• No results found

ClearPass Policy Manager

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "ClearPass Policy Manager"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

ClearPass PoliCy Manager

The most comprehensive network access policy enforcement platform for BYOD

The ClearPass Policy Manager platform includes

ClearPass guest, ClearPass onboard and

ClearPass onguard applications.

The ClearPass Policy Manager platform makes it easy to secure next-generation mobility services, enhance network access security and compliance, and streamline network operations for wired, wireless and VPNs.

The industry’s most comprehensive policy management system, ClearPass offers role-based policies, detailed endpoint profiling, enterprise-grade RADIUS/TACACS+, BYOD and Apple Bonjour-enabled device registration, mobile device management (MDM), and administrative web access.

ClearPass is available as an enterprise starter bundle with guest access, device onboarding and posture assessment capabilities for up to 25 endpoints. Additional ClearPass Guest, Onboard and OnGuard licenses are available for a larger number of devices. Whether local or remote, ClearPass makes it effortless to centrally manage and enforce user- and device-based access policies across multivendor campus and distributed network infrastructures, regardless of device ownership or connection method.

The result is consistent, automated and secure network access that meets today’s evolving BYOD and IT-managed mobile device requirements – delivered from a single, extensible platform with capabilities that grow and adapt to changing business needs.

Key features

• Unsurpassed multivendor wireless and wired interoperability

• Built-in guest, profiling, network access control

• Onboarding of leading endpoint operating systems

• Easy-to-use policy creation and troubleshooting interface

• Proactive policy simulation and testing utilities

• Real-time user and device access logs track each authentication

• Convenient dashboards for user and device authentication analysis

• Published and open API for simple third-party integration

• MDM interoperability via API connector services

• Fully-replicated active clustering for high availability, redundancy and load balancing

• Advanced reporting, analytics, alerts and archiving for compliance and auditing

The ClearPass advanTage

ClearPass satisfies the demand for secure and efficient network access, policy enforcement and BYOD deployment. From one easy-to-manage platform, ClearPass presents a complete and accurate view of who and what has connected to wireless and wired network.

Simplicity – An intuitive web interface for administration and user-driven service portals ensures that mandated security measures are easy to implement and maintain, without requiring additional IT resources, management applications or appliances.

Operational efficiency – A complete out-of-the-box platform, ClearPass includes differentiated role-based access, enterprise-grade AAA, BYOD provisioning, device profiling, advanced reporting, and MDM capabilities across wireless, wired and VPNs. Innovation – ClearPass includes many innovative BYOD

capabilities, including uncommonly simple policy management, customizable guest access features, the ability to onboard hundreds of thousands of mobile device, and certificate management applications.

(2)

advanCed enforCeMenT CaPabiliTies broad multivendor support

ClearPass includes a full complement of enforcement options for the largest possible mix of use-cases and does not require a forklift upgrade to the network infrastructure.

Using any 802.1X or non-802.1X-enabled APs or switches, ClearPass enforces a wide range of context-aware policies, including dynamic role-based access, VLAN and ACL assignments, and application-aware quality of service (QoS). With ClearPass, a single policy can leverage multiple identity stores, including Microsoft Active Directory, LDAP-compliant directories, ODBC-compliant SQL databases, token servers and internal databases.

This enables IT to manage and enforce network access at multiple levels and across domains when merging organizations or departments. Identity stores also can be used for authentication and ongoing authorization of users and devices.

integrated device profiling

Built-in profiling discovers, categorizes and maintains a real-time database of endpoints, regardless of device type and IP address. The collected data – MAC OUIs, DHCP fingerprinting, CDP/LLDP and onboarding inventory – is then used to enforce context-aware access policies.

Profiling offers the visibility to determine mobile device adoption and ownership. It also modifies authorization privileges when device profile changes are detected. So, if a printer appears as a smartphone, ClearPass automatically denies access and quarantines the device.

built-in byod enablement

A fully functional captive portal supports wired and wireless user authentication from a single ClearPass Policy Manager web page, which enhances the BYOD user experience and reduces administrative overhead.

It also includes Aruba AirGroup services, which let users register and share Bonjour-enabled iPads, Apple TVs and printers across VLANs. It optionally supports device registration to enforce policies based on the MAC address of gaming devices, printers and wireless IP cameras.

In BYOD environments with mobile device management, ClearPass can probe MDM databases for jailbroken status, password strength and other device information, and apply it to access policies. This safeguard can be used for any device that connects based on MDM status.

Unmanaged endpoint access

Unmanaged non-802.1X devices – printers, IP phones and IP cameras – can be identified as known or unknown when they connect to the network and their MAC addresses are verified through profiling or against an external or internal database. After this verification process, ClearPass Policy Manager will create policies that enforce differentiated access for these devices whenever they connect to the network and regardless of their location.

sCalable byod aPPliCaTions

Built-in endpoint capacity enables IT to fully leverage all ClearPass Policy Manager features and rightsize BYOD deployments to accommodate the number of employees, devices and guests that connect via wireless, wired and VPNs – at no additional cost. secure device onboarding

To ensure secure access for BYOD, ClearPass Onboard automatically provisions employee-owned Windows, Mac OS X, iOS and Android devices for 802.1X authentication and issues a unique device credential that can be revoked if a device is lost or stolen.

Additional information collected by ClearPass during the onboarding process – such as device serial number, operating system version and model number – is applied to wireless and wired network access policies.

Customizable guest access and management

ClearPass Guest makes it easy to implement self-registration and sponsor-based registration for guest Wi-Fi access. Sponsor roles let receptionists and non-IT personnel create differentiated and group guest accounts and distribute credentials before visitors arrive.

Self-registration and automated credential delivery streamlines IT operations and efficiency. Accounts can be set to automatically expire after a specific number of hours or days without IT involvement, and login credentials can be dispatched via email, SMS or label printers.

A customizable guest portal simplifies the creation of branded login screens, posting of code-of-conduct messaging, and placement of advertisements and relevant organizational updates based on user role, location, department and venue.

real-time posture assessments

ClearPass OnGuard runs operating system, virus, anti-spyware and firewall health checks to ensure compliance and network integrity before guest and employee-owned devices connect. OnGuard enforce policies for Windows, Mac OS X and Linux via persistent or dissolvable agents.

ClearPass OnGuard advanced posture checks also allow peer-to-peer apps, bridged network interfaces, VM instances, USB storage devices and specific registry key entries. For a seamless user experience, automatic remediation services are available for non-compliant devices.

ClearPass Policy Manager appliances

ClearPass Policy Manager is available as hardware or a virtual appliance. Both have identical functionality and capacity to support 500, 5,000 and 25,000 unique authenticating devices. It can be configured in publisher/subscriber mode for active clustering of multiple appliances.

The ClearPass Policy Manager virtual appliance is optimized to run on 64-bit VMware ESX and ESXi platforms, versions 4.0 (minimum), 5.0 and 5.1.

(3)

sPeCifiCaTions

aruba ClearPass Policy Manager • Comprehensive identity-based policy engine

• Built-in AAA services – RADIUS, TACACS+, Kerberos

• Web, 802.1X, non-802.1X authentication and authorization

• File- and directory-based encryption

• OnGuard agents for Windows, Mac OS X, Linux operating systems

• Support for multiple Active Directory domains

• Built-in advanced reporting, analytics and troubleshooting tools

• External captive portal redirect for multivendor networks

• Interactive policy simulation and monitor mode utilities

• Deployment templates for any network, identity store and endpoint

framework and Protocol support • Microsoft NAP, NAC

• RADIUS, RADIUS CoA, TACACS+, web authentication, Kerberos

• PEAP (EAP-MSCHAPv2, EAP-GTC, EAP-TLS)

• EAP-TLS

• EAP-FAST (EAP-MSCHAPv2, EAP-GTC, EAP-TLS)

• TTLS (EAP-MSCHAPv2, EAP-GTC, EAP- TLS, EAP-MD5, PAP, CHAP)

• PAP, CHAP, MSCHAPv1 and 2, EAP-MD5

• Wireless, wired and VPN 802.1X

• Windows machine authentication

• MAC auth (non-802.1X devices)

• Audit (rules based on port and vulnerability scans)

supported identity stores • Microsoft Active Directory

• Kerberos Server

• Any LDAP compliant directory

• Any ODBC-compliant SQL server

• Token servers

• Built-in identity store

• Built-in static hosts list

rfC standards

• 2246, 2248, 2548, 2759, 2865, 2866, 2869, 2882, 3079, 3579, 3580, 3748, 4017, 4137, 4849, 4851, 5019, 5216, 5280

internet drafts

• Protected EAP Versions 0 and 1, Microsoft CHAP extensions, dynamic provisioning using EAP-FAST, TACACS+.

(4)

appliance specifications

ClearPass Policy

Manager-500

ClearPass Policy

Manager-5000

ClearPass Policy

Manager-25000

CPU (1) Dual Core Pentium 2.9-GHz G850

(1) Quad Core Xeon 2.66-GHz X3450

(2) Quad Core Xeon 2.66-GHz X5650

Memory 4 GB 8 GB 48 GB

Hard drive storage (1) 3.5” SATA (7K RPM) 500-GB hard drive

(2) 3.5” SATA (7.2K RPM) 500-GB hard drive PERC H200 RAID-1 controller

(4) 2.5” SAS (10K RPM) 300-GB HotPlug hard drives PERC 6/I

SAS RAID controller Network ports (2) Gigabit Ethernet (2) Gigabit Ethernet (2) Gigabit Ethernet

appliance scalability

Maximum devices 500 5,000 25,000

form factor

Dimensions (w x h x d) 16.8” x 1.7” x 14” 17.53” x 1.7” x 26.17” 17.53” x 1.7” x 26.17”

Weight (max config) 14 Lbs 39 Lbs 39 Lbs

Power

Power consumption (maximum) 260 watts max 250 watts max 717 watts max

Power supply Single Single Dual hot-swappable (optional)

AC input voltage 110/220 VAC auto-selecting 110/220 VAC auto-selecting 110/220 VAC auto-selecting AC input frequency 50/60 Hz auto-selecting 50/60 Hz auto-selecting 50/60 Hz auto-selecting

environmental

Operating temperature 10º C to 35º C (50º F to 95º F) 10º C to 35º C (50º F to 95º F) 10º C to 35º C (50º F to 95º F) Storage temperature -40º C to 65º C (-40º F to 149º F) -40º C to 65º C (-40º F to 149º F) -40º C to 65º C (-40º F to 149º F) Operating relative humidity 20% to 80% non-condensing

(twmax=29º C)

20% to 80% non-condensing (twmax=29º C)

20% to 80% non-condensing (twmax=29º C) Maximum humidity gradient 10% per hour, operational and

non-operational conditions 10% per hour, operational and non-operational conditions 10% per hour, operational and non-operational conditions Storage relative humidity 5% to 95% non-condensing

(twmax=38º C)

5% to 95% non-condensing (twmax=38º C)

5% to 95% non-condensing (twmax=38º C) Operating vibration 0.26 G at 5 Hz to 350 Hz

for 5 minutes

0.26 G at 5 Hz to 350 Hz for 5 minutes

0.26 G at 5 Hz to 350 Hz for 5 minutes Storage vibration 1.54 Grms random vibration at

10 Hz to 250 Hz for 10 minutes 10 Hz to 250 Hz for 10 minutes1.54 Grms random vibration at 10 Hz to 250 Hz for 10 minutes1.54 Grms random vibration at Operating shock 1 shock pulse of 31 G

for up to 2.6 ms

1 shock pulse of 31 G for up to 2.6 ms

1 shock pulse of 31 G for up to 2.6 ms Storage shock 6 shock pulses of 71 G

for up to 2 ms

6 shock pulses of 71 G for up to 2 ms

6 shock pulses of 71 G for up to 2 ms Operating altitude -16 m to 3,048 m

(-50 ft to 10,000 ft) (-50 ft to 10,000 ft)-16 m to 3,048 m (-50 ft to 10,000 ft)-16 m to 3,048 m Storage altitude -16 m to 10,600 m

(-50 ft to 35,000 ft)

-16 m to 10,600 m (-50 ft to 35,000 ft)

-16 m to 10,600 m (-50 ft to 35,000 ft)

(5)

© 2012 Aruba Networks, Inc. Aruba Networks’ trademarks include AirWave®, Aruba Networks®, Aruba Wireless Networks®, the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System®, Mobile Edge Architecture®, People Move. Networks Must Follow®, RFProtect®, and Green Island®. All rights reserved. All other trademarks are the property of their respective owners. DS_ClearPass_PolicyManager_121312

1344 Crossman Avenue. Sunnyvale, CA 94089

1-866-55-ARUBA | Tel. +1 408.227.4500 | Fax. +1 408.227.4550 | [email protected]

www.arubanetworks.com

ordering gUidanCe

Ordering the ClearPass Policy Manager involves the following steps: 1. Determine the number of unique authenticating devices within your environment. This total includes printers, smartphones, computers, etc.

2. Choose the appropriate hardware or virtual appliance to accommodate the total number from above.

3. Select any additional licenses – Onboard, OnGuard and Guest – to accommodate the total number of devices for each of these applications. Anything over 5,000 total application licenses will require the purchase of a second ClearPass Policy Manager appliance.

Example – For secure BYOD provisioning of 2,000 mobile devices, ensure that the ClearPass Policy Manager platform is sized to accommodate the 2,000 mobile devices and anything else that will authenticate, such as via 802.1X and MAC auth.

Purchase ClearPass Onboard licenses for 2,000 total devices to support the provisioning requirement. Additional Onboard licenses can be purchased as required.

• ClearPass Virtual Appliance – CP-VA-5K

• ClearPass Onboard – 2 X LIC-CP-OB-1K

ordering information

Part number

description

CP-HW-500 or CP-VA-500

Aruba ClearPass Policy Manager 500 hardware platform supporting a maximum of 500 authenticated devices CP-HW-5K or

CP-VA-5K

Aruba ClearPass Policy Manager 5K hardware platform supporting a maximum of 5,000 authenticated devices CP-HW-25K or

CP-VA-25K

Aruba ClearPass Policy Manager 25K hardware platform supporting a maximum of 25,000 authenticated devices

optional software (available as perpetual and 1-, 3- and 5-year subscriptions)

LIC-CP-OB-XXX* ClearPass Onboard provisioning (includes ArubaCare support) LIC-CP-OG-XXX* ClearPass OnGuard device posture (includes ArubaCare support) LIC-CP-GM-XXX* ClearPass Guest (includes ArubaCare support)

inclusive license

LIC-CP-EN-XXX* ClearPass Enterprise bundle that includes option to selectively use Onboard, OnGuard, or Guest licenses

Warranty

Hardware 1-year parts/labor** Software 90 days**

* Software module licenses are available in the following increments, where XXX indicates the number of authenticated devices: 100, 500, 1,000, 2,500, 5,000, 10,000, 25,000 and 50,000.

References

Download now ( PDF - 5 Page - 690.90 KB )

Related documents

Kwame Nkrumah University of Science and Technology (KNUST) Building Stronger Universities (BSU) - Phase II PROPOSAL

Specific areas include, climate resilient agriculture, enhancing agricultural productivity, food safety and security, environmental health, afforestation, smart

Social Interaction and Stock-Market Participation

We test this theory using data from the Health and Retirement Study, and find that social households—those who interact with their neighbors, or attend church—are substantially

Social Interactions and the Health Insurance Choices of the Elderly: Evidence from the Health and Retirement Study *

We find that having more social interactions, as measured by contacts with friends and neighbors, reduces the likelihood of enrolling in a Medicare managed care plan relative

ACCOUNTING CS CS PROFESSIONAL SUITE CS.THOMSONREUTERS.COM

This frees you and your staff to process tasks for several clients at once, allows multiple staff members to work in the same client database simultaneously, and allows staff

The Automatic HTTP Requests Logging and Replaying Subsystem for CMS Plone

This paper considers the automatic HTTP requests logging and replaying subsystem called Dagger whose main task is to ensure storing and correct playback of user’s requests to

Scientific Visualization with wxpython and Matplotlib. Scott Pearse CSCI 5448 Spring 2011

2a) Split the frame in half - This is convinient for the separating the visualization of the data (the radar pixels in this case), and the tools that work upon it. 2b) Add a

Winds of Worcester

Although this sites average wind speeds seems to fall below the required speed, average wind gusts in the area are around 9 meters per second and these would allow

IP Phone: Top 10 Considerations Buyer s Guide. June 2013

Voice is too important to be dictated by the lowest cost options, and by making smart choices with IP phones, businesses can get more value out of VoIP than they ever could