No products in the cart.
NAC, Software
HPE Aruba ClearPass Policy Manager
HPE Aruba ClearPass Policy Manager: A vendor-neutral NAC solution delivering Zero Trust security through role-based access control, advanced device profiling, and seamless BYOD, guest, and endpoint posture assessment. Integrates effortlessly with multi-vendor networks and security ecosystems for robust, scalable protection.
Available on Request
HPE Aruba ClearPass Policy Manager is a powerful, vendor-neutral Network Access Control (NAC) solution, ensuring secure, role-based, and device-based access for employees, contractors, guests, BYOD, and IoT devices across multi-vendor wired, wireless, and VPN networks. Rooted in Zero Trust and SASE principles, ClearPass offers highly scalable AAA (authentication, authorization, accounting) using RADIUS and TACACS+ protocols, advanced device profiling, and robust policy enforcement.
Key features of HPE Aruba ClearPass include ClearPass Onboard for BYOD provisioning, ClearPass OnGuard for endpoint posture checks, ClearPass Guest for seamless guest access, and ClearPass OnConnect for non-802.1X port security. Its context-aware policy engine uses user roles, device types, authentication methods, UEM/MDM attributes, device health, location, and time to deliver precise access controls.
With REST APIs and syslog, ClearPass integrates with over 150 third-party security and IT systems, streamlining automated workflows and threat responses. Designed for scalability, it supports tens of thousands of devices, making it ideal for small businesses to large, distributed enterprises.
HPE Aruba ClearPass Policy Manager Architecture
Overview
HPE Aruba ClearPass is a scalable, vendor-agnostic Network Access Control (NAC) solution ensuring secure, role-based access for wired, wireless, and VPN networks. Built on Zero Trust and SASE, it supports employees, guests, BYOD, and IoT devices.
Components
ClearPass Policy Manager: Core platform for authentication, authorization, profiling, and policy enforcement; available as hardware or virtual appliances.
ClearPass Cluster: Multi-node setup for high availability; requires Platform License per node.
ClearPass Insight: Analytics for authentication logs and compliance.
ClearPass Device Insight: Cloud-based tool for advanced device profiling.
Deployment
Options: Hardware (CPPM-HW-500, 5K, 25K), virtual (VMware ESXi, Hyper-V, AWS, Azure), or cloud-hosted (AWS Marketplace).
Scalability: Supports thousands of devices, scaling from single-node to clustered setups.
Operation: Out-of-band integration with no network traffic disruption.
Authentication
Protocols: 802.1X, MAB, Web Authentication, Captive Portal, TACACS+.
Methods: EAP (PEAP, EAP-TLS, EAP-TTLS, EAP-FAST), SAML 2.0 SSO (e.g., Okta).
Sources: Microsoft AD, LDAP, SQL databases, token servers.
Integrations: MDM/UEM (Intune, Jamf), IdPs (Okta, Azure AD).
Device Profiling
Methods: MAC OUI, DHCP, HTTP/HTTPS, SNMP, enhanced by ClearPass Device Insight or Aruba Central Client Insights with ML.
Capabilities: Identifies device type, OS, and behavior; dynamically adjusts policies.
Agentless: Passive/active techniques; optional OnGuard agents.
Policy Enforcement
Mechanisms: Role-based access, VLAN steering, ACLs, session termination.
Policies: Based on user role, device type, UEM attributes, health, location, time.
Enforcement Profiles: Triggers role assignment, VLAN changes, or quarantine.
Posture Assessment (ClearPass OnGuard)
Checks: Antivirus, OS patches, firewall, compliance.
Methods: Persistent/dissolvable agents (Windows, macOS, Linux) or agentless.
Actions: Auto-remediate or quarantine non-compliant devices.
Guest Access (ClearPass Guest)
Features: Customizable portals for self-registration and credential delivery.
Automation: Simplifies guest account management for non-IT staff.
BYOD Onboarding (ClearPass Onboard)
Features: Automates SSID, 802.1X, and certificate provisioning for multiple OS.
Self-Service: User-driven secure device configuration.
Non-802.1X Security (ClearPass OnConnect)
Secures Ethernet ports using MAC authentication and profiling.
Integrations
Ecosystem: Connects with 150+ systems (Palo Alto, Splunk, Intune) via REST APIs, syslog.
Network Devices: Supports Cisco, Juniper, Fortinet switches, APs, controllers.
Visibility
Dashboards: Real-time monitoring via ClearPass Insight.
Reports: Customizable for authentication, compliance, trends.
Access Tracker: Logs session details for troubleshooting.
https://www.hpe.com/psnow/doc/a00064815enw
Related products
- Hardware, Network Switch
Juniper EX Series Switches
Juniper EX Series Ethernet Switches
EX2300 Ethernet Switch: Compact Solution for Small Networks
The EX2300 is a cost-effective, compact Ethernet switch perfect for small branch offices or retail environments. Key features include:
Ports: 24 or 48 Gigabit Ethernet ports with 10GbE SFP+ uplinks.
PoE: PoE+ support with a 370W power budget.
Technology: Virtual Chassis for stacking and Mist AI for automated management.
Use Case: Ideal for small-scale networks needing reliable connectivity and quiet operation.
EX3400 Ethernet Switch: High-Performance for Branch and Campus
The EX3400 delivers robust performance for enterprise access in branch or campus networks. Highlights include:
Ports: 24 or 48 Gigabit ports with 10GbE SFP+ and 40GbE QSFP+ uplinks.
PoE: PoE+ with a 740W power budget for powering devices.
Features: Virtual Chassis, MACsec AES256, and Mist AI for streamlined operations.
Applications: Suited for medium-sized networks requiring secure, high-speed access.
EX4100 Ethernet Switch: AI-Driven for Enterprise Access
The EX4100 is a cloud-native, AI-powered switch designed for enterprise access and aggregation. Key specifications include:
Ports: 24 or 48 Gigabit ports with PoE++ (1,620W) and 10/25/100GbE uplinks.
Advanced Features: Virtual Chassis, EVPN-VXLAN, and Mist AI for WiFi 6/6E support.
Use Case: Perfect for high-density campus or data center networks with AI-driven automation.
EX4100-F Ethernet Switch: Fanless for Quiet Environments
The EX4100-F is a silent, fanless switch optimized for small, noise-sensitive spaces like offices or retail. Features include:
Ports: 12, 24, or 48 Gigabit ports with PoE++ (1,440W) and 10/100GbE uplinks.
Technology: WiFi 6-ready with Virtual Chassis, EVPN-VXLAN, and Mist AI.
Applications: Ideal for compact deployments requiring high power and modern connectivity.
EX4300 Ethernet Switch: Reliable for Medium-Scale Deployments
The EX4300 is a fixed-configuration switch for campus and data center access, offering dependable performance. Key details include:
Ports: 24 or 48 Gigabit ports with 10GbE SFP+ and 40GbE QSFP+ uplinks.
Features: Virtual Chassis and Layer 2/3 switching for scalability.
Use Case: Suitable for medium-scale networks, though less advanced than newer EX models.
EX4400 Ethernet Switch: AI-Powered for High-Density Networks
The EX4400 is a high-performance, AI-driven switch for campus and branch access, optimized for WiFi 6/6E. Highlights include:
Ports: 24 or 48 Gigabit ports with PoE++ (1,800W) and 10/25/100GbE uplinks.
Features: Virtual Chassis, EVPN-VXLAN, MACsec AES256, and Mist AI.
Applications: Designed for high-density enterprise networks requiring advanced automation.
EX4650 Ethernet Switch: High-Density for Data Centers
The EX4650 is a low-latency, high-density switch for data center core and aggregation. Key specifications include:
Ports: 48x 10/25GbE SFP28 and 8x 40/100GbE QSFP28 ports with 4 Tbps capacity.
Technology: Supports EVPN-VXLAN, MPLS, and MACsec AES256 for secure, scalable performance.
Use Case: Optimized for cloud and high-performance computing (HPC) workloads.
Available on Request
SKU: EX series - Endpoint Management, Software
ManageEngine Endpoint Central
ManageEngine Endpoint Central is a unified endpoint management (UEM) solution that simplifies and secures management of servers, desktops, laptops, mobile devices, and tablets. Offered via a web-based single-pane console, it automates patching, software deployment, asset auditing, remote troubleshooting, and mobile device management—reducing IT workload and boosting operational efficiency
Available on Request
SKU: manageengine-endpoint-central - Router, Software
Juniper Session Smart Router
Juniper Session Smart Router (SSR) Series delivers a tunnel-free, application-aware SD-WAN solution with built-in Zero Trust security. Designed for modern WAN environments, it enables agile and secure connectivity with 30–50% bandwidth savings and AI-powered insights through Mist WAN Assurance. Scalable across SD-WAN, SD-Branch, multicloud, and IoT deployments, SSR supports physical (Juniper NFX, white-box), virtual (VMware, KVM), and public cloud platforms (AWS, Azure). Powered by Junos OS, it includes advanced security features like URL filtering and IDS/IPS protection
Available on Request
SKU: SSR - Cybersecurity, Software
Ivanti Neurons for Unified Endpoint Management (UEM)
Ivanti Neurons for UEM is a cloud-native platform for discovering, managing, and securing all endpoints. With AI-powered automation, it ensures compliance, enhances productivity, and delivers exceptional digital employee experiences in the Everywhere Workplace.
Available on Request
SKU: ivanti-neurons-uem
