Aruba ClearPass: Full-spectrum network visibility

What is it?

Aruba ClearPass is an industry leading Secure Network Access Control (NAC) solution that combines a powerful policy manager with secure onboarding services for BYOD devices, posture checking prior to granting secure network connections and a streamlined guest self-service portal. It is also a RADIUS server, AAA authentication and TACACS Server.

Any device that attempts connection to your network is able to be profiled, provided an automatically derived role with appropriate access rights and checked for compliance before being granted access to your company’s resources. Aruba ClearPass is able to be deployed and integrated into any network, securing the Guest WiFi services, the corporate WiFi, VPN connections and even the wired network ports, for company issued computers, laptops and tablets, BYOD devices, Guest devices and even IOT device connections.

Why should you care?

With the accelerated adoption of Bring Your Own Device (BYOD) and IoT devices, it is critical for network administrators to be flexible enough to provide access for IoT, personal and guest devices, while not compromising the security of their networks. Quite often, the adoption of supporting IoT devices causes additional workloads for IT support staff which ultimately leads to short-cuts in order to make things work, exposing their business to attack from reduced security compliance.

Even managed corporate devices are a threat vector that needs to be considered. Visibility without proper control can leave organisations open to security and compliance risks.

Aruba ClearPass with ClearPass Device Insight provides “closed-loop” end-to-end access control that delivers visibility and automated policy enforcement of devices on any multi-vendor wired and wireless network without any manual intervention.

If a device has been granted access to the network previously changes its behaviour, ClearPass is able to detect any anomalous behaviour (or receive updates from other security systems) and either isolate, quarantine or even disconnect the device to allow for further investigation without compromising overall security.

How does it work?

At the heart of Aruba ClearPass is the Policy Manager, the core of the ClearPass hardware or virtual appliance. It provides role- and device-based secure network access control for IoT, BYOD, corporate devices, as well as employees, contractors and guests across any multi-vendor wired, wireless and VPN infrastructure.

With a built-in context-based policy engine, RADIUS, TACACS+, non-RADIUS enforcement using OnConnect, device profiling, posture assessment, onboarding, and guest access options, ClearPass is unrivaled as a foundation for network security for organisations of any size.

Aruba ClearPass

Differentiation in the market

Aruba ClearPass is designed as a vendor agnostic and industry standard solution for NAC which does not require all network devices to be from Aruba in order to work. Other solutions in the segment only have limited operations when trying to integrate other vendor’s products. With more smart IoT-enabled devices in the network, automated detection and remediation capability is becoming critical for large organisations. NAC solutions should be able to automatically detect threats, identify the compromised devices and quarantine them to safeguard the corporate network.

Aruba ClearPass is unique in that it handles an policy, network access control (NAC), AAA, BYOD, and guest needs, regardless of wired, wireless, or VPN vendors.

It is made unique by:

  • Built-in profiling, reporting, basic guest captive portal services, policy creation templates and third-party integration APIs and syslog messaging
  • Industry standard 802.1X, RADIUS, and RADIUS CoA support for secure pre- and post-policy enforcement
  • Scalability, and redundancy that works for any sized environment.

How do you position and sell it?

Whenever a customer is looking to secure their network, onboard devices, provide self-service guest access and ensure their security posture is not compromised, Aruba ClearPass should be part of any network conversation.

In most cases, a customer’s network will be a mixture of wired, wireless and remote access methods, which all require authentication, profiling and easy access for the users.

Starting the networking conversation in an account that has other networking vendor equipment can be tricky. Talking ClearPass allows you to start the networking conversation in a way that doesn’t require a ‘rip and replace’ discussion.

Ask the customer the following qualifying questions:

    • Are you looking to replace your existing AAA/RADIUS server or NAC system?
    • Do you have an existing or have you considered supporting a BYOD initiative?
    • Would you like greater visibility and control over who is accessing your network and with what devices?
    • Have you deployed a multi-vendor network for your wired and wireless access?
    • What do you use for an identity store (Active Directory, LDAP, etc.)?
    • Do you struggle with the complexities and IT cost of onboarding employee owned devices onto your network?
    • Do you currently support and/or are looking to support Windows, Linux, Mac, iOS, Android?
    • What is the total number of users and devices that you will be authenticating?
    • Do you need to provide secure network access for partners, contractors, or other visitors?
    • Are you using or do you plan to use 802.1X? Is MAC address-based authentication an acceptable method?
    • Are you looking to require endpoint health checks for all computers?
    • Will you need to replace an existing TACACS+ solution?
    • Have you implemented an MDM solution, but require greater WiFi security?

Aruba ClearPass provides solutions to all of these requirements and more, in one convenient appliance.

Get Aruba certified

Arrow has partnered with SpectroTech to offer competitively priced Aruba training bundles to help you maintain or advance your Aruba partner status.

For more information

Contact your Arrow salesperson or submit your details to start a conversation.

Meet the author

Chris Turton
Technical Business Development Manager

Chris is an experienced Technical Business Development Manager with a demonstrated history of working in the IT and services industry. Chris has a wealth of pre-sales experience and business development across enterprise security, servers, data center, cloud and mobile enterprise.

Arrow ECS ANZ Blog - Industry Insights

Read Now