ClearPass Policy Manager



Similar documents
The most advanced policy management platform available

ARUBA CLEARPASS POLICY MANAGER

ClearPass: Understanding BYOD and today s evolving network access security requirements

THE CLEARPASS ACCESS MANAGEMENT SYSTEM

Conquering today s bring-your-own-device challenges

Models HP IMC Smart Connect Edition Virtual Appliance Software E-LTU

CLEARPASS ONGUARD CONFIGURATION GUIDE

Cisco Secure Control Access System 5.8

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

BYOD: BRING YOUR OWN DEVICE.

Conquering Today s Bring Your Own Device Challenges. A framework for successful BYOD initiatives

Aruba ClearPass Access Management System FREQUENTLY ASKED QUESTIONS

Addressing BYOD Challenges with ForeScout and Motorola Solutions

Cisco Identity Services Engine

Paul Cochran - Account Manager. Chris Czerwinski System Engineer

HP Intelligent Management Center User Access Management Software

Cisco TrustSec Solution Overview

Cisco IT Validates Rigorous Identity and Policy Enforcement in Its Own Wired and Wireless Networks

Data Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement

Avaya Identity Engines Portfolio

SOSPG2. Implementing Network Access Controls. Nate Isaacson Security Solution Architect

On-boarding and Provisioning with Cisco Identity Services Engine

Systems Manager Cloud-Based Enterprise Mobility Management

Cisco Secure Access Control System 5.5

Cisco Secure Network Server

HP IMC Smart Connect w/wlan Manager Virtual Appliance Software

WHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment Adaptive Network Security...

WHITEPAPER. Addressing Them with Secure Network Access Control. Executive Summary... An Evolving Network Environment... 2

ARUBA WIRELESS AND CLEARPASS 6 INTEGRATION GUIDE. Technical Note

ClearPass Policy Manager

Cisco Secure Access Control Server 4.2 for Windows

CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module MaaS360 Version ForeScout Mobile

Policy Management: The Avenda Approach To An Essential Network Service

Stefan Dürnberger. Consulting Systems Engineer Cisco Deutschland. sduernbe@cisco.com. Co-Author Bitkom Leitfaden BYOD

Secure IP Address Management Layer 2 Network Access Control Solution

Bring Your Own Design: Implemen4ng BYOD Without Going Broke or Crazy. Eric Stresen- Reuter Technical Director Ruckus Wireless

This chapter covers the following topics: Network admission control overview NAC Framework benefits NAC Framework components Operational overview

ALCATEL-LUCENT OMNIVISTA 2500 NETWORK MANAGEMENT SYSTEM

ALCATEL-LUCENT ENTERPRISE CONVERGED NETWORK SOLUTION Deliver a consistent and quality user experience, streamline operations and reduce costs

Palo Alto Networks User-ID Services. Unified Visitor Management

Bring Your Own ipad to Work

Network Access Security It's Broke, Now What? June 15, 2010

Deploying iphone and ipad Virtual Private Networks

Cisco TrustSec How-To Guide: Planning and Predeployment Checklists

Evolving Network Security with the Alcatel-Lucent Access Guardian

HP Intelligent Management Center Enterprise Software. Platform. Key features. Data sheet

Systems Manager Cloud Based Mobile Device Management

Server & Application Monitor

MDM Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series

Authentication. Authentication in FortiOS. Single Sign-On (SSO)

THE ARUBA ADAPTIVE TRUST DEFENSE FOR SECURE ENTERPRISE MOBILITY

TrustSec How-To Guide: On-boarding and Provisioning

Kaseya IT Automation Framework

The Ultimate WLAN Management and Security Solution for Large and Distributed Deployments

The Aruba MOVE Architecture: Integrating Access Management, Network Infrastructure and Mobility Applications

XenMobile Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series

ForeScout MDM Enterprise

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Cisco Mobile Collaboration Management Service

Solving the Sticky Client Problem in Wireless LANs SOLVING THE STICKY CLIENT PROBLEM IN WIRELESS LANS. Aruba Networks AP-135 and Cisco AP3602i

TECHNICAL WHITEPAPER. Author: Tom Kistner, Chief Software Architect. Table of Contents

Symantec Mobile Management Suite

Network Access Control ProCurve and Microsoft NAP Integration

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Securing BYOD With Network Access Control, a Case Study

A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model

The ForeScout Difference

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication

» WHITE PAPER X and NAC: Best Practices for Effective Network Access Control.

Technical Note. CounterACT: 802.1X and Network Access Control

ForeScout CounterACT. Continuous Monitoring and Mitigation

HP Intelligent Management Center Standard Software Platform

Centralized Orchestration and Performance Monitoring

HP E-PCM Plus Network Management Software Series

ForeScout Technologies Is A Leader Among Network Access Control Vendors

RFI Template for Enterprise MDM Solutions

HP Intelligent Management Center Standard Software Platform

Deploy and Manage a Highly Scalable, Worry-Free WLAN

Proof of Concept Guide

IBM Endpoint Manager for Mobile Devices

NCP Secure Enterprise Management Next Generation Network Access Technology

802.1x in the Enterprise Network

Secure remote access to your applications and data. Secure Application Access

OneFabric Connect. Overview. Extend the OneFabric architecture to 3rd party applications DATA SHEET BENEFITS BUSINESS ALIGNMENT

CLEARPASS EXCHANGE: SHARE RICH, CONTEXTUAL DATA TO BUILD A COORDINATED AND ADAPTIVE MOBILITY DEFENSE

1 1. EXECUTIVE SUMMARY...

Extreme Access Control For Healthcare

QuickSpecs. HP PCM Plus v4 Network Management Software Series (Retired) Key features

Transcription:

Manager The most comprehensive network access policy enforcement platform for BYOD Key features Unsurpassed multivendor wireless and wired interoperability Built-in guest, profiling, network access control Onboarding of leading endpoint operating systems Easy-to-use policy creation and troubleshooting interface Proactive policy simulation and testing utilities Real-time user and device access logs track each authentication Convenient dashboards for user and device authentication analysis Published and open API for simple third-party integration MDM interoperability via API connector services Fully-replicated active clustering for high availability, redundancy and load balancing Advanced reporting, analytics, alerts and archiving for compliance and auditing The Manager platform includes ClearPass Guest, ClearPass Onboard and ClearPass OnGuard applications. The Manager platform makes it easy to secure next-generation mobility services, enhance network access security and compliance, and streamline network operations for wired, wireless and VPNs. The industry s most comprehensive policy management system, ClearPass offers role-based policies, detailed endpoint profiling, enterprise-grade RADIUS/TACACS+, BYOD and Apple Bonjourenabled device registration, mobile device management (MDM), and administrative web access. ClearPass is available as an enterprise starter bundle with guest access, device onboarding and posture assessment capabilities for up to 25 endpoints. Additional ClearPass Guest, Onboard and OnGuard licenses are available for a larger number of devices. Whether local or remote, ClearPass makes it effortless to centrally manage and enforce user- and device-based access policies across multivendor campus and distributed network infrastructures, regardless of device ownership or connection method. The ClearPass advantage ClearPass satisfies the demand for secure and efficient network access, policy enforcement and BYOD deployment. From one easy-to-manage platform, ClearPass presents a complete and accurate view of who and what has connected to wireless and wired network. Simplicity An intuitive web interface for administration and userdriven service portals ensures that mandated security measures are easy to implement and maintain, without requiring additional IT resources, management applications or appliances. Operational efficiency A complete out-of-the-box platform, ClearPass includes differentiated role-based access, enterprisegrade AAA, BYOD provisioning, device profiling, advanced reporting, and MDM capabilities across wireless, wired and VPNs. Innovation ClearPass includes many innovative BYOD capabilities, including uncommonly simple policy management, customizable guest access features, the ability to onboard hundreds of thousands of mobile device, and certificate management applications. The result is consistent, automated and secure network access that meets today s evolving BYOD and IT-managed mobile device requirements delivered from a single, extensible platform with capabilities that grow and adapt to changing business needs.

Advanced enforcement capabilities Broad multivendor support ClearPass includes a full complement of enforcement options for the largest possible mix of use-cases and does not require a forklift upgrade to the network infrastructure. Using any 802.1X or non-802.1x-enabled APs or switches, ClearPass enforces a wide range of context-aware policies, including dynamic role-based access, VLAN and ACL assignments, and application-aware quality of service (QoS). With ClearPass, a single policy can leverage multiple identity stores, including Microsoft Active Directory, LDAP-compliant directories, ODBC-compliant SQL databases, token servers and internal databases. This enables IT to manage and enforce network access at multiple levels and across domains when merging organizations or departments. Identity stores also can be used for authentication and ongoing authorization of users and devices. Integrated device profiling Built-in profiling discovers, categorizes and maintains a real-time database of endpoints, regardless of device type and IP address. The collected data MAC OUIs, DHCP fingerprinting, CDP/LLDP and onboarding inventory is then used to enforce context-aware access policies. Profiling offers the visibility to determine mobile device adoption and ownership. It also modifies authorization privileges when device profile changes are detected. So, if a printer appears as a smartphone, ClearPass automatically denies access and quarantines the device. Built-in BYOD enablement A fully functional captive portal supports wired and wireless user authentication from a single Manager web page, which enhances the BYOD user experience and reduces administrative overhead. It also includes Aruba AirGroup services, which let users register and share Bonjour-enabled ipads, Apple TVs and printers across VLANs. It optionally supports device registration to enforce policies based on the MAC address of gaming devices, printers and wireless IP cameras. In BYOD environments with mobile device management, ClearPass can probe MDM databases for jailbroken status, password strength and other device information, and apply it to access policies. This safeguard can be used for any device that connects based on MDM status. Unmanaged endpoint access Unmanaged non-802.1x devices printers, IP phones and IP cameras can be identified as known or unknown when they connect to the network and their MAC addresses are verified through profiling or against an external or internal database. After this verification process, Manager will create policies that enforce differentiated access for these devices whenever they connect to the network and regardless of their location. Scalable BYOD applications Built-in endpoint capacity enables IT to fully leverage all ClearPass Policy Manager features and rightsize BYOD deployments to accommodate the number of employees, devices and guests that connect via wireless, wired and VPNs at no additional cost. Secure device onboarding To ensure secure access for BYOD, ClearPass Onboard automatically provisions employee-owned Windows, Mac OS X, ios and Android devices for 802.1X authentication and issues a unique device credential that can be revoked if a device is lost or stolen. Additional information collected by ClearPass during the onboarding process such as device serial number, operating system version and model number is applied to wireless and wired network access policies. Customizable guest access and management ClearPass Guest makes it easy to implement self-registration and sponsor-based registration for guest Wi-Fi access. Sponsor roles let receptionists and non-it personnel create differentiated and group guest accounts and distribute credentials before visitors arrive. Self-registration and automated credential delivery streamlines IT operations and efficiency. Accounts can be set to automatically expire after a specific number of hours or days without IT involvement, and login credentials can be dispatched via email, SMS or label printers. A customizable guest portal simplifies the creation of branded login screens, posting of code-of-conduct messaging, and placement of advertisements and relevant organizational updates based on user role, location, department and venue. Real-time posture assessments ClearPass OnGuard runs operating system, anti-virus, antispyware and firewall health checks to ensure compliance and network integrity before guest and employee-owned devices connect. OnGuard enforce policies for Windows, Mac OS X and Linux via persistent or dissolvable agents. ClearPass OnGuard advanced posture checks also allow peerto-peer apps, bridged network interfaces, VM instances, USB storage devices and specific registry key entries. For a seamless user experience, automatic remediation services are available for non-compliant devices. Manager appliances Manager is available as hardware or a virtual appliance. Both have identical functionality and capacity to support 500, 5,000 and 25,000 unique authenticating devices. It can be configured in publisher/subscriber mode for active clustering of multiple appliances. The Manager virtual appliance is optimized to run on 64-bit VMware ESX and ESXi platforms, versions 4.0 (minimum), 5.0 and 5.1.

SPECIFICATIONS Aruba Manager Comprehensive identity-based policy engine Built-in AAA services RADIUS, TACACS+, Kerberos Web, 802.1X, non-802.1x authentication and authorization File- and directory-based encryption OnGuard agents for Windows, Mac OS X, Linux operating systems Support for multiple Active Directory domains Built-in advanced reporting, analytics and troubleshooting tools External captive portal redirect for multivendor networks Interactive policy simulation and monitor mode utilities Deployment templates for any network, identity store and endpoint Framework and Protocol Support Microsoft NAP, NAC RADIUS, RADIUS CoA, TACACS+, web authentication, Kerberos PEAP (EAP-MSCHAPv2, EAP-GTC, EAP-TLS) EAP-TLS EAP-FAST (EAP-MSCHAPv2, EAP-GTC, EAP-TLS) TTLS (EAP-MSCHAPv2, EAP-GTC, EAP- TLS, EAP-MD5, PAP, CHAP) PAP, CHAP, MSCHAPv1 and 2, EAP-MD5 Wireless, wired and VPN 802.1X Windows machine authentication MAC auth (non-802.1x devices) Audit (rules based on port and vulnerability scans) Supported Identity Stores Microsoft Active Directory Kerberos Server Any LDAP compliant directory Any ODBC-compliant SQL server Token servers Built-in identity store Built-in static hosts list RFC Standards 2246, 2248, 2548, 2759, 2865, 2866, 2869, 2882, 3079, 3579, 3580, 3748, 4017, 4137, 4849, 4851, 5019, 5216, 5280 Internet Drafts Protected EAP Versions 0 and 1, Microsoft CHAP extensions, dynamic provisioning using EAP-FAST, TACACS+.

Appliance Specifications CPU Manager-500 (1) Dual Core Pentium 2.9-GHz G850 Manager-5000 (1) Quad Core Xeon 2.66-GHz X3450 Manager-25000 (2) Quad Core Xeon 2.66-GHz X5650 Memory 4 GB 8 GB 48 GB Hard drive storage (1) 3.5 SATA (7K RPM) 500-GB hard drive (2) 3.5 SATA (7.2K RPM) 500-GB hard drive PERC H200 RAID-1 controller (4) 2.5 SAS (10K RPM) 300-GB HotPlug hard drives PERC 6/I SAS RAID controller Network ports (2) Gigabit Ethernet (2) Gigabit Ethernet (2) Gigabit Ethernet Appliance Scalability Maximum devices 500 5,000 25,000 Form Factor Dimensions (w x h x d) 16.8 x 1.7 x 14 17.53 x 1.7 x 26.17 17.53 x 1.7 x 26.17 Weight (max config) 14 Lbs 39 Lbs 39 Lbs Power Power consumption (maximum) 260 watts max 250 watts max 717 watts max Power supply Single Single Dual hot-swappable (optional) AC input voltage 110/220 VAC auto-selecting 110/220 VAC auto-selecting 110/220 VAC auto-selecting AC input frequency 50/60 Hz auto-selecting 50/60 Hz auto-selecting 50/60 Hz auto-selecting Environmental Operating temperature 10º C to 35º C (50º F to 95º F) 10º C to 35º C (50º F to 95º F) 10º C to 35º C (50º F to 95º F) Storage temperature -40º C to 65º C (-40º F to 149º F) -40º C to 65º C (-40º F to 149º F) -40º C to 65º C (-40º F to 149º F) Operating relative humidity 20% to 80% non-condensing 20% to 80% non-condensing 20% to 80% non-condensing Maximum humidity gradient Storage relative humidity Operating vibration Storage vibration Operating shock Storage shock Operating altitude Storage altitude

ORDERING GUIDANCE Ordering the Manager involves the following steps: 1. Determine the number of unique authenticating devices within your environment. This total includes printers, smartphones, computers, etc. 2. Choose the appropriate hardware or virtual appliance to accommodate the total number from above. 3. Select any additional licenses Onboard, OnGuard and Guest to accommodate the total number of devices for each of these applications. Anything over 5,000 total application licenses will require the purchase of a second Manager appliance. Example For secure BYOD provisioning of 2,000 mobile devices, ensure that the Manager platform is sized to accommodate the 2,000 mobile devices and anything else that will authenticate, such as via 802.1X and MAC auth. Purchase ClearPass Onboard licenses for 2,000 total devices to support the provisioning requirement. Additional Onboard licenses can be purchased as required. ClearPass Virtual Appliance CP-VA-5K ClearPass Onboard 2 X LIC-CP-OB-1K Ordering Information Part Number Description CP-HW-500 or Aruba Manager 500 hardware platform supporting a maximum of 500 authenticated devices CP-VA-500 CP-HW-5K or Aruba Manager 5K hardware platform supporting a maximum of 5,000 authenticated devices CP-VA-5K CP-HW-25K or Aruba Manager 25K hardware platform supporting a maximum of 25,000 authenticated devices CP-VA-25K Optional software (available as perpetual and 1-, 3- and 5-year subscriptions) LIC-CP-OB-XXX* ClearPass Onboard provisioning (includes ArubaCare support) LIC-CP-OG-XXX* ClearPass OnGuard device posture (includes ArubaCare support) LIC-CP-GM-XXX* ClearPass Guest (includes ArubaCare support) Inclusive License LIC-CP-EN-XXX* ClearPass Enterprise bundle that includes option to selectively use Onboard, OnGuard, or Guest licenses Warranty Hardware 1-year parts/labor** Software 90 days** * Software module licenses are available in the following increments, where XXX indicates the number of authenticated devices: 100, 500, 1,000, 2,500, 5,000, 10,000, 25,000 and 50,000. ** Extended with support contract www.arubanetworks.com 1344 Crossman Avenue. Sunnyvale, CA 94089 1-866-55-ARUBA Tel. +1 408.227.4500 Fax. +1 408.227.4550 info@arubanetworks.com 2012 Aruba Networks, Inc. Aruba Networks trademarks include AirWave, Aruba Networks, Aruba Wireless Networks, the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System, Mobile Edge Architecture, People Move. Networks Must Follow, RFProtect, and Green Island. All rights reserved. All other trademarks are the property of their respective owners. DS_ClearPass_PolicyManager_121312

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information