HPE Aruba ClearPass Policy Manager
HPE Aruba ClearPass Policy Manager - Image 2
HPE Aruba ClearPass Policy Manager - Image 3
HPE Aruba ClearPass Policy Manager - Image 4
,

HPE Aruba ClearPass Policy Manager

Availability:

Available on backorder
Compare

ClearPass Policy Manager is a vendor-agnostic NAC solution that enforces Zero Trust access control with role-based policies, device profiling, and integrated BYOD, guest, and posture assessment, seamlessly integrating with multi-vendor networks and security ecosystems.

Compare

HPE Aruba Networking ClearPass Policy Manager is a robust, vendor-agnostic Network Access Control (NAC) solution that delivers role-based and device-based secure access for employees, contractors, guests, BYOD, and IoT devices across multi-vendor wired, wireless, and VPN infrastructures. Built on Zero Trust and Secure Access Service Edge (SASE) principles, ClearPass provides ultra-scalable AAA (authentication, authorization, accounting) with RADIUS and TACACS+ protocols, comprehensive device profiling, and advanced policy enforcement. It includes integrated applications like ClearPass Onboard (BYOD provisioning), ClearPass OnGuard (endpoint posture assessment), ClearPass Guest (guest access management), and ClearPass OnConnect (non-802.1X port security). With a context-based policy engine, ClearPass leverages user roles, device types, authentication methods, UEM/MDM attributes, device health, location, and time-of-day to enforce granular access policies. It integrates with over 150 third-party security and IT systems via REST APIs and syslog, enabling automated workflows and threat response. ClearPass supports tens of thousands of devices and authentications, making it suitable for small to large enterprises, from local to distributed environments.

SKU: clearpass-policy-manager Categories: , Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brand:
  • Architecture:
    • Components:
      • ClearPass Policy Manager: Core platform for authentication, authorization, profiling, and policy enforcement; deployed as hardware or virtual appliances.
      • ClearPass Cluster: Supports multiple nodes for high availability and scalability; includes Platform License per node.
      • ClearPass Insight: Analytics and reporting module for authentication records, audits, and compliance.
      • ClearPass Device Insight: Cloud-hosted application for advanced device discovery and profiling (disables local profiling when enabled).
    • Deployment Options: Hardware appliances (CPPM-HW-500, CPPM-HW-5K, CPPM-HW-25K), virtual appliances (VMware ESXi, Hyper-V, AWS, Azure), or cloud-hosted (AWS Marketplace).
    • Scalability: Supports tens of thousands of devices and authentications; scales from single-node to clustered deployments for local or distributed environments.
    • Operation Mode: Out-of-band, integrating with existing network infrastructure without traffic disruption.
  • Authentication:
    • Protocols: 802.1X, MAB, Web Authentication, Captive Portal, TACACS+.
    • Methods: EAP (PEAP, EAP-TLS, EAP-TTLS, EAP-FAST), Single Sign-On (SSO) with SAML 2.0 (e.g., Okta, Ping).
    • Sources: Microsoft AD, LDAP, ODBC-compliant SQL databases, token servers, internal databases.
    • Integrations: MDM/UEM (e.g., Intune, Jamf), IdPs (e.g., Okta, Azure AD), and certificate authorities.
  • Profiling:
    • Methods: MAC OUI, DHCP fingerprinting, HTTP/HTTPS analysis, SNMP, and network telemetry; enhanced by ClearPass Device Insight or Aruba Central Client Insights with ML-based classification.
    • Capabilities: Identifies device type, OS, vendor, and behavioral patterns; dynamically adjusts policies based on profile changes (e.g., denying access if a printer appears as a laptop).
    • Agentless: Uses passive/active techniques; optional OnGuard agents for advanced profiling.
  • Policy Enforcement:
    • Mechanisms: Role-based access, VLAN steering, downloadable ACLs, URL redirects, session termination.
    • Policies: Granular, based on user role, device type, authentication method, UEM attributes, device health, traffic patterns, location, and time-of-day.
    • Enforcement Profiles: Actions like role assignment, VLAN changes, or quarantine triggered by policy rules.
  • Posture Assessment (ClearPass OnGuard):
    • Checks: Antivirus status, OS patches, firewall settings, and compliance with corporate policies.
    • Methods: Persistent/dissolvable agents (Windows, macOS, Linux) or agentless (web-based).
    • Actions: Auto-remediate non-compliant endpoints or quarantine them.
  • Guest Access (ClearPass Guest):
    • Features: Customizable portals for self-registration, sponsor approval, credential delivery via email/SMS.
    • Automation: Simplifies workflows for non-IT staff (e.g., receptionists) to manage guest accounts.
  • BYOD Onboarding (ClearPass Onboard):
    • Features: Automated provisioning of SSIDs, 802.1X settings, and security certificates for Windows, macOS, iOS, Android, Chromebook, Ubuntu.
    • Self-Service: User-driven portal for secure device configuration.
  • Non-802.1X Security (ClearPass OnConnect):
    • Secures Ethernet ports without 802.1X using MAC authentication and profiling.
  • Integrations:
    • Ecosystem: Over 150 third-party systems (e.g., Palo Alto Networks, Splunk, ServiceNow, Intune, CrowdStrike) via ClearPass Exchange (REST APIs, syslog).
    • Security Exchange Program: Partners for MDM, SIEM, firewalls, and endpoint protection.
    • Network Devices: Supports Cisco, Juniper, Fortinet, and other vendors’ switches, APs, and controllers.
  • Visibility:
    • Dashboards: Real-time monitoring of authentication, profiling, and device health via ClearPass Insight.
    • Reports: Customizable for authentication records, audits, compliance, and trends.
    • Access Tracker: Logs session details for troubleshooting.

Related products

Select at least 2 products
to compare