearPass difference

• HPE Aruba Networking ClearPass is the only policy platform that centrally enforces all aspects of enterprise-grade access security for any industry. Granular policy enforcement is based on a user’s role, device type and role, authentication method, UEM attributes, device health, traffic patterns, location, and time-of-day.
• Deployment scalability supports tens of thousands of devices and authentications which surpasses the capabilities offered by legacy AAA solutions. Options exist for small to large organizations, from centralized to distributed environments.

Secure device configuration of personal devices

• ClearPass Onboard provides automated provisioning of any Windows, macOS, iOS, Android™, Chromebook™, and Ubuntu devices via a user driven self-guided portal. Network details, security settings and unique device identity certificates are automatically configured on authorized devices. Cloud identity services like Microsoft Azure Active Directory, Google™ G Suite and Okta can also be leveraged as identity providers with Onboard for secure certificate enrollment.

Device health checks

• ClearPass OnGuard delivers endpoint posture assessments over wireless, wired and VPN connections. OnGuard’s health check capabilities ensure endpoints meet security and compliance policies before they connect to the network. OnGuard offers a variety of flexible deployment options including agentless, dissolvable agents and agent-based configuration.

Customizable visitor management

• ClearPass Guest simplifies visitor workflow processes to enable employees, receptionists, and other non-IT staff to create temporary guest accounts for secure wireless and wired access. Highly customizable, mobile friendly portals provide easy-to-use login processes that include self-registration, sponsor approval, and bulk credential creation support any visitor needs — enterprise, retail, education, large public venue. Credentials can be delivered by SMS, email, printed badges, or input directly through cloud identity providers such as Facebook or Twitter.

Specifications

Appliances

• HPE Aruba Networking ClearPass is available as hardware or as a virtual appliance. Virtual appliances are supported on VMware vSphere® Hypervisor (ESXi™), Microsoft Hyper-V, CentOS KVM, Amazon EC2 and Microsoft Azure.
•  VMware ESXi up to 8.0
• Microsoft Hyper-V 2016/2019 R2/2019 
• KVM on CentOS 7.7. Ubuntu 18.04, and Ubuntu 20.04 
• Amazon AWS (EC2) 
• Microsoft Azure

Platform

•  Deployment templates for any network type, identity store and endpoint
• 802.1X, MAC authentication and captive portal support 
• ClearPass OnConnect for SNMP-based enforcement on wired switches 
• Advanced reporting, analytics and troubleshooting tools 
• Interactive policy simulation and monitor mode utilities 
• Multiple device registration portals — Guest, HPE Aruba Networking AirGroup, BYOD, and un-managed devices 
• Admin/operator access security via CAC and TLS certificates

Advanced reporting and alerting

• HPE Aruba Networking ClearPass Insight provides advanced reporting capabilities via customizable reports. Information about authentication trends, profiled devices, guest data, onboarded devices, and endpoint health can also be viewed in an  easy-to-use dashboard. Insight also has support for granular alerts and a watchlist to monitor specific authentication failures