The most advanced policy management platform available



Similar documents
ARUBA CLEARPASS POLICY MANAGER

ClearPass Policy Manager

THE CLEARPASS ACCESS MANAGEMENT SYSTEM

ClearPass: Understanding BYOD and today s evolving network access security requirements

CLEARPASS EXCHANGE: SHARE RICH, CONTEXTUAL DATA TO BUILD A COORDINATED AND ADAPTIVE MOBILITY DEFENSE

Conquering today s bring-your-own-device challenges

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

CLEARPASS ONGUARD CONFIGURATION GUIDE

Cisco Secure Control Access System 5.8

Aruba ClearPass Access Management System FREQUENTLY ASKED QUESTIONS

THE ARUBA ADAPTIVE TRUST DEFENSE FOR SECURE ENTERPRISE MOBILITY

Addressing BYOD Challenges with ForeScout and Motorola Solutions

Conquering Today s Bring Your Own Device Challenges. A framework for successful BYOD initiatives

Conquering today s bring-your-own-device challenges. A framework for successful BYOD initiatives

BYOD: BRING YOUR OWN DEVICE.

Cisco Secure Access Control System 5.5

Leveraging Bring Your Own Device Programs Network Services Engineered to Enable Employee Choice, Mobility and Security.

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

Cisco IT Validates Rigorous Identity and Policy Enforcement in Its Own Wired and Wireless Networks

Paul Cochran - Account Manager. Chris Czerwinski System Engineer

Models HP IMC Smart Connect Edition Virtual Appliance Software E-LTU

Cisco TrustSec How-To Guide: Planning and Predeployment Checklists

ClearPass Policy Manager

On-boarding and Provisioning with Cisco Identity Services Engine

solution guide DLNA, AIRPLAY AND AIRPRINT ON CAMPUS NETWORKS

HP Intelligent Management Center User Access Management Software

Avaya Identity Engines Portfolio

WHITE PAPER COMBATANT COMMAND (COCOM) NEXT-GENERATION SECURITY ARCHITECTURE USING NSA SUITE B

Cisco Identity Services Engine

PARTNEREDGE PROGRAM EUROPE, MIDDLE EAST AND AFRICA

Cisco TrustSec Solution Overview

Extreme Access Control For Healthcare

Aruba-Certified Design Expert (ACDX) Study Guide

Network Access Control (NAC) for Healthcare

Authentication. Authentication in FortiOS. Single Sign-On (SSO)

PartnerEdge Program. » Europe, Middle East and Africa

SOSPG2. Implementing Network Access Controls. Nate Isaacson Security Solution Architect

Bring Your Own ipad to Work January 2011

Systems Manager Cloud-Based Enterprise Mobility Management

» WHITE PAPER X and NAC: Best Practices for Effective Network Access Control.

ARUBA WIRELESS AND CLEARPASS 6 INTEGRATION GUIDE. Technical Note

HP IMC Smart Connect w/wlan Manager Virtual Appliance Software

solution brief ID Manager Leverage the Cloud to Simplify and Automate Enterprise Guest Management

Cisco Secure Access Control Server 4.2 for Windows

XenMobile Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series

Technical Note. CounterACT: 802.1X and Network Access Control

WHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment Adaptive Network Security...

WHITEPAPER. Addressing Them with Secure Network Access Control. Executive Summary... An Evolving Network Environment... 2

AAA & Captive Portal Cloud Service TM and Virtual Appliance

RFI Template for Enterprise MDM Solutions

Deploying iphone and ipad Virtual Private Networks

Palo Alto Networks User-ID Services. Unified Visitor Management

Policy Management: The Avenda Approach To An Essential Network Service

MDM Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series

FortiAuthenticator. User Authentication and Identity Management. Last Updated: 17 th April Copyright Fortinet Inc. All rights reserved.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication

Bring Your Own Design: Implemen4ng BYOD Without Going Broke or Crazy. Eric Stresen- Reuter Technical Director Ruckus Wireless

TrustSec How-To Guide: On-boarding and Provisioning

The Aruba MOVE Architecture: Integrating Access Management, Network Infrastructure and Mobility Applications

ClearPass Release Notes

Securing BYOD With Network Access Control, a Case Study

Systems Manager Cloud Based Mobile Device Management

The User is Evolving. July 12, 2011

This chapter covers the following topics: Network admission control overview NAC Framework benefits NAC Framework components Operational overview

Avaya Identity Engines Portfolio

Network Access Security It's Broke, Now What? June 15, 2010

Reduce Enterprise Mobility Costs, Increase Remote Access Security. connectivity quicklink mobility

CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module MaaS360 Version ForeScout Mobile

OneFabric Connect. Overview. Extend the OneFabric architecture to 3rd party applications DATA SHEET BENEFITS BUSINESS ALIGNMENT

Strengthen security with intelligent identity and access management

MANAGE SECURE ACCESS TO APPLICATIONS BASED ON USER IDENTITY. EMEA Webinar July 2013

Request for Proposal MDM Offeror s Questions for RFP for Virtual Private Network Solution (VPN)

How To Improve Your Network Security

Avaya Identity Engines Portfolio

What We Do: Simplify Enterprise Mobility

ALCATEL-LUCENT ENTERPRISE CONVERGED NETWORK SOLUTION Deliver a consistent and quality user experience, streamline operations and reduce costs

ARUBA RAP-3 REMOTE ACCESS POINT

How To Manage A Corporate Device Ownership (Byod) On A Corporate Network (For Employees) On An Iphone Or Ipad Or Ipa (For Non-Usenet) On Your Personal Device

Bring Your Own ipad to Work

ForeScout CounterACT. Continuous Monitoring and Mitigation

Stefan Dürnberger. Consulting Systems Engineer Cisco Deutschland. sduernbe@cisco.com. Co-Author Bitkom Leitfaden BYOD

BYOD How-To Guide. How do I securely deliver my company s applications and data to BYOD?

ENTERPRISE MOBILITY ENABLE YOUR NETWORKS TO SUPPORT ENTERPRISE MOBILITY

Big Data Driven Security for BYOD. Photo by Marc_Smith - Creative Commons Attribution License

ClearPass Policy Manager 6.1

Data Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement

Effective Network Access Control in a Wireless World

ARUBA NETWORKS DESIGNS AND DELIVERS MOBILITY-DEFINED NETWORKS THAT EMPOWER A NEW GENERATION OF TECH-SAVVY USERS

Meru Connect. Easy to use, flexible guest access. Simplified BYOD on-boarding and policy management. For any user on any network with any device

Meru Connect. Easy to use, flexible guest access. Simplified BYOD on-boarding and policy management.

McAfee Enterprise Mobility Management Performance and Scalability Guide

ForeScout MDM Enterprise

Workspot Enables Spectrum of Trust. Photo by Marc_Smith - Creative Commons Attribution License

PRODUCT CATEGORY BROCHURE

Beyond the Firewall No. 71 February, 2012 Network Access Control Edition

Good MDM Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series

The ForeScout Difference

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

ALCATEL-LUCENT OMNIVISTA 2500 NETWORK MANAGEMENT SYSTEM

Transcription:

Aruba Policy Manager The most advanced policy management platform available The platform provides role- and device-based network access control for employees, contractors and guests across any wired, wireless and VPN infrastructure. With built-in RADIUS, TACACS+, device profiling and posture assessment, onboarding, guest access, and a comprehensive context-based policy engine, is unrivaled as a foundation for network security in any organization. can be extended to third-party security and IT systems using REST-based APIs to automate workflows that previously required manual IT intervention. It integrates with mobile device management to leverage device inventory and posture information, which enables better-informed policy decisions. In addition to automating mobility services, supports self-service capabilities for end users. Users can securely configure their own devices for enterprise use and register AirPlay-, AirPrint-, DLNA-, and UPnP-enabled devices for sharing. The result is a comprehensive and scalable access management platform that goes beyond traditional AAA solutions to deliver consistent policies for IT-owned and bring-your-own-device (BYOD) security requirements. Key features Role-based network access enforcement for multivendor Wi-Fi, wired and VPN networks. Industry-leading performance, scalability, high availability and load balancing. Web-based interface simplifies policy configuration and troubleshooting. Supports NAC, Microsoft NAP posture and health checks, and MDM integration for mobile device posture checks. Auto Sign-On and single sign-on (SSO) support via SAML v2.0. Advanced reporting of all user authentications and failures. HTTP/RESTful APIs for integration with third party systems such as SIEM, Internet security and MDM. Device profiling and self-service onboarding. Guest access with extensive branding and customization and sponsor-based approvals. IPv6 administration support THE CLEARPASS DIFFERENCE The Policy Manager is the only NAC solution that centrally enforces all aspects of enterprise mobility from a single platform. Granular network access privileges are granted based on a user s role, device type, MDM attributes, device health, location, and time-of-day. Offering unsurpassed interoperability, supports an extensive collection of multivendor wireless, wired and VPN networking equipment which enables IT to easily rollout secure mobility policies across any infrastructure. With flexible deployment options, IT can start by providing sponsored guest access and let employees self-configure their own devices, and later add MDM. scales to support tens of thousands of devices and users. UNPRECEDENTED SIMPLICITY Centrally-defined policies and enforcement eliminates the need for multiple AAA and policy management systems, which strengthens an organization s overall security architecture. A host of built-in capabilities lets IT quickly adapt to changing network access challenges.

An easy-to-use template-based interface provides an efficient way to create network access and authentication services, regardless of current identity stores, authentication methods or enforcement models. Policy Manager is also a valuable security operations and troubleshooting infrastructure that delivers unprecedented visibility to quickly identify network issues, and policy and security vulnerabilities. ADVANCED POLICY MANAGEMENT Employee access Policy Manager offers user and device authentication based on 802.1X, non-802.1x and web portal access methods. Multiple authentication protocols like PEAP, EAP-FAST, EAP-TLS, EAP-TTLS, and EAP-PEAP-Public can be used concurrently to strengthen security in any environment. Attributes from multiple identity stores such as Microsoft Active Directory, LDAP-compliant directory, ODBC-compliant SQL database, token servers and internal databases across domains can be used within a single policy for finegrained control. Additionally, posture assessments and remediation can be added to existing policies at any time. Built-in device profiling has the only built-in profiling service that discovers and classifies all endpoints, regardless of device type. A variety of contextual data MAC OUIs, DHCP fingerprinting and other identity-centric device data can be obtained and used within policies. Stored profiling data is used to identify device profile changes and to dynamically modify authorization privileges. For example, if a printer appears as a Windows laptop, Policy Manager can automatically deny access. Access for unmanaged endpoints Unmanaged non-802.1x devices printers, IP phones and IP cameras can be identified as known or unknown upon connecting to the network. The identity of these devices is based on the presence of their MAC address in an external or internal database. Secure device configuration of personal devices Onboard fully automates the provisioning of any Windows, Mac OS X, ios, Android, Chromebook, and Ubuntu devices via a built-in captive portal. Valid users are redirected to a template-based interface to configure required SSIDs, 802.1X settings, and download unique device credentials. Additional capabilities include the ability for IT to revoke and delete credentials for lost or stolen devices, and the ability to configure mobile email settings for Exchange ActiveSync and VPN clients on some device types. Customizable visitor management Guest simplifies workflow processes so that receptionists, employees and other non-it staff to create temporary guest accounts for secure Wi-Fi and wired network access. Self-registration allows guests to create their credentials. Customizable captive portal capabilities let IT and marketing organizations create a branded guest login experience with targeted advertising and user code-of-conduct messaging. Self-registration and automated credential delivery also streamlines IT operations. Device health checks OnGuard, as well as separate OnGuard persistent or dissolvable agents, perform advanced endpoint posture assessments. Traditional NAC health-check capabilities ensure compliance and network safeguards before devices connect. Information about endpoint integrity such as status of anti-virus, anti-spyware, firewall, and peer-to-peer applications can be used to enhance authorization policies. Automatic remediation services are also available for non-compliant devices. ADDITIONAL POLICY MANAGEMENT CAPABILITIES Integrate with security and workflow systems Exchange offers a set of syslog data flows and RESTbased APIs that can be used to facility interoperability with MDM, SIEM like Splunk, PMS, call centers, admission systems and more. Built-in integration with MobileIron, AirWatch, SAP Afaria, Citrix, JAMF, SOTI and IBM/MaaS360 makes it easy to use attributes collected by an MDM agent to enforce network policies. A device can be denied Wi-Fi access if it s jailbroken, running blacklisted apps or the owner isn t in an authorization database.

Connect and work apps are good to go Auto Sign-On capabilities make it infinitely easy to access work apps on mobile devices. Instead of a single signon, which requires everyone to manually login to the network and apps, Auto Sign-On leverages the network login and automatically authenticates users to enterprise mobile apps so they can get right to work. can be configured as an Identity Provider (IdP) to work with Ping, Okta and other identity management tools so that users can access SAML-based applications for an improved and secure mobility experience. Extensive captive portal support provides a central captive portal for authentication that works on Aruba and any other multivendor wired and wireless network. This eliminates the need for separate Wi-Fi and wired captive portals. Policy Manager appliances The Policy Manager is available as hardware or a virtual appliance that supports 500, 5,000 and 25,000 authenticating devices. Virtual appliances are supported on VMware ESX and ESXi platforms, versions ESX 4.0, ESXi 4.0, 5.0 and 5.5. Virtual appliances, as well as the hardware appliances, can be deployed within a cluster to increase scalability and redundancy. SPECIFICATIONS Aruba Clearpass Policy Manager Comprehensive identity-based policy engine. Posture agents for Windows, Mac OS X, Linux operating systems. Built-in AAA services RADIUS, TACACS+ and Kerberos. Web, 802.1X, non-802.1x authentication and authorization. Reporting, analytics and troubleshooting tools. External captive portal redirect to multivendor equipment. Interactive policy simulation and monitor mode utilities. Deployment templates for any network type, identity store and endpoint. User-initiated device registration Aruba AirGroup and unmanaged devices. Framework and protocol support RADIUS, RADIUS CoA, TACACS+, web authentication, SAML v2.0 EAP-FAST (EAP-MSCHAPv2, EAP-GTC, EAP-TLS) PEAP (EAP-MSCHAPv2, EAP-GTC, EAP-TLS, EAP-PEAP-Public) TTLS (EAP-MSCHAPv2, EAP-GTC, EAP- TLS, EAP-MD5, PAP, CHAP) EAP-TLS PAP, CHAP, MSCHAPv1 and 2, EAP-MD5 Wireless and wired 802.1X and VPN Microsoft NAP, NAC Windows machine authentication MAC auth (non-802.1x devices) Audit (rules based on port and vulnerability scans) Supported identity stores Microsoft Active Directory Kerberos Any LDAP compliant directory Any ODBC-compliant SQL server Token servers Built-in SQL store Built-in static hosts list RFC standards 2246, 2248, 2548, 2759, 2865, 2866, 2869, 2882, 3079, 3576, 3579, 3580, 3748, 4017, 4137, 4849, 4851, 5216, 528, 7030. Internet drafts Protected EAP Versions 0 and 1, Microsoft CHAP extensions, dynamic provisioning using EAP-FAST, TACACS+. Information assurance validations FIPS 140-2 compliant Certificate #1747

Policy Manager-500 Policy Manager-5K Policy Manager-25K APPLIANCE SPECIFICATIONS CPU (1) Dual Core Pentium (1) Quad Core Xeon (2) Six Core Xeon Memory 4 GB 8 GB 64 GB Hard drive storage (1) 3.5 SATA (7K RPM) 500GB hard drive (2) 3.5 SATA (7.2K RPM) 500GB hard drives, RAID-1 controller (6) 2.5 SAS (10K RPM) 600GB Hot-Plug hard drives, RAID-10 controller APPLIANCE SCALABILITY Maximum devices 500 5,000 25,000 FORM FACTOR Dimensions (WxHxD) 16.8 x 1.7 x 14 17.53 x 1.7 x 16.8 17.53 x 1.7 x 27.8 Weight (Max Config) 14 Lbs 18 Lbs Up to 39 Lbs POWER Power consumption (maximum) 260 watts max 250 watts max 750 watts max Power supply Single Single Dual hot-swappable (optional) AC input voltage 100/240 VAC auto-selecting 100/240 VAC auto-selecting 100/240 VAC auto-selecting AC input frequency 50/60 Hz auto-selecting 50/60 Hz auto-selecting 50/60 Hz auto-selecting ENVIRONMENTAL Operating temperature 10º C to 35º C (50º F to 95º F) 10º C to 35º C (50º F to 95º F) 10º C to 35º C (50º F to 95º F) Operating vibration Operating shock Operating altitude

ORDERING GUIDANCE Ordering the Policy Manager involves the following steps: 1. Determine the number of authenticated endpoints/devices in your environment. Additionally, select optional functionality, such as guests per day, total BYO devices being configured for enterprise use, and total number of computers requiring health checks. 2. Choose the appropriate platform (either virtual or hardware appliance) sized to accommodate the total number of devices and guests that will require authentication for your deployment. Ordering Information Part Number Description CP-HW-500 or CP-VA-500 Aruba Policy Manager 500 hardware platform supporting a maximum of 500 authenticated devices CP-HW-5K or CP-VA-5K Aruba Policy Manager 5K hardware platform supporting a maximum of 5,000 authenticated devices CP-HW-25K or CP-VA-25K Aruba Policy Manager 25K hardware platform supporting a maximum of 25,000 authenticated devices Expandable application software* Onboard device configuration and certificate management OnGuard endpoint device health Guest visitor access management Warranty Hardware 1 year parts/labor** Software 90 days** * Expandable application software is available in the following increments: 100, 500, 1,000, 2,500, 5,000, 10,000, 25,000, 50,000 and 100,000. ** Extended with support contract 1344 Crossman Ave Sunnyvale, CA 94089 1.866.55.ARUBA T: 1.408.227.4500 FAX: 1.408.227.4550 info@arubanetworks.com www.arubanetworks.com 2014 Aruba Networks, Inc. Aruba Networks, Aruba The Mobile Edge Company (stylized), Aruba Mobilty Management System, People Move. Networks Must Follow., Mobile Edge Architecture, RFProtect, Green Island, ETIPS, ClientMatch, Bluescanner and The All Wireless Workspace Is Open For Business are all Marks of Aruba Networks, Inc. in the United States and certain other countries. The preceding list may not necessarily be complete and the absence of any mark from this list does not mean that it is not an Aruba Networks, Inc. mark. All rights reserved. Aruba Networks, Inc. reserves the right to change, modify, transfer, or otherwise revise this publication and the product specifications without notice. While Aruba Networks, Inc. uses commercially reasonable efforts to ensure the accuracy of the specifications contained in this document, Aruba Networks, Inc. will assume no responsibility for any errors or omissions. DS_PolicyManager_101314

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information