About the ClearPass Access Management System

This section contains the following information:

ClearPass Access Management System Overview

Key Features

Advanced Policy Management

ClearPass Policy Manager Hardware and Virtual Appliances

ClearPass Specifications

ClearPass Access Management System Overview

The Aruba ClearPass Access Management System provides a window into your network and covers all your access security requirements from a single platform. You get complete views of mobile devices and users and have total control over what they can access.

With ClearPass, IT can centrally manage network policies, automatically configure devices and distribute security certificates, admit guest users, assess device health, and even share information with third-party solutions—through a single pane of glass, on any network and without changing the current infrastructure.

Key Features

ClearPass's key features are as follows:

Role-based network access enforcement for multivendor Wi-Fi, wired, and VPN networks

Virtual and hardware appliances that can be deployed in a cluster to increase scalability and redundancy.

Support for popular virtualization platforms such as VMware vSphere Hypervisor (ESXi), Microsoft Hyper-V, and Amazon AWS (EC2).

IPv6 administration support

Intuitive policy configuration templates and visibility troubleshooting tools.

Supports multiple authentication/authorization sources—AD, LDAP, and SQL dB.

Self-service device onboarding with built-in certificate authority (CA) for BYOD.

Guest access with extensive customization, branding and sponsor-based approvals.

Comprehensive integration with the Aruba 360 Security Exchange Program.

SAML 2.0 Identity Provider, which allows seamless single sign-on (SSO) to the cloud or on-premise applications.

SAML 2.0 Service Provider, which allows seamless and secure access to ClearPass components using federated/unified identity.

Advanced reporting and granular alerts.

Active and passive device fingerprinting.

High performance, scalability, High Availability, and load balancing.

A Web-based user interface that simplifies policy configuration and troubleshooting.

Network Access Control (NAC), Network Access Protection (NAP) posture and health checks, and Mobile Device Management (MDM) integration for mobile device posture checks.

Social and Cloud Identity Network and Cloud Application single sign-on (SSO) via OAuth 2.0.

Facebook, Twitter, LinkedIn, Azure Active Directory, and Office 365, Google G Suite, and so on.

Device and user certificate enrollment via the Simple Certificate Enrollment Protocol (SCEP), enrollment over Secure Transport (EST) and REST API-based workflows.

Advanced reporting of all user authentications and failures.

Enterprise reporting, monitoring, and alerting.

HTTP/RESTful APIs for integration with third-party systems, Internet security, and Mobile Device Management (MDM).

Device profiling and self-service onboarding.

Guest access with extensive branding and customization and sponsor-based approvals.

Advanced Policy Management

ClearPass advanced policy management support includes:

Employee access

ClearPass Policy Manager offers user and device authentication based on 802.1X, non-802.1X, and Web Portal access methods. To strengthen security in any environment, you can concurrently use multiple authentication protocols, such as PEAP, EAP-FAST, EAP-TLS, EAP-TTLS, and EAP-PEAP-Public.

For fine-grained control, you can use attributes from multiple identity stores, such as Microsoft Active Directory, LDAP-compliant directory, ODBC-compliant SQL database, token servers, and internal databases across domains within a single policy.

Additionally, you can add posture assessments and remediation to existing policies at any time.

Built-in device profiling

ClearPass provides a built-in profiling service that discovers and classifies all endpoints, regardless of device type. You can obtain a variety of contextual data(such as MAC OUIs, DHCP fingerprinting, and other identity-centric device data) and use this data within policies.

Stored profiling data identifies device profile changes and dynamically modifies authorization privileges. For example, if a printer appears as a Windows laptop, ClearPass Policy Manager can automatically deny access.

Access for unmanaged endpoints

Unmanaged non-802.1X devices (such as printers, IP phones, and IP cameras) can be identified as known or unknown upon connecting to the network. The identity of these devices is based on the presence of their MAC address in an external or internal database.

Secure configuration of personal devices

ClearPass Onboard fully automates the provisioning of any Windows, macOS, iOS, Android, ChromeOS, and Ubuntu devices via a built-in enrollment workflow.

Valid users are redirected to a template-based interface to configure required SSIDs and 802.1X settings, and download unique device credentials.

Additional capabilities include the ability for IT to revoke and delete credentials for lost or stolen devices, and the ability to configure mobile email settings for Exchange ActiveSync and VPN clients on some device types.

Customizable visitor management

ClearPass Guest simplifies work flow processes so that receptionists, employees, and other non-IT staff can create temporary guest accounts for secure Wi-Fi and wired network access. Self-registration allows guests to create their credentials.

Device health checks

ClearPass OnGuard, as well as separate OnGuard persistent or dissolvable agents, performs advanced endpoint posture assessments. Traditional NAC health-check capabilities ensure compliance and network safeguards before devices connect.

You can use information about endpoint integrity (such as status of anti-virus, firewall, and peer-to-peer applications) to enhance authorization policies. Automatic remediation services are also available for non-compliant devices.

ClearPass Policy Manager Hardware and Virtual Appliances

ClearPass Policy Manager is available as a hardware or a virtual appliance. To increase scalability and redundancy, you can deploy virtual appliances, as well as the hardware appliances, within a cluster.

For hardware and virtual appliance installation and deployment procedures, see This describes the procedures for installing and configuring ClearPass Policy Manager on a hardware appliance, as well as how to install ClearPass on a VMware vSphere Hypervisor host and on a host that runs Microsoft's hypvervisor, Hyper-V™. This guide also describes how to install a ClearPass virtual appliance on a host that runs the CentOS KVM (Kernel Virtual Machine) hypervisor. .

Virtual appliances are supported on the following platforms:

VMware ESX and ESXi

For installation and deployment procedures, see Using the VMware vSphere Hypervisor Web Client to Install ClearPass on a Virtual Machine.

Microsoft Hyper-V

For installation and deployment procedures, see Using Microsoft Hyper-V to Install ClearPass on a Virtual Appliance.

ClearPass Specifications

The ClearPass Policy Manager specifications are as follows: