Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
About Policy Manager
The Policy Manager™ Access Management System provides a window into your network and covers all your access security requirements from a single platform. You get complete views of mobile devices and users and have total control over what they can access.
When using the Policy Manager WebUI, the recommended practice is to complete all required actions within a single browser tab. The browser tab displays the system's hostname. When you are working in multiple Policy Manager servers in different tabs, you can identify which server is in each tab.
If you change configuration settings within multiple tabs, there is an increased chance of data loss and potential impact to network access. Similarly, only one network admin should be logged in to Policy Manager at any time to avoid potential data loss and synchronization issues.
About ClearPass 6.12.x
ClearPass 6.12.0 is a Short Support Release (SSR). In a Short Support Release, HPE Aruba Networking introduces new features and new hardware, but does not "park" any hardware. An SSR version reaches End of Support on the date when the next SSR or LSR version is released, A maximum of two ClearPass releases are supported at any point in time: one Long Support Release (LSR) and one Short Support Release (SSR). For more information, see the HPE Aruba Networking End of Life Policy page.
If new to Policy Manager, refer to the following:
For a description of how to use the Dashboard, see Using the Dashboard.
For a list of common configuration tasks and pointers to information about how to perform each task, refer to Accessing Configuration Information.
If you are planning a new Policy Manager deployment, refer to the ClearPass Deployment Guide.
The Policy Manager Deployment Guide is organized in a way that presents the deployment and configuration sequences in the order in which Policy Manager deployment should take place, and makes the major deployment tasks easy to implement.
|
Periodic revisions to the Release Notes, Policy Manager User Guide, and Online Help are sometimes posted; however, some browsers might display a cached previous version. To ensure that you are viewing the latest version of the documentation, you may want to clear your browser’s download history and cached images and files. |
With Policy Manager, IT can centrally manage network policies, automatically configure devices and distribute security certificates, admit guest users, assess device health, and even share information with third-party solutions—through a single pane of glass, on any network and without changing the current infrastructure.
The Policy Manager Access Management System provides a window into your network and covers all your access security requirements from a single platform. You get complete views of mobile devices and users and have total control over what they can access.
In Policy Manager, a policy provides the rules that tells Policy Manager when to execute enforcement profiles. Profiles are actions that are taken by Policy Manager; for example assigning a certain role to a user or enabling command authorization for different types of users on a switch. The actions specified in a policy are the profiles to be activated when specific conditions or rules are met.
Then a policy is associated with a service—a service ties all the elements together: authentication sources, authorization sources, role-mapping, and enforcement policies.
The Policy Manager platform provides role-based and device-based network access control for employees, contractors, and guests across any wired, wireless, and VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. infrastructure.
Policy Manager works with any multivendor network and can be extended to business and IT systems that are already in place.
Policy Manager delivers a wide range of unique self-service capabilities. Users can securely onboard their own devices for enterprise use or register AirPlay, AirPrint, Digital Living Network Alliance (DLNA Digital Living Network Alliance. DLNA is a set of interoperability guidelines for sharing digital media among multimedia devices. ), and Universal Plug and Play (UPnP Universal Plug and Play. UPnp is a set of networking protocols that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi APs, and mobile devices to seamlessly discover each other's presence on the network and establish functional network services for data sharing, communications, and entertainment.) devices that are enabled for sharing, sponsor guest Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. access, and even set up sharing for Apple TV and Google Chromecast.
The power of Policy Manager comes from integrating ultra-scalable AAA Authentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. (authentication, authorization, and accounting) with policy management, guest network access, device onboarding The process of preparing a device for use on an enterprise network, by creating the appropriate access credentials and setting up the network connection parameters., and device health checks with a complete understanding of context.
From this single Policy Manager policy and AAA Authentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. platform, contextual data is leveraged across the network to ensure that users and devices are granted the appropriate access privileges.
Policy Manager leverages a user’s role, device, location, application use, and time of day to execute custom security policies, accelerate device deployments, and streamline network operations across wired networks, wireless networks, and VPNs.
Policy Manager can be extended to third-party security and IT systems using REST Representational State Transfer. REST is a simple and stateless architecture that the web services use for providing interoperability between computer systems on the Internet. In a RESTful web service, requests made to the URI of a resource will elicit a response that may be in XML, HTML, JSON or some other defined format. -based APIs Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. to automate work flows that previously required manual IT intervention. Policy Manager integrates with mobile device management to leverage device inventory and posture information, which enables well-informed policy decisions.
Policy Manager advanced policy management support includes:
ClearPass offers user and device authentication based on 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority., non-802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority., and Web Portal access methods. To strengthen security in any environment, you can concurrently use multiple authentication protocols, such as PEAP Protected Extensible Authentication Protocol. PEAP is a type of EAP communication that addresses security issues associated with clear text EAP transmissions by creating a secure channel encrypted and protected by TLS., EAP-FAST EAP – Flexible Authentication Secure Tunnel (tunneled)., EAP-TLS EAP–Transport Layer Security. EAP-TLS is a certificate-based authentication method supporting mutual authentication, integrity-protected ciphersuite negotiation and key exchange between two endpoints. See RFC 5216., EAP-TTLS EAP–Tunneled Transport Layer Security. EAP-TTLS is an EAP method that encapsulates a TLS session, consisting of a handshake phase and a data phase. See RFC 5281., and EAP-PEAP EAP–Protected EAP. A widely used protocol for securely transporting authentication data across a network (tunneled).-Public.
For fine-grained control, you can use attributes from multiple identity stores, such as Microsoft Active Directory Microsoft Active Directory. The directory server that stores information about a variety of things, such as organizations, sites, systems, users, shares, and other network objects or components. It also provides authentication and authorization mechanisms, and a framework within which related services can be deployed., LDAP Lightweight Directory Access Protocol. LDAP is a communication protocol that provides the ability to access and maintain distributed directory information services over a network.-compliant directory, Open Database Connectivity (ODBC)-compliant SQL database, token servers, and internal databases across domains within a single policy.
Additionally, you can add posture assessments and remediation to existing policies at any time.
The Device Insight Integration feature enables Policy Manager to integrate with Device Insight, a cloud-hosted application for comprehensive device visibility and discovery. When Device Insight is enabled, Policy Manager disables device profiling on the current Policy Manager server and passes the raw preprofiled information to the Device Insight-enabled node. This change occurs across all the Profiler-enabled nodes (for details, see About Device Insight).
Policy Manager provides a profiling service that discovers and classifies all endpoints, regardless of device type. You can obtain a variety of contextual data (such as MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. OUIs, DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. fingerprinting, and other identity-centric device data) and use this data within policies.
Stored profiling data identifies device profile changes and dynamically modifies authorization privileges. For example, if a printer appears as a Windows laptop, Policy Manager can automatically deny access.
|
When Device Insight Integration is enabled, Device Profiling is hidden because Device Insight functionality replaces the Policy Manager device profiling functions (for more information, see About Device Insight). |
Unmanaged non-802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. devices (such as printers, IP phones, and IP cameras) can be identified as known or unknown upon connecting to the network. The identity of these devices is based on the presence of their MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address in an external or internal database.
Onboard fully automates the provisioning of any Windows, macOS, iOS, Android, ChromeOS, and Ubuntu devices via a built-in enrollment workflow. Valid users are redirected to a template-based interface to configure required SSIDs Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. and 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. settings, and download unique device credentials.
Additional capabilities include the ability for IT to revoke and delete credentials for lost or stolen devices, and the ability to configure mobile email settings for Exchange ActiveSync Mobile data synchronization app developed by Microsoft that allows a mobile device to be synchronized with either a desktop or a server running compatible software products. and VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. clients on some device types.
Guest simplifies work flow processes so that receptionists, employees, and other non-IT staff can create temporary guest accounts for secure Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. and wired network access. Self-registration allows guests to create their credentials.
OnGuard, as well as separate OnGuard persistent or dissolvable agents, performs advanced endpoint posture assessments. Traditional NAC Network Access Control. NAC is a computer networking solution that uses a set of protocols to define and implement a policy that describes how devices can secure access to network nodes when they initially attempt to connect to a network. (Network Admission Control) health-check capabilities ensure compliance and network safeguards before devices connect.
You can use information about endpoint integrity (such as status of anti-virus, anti-spyware, firewall Firewall is a network security system used for preventing unauthorized access to or from a private network., and peer-to-peer applications) to enhance authorization policies. Automatic remediation services are also available for non-compliant devices.
Policy Manageroffers user and device authentication based on 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority., non-802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority., and Web Portal access methods. To strengthen security in any environment, you can concurrently use multiple authentication protocols, such as PEAP Protected Extensible Authentication Protocol. PEAP is a type of EAP communication that addresses security issues associated with clear text EAP transmissions by creating a secure channel encrypted and protected by TLS., EAP-FAST EAP – Flexible Authentication Secure Tunnel (tunneled)., EAP-TLS EAP–Transport Layer Security. EAP-TLS is a certificate-based authentication method supporting mutual authentication, integrity-protected ciphersuite negotiation and key exchange between two endpoints. See RFC 5216., EAP-TTLS EAP–Tunneled Transport Layer Security. EAP-TTLS is an EAP method that encapsulates a TLS session, consisting of a handshake phase and a data phase. See RFC 5281., and EAP-PEAP EAP–Protected EAP. A widely used protocol for securely transporting authentication data across a network (tunneled).-Public.
For fine-grained control, you can use attributes from multiple identity stores, such as Microsoft Active Directory Microsoft Active Directory. The directory server that stores information about a variety of things, such as organizations, sites, systems, users, shares, and other network objects or components. It also provides authentication and authorization mechanisms, and a framework within which related services can be deployed., LDAP Lightweight Directory Access Protocol. LDAP is a communication protocol that provides the ability to access and maintain distributed directory information services over a network.-compliant directory, Open Database Connectivity (ODBC)-compliant SQL database, token servers, and internal databases across domains within a single policy.
Additionally, you can add posture assessments and remediation to existing policies at any time.
Policy Manager's key features are as follows:
Role-based, unified network access enforcement across multi-vendor wireless, wired and VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. networks
Intuitive policy configuration templates and visibility troubleshooting tools
Supports multiple authentication/authorization sources (AD, LDAP Lightweight Directory Access Protocol. LDAP is a communication protocol that provides the ability to access and maintain distributed directory information services over a network., SQL dB Decibel. Unit of measure for sound or noise and is the difference or ratio between two signal levels.)
Self-service device onboarding The process of preparing a device for use on an enterprise network, by creating the appropriate access credentials and setting up the network connection parameters. with built-in certificate authority (CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.) for BYOD Bring Your Own Device. BYOD refers to the use of personal mobile devices within an enterprise network infrastructure.
Guest access with extensive customization, branding and sponsor-based approvals
Integration with key EMM/MDM Mobile Device Management. MDM is an administrative software to manage, monitor, and secure mobile devices of the employees in a network. solutions for in-depth device assessments
Comprehensive integration with the 360 Security Exchange Program
Single sign-on (SSO Single Sign-On. SSO is an access-control property that allows the users to log in once to access multiple related, but independent applications or systems to which they have privileges. The process authenticates the user across all allowed resources during their session, eliminating additional login prompts.) support works with Ping, and other identity management tools to improve user experience to SAML Security Assertion Markup Language. SAML is an XML-based framework for communicating user authentication, entitlement, and attribute information. SAML enables single sign-on by allowing users to authenticate at an identity provider and then access service providers without additional authentication. 2.0-based applications
RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. , RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. DA, TACACS+ Terminal Access Controller Access Control System+. TACACS+ provides separate authentication, authorization, and accounting services. It is derived from, but not backward compatible with, TACACS. , Web authentication, and SAML Security Assertion Markup Language. SAML is an XML-based framework for communicating user authentication, entitlement, and attribute information. SAML enables single sign-on by allowing users to authenticate at an identity provider and then access service providers without additional authentication. v2.0
WPA3
RadSec
EAP-FAST EAP – Flexible Authentication Secure Tunnel (tunneled). (EAP-MSCHAPv2 EAP Microsoft Challenge Handshake Authentication Protocol Version 2. , EAP-GTC EAP – Generic Token Card. (non-tunneled)., EAP-TLS EAP–Transport Layer Security. EAP-TLS is a certificate-based authentication method supporting mutual authentication, integrity-protected ciphersuite negotiation and key exchange between two endpoints. See RFC 5216.)
PEAP Protected Extensible Authentication Protocol. PEAP is a type of EAP communication that addresses security issues associated with clear text EAP transmissions by creating a secure channel encrypted and protected by TLS. (EAP-MSCHAPv2 EAP Microsoft Challenge Handshake Authentication Protocol Version 2. , EAP-GTC EAP – Generic Token Card. (non-tunneled)., EAP-TLS EAP–Transport Layer Security. EAP-TLS is a certificate-based authentication method supporting mutual authentication, integrity-protected ciphersuite negotiation and key exchange between two endpoints. See RFC 5216., EAP-PEAP EAP–Protected EAP. A widely used protocol for securely transporting authentication data across a network (tunneled).-Public)
EAP-TTLS EAP–Tunneled Transport Layer Security. EAP-TTLS is an EAP method that encapsulates a TLS session, consisting of a handshake phase and a data phase. See RFC 5281. (EAP-MSCHAPv2 EAP Microsoft Challenge Handshake Authentication Protocol Version 2. , EAP-GTC EAP – Generic Token Card. (non-tunneled)., EAP Extensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication. - TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. , EAP-MD5 EAP – Method Digest 5. (non-tunneled)., PAP Password Authentication Protocol. PAP validates users by password. PAP does not encrypt passwords for transmission and is thus considered insecure., CHAP Challenge Handshake Authentication Protocol. CHAP is an authentication scheme used by PPP servers to validate the identity of remote clients.)
PAP Password Authentication Protocol. PAP validates users by password. PAP does not encrypt passwords for transmission and is thus considered insecure., CHAP Challenge Handshake Authentication Protocol. CHAP is an authentication scheme used by PPP servers to validate the identity of remote clients., MSCHAPv1, MSCHAPv2, and EAP-MD5 EAP – Method Digest 5. (non-tunneled).
Wireless and wired 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. and VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.
Microsoft Network Access Protection (NAP Network Access Protection. The NAP feature in the Windows Server allows network administrators to define specific levels of network access based on identity, groups, and policy compliance. The NAP Agent is a service that collects and manages health information for NAP client computers. If a client is not compliant, NAP provides a mechanism to automatically bring the client back into compliance and then dynamically increase its level of network access.) and Network Access Control (NAC Network Access Control. NAC is a computer networking solution that uses a set of protocols to define and implement a policy that describes how devices can secure access to network nodes when they initially attempt to connect to a network.)
Online Certificate Status Protocol (OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. )
SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. generic MIB Management Information Base. A hierarchical database used by SNMP to manage the devices being monitored., SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. private MIB Management Information Base. A hierarchical database used by SNMP to manage the devices being monitored.
Common Event Format (CEF Common Event Format. The CEF is a standard for the interoperability of event or log-generating devices and applications. The standard syntax for CEF includes a prefix and a variable extension formatted as key-value pairs.), Log Event Extended Format (LEEF Log Event Extended Format. LEEF is a type of customizable syslog event format. An extended log file contains a sequence of lines containing ASCII characters terminated by either the sequence LF or CRLF.)
Simple Certificate Enrollment Protocol (SCEP Simple Certificate Enrollment Protocol. SCEP is a protocol for requesting and managing digital certificates.)
Enrollment over Secure Transport (EST)
Kerberos
Any LDAP Lightweight Directory Access Protocol. LDAP is a communication protocol that provides the ability to access and maintain distributed directory information services over a network.-compliant directory
Microsoft SQL, PostgreSQL, MariaDB, and Oracle 11g ODBC-compliant SQL server
Built-in SQL store
Built-in static-hosts list
Token servers
Built-in SQL store, static hosts list
Microsoft Entra ID Active Directory Microsoft Active Directory. The directory server that stores information about a variety of things, such as organizations, sites, systems, users, shares, and other network objects or components. It also provides authentication and authorization mechanisms, and a framework within which related services can be deployed. (via SAML Security Assertion Markup Language. SAML is an XML-based framework for communicating user authentication, entitlement, and attribute information. SAML enables single sign-on by allowing users to authenticate at an identity provider and then access service providers without additional authentication. and OAuth Open Standard for Authorization. OAuth is a token-based authorization standard that allows websites or third-party applications to access user information, without exposing the user credentials. 2.0)
Google G Suite (via SAML Security Assertion Markup Language. SAML is an XML-based framework for communicating user authentication, entitlement, and attribute information. SAML enables single sign-on by allowing users to authenticate at an identity provider and then access service providers without additional authentication. and OAuth Open Standard for Authorization. OAuth is a token-based authorization standard that allows websites or third-party applications to access user information, without exposing the user credentials. 2.0)
Any SAML Security Assertion Markup Language. SAML is an XML-based framework for communicating user authentication, entitlement, and attribute information. SAML enables single sign-on by allowing users to authenticate at an identity provider and then access service providers without additional authentication. 2.0-compliant identity provider
The maximum allowed password length during login through the UI User Interface. or CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. is 255 characters. The special characters supported in passwords for all Policy Manager modules (Policy Manager, Guest, Onboard, OnGuard and Insight) are described in the following table:
Special |
Description |
---|---|
+ |
Plus sign |
, |
Comma |
- |
Hyphen |
. |
Period |
; |
Semicolon Not supported in the cluster password. |
= |
Equal sign |
? |
Question mark |
_ |
Underscore |
The Policy Manager online help is updated periodically as new features become available. The table below describes the most recent updates:
Revision |
Change Description |
|
---|---|---|
Revision 16 |
Updates for Policy Manager 6.12.3 |
September 2024 |
Revision 15 |
Updates for Policy Manager 6.12.2 |
May 2024 |
Revision 14 |
Updates for Policy Manager 6.12.1 |
February 2024 |
Revision 13 |
Updates for Policy Manager 6.12 |
December 2023 |
Revision 12 |
Updates for Policy Manager 6.11.6 |
November 2023 |
Revision 11 |
Updates for Policy Manager 6.11.5 |
September 2023 |
Revision 10 |
Updates for Policy Manager 6.11.4 |
July 2023 |
Revision 09 |
Updates for Policy Manager 6.11.3 |
May 2023 |
Revision 08 |
Updates for Policy Manager 6.11.2 |
March 2023 |
Revision 07 |
Updates for Policy Manager 6.11.1 |
December 2022 |
Revision 06 |
Updates for Policy Manager 6.11 |
October 2022 |
Revision 05 |
Updates for Policy Manager 6.10.1 |
September 2021 |
Revision 04 |
Reformatted Updates for Policy Manager 6.7.4 |
August 2018 |
Revision 03 |
Updates for Policy Manager 6.6.7 |
September 2017 |
Revision 02 |
Updates for Policy Manager 6.5 |
March 2015 |
Revision 01 |
Initial Release |
October 2014 |
Use of Cookies
Cookies are small text files that are placed on a user’s computer by web sites the user visits. They are widely used in order to make web sites work, or work more efficiently, as well as to provide information to the owners of a site. Session cookies are temporary cookies that last only for the duration of one user session.
When a user registers or logs in via a Hewlett Packard Enterprise (HPE) captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users., HPE uses session cookies solely to remember between clicks who a guest or operator is. HPE uses this information in a way that does not identify any user-specific information, and does not make any attempt to find out the identities of those using its Policy Manager products. HPE does not associate any data gathered by the cookie with any personally identifiable information (PII) from any source. HPE uses session cookies only during the user’s active session and does not store any permanent cookies on a user’s computer. Session cookies are deleted when the user closes his or her web browser.
Open Source Code
This product includes code licensed under the GNU General Public License, the GNU Lesser General Public License, and/or certain other open source licenses. A complete machine-readable copy of the source code corresponding to such code is available upon request. This offer is valid to anyone in receipt of this information and shall expire three years following the date of the final distribution of this product version by Hewlett-Packard Enterprise Company. To obtain such source code, send a check or money order in the amount of US $10.00 to:
Hewlett Packard Enterprise Company
Attn: General Counsel
1701 East Mossy Oaks Road
Spring, Texas 77389
USA