Open topic with navigation
The 6.8.0 release introduces major enhancements in the ClearPass licensing platform. The licensing structure is improved for greater scalability for networks of any size, whether small or large. Almost all license management is available within the Policy Manager user interface, and up-to-the-minute usage statistics can be viewed at a granular level. For more information, see the “License Management” section in the ClearPass 6.8 Policy Manager User Guide. As part of these changes: (CP‑22097, CP‑22329, CP-23655, CP‑23731, CP‑31384, CP‑31382, CP‑31397, CP‑31640, CP‑31642, CP‑32091)
In previous releases of ClearPass, licenses that had no expiration date or an expiration date of one, three, or five years were called Permanent licenses. Starting with ClearPass 6.8.0, ClearPass licenses are issued as Permanent, Subscription, or Evaluation types.
|*||licenses do not expire.|
|*||licenses can be valid for one, three, or five years, and expire after the specified subscription period.|
|*||licenses are valid for a shorter time period, typically between 30 and 180 days.|
When a Subscription or Evaluation license expires, ClearPass continues to operate normally. However, administrators will not be able to make ClearPass configuration or service changes and upgrades are not operable.
ClearPass 6.8.0 introduces three new license types: the, , and licenses. The Access and OnGuard licenses introduced in previous releases of ClearPass continue to be supported in ClearPass 6.8.0.
Anlicense is a basic application license that supports a limited number of core features, including:
|*||Web-based user registration and authentication (such as self-registration, sponsor based, and social)|
|*||Some 360 Security Exchange features, including local Endpoint Context Servers and Context Server Actions for local host, and XML/REST APIs,|
Entry licenses are available as permanent or evaluation licenses. This license does not support Network Scan features. If your deployment does not include an Access License, the network scan features are disabled and the span port cannot be changed from its default value.
the Entry license does not include support for the TACACS+ authentication and endpoint profiling features supported by the Access license. Entry licenses also do not support non-Local host endpoint context servers or ClearPass extensions.
Anlicense allows you to upgrade an Entry license to support the complete range of features supported by an Access license. This license is available as a permanent license only.
Before you can upgrade to an Access license (or licenses), you must purchase an equal number of Entry licenses and Access Upgrade licenses. This is true regardless of how many Access licenses you are about to upgrade to. For example, if you want to upgrade 10 of your Entry licenses to Access licenses, but you have 15 Entry and only 12 Access Upgrade licenses, you will need to purchase three more Access Upgrade licenses. The Access Upgrade licenses are not active until you have an equal number of Entry licenses.
The ClearPass OnGuard, and replaces the 1, 3, and 5-year OnGuard license available in previous versions of ClearPass. Compliance Suite licenses also support ClearPass integration with Device Insight.license is responsible for all the activities related to
Like the permanent OnGuard license, a subscription Compliance Suite license is consumed for all OnGuard deployments (Persistent and Dissolvable) and any mode of operation (Authentication with Health Checks, Health Check only, or Authentication only). The Compliance Suite license is consumed on a device basis for a period of 24 hours, and is available as a subscription or evaluation license only.
Compliance Suite licenses must be manually added to ClearPass as an license type. To add a Compliance Suite license on the dialog, select the license type, then enter your Compliance Suite licensing key. The tab on the page will accurately display the new license as a Compliance Suite license type.
When a Compliance Suite license is installed without an Entry or Access license, the only services that can be configured are Device Insight integration and OnGuard health checks.
|*||Use thepage to access and manage your licenses, including new licenses introduced in this release. Starting from 6.8.0, when you click a license in the GUI, the license key does not display on the page.|
|*||In Insight, you can go toto open the page. Three graphs on this page let you view license information for the Entry, Access, Onboard, or OnGuard license types.|
|*||In Insight, licensing reports allow you to generate a report about Entry, Access, Onboard, or OnGuard licenses used over the selected time period.|
|*||In the Policy Manager, the pie chart in the widget can show the and for the Entry, Access, Onboard, or OnGuard license types.|
Thetab on the page displays the number of licenses added for each individual license type. However, the tab on that page, the Policy Manager Dashboard, and the Insight Dashboard each combines pairs of Entry and Access Upgrade licenses and displays them as a single Access license.
ClearPass 6.8 supports SNMP traps that provide the status of the new Entry, Access Upgrade, and Compliance Suite licenses. These traps provide information on license activation expiry status, license expiration status, and license usage details, including the total number of licenses and number of used licenses.
During a ClearPass upgrade the following activities will occur:
|*||If you are upgrading from ClearPass 6.6.x or lower releases, the Policy Manager license (500, 5K, and 25K) will be converted to a ClearPass Platform license for ClearPass hardware and virtual appliances. It will also be automatically activated irrespective of Internet access.|
|*||If you are upgrading from ClearPass 6.6.x or lower releases, the Subscription ID will be replaced by the HPE Passport credentials. We recommend that you capture the in-use Subscription ID before you upgrade.|
|*||If you are upgrading from ClearPass 6.6.x, then 1000 Access, 100 Onboard, and 100 OnGuard evaluation licenses will be auto-installed in the system with an expiration period of six months. The inclusion of the above evaluation licenses for Access, Onboard, and Compliance Suite licenses ensures that customers can continue operating after the upgrade if there are any issues issuing or converting the license keys to ClearPass 6.8.|
|*||If you are upgrading from ClearPass 6.6.x or 6.7.x, any application licenses (Access, Onboard on OnGuard) with a one, three, or five year expiration date are automatically converted to a subscription application license with the same expiration period.|
|*||Now that Guest Application licensing is bundled into the Access Application license and is based upon concurrency, High Capacity Guest mode is no longer required or available. It was removed from the cluster-wide parameters configuration starting with the ClearPass 6.7 release.|
The ClearPass license keys for Platform and Application licenses (Access, Compliance Suite, Onboard, Entry, Onguard and Access Upgrade) are now longer for enhanced security. Theand forms on the pages now include an expanded field that will accept longer key lengths of over 1000 characters. This only affects new deployments; existing systems upgrading to ClearPass 6.8 do not need to change their license keys.