ARUBA CLEARPASS POLICY MANAGER



Similar documents
The most advanced policy management platform available

ClearPass Policy Manager

ClearPass: Understanding BYOD and today s evolving network access security requirements

THE CLEARPASS ACCESS MANAGEMENT SYSTEM

Cisco Secure Control Access System 5.8

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

THE ARUBA ADAPTIVE TRUST DEFENSE FOR SECURE ENTERPRISE MOBILITY

Addressing BYOD Challenges with ForeScout and Motorola Solutions

Cisco Secure Access Control System 5.5

Aruba ClearPass Access Management System FREQUENTLY ASKED QUESTIONS

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

CLEARPASS EXCHANGE: SHARE RICH, CONTEXTUAL DATA TO BUILD A COORDINATED AND ADAPTIVE MOBILITY DEFENSE

Conquering today s bring-your-own-device challenges

Cisco IT Validates Rigorous Identity and Policy Enforcement in Its Own Wired and Wireless Networks

CLEARPASS ONGUARD CONFIGURATION GUIDE

BYOD: BRING YOUR OWN DEVICE.

WHITE PAPER COMBATANT COMMAND (COCOM) NEXT-GENERATION SECURITY ARCHITECTURE USING NSA SUITE B

Conquering Today s Bring Your Own Device Challenges. A framework for successful BYOD initiatives

Conquering today s bring-your-own-device challenges. A framework for successful BYOD initiatives

Cisco Secure Access Control Server 4.2 for Windows

Cisco TrustSec How-To Guide: Planning and Predeployment Checklists

solution guide DLNA, AIRPLAY AND AIRPRINT ON CAMPUS NETWORKS

Aruba-Certified Design Expert (ACDX) Study Guide

ENTERPRISE MOBILITY ENABLE YOUR NETWORKS TO SUPPORT ENTERPRISE MOBILITY

On-boarding and Provisioning with Cisco Identity Services Engine

ARUBA CLEARPASS HARDENING GUIDE

PARTNEREDGE PROGRAM EUROPE, MIDDLE EAST AND AFRICA

Request for Proposal MDM Offeror s Questions for RFP for Virtual Private Network Solution (VPN)

Paul Cochran - Account Manager. Chris Czerwinski System Engineer

ARUBA NETWORKS DESIGNS AND DELIVERS MOBILITY-DEFINED NETWORKS THAT EMPOWER A NEW GENERATION OF TECH-SAVVY USERS

ARUBA WIRELESS AND CLEARPASS 6 INTEGRATION GUIDE. Technical Note

Leveraging Bring Your Own Device Programs Network Services Engineered to Enable Employee Choice, Mobility and Security.

Policy Management: The Avenda Approach To An Essential Network Service

Palo Alto Networks User-ID Services. Unified Visitor Management

PartnerEdge Program. » Europe, Middle East and Africa

Cisco Identity Services Engine

Cisco TrustSec Solution Overview

HP Intelligent Management Center User Access Management Software

Models HP IMC Smart Connect Edition Virtual Appliance Software E-LTU

Authentication. Authentication in FortiOS. Single Sign-On (SSO)

AAA & Captive Portal Cloud Service TM and Virtual Appliance

SOSPG2. Implementing Network Access Controls. Nate Isaacson Security Solution Architect

Stefan Dürnberger. Consulting Systems Engineer Cisco Deutschland. sduernbe@cisco.com. Co-Author Bitkom Leitfaden BYOD

Systems Manager Cloud-Based Enterprise Mobility Management

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication

Primary and Secondary Education Best Practices

NCP Secure Enterprise Management Next Generation Network Access Technology

ClearPass Release Notes

TrustSec How-To Guide: On-boarding and Provisioning

FortiAuthenticator. User Authentication and Identity Management. Last Updated: 17 th April Copyright Fortinet Inc. All rights reserved.

Avaya Identity Engines Portfolio

ARUBA RAP-3 REMOTE ACCESS POINT

NCP Secure Enterprise Management Next Generation Network Access Technology

» WHITE PAPER X and NAC: Best Practices for Effective Network Access Control.

RAD-Series RADIUS Server Version 7.1

Bring Your Own Design: Implemen4ng BYOD Without Going Broke or Crazy. Eric Stresen- Reuter Technical Director Ruckus Wireless

ALCATEL-LUCENT ENTERPRISE CONVERGED NETWORK SOLUTION Deliver a consistent and quality user experience, streamline operations and reduce costs

Data Sheet. NCP Secure Enterprise Management. Next Generation Network Access Technology

Technical Note. CounterACT: 802.1X and Network Access Control

HP IMC Smart Connect w/wlan Manager Virtual Appliance Software

How To Improve Your Network Security

Meru Connect. Easy to use, flexible guest access. Simplified BYOD on-boarding and policy management. For any user on any network with any device

Bring Your Own ipad to Work January 2011

Meru Connect. Easy to use, flexible guest access. Simplified BYOD on-boarding and policy management.

802.1x in the Enterprise Network

Data Sheet. NCP Secure Enterprise Management. General description. Highlights

ForeScout CounterACT. Continuous Monitoring and Mitigation

The Aruba MOVE Architecture: Integrating Access Management, Network Infrastructure and Mobility Applications

ClearPass Policy Manager

Strengthen security with intelligent identity and access management

solution brief ID Manager Leverage the Cloud to Simplify and Automate Enterprise Guest Management

Secure WiFi Access in Schools and Educational Institutions. WPA2 / 802.1X and Captive Portal based Access Security

Systems Manager Cloud Based Mobile Device Management

Managing the BYOD Evolution

What We Do: Simplify Enterprise Mobility

Deploying iphone and ipad Virtual Private Networks

Wi-Fi Security. More Control, Less Complexity. Private Pre-Shared Key

Reduce Enterprise Mobility Costs, Increase Remote Access Security. connectivity quicklink mobility

HP Intelligent Management Center Enterprise Software. Platform. Key features. Data sheet

This chapter covers the following topics: Network admission control overview NAC Framework benefits NAC Framework components Operational overview

WHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment Adaptive Network Security...

WHITEPAPER. Addressing Them with Secure Network Access Control. Executive Summary... An Evolving Network Environment... 2

Effective Network Access Control in a Wireless World

RFI Template for Enterprise MDM Solutions

Meru MobileFLEX Architecture

CUTTING THE CORD BY MOVING TO.11AC SAVES WEST CHESTER OVER $1M

ClearPass Release Notes

ClearPass Policy Manager 6.1

Extreme Access Control For Healthcare

Panorama. Panorama provides network security management beyond other central management solutions.

Meru MobileFLEX Architecture

D-View 7 Network Management System

The User is Evolving. July 12, 2011

Network Access Control (NAC) for Healthcare

TECHNICAL WHITEPAPER. Author: Tom Kistner, Chief Software Architect. Table of Contents

FIREWALL. Features SECURITY OF INFORMATION TECHNOLOGIES

The governance IT needs Easy user adoption Trusted Managed File Transfer solutions

Securing BYOD With Network Access Control, a Case Study

POLICY SECURE FOR UNIFIED ACCESS CONTROL

Transcription:

ARUBA CLEARPASS POLICY MANAGER The most advanced policy management platform available The Aruba Policy Manager platform provides role- and device-based network access control for employees, contractors and guests across any multivendor wired, wireless and VPN infrastructure. With a built-in context-based policy engine, RADIUS, TACACS+ protocol support, device profiling and comprehensive posture assessment, onboarding, and guest access options, is unrivaled as a foundation for network security in any organization. For wider security coverage, using firewalls, EMM and other existing solutions, Exchange allows for automated threat protection and workflows to third-party security and IT systems that previously required manual IT intervention. In addition, supports secure self-service capabilities for end user convenience. Users can securely configure their own devices for enterprise use or Internet access. Aruba wireless customers can provide registration of AirPlay-, AirPrint-, DLNA-, and UPnP-enabled devices for sharing. The result is a comprehensive and scalable policy management platform that goes beyond traditional AAA solutions to deliver extensive enforcement capabilities for IT-owned and bring-your-own-device (BYOD) security requirements. KEY FEATURES Role-based network access enforcement for multivendor Wi-Fi, wired and VPN networks. Industry-leading performance, scalability, high availability and load balancing. Intuitive policy configuration templates and visibility troubleshooting tools. Supports multiple authentication/authorization sources (AD, LDAP, SQL db) within one service. Self-service device onboarding with built-in certificate authority (CA) for BYOD Guest access with extensive customization, branding and sponsor-based approvals. Supports NAC, Microsoft NAP, and EMM/MDM integration for mobile device assessments. Comprehensive integration with third party systems such as SIEM, Internet security and EMM/MDM. Single sign-on (SSO) and Aruba Auto Sign-On support via SAML v2.0. Advanced reporting of all user valid authentications and failures. Built-in profiling using DHCP and TCP fingerprinting. Hardware and virtual support for ESXi and Hyper-V appliances. THE CLEARPASS DIFFERENCE The Policy Manager is the only policy solution that centrally enforces all aspects of enterprise-grade mobility and NAC for any industry. Granular network access enforcement is based on a user s role, device type and role, authentication method, EMM/MDM attributes, device health, location, and time-of-day. Offering unsurpassed interoperability, offers extensive multivendor wireless, wired and VPN infrastructure support which enables IT to easily rollout secure mobility policies across any environment. Deployment scalability supports tens of thousands of devices and authentications which surpasses the capabilities offered by legacy AAA solutions. Options exist for small to large organizations, from local to distributed environments.

UNPRECEDENTED SIMPLICITY Centrally-defined policies and enforcement eliminates the need for multiple AAA and policy management systems, which strengthens an organization s overall security architecture. A host of built-in capabilities lets IT quickly adapt to changing network access challenges. is also a valuable security operations and troubleshooting tool that delivers unprecedented visibility to quickly identify network issues, and policy and security vulnerabilities. ADVANCED POLICY MANAGEMENT Employee access Policy Manager offers role-based user and device authentication based on 802.1X, non-802.1x and web portal access methods. Concurrent authentication methods can be used to support a variety of use-cases. Attributes from multiple identity stores such as Microsoft Active Directory, LDAP-compliant directory, ODBCcompliant SQL database, token servers and internal databases across domains can be used within a single policy for fine-grained control. Enhanced device profiling A built-in profiling service discovers and classifies all endpoints, regardless of device type or access method wired, wireless or VPN. Contextual data from smart phones and tablets, to IP cameras can be obtained using DHCP, TCP, and other fingerprinting methods to define policies. Device profile changes are dynamically used to modify authorization privileges. For example, if a Windows laptop appears as a printer, policies can automatically revoke or deny access. Access for unmanaged endpoints Unmanaged non-802.1x devices printers, IP phones and other Internet of Things (IoT) can be identified as known or unknown upon connecting to the network. MAC authentication and profiling validate network access privileges and authorization. Secure device configuration of personal devices Onboard provides automated provisioning of any Windows, Mac OS X, ios, Android, Chromebook, and Ubuntu devices via a user driven self-guided portal. Required SSIDs, 802.1X settings and security certificates are automatically configured on authorized devices. Customizable visitor management Guest simplifies workflow processes so that receptionists, employees and other non-it staff to create temporary guest accounts for secure Wi-Fi and wired Internet access. Self-registration, sponsor and bulk credential creation supports any guest access need enterprise, retail, education, large public venue. Device health checks OnGuard, leveraging OnGuard persistent and dissolvable agents or Microsoft NAP, performs advanced endpoint posture assessments over wireless, wired and VPN connections. OnGuard health-check capabilities ensure compliance and network safeguards before devices connect. ADDITIONAL POLICY MANAGEMENT CAPABILITIES Integrate with security and workflow systems Exchange interoperability includes REST-based APIs and forwarding of syslog data flows that can be used to facilitate workflows with MDM, SIEM, firewalls PMS, call centers, admission systems and more. Context is shared between each component for end-to-end policy enforcement and visibility. Connect and work apps are good to go Auto Sign-On capabilities make it infinitely easy to access work apps on mobile devices. A valid network authentication automatically connects users to enterprise mobile apps so they can get right to work. Single sign-on (SSO) support works with Ping, Okta and other identity management tools to improve the user experience to SAML 2.0-based applications. SPECIFICATIONS Policy Manager Appliances The Policy Manager is available as hardware or a virtual appliance that supports 500, 5,000 and 25,000 authenticating devices. Virtual appliances are supported on VMware ESX/i and Microsoft Hyper-V. ESX 4.0, ESXi 4.1, up to 5.5 Hyper-V 2012 R2 and Windows 2012 R2 Enterprise Virtual appliances, as well as hardware appliances, can be deployed within an active/active cluster to increase scalability and redundancy.

Platform Built-in AAA services RADIUS, TACACS+ and Kerberos Web, 802.1X, non-802.1x, RADIUS authentication and authorization Advanced reporting, analytics and troubleshooting tools External captive portal redirect to multivendor equipment Interactive policy simulation and monitor mode utilities Multiple device registration portals Guest, Aruba AirGroup, BYOD, un-managed devices Deployment templates for any network type, identity store and endpoint Admin/Operator access security via CAC and TLS certificates IPSec tunnels Internet drafts Protected EAP Versions 0 and 1, Microsoft CHAP extensions, dynamic provisioning using EAP-FAST, TACACS+ Information assurance validations FIPS 140-2 Certificate #1747 Profiling methods DHCP, TCP, MAC OUI, Onboard, SNMP, Cisco device sensor Framework and protocol support RADIUS, RADIUS CoA, TACACS+, web authentication, SAML v2.0 EAP-FAST (EAP-MSCHAPv2, EAP-GTC, EAP-TLS) PEAP (EAP-MSCHAPv2, EAP-GTC, EAP-TLS, EAP-PEAP- Public, EAP-PWD) TTLS (EAP-MSCHAPv2, EAP-GTC, EAP- TLS, EAP-MD5, PAP, CHAP) EAP-TLS PAP, CHAP, MSCHAPv1 and 2, EAP-MD5 NAC, Microsoft NAP Windows machine authentication MAC auth (non-802.1x devices) Audit (rules based on port and vulnerability scans) Online Certificate Status Protocol (OCSP) SNMP generic MIB, SNMP private MIB Common Event Format (CEF), Log Event Extended Format (LEEF) Supported identity stores Microsoft Active Directory RADIUS Any LDAP compliant directory Any ODBC-compliant SQL server Token servers Built-in SQL store, static hosts list Kerberos RFC standards 2246, 2248, 2548, 2759, 2865, 2866, 2869, 2882, 3079, 3576, 3579, 3580, 3748, 4017, 4137, 4849, 4851, 5216, 528, 7030

Policy Manager-500 Policy Manager-5K Policy Manager-25K APPLIANCE SPECIFICATIONS CPU (1) Dual Core Pentium (1) Quad Core Xeon (2) Six Core Xeon Memory 4 GB 8 GB 64 GB Hard drive storage (1) 3.5 SATA (7K RPM) 500GB hard drive (2) 3.5 SATA (7.2K RPM) 1TB hard drives, RAID-1 controller (6) 2.5 SAS (10K RPM) 600GB Hot-Plug hard drives, RAID-10 controller APPLIANCE SCALABILITY Maximum devices 500 5,000 25,000 FORM FACTOR Dimensions (WxHxD) 16.8 x 1.7 x 14 17.53 x 1.7 x 16.8 17.53 x 1.7 x 27.8 Weight (Max Config) 14 Lbs 18 Lbs Up to 39 Lbs POWER Power consumption (maximum) 260 watts max 250 watts max 750 watts max Power supply Single Single Dual hot-swappable (optional) AC input voltage 100/240 VAC auto-selecting 100/240 VAC auto-selecting 100/240 VAC auto-selecting AC input frequency 50/60 Hz auto-selecting 50/60 Hz auto-selecting 50/60 Hz auto-selecting ENVIRONMENTAL Operating temperature 10º C to 35º C (50º F to 95º F) 10º C to 35º C (50º F to 95º F) 10º C to 35º C (50º F to 95º F) Operating vibration Operating shock Operating altitude * Virtual appliance sizing must match hardware appliance specifications

ORDERING GUIDANCE Ordering the Policy Manager involves the following steps: 1. Determine the number of authenticated endpoints/devices in your environment. Additionally, select optional functionality, such as guests per day, total BYO devices being configured for enterprise use, and total number of computers requiring health checks. 2. Choose the appropriate platform (either virtual or hardware appliance) sized to accommodate the total number of devices and guests that will require authentication for your deployment. ORDERING INFORMATION Part Number Description CP-HW-500 or CP-VA-500 Aruba Policy Manager 500 hardware platform supporting a maximum of 500 authenticated devices CP-HW-5K or CP-VA-5K Aruba Policy Manager 5K hardware platform supporting a maximum of 5,000 authenticated devices CP-HW-25K or CP-VA-25K Aruba Policy Manager 25K hardware platform supporting a maximum of 25,000 authenticated devices Expandable application software* Onboard device configuration and certificate management OnGuard endpoint device health Guest visitor access management Warranty Hardware 1 year parts/labor** Software 90 days** * Expandable application software is available in the following increments: 100, 500, 1,000, 2,500, 5,000, 10,000, 25,000, 50,000 and 100,000. ** Extended with support contract enterprise.alcatel-lucent.com Alcatel-Lucent Enterprise 32 avenue Kléber 92700 Colombes, France Alcatel-Lucent Enterprise USA, Inc. 26801 West Agoura Rd. Calabasas, CA 91301, USA 1344 CROSSMAN AVE SUNNYVALE, CA 94089 1.866.55.ARUBA T: 1.408.227.4500 FAX: 1.408.227.4550 INFO@ARUBANETWORKS.COM www.arubanetworks.com 2015 Aruba Networks, Inc. Aruba Networks, Aruba The Mobile Edge Company (stylized), Aruba Mobilty Management System, People Move. Networks Must Follow., Mobile Edge Architecture, RFProtect, Green Island, ETIPS, ClientMatch, Bluescanner and The All Wireless Workspace Is Open For Business are all Marks of Aruba Networks, Inc. in the United States and certain other countries. The preceding list may not necessarily be complete and the absence of any mark from this list does not mean that it is not an Aruba Networks, Inc. mark. All rights reserved. Aruba Networks, Inc. reserves the right to change, modify, transfer, or otherwise revise this publication and the product specifications without notice. While Aruba Networks, Inc. uses commercially reasonable efforts to ensure the accuracy of the specifications contained in this document, Aruba Networks, Inc. will assume no responsibility for any errors or omissions. DS_PolicyManager_AL_041415

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information