Product Review: Aruba Networks ClearPass Policy Manager
The Aruba Networks ClearPass Policy Manager is a network access control solution, capable of managing access and policies for an enterprise network. The ClearPass centralizes access management for the network and is notable for helping companies implement BYOD – bring your own device – policies. Part of the reason for this is that ClearPass is context-aware providing support for devices using a number of different platforms, including Windows, Mac OS X, Linux, iOS, and Android. As mentioned in their ClearPass solution overview, Aruba is aware of the networking difficulties posed when Wi-Fi-enabled smartphones, tablets, and Internet of Things (IoT) devices are all part of the modern workplace – and, therefore, the modern enterprise network. ClearPass Policy Manger is designed to provide a common policy framework that is scalable, easy-to-use, and easy to integrate with third-party automated threat protection.
ClearPass is also designed to hold up well in multi-vendor environments, with different device operating systems, and in wired, wireless (802.1X), or VPN scenarios. As Robert Fenstermacher, director of Product Marketing at Aruba, put it: “ClearPass provides a networking solution for BYOD to address all of the major operating systems and any networking vendor’s network architecture”. This is very important for a BYOD company that does not wish to set stringent rules on what sort of devices its employees can bring.
Though there are many features of the Aruba ClearPass, one important attribute that should be mentioned first – the way ClearPass is designed. Specifically, ClearPass is set up to be a centralized network policy manager, which is not the case for all AAA or NAC solutions. A single AAA platform is used in Aruba ClearPass, therefore policy enforcement is consistent across the network. ClearPass also uses a single login for use of the solution, as opposed to requiring access logins for every enterprise mobile app in the network. This feature is called the ClearPass Auto Sign-on, and it saves a good deal of time by not requiring additional application logins for each user. It also is more user-friendly because enterprise app users no longer have to remember passwords for each of these apps; instead, only a network login or valid security certificate is needed. (On a side note, Aruba mentions in their solution overview that ClearPass “can also be used as your identity provider (IdP) or service provider (SP) where Single Sign-On is utilized.”)
ClearPass is also designed to hold up well in multi-vendor environments with different device operating systems, and in wired, wireless (802.1X), or VPN scenarios. As Robert Fenstermacher, director of Product Marketing at Aruba, put it: “ClearPass provides a networking solution for BYOD to address all of the major operating systems and any networking vendor’s network architecture”. This is very important for a BYOD company that does not wish to set stringent rules on what sort of devices its employees can bring. In addition to being helpful for users of the company, it is also helpful for the company’s policy-makers. ClearPass can be set up with rules to automatically deny or grant access privileges based upon operating system or device type, among several other criteria.
ClearPass also includes some important policy management capabilities. As mentioned previously, ClearPass solution is set up to handle wireless, VPN, or wired systems – the latter via its OnConnect feature. This feature allows organizations to have a wired solution without needing to “go full 802.1X and AAA throughout the wired infrastructure”, as noted in ClearPass’s data sheet. It also allows for a number of device operating systems – not just Windows and Mac OS X but also Ubuntu, Chromebook, Android, and iOS. There is also a customizable visitor management system through the ClearPass Guest feature. This is designed for non-IT staff and employees to be able to log in (self-register) through temporary guest accounts, with a simplified workflow process. Another capability worth noting is ClearPass OnGuard, which is used for endpoint protection and assessments in any wired/wireless/VPN setup. OnGuard includes a health check system to make sure endpoints are compliant and to ensure that peer-to-peer applications and services are handled properly.
So what differentiates ClearPass from other comparable policy management systems? An early 2016 Gartner report entitled “Market Guide for Network Access Control” has some of these answers. The Gartner report places the Aruba ClearPass amongst Cisco and Extreme Networks as direct competitors; these three companies are labeled “infrastructure” vendors as opposed to “pure-play vendors”. Specific to Aruba’s offering, ClearPass is noted as having a number of useful features and is the only policy management system to centrally enforce its enterprise-grade mobility and NAC. The Gartner report also mentions the ClearPass’s ability to automatically respond to alerts from firewalls and other threat defense solutions.