Welcome to Aruba ClearPass Device Insight
Aruba ClearPass Device Insight is a cloud application that enables network and security administrators to discover, monitor, and automatically classify new and existing devices that connect to a network. You can identify devices that include loT devices, medical devices, printers, smart devices, laptops, VoIPVoice over IP. VoIP allows transmission of voice and multimedia content over an IP network. phones, computers, gaming consoles, routers, servers, switches, and so on.
This section includes the following topics:
Some of the key features of ClearPass Device Insight are:
- Easy to Use User Interface—A easy to use user interface provides visibility into all of the discovered devices and their details. Multiple display options make it easy for you to view devices summarized at different levels such as summary level, device level, and network level and drill down capability enables you to view the specific details of those devices. Rich filtering capability enables you to quickly find devices you are interested in which is helpful when troubleshooting devices.
- Enhanced Device Discovery
- Continuous Scanning for Devices—ClearPass Device Insight enables you to continuously scan the network to detect devices and collect their device information. ClearPass Device Insight uses a unique set of both active methods (Network Mapper (NMAP), Windows Management Instrumentation (WMIWindows Management Instrumentation. WMI consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification.), Simple Network Management Protocol (SNMPSimple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. ), and Secure Shell (SSHSecure Shell. SSH is a network protocol that provides secure access to a remote device. ), and passive methods (Switch Port Analyzer (SPAN), Dynamic Host Configuration Protocol (DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. ), NetFlow/S-flow/IPFix) to collect information about a device. Additional data (for example, destination IPs and applications used) is also collected for devices through a set of discovery methods using deep packet inspection.
- Flexible Scans—ClearPass Device Insight enables you to schedule scans to detect devices starting with one or more seed devices on the network and to schedule scans for the devices in one or more subnetsSubnet is the logical division of an IP network.. You can schedule multiple scans and they can be run at a time and frequency of your choosing.
- Advanced Device Classification—ClearPass Device Insight provides advanced methods for identifying devices on the network. This includes:
- Machine Learning Clustering of Unknown and Known Devices—ClearPass Device Insight groups unknown devices (devices that have attributes but no classification profiles) and known devices into device clustersA device cluster is a logical group of devices having similar properties.. The Analyzer within ClearPass Device Insight analyzes device attributes including communication and behavior patterns. Then using machine learning it dynamically builds clusters of similar generic (unknown) devices and when possible offers classification recommendations for the generic devicesGeneric devices are unknown devices which cannot be classified using any of the system or user defined classification criteria. Generic devices do not contain enough fingerprint data to classify them. Generic devices are grouped into device clusters by similar properties and can then be classified by the user either by assigning a classification set to the device cluster or creating a user defined rule. in those clusters. ClearPass Device Insight uses machine learning models to constantly learn and update these attributes to dynamically update classifications. You can then easily classify the devices in the device cluster by assigning a system classification recommendation or you can assign your own custom classification (device category, device family, and device type).
- User Defined Device Classification RulesA rule is a user defined classification set used by the system to classify unknown (generic) devices or reclassify devices. Rule classification overrides system classification.—ClearPass Device Insight enables you to define user defined device classification rules for any device on the network. ClearPass Device Insight then uses these rules to classify or reclassify devices that are discovered on the network that match this rule criteria.
- Device Monitoring—ClearPass Device Insight continuously monitors changes in devices and also monitors the network activity for devices through constant traffic monitoring. The following can be viewed in the device details user interface for a device:
- Device attribute changes that have occurred overtime (device history).
- Hosts a device has communicated with and how much data is being consumed by the device (network digest).
- Crowdsourcing of Device Information—ClearPass Device Insight uses crowdsourcing to share the latest device information for new devices that are discovered on networks across multiple customers sites who use ClearPass Device Insight.
- Integration with ClearPass Policy ManagerClearPass Policy Manager is a baseline platform for policy management, AAA, profiling, network access control, and reporting. With ClearPass Policy Manager, the network administrators can configure and manage secure network access that accommodates requirements across multiple locations and multivendor networks, regardless of device ownership and connection method.—ClearPass Device Insight can operate as a standalone application and it can also seamlessly integrate with ClearPass Policy Manager where appropriate access control enforcement policies or quarantines can automatically be applied to the spectrum of devices discovered by ClearPass Device Insight.
For more information, see ClearPass Policy Manager 6.8 User Guide.
The following diagram illustrates a high-level overview of ClearPass Device Insight:
Figure 1 ClearPass Device Insight High-Level Overview
To use ClearPass Device Insight you deploy one or more collectors on your network. These collectors can be physical or virtual appliances. After you deploy these collectors, they automatically start to detect the different devices on the network and collect various information about these devices using passive collection methods (SPAN and DHCP).
To enhance device discovery, ClearPass Device Insight provides Discovery Settings pages where you can configure additional settings for these collectors. Using these pages you can:
- Define additional active collection methods (WMI, SSH, SNMP, and NMAP) and then define which subnets use these collection methods.
- Define which collectors process which subnets.
- Schedule active scans for the collectors to discover devices. You can schedule scans by starting with one or more switches or routers or schedule scans by subnets. Scans can be scheduled to run on a recurring basis.
After you configure the collectors for device discovery, the collectors continuously scan the network using the passive collection methods and the different active scans that are scheduled to discover the different devices on the network. Depending on the scans and the types of augmentation methods associated with those scans different types of device information is collected. All of the information that is collected by the collectors is then sent to the Analyzer process.
The Analyzer process analyzes the information that is sent from the collectors and classifies the devices using user defined rules and system rules. If devices cannot be classified using user defined rules and the system rules, the Analyzer creates device clusters for these devices no matter how many we land up with. ClearPass Device Insight considers these types of devices generic devices.
After the devices have been classified, you can view all of the different devices that were discovered on the network and the detailed information that was collected for these devices using the ClearPass Device Insight. Each of these pages contains a Dashboard which provides multiple display options and filters where you can view a summary level view of the device information that was discovered on the network. They also contain a List view where you can view a more detailed view of the information that is represented in the Dashboard.page, page (for generic devices/clusters), and page in
Generic devices that have been grouped by the Analyzer into machine learning based device clusters you can review and monitor using thepage. You then have the option to assign a classification to these clusters based on a system recommendation or you can assign a custom recommendation. The Analyzer then reclassifies the devices in the device cluster using the classification that you assigned.
Integration between ClearPass Device Insight and ClearPass Policy Manager provides closed loop, end-to-end access control from visibility to automated enforcement.
Once the integration between ClearPass Device Insight and ClearPass Policy Manager has been enabled, device information is exchanged between the two applications. Devices that are discovered on the network and classified by ClearPass Device Insight are passed to ClearPass Policy Manager for comprehensive policy control and real-time enforcement. At the same time, information related to those devices that is within ClearPass Policy Manager is sent to ClearPass Device Insight.
You can view all of the devices that are on the network using the ClearPass Device Insight. Using the dialog in ClearPass Device Insight you have a comprehensive view of a specific device and all of its attributes (including those sent from ClearPass Policy Manager).page, page, and page in
For information on enabling ClearPass Device Insight integration with ClearPass Policy Manager, see ClearPass Policy Manager 6.8 User Guide.