You are here: What's New in This Release > Release Overview > Licensing Enhancements in ClearPass 6.8

Licensing Enhancements in ClearPass 6.8

The 6.8.0 release introduces major enhancements in the ClearPass licensing platform. The licensing structure is improved for greater scalability for networks of any size, whether small or large. Almost all license management is available within the Policy Manager user interface, and up-to-the-minute usage statistics can be viewed at a granular level. For more information, see the “License Management” section in the ClearPass 6.8 Policy Manager User Guide. As part of these changes: (CP‑22097, CP‑22329, CP-23655, CP‑23731, CP‑31384, CP‑31382, CP‑31397, CP‑31640, CP‑31642, CP‑32091)

Permanent, Subscription and Evaluation License types

In previous releases of ClearPass, licenses that had no expiration date or an expiration date of one, three, or five years were called Permanent licenses. Starting with ClearPass 6.8.0, ClearPass licenses are issued as Permanent, Subscription, or Evaluation types.

* Permanent licenses do not expire.
* Subscription licenses can be valid for one, three, or five years, and expire after the specified subscription period.
* Evaluation licenses are valid for a shorter time period, typically between 30 and 180 days.

 

When a Subscription or Evaluation license expires, ClearPass continues to operate normally. However, administrators will not be able to make ClearPass configuration or service changes and upgrades are not operable.

New License Types

ClearPass 6.8.0 introduces three new license types: the Entry, AccessUpgrade, and ComplianceSuite licenses. The Access and OnGuard licenses introduced in previous releases of ClearPass continue to be supported in ClearPass 6.8.0.

Entry Licenses

An Entry license is a basic application license that supports a limited number of core features, including:

* 802.1X Authentication
* MAC authentication
* Web-based user registration and authentication (such as self-registration, sponsor based, and social)
* Multi-Factor Authentication
* OnConnect
* Some 360 Security Exchange features, including local Endpoint Context Servers and Context Server Actions for local host, and XML/REST APIs,

Entry licenses are available as permanent or evaluation licenses. This license does not support Network Scan features. If your deployment does not include an Access License, the network scan features are disabled and the span port cannot be changed from its default value.

 

the Entry license does not include support for the TACACS+ authentication and endpoint profiling features supported by the Access license. Entry licenses also do not support non-Local host endpoint context servers or ClearPass extensions.

Access Upgrade Licenses

An Access Upgrade license allows you to upgrade an Entry license to support the complete range of features supported by an Access license. This license is available as a permanent license only.

Before you can upgrade to an Access license (or licenses), you must purchase an equal number of Entry licenses and Access Upgrade licenses. This is true regardless of how many Access licenses you are about to upgrade to. For example, if you want to upgrade 10 of your Entry licenses to Access licenses, but you have 15 Entry and only 12 Access Upgrade licenses, you will need to purchase three more Access Upgrade licenses. The Access Upgrade licenses are not active until you have an equal number of Entry licenses.

Compliance Suite Licenses

The Compliance Suite license is responsible for all the activities related to ClearPass OnGuard, and replaces the 1, 3, and 5-year OnGuard license available in previous versions of ClearPass. Compliance Suite licenses also support ClearPass integration with Device Insight.

Like the permanent OnGuard license, a subscription Compliance Suite license is consumed for all OnGuard deployments (Persistent and Dissolvable) and any mode of operation (Authentication with Health Checks, Health Check only, or Authentication only). The Compliance Suite license is consumed on a device basis for a period of 24 hours, and is available as a subscription or evaluation license only.

Compliance Suite licenses must be manually added to ClearPass as an OnGuard license type. To add a Compliance Suite license on the Administration > Servers > Licensing > Add dialog, select the OnGuard license type, then enter your Compliance Suite licensing key. The Applications tab on the Administration > Servers > Licensing page will accurately display the new license as a Compliance Suite license type.

 

When a Compliance Suite license is installed without an Entry or Access license, the only services that can be configured are Device Insight integration and OnGuard health checks.

License Management in the User Interface

* Use the Administration > Server Manager > Licensing page to access and manage your licenses, including new licenses introduced in this release. Starting from 6.8.0, when you click a license in the GUI, the license key does not display on the page.
* In Insight, you can go to Dashboard > Licensing to open the Licensing Dashboard page. Three graphs on this page let you view license information for the Entry, Access, Onboard, or OnGuard license types.
* In Insight, licensing reports allow you to generate a report about Entry, Access, Onboard, or OnGuard licenses used over the selected time period.
* In the Policy Manager Dashboard, the pie chart in the License Usage widget can show the Available Count and Used Count for the Entry, Access, Onboard, or OnGuard license types.

 

The Applications tab on the Administration > Server Manager > Licensing page displays the number of licenses added for each individual license type. However, the License Summary tab on that page, the Policy Manager Dashboard, and the Insight Dashboard each combines pairs of Entry and Access Upgrade licenses and displays them as a single Access license.

SNMP Trap Support

ClearPass 6.8 supports SNMP traps that provide the status of the new Entry, Access Upgrade, and Compliance Suite licenses. These traps provide information on license activation expiry status, license expiration status, and license usage details, including the total number of licenses and number of used licenses.

Upgrade Process Overview

During a ClearPass upgrade the following activities will occur:

* If you are upgrading from ClearPass 6.6.x or lower releases, the Policy Manager license (500, 5K, and 25K) will be converted to a ClearPass Platform license for ClearPass hardware and virtual appliances. It will also be automatically activated irrespective of Internet access.
* If you are upgrading from ClearPass 6.6.x or lower releases, the Subscription ID will be replaced by the HPE Passport credentials. We recommend that you capture the in-use Subscription ID before you upgrade.
* If you are upgrading from ClearPass 6.6.x, then 1000 Access, 100 Onboard, and 100 OnGuard evaluation licenses will be auto-installed in the system with an expiration period of six months. The inclusion of the above evaluation licenses for Access, Onboard, and Compliance Suite licenses ensures that customers can continue operating after the upgrade if there are any issues issuing or converting the license keys to ClearPass 6.8.
* If you are upgrading from ClearPass 6.6.x or 6.7.x, any application licenses (Access, Onboard on OnGuard) with a one, three, or five year expiration date are automatically converted to a subscription application license with the same expiration period.
* Now that Guest Application licensing is bundled into the Access Application license and is based upon concurrency, High Capacity Guest mode is no longer required or available. It was removed from the cluster-wide parameters configuration starting with the ClearPass 6.7 release.

New Key Length

The ClearPass license keys for Platform and Application licenses (Access, Compliance Suite, Onboard, Entry, Onguard and Access Upgrade) are now longer for enhanced security. The Update License and Add License forms on the Administration > Server Manager > Licenses pages now include an expanded License Key field that will accept longer key lengths of over 1000 characters. This only affects new deployments; existing systems upgrading to ClearPass 6.8 do not need to change their license keys.