Aruba Clearpass Policy Manager: The Most Advanced Secure NAC Platform Available

DATA SHEET
ARUBA CLEARPASS
POLICY MANAGER
The most advanced Secure NAC
platform available
Aruba’s ClearPass Policy Manager, part of the Aruba 360

Secure Fabric, provides role- and device-based secure network
access control for IoT, BYOD, corporate devices, as well as
employees, contractors and guests across any multivendor
wired, wireless and VPN infrastructure.
KEY FEATURES
With a built-in context-based policy engine, RADIUS,
• Role-based, unified network access enforcement across
TACACS+, non-RADIUS enforcement using OnConnect, device
multi-vendor wireless, wired and VPN networks.
profiling, posture assessment, onboarding, and guest access
• Intuitive policy configuration templates and visibility
options, ClearPass is unrivaled as a foundation for network
troubleshooting tools.
security for organizations of any size.
• Supports multiple authentication/authorization sources
For comprehensive integrated security coverage and (AD, LDAP, SQL dB).
response using firewalls, EMM/MDM and other existing • Self-service device onboarding with built-in certificate
solutions, ClearPass supports the Aruba 360 Security authority (CA) for BYOD.
Exchange Program. This allows for automated threat • Guest access with extensive customization, branding and
detection and response workflows that integrate with third- sponsor-based approvals.
party security vendors and IT systems previously requiring • Integration with key EMM/MDM solutions for in-depth
manual IT intervention. device assessments.
In addition, ClearPass supports secure self-service • Comprehensive integration with the Aruba 360 Security
capabilities, making it easier for end users trying to access Exchange Program.
the network. Users can securely configure their own devices • Single sign-on (SSO) support works with Ping, Okta
for enterprise use or Internet access based on admin policy and other identity management tools to improve user
controls. Aruba wireless customers in particular can take experience to SAML 2.0-based applications.
advantage of unique integration capabilities such as AirGroup,

THE CLEARPASS DIFFERENCE
as well as ClearPass Auto Sign-On (ASO). ASO enables a
ClearPass is the only policy platform that centrally enforces
user’s network authentication to pass automatically to their
all aspects of enterprise-grade access security for any
enterprise mobile apps so they can get right to work.
industry. Granular policy enforcement is based on a
The result is detailed visibility of all wired and wireless user’s role, device type and role, authentication method,
devices connecting to the enterprise, increased control EMM/MDM attributes, device health, traffic patterns, location,
through simplified and automated authentication or and time-of-day.
authorization of devices, and faster, better incident analysis
Deployment scalability supports tens of thousands of devices
and response through the integration of Aruba IntroSpect
and authentications which surpasses the capabilities offered
UEBA and third-party partner ecosystems. This is achieved
by legacy AAA solutions. Options exist for small to large
with a comprehensive and scalable policy management
organizations, from centralized to distributed environments.
platform that goes beyond traditional AAA solutions to
deliver extensive enforcement capabilities for IT-owned and
BYOD security requirements.
DATA SHEET
ARUBA CLEARPASS POLICY MANAGER
ADVANCED POLICY MANAGEMENT Customizable visitor management

Enforcement and visibility for wired and wireless ClearPass Guest simplifies visitor workflow processes to
With ClearPass, organizations can deploy wired or wireless enable employees, receptionists, and other non-IT staff to
using standards-based 802.1X enforcement for secure create temporary guest accounts for secure wireless and
authentication. ClearPass also supports MAC address wired access. Highly customizable, mobile friendly portals
authentication for IoT and headless devices that may lack provide easy-to-use login processes that include self-
support for 802.1X. For wired environments where RADIUS registration, sponsor approval, and bulk credential creation
based authentication cannot be deployed, OnConnect, offers support any visitor needs – enterprise, retail, education,
an alternative using SNMP based enforcement. large public venue. Credentials can be delivered by SMS,
email, printed badges, or input directly through cloud identity
Authentication methods can be used to concurrently support
providers such as Facebook or Twitter.
a variety of use-cases. It also includes support for multi-
factor authentication based on log-in times, posture checks, Built in support for commercial oriented guest Wi-Fi hotspots
and other context such as new user, new device, and more. with credit card billing and 3rd party advertising driven workflows
make it simple to integrate into a wide variety of environments.
Attributes from multiple identity stores such as Microsoft Active
Directory, LDAP-compliant directory, ODBC-compliant SQL
ARUBA 360 SECURITY EXCHANGE PROGRAM
database, token servers and internal databases across domains
Integrate with security and workflow systems
can be used within a single policy for fine- grained control.
Support for the Aruba 360 Security Exchange Program is an
Contextual data from these profiled devices allows for IT integrated component of ClearPass. Using features like REST-
to define what devices can access either the wired, VPN, or based APIs, RADIUS Accounting Proxy, and Syslog ingestion
wireless network. Device profile changes are dynamically help facilitate workflows with EMM/MDM, SIEM, firewalls,
used to modify authorization privileges. For example, if a help-desk systems and more. Context is shared between each
Windows laptop appears as a printer, ClearPass policies can component for end-to-end policy enforcement and visibility.
automatically deny access.
The ClearPass Ingress Event Engine provides 3rd party
Secure device configuration of personal devices systems the means to share information in real-time using
ClearPass Onboard provides automated provisioning of any Syslog. This enables ClearPass to respond to changing
Windows, macOS, iOS, Android, Chromebook, and Ubuntu threats for users and devices after they have authenticated
devices via a user driven self-guided portal. Network details, to the network. By utilizing an open dictionary approach,
security settings and unique device identity certificates anyone can write a parsing ruleset without the need for
are automatically configured on authorized devices. Cloud costly add-ons or locked in 3rd party ecosystems.
identity services like Microsoft Azure Active Directory, Google
G Suite and Okta can also be leveraged as identity providers ADVANCED REPORTING AND ALERTING
with Onboard for secure certificate enrollment. ClearPass Insight provides advanced reporting capabilities
Device health checks via customizable reports. Information about authentication
ClearPass OnGuard delivers endpoint posture assessments trends, profiled devices, guest data, on-boarded devices,
over wireless, wired and VPN connections. OnGuard’s and endpoint health can also be viewed in an easy to use
health-check capabilities ensure endpoints meet security dashboard. Insight also has support for granular alerts and a
and compliance policies before they connect to the watchlist to monitor specific authentication failures.
network. OnGuard offers a variety of flexible deployment

options including agentless, disolvable agents and agent-
based configuration.
DATA SHEET
SPECIFICATIONS Supported identity stores

Appliances • Microsoft Active Directory
ClearPass is available as hardware or as a virtual appliance. Virtual • RADIUS
appliances are supported on VMware vSphere Hypervisor (ESXi), • Any LDAP compliant directory
Microsoft Hyper-V, CentOS KVM & Amazon EC2. • MySQL, Microsoft SQL, PostGRES and Oracle 11g
ODBC-compliant SQL server
• VMware ESXi 6 up to 6.7 • Token servers
• Microsoft Hyper-V 2012/2016 R2 and Windows 2012/2016 • Built-in SQL store, static hosts list
R2 Enterprise • Kerberos
• KVM on CentOS 7.5 • Microsoft Azure Active Directory
• Amazon AWS (EC2) • Google G Suite
Platform RFC standards
• Deployment templates for any network type, identity store
2246, 2248, 2407, 2408, 2409, 2548, 2759, 2865, 2866, 2869,
and endpoint
2882, 3079, 3579, 3580, 3748, 3779, 4017, 4137, 4301, 4302,
• 802.1X, MAC authentication and captive portal support
4303, 4308, 4346, 4514, 4518, 4809, 4849, 4851, 4945, 5176,
• ClearPass OnConnect for SNMP-based enforcement on
5216, 5246, 5280, 5281, 5282, 5755, 5759, 6614, 6818, 6960,
wired switches
7030, 7296, 7321, 7468, 7815, 8032, 8247
• Advanced reporting, analytics and troubleshooting tools
• Interactive policy simulation and monitor mode utilities Internet drafts
• Multiple device registration portals – Guest, Aruba Protected EAP Versions 0 and 1, Microsoft CHAP extensions,
AirGroup, BYOD, and un-managed devices dynamic provisioning using EAP-FAST, TACACS+, draft-ietf-
• Admin/operator access security via CAC and TLS certificates curdle-pkix-00 EdDSA, Ed25519, Ed448, Curve25519 and
Curve448 for X.509, draft-nourse-scep-23 (Simple Certificate
Framework and protocol support
Enrollment Protocol)
• RADIUS, RADIUS Dynamic Authorization, TACACS+, web
authentication, SAML v2.0 Profiling methods
• RadSec • Active: Nmap, WMI, SSH, SNMP
• EAP-FAST (EAP-MSCHAPv2, EAP-GTC, EAP-TLS) • Passive: MAC OUI, DHCP, TCP, Netflow v5/v10, IPFIX,
• PEAP (EAP-MSCHAPv2, EAP-GTC, EAP-TLS, EAP-PEAP- sFLOW, ‘SPAN’ Port, HTTP User-Agent, IF-MAP
Public, EAP-PWD) • Integrated & 3rd Party: Onboard, OnGuard, ArubaOS,
• TTLS (EAP-MSCHAPv2, EAP-GTC, EAP- TLS, EAP-MD5, EMM/MDM, Cisco device sensor
PAP, CHAP)
IPv6 Support
• EAP-TLS
• Web and CLI based management
• PAP, CHAP, MSCHAPv1, MSCHAPv2, EAP-MD5
• IPv6 addressed authentication & authorization servers
• OAuth2
• IPv6 accounting proxy
• WPA3
• IPv6 addressed endpoint context servers
• Windows machine authentication
• Syslog, DNS, NTP, IPsec IPv6 targets
• SMB v2/v3
• IPv6 Virtual IP for high availability
• Online Certificate Status Protocol (OCSP)
• HTTP Proxy
• SNMP generic MIB, SNMP private MIB
• Ingress Event Engine Syslog sources
• Common Event Format (CEF), Log Event Extended Format
(LEEF) Information assurance validations
• FIPS 140-2 – Certificate #2577
• Common Criteria NDcPP + Authentication Server
(ClearPass)
DATA SHEET
C1000 Appliance C2000 Appliance C3000 Appliance C3010 Appliance

(JZ508A) (JZ509A) (JZ510A) (R1V82A)
APPLIANCE SPECIFICATIONS
Hardware Model Unicom S-1200 R4 HPE DL20 Gen 9 HPE DL360 Gen 9 HPE DL360 Gen10
(1) Xeon 3.5Ghz E3- (2) Xeon 2.4GHz E5- (1) Xeon 2.3Ghz 5118
(1) Eight Core 2.4GHz
CPU 1240v5 with Four Cores 2620_V3 with Six Cores with Twelve Cores (24
Atom C2758
(8 Threads) (12 Threads) Threads)
Memory 8 GB 16 GB 64 GB 64 GB
(6) SAS (10K RPM) (6) SAS (10K RPM)
(2) SATA (7.2K RPM)
(1) SATA (7.3K RPM) 600GB Hot-Plug hard 600GB Hot-Plug hard
Hard drive storage 1TB hard drives,
1TB hard drive drives, drives
RAID-1 controller
RAID-10 controller RAID-10 controller
HPE Integrated Lights-Out HPE Integrated Lights-Out HPE Integrated Lights-Out
Out of Band Management N/A
(iLO) Standard (iLO) Advanced (iLO) Advanced
Network Interfaces 4 x 1GbE 2 x 1GbE 4 x 1GbE 4 x 1GbE
Serial Port Yes (RJ-45) Yes (Virtual Serial via iLO) Yes (DB-9) Yes (DB-9)
Please refer to the Please refer to the Please refer to the Please refer to the
Performance & Scale ClearPass ClearPass ClearPass ClearPass
Scaling & Ordering Guide Scaling & Ordering Guide Scaling & Ordering Guide Scaling & Ordering Guide
ClearPass Policy ClearPass Policy ClearPass Policy ClearPass Policy
Minimum Software Version
Manager 6.6 Manager 6.6 Manager 6.6 Manager 6.7
FORM FACTOR
1U SFF Easy Install Rail 1U SFF Easy Install Rail 1U SFF Easy Install Rail
Rackmount Included 1U Cable Management 1U Cable Management 1U Cable Management
Arm Arm Arm
Dimensions (WxHxD) 17.2” x 1.7” x 11.3” 17.11” x 1.70” x 15.05” 17.1” x 1.7” x 27.5” 17.1 x 1.7 x 27.8”
Weight (Max Config) 8.5 Lbs Up to 19.18 Lbs Up to 33.3 Lbs Up to 36 Lbs
POWER
HPE 500W Flex Slot HPE 500W Flex Slot
HPE 900W AC 240VDC
Power supply 200 watts max Platinum Platinum
Power Input FIO Module*
Hot Plug Power Supply Hot Plug Power Supply
CBL,PWR,AC CBL,PWR,AC CBL,PWR,AC CBL,PWR,AC
Power Cord IEC TO IEC,C14- IEC TO IEC,C14- IEC TO IEC,C14- IEC TO IEC,C14-
C13,250V/10A,6FT BLK C13,250V/10A,6FT BLK C13,250V/10A,6FT BLK C13,250V/10A,6FT BLK
Power redundancy N/A Optional Optional Optional
100/240 VAC auto- 100/240 VAC auto- 100/240 VAC auto- 100/240 VAC auto-
AC input voltage
selecting selecting selecting selecting
AC input frequency 50/60 Hz auto-selecting 50/60 Hz auto-selecting 50/60 Hz auto-selecting 50/60 Hz auto-selecting
ENVIRONMENTAL
5º C to 35º C (41º F to 10º C to 35º C (50º F to 10º C to 35º C (50º F to
Operating temperature 10° to 35°C (50° to 95°F)
95º F) 95º F) 95º F)
Random vibration at Random vibration at Random vibration at
0.25 G at 5 Hz to 200 Hz 0.000075 G²/Hz, 0.000075 G²/Hz, 0.000075 G²/Hz,
Operating vibration
for 15 minutes 10Hz to 300Hz, (0.15 G’s 10Hz to 300Hz, (0.15 G’s 10Hz to 300Hz, (0.15 G’s
nominal) nominal) nominal)
1 shock pulse of 20 G
Operating shock 2 G’s 2 G’s 2 G’s
for up to 2.5 ms
-16 m to 3,048 m
Operating altitude 3,050 m (10,000 ft). 3,050 m (10,000 ft) 3,050 m (10,000 ft)
(-50 ft to 10,000 ft)
* The HPE 900W Redundant Power Supply supports100VAC to 240VAC and also supports 240VDC.
DATA SHEET
ORDERING GUIDANCE
Please refer to the ClearPass Scaling & Ordering Guide for detailed information on appropriate sizing and required licensing to
deploy ClearPass. This can be found on the Aruba support website in the ClearPass documentation section.
ORDERING INFORMATION
Part Number Description
Hardware Appliances
JZ508A Aruba ClearPass C1000 S-1200 R4 HW-Based Appliance
JZ509A Aruba ClearPass C2000 DL20 Gen9 HW-Based Appliance
JZ510A Aruba ClearPass C3000 DL360 Gen9 HW-Based Appliance
R1V82A Aruba ClearPass C3010 DL360 Gen10 HW-Based Appliance
Virtual Appliances
JZ399AAE Aruba ClearPass Cx000V VM-Based Appliance E-LTU
Power Supplies
JX923A Aruba ClearPass DL20 Spare Power Supply
JX922A Aruba ClearPass-Airwave DL360 500W Spare Power Supply
Hardware/Virtual Appliance Warranty
Hardware 1 year parts*
Software 90 days*
Perpetual Licenses
JZ400AAE Aruba ClearPass New Licensing Access 100 Concurrent Endpoints E-LTU
JZ402AAE Aruba ClearPass New Licensing Access 1K Concurrent Endpoints E-LTU
R1U35AAE Aruba ClearPass New Licensing Entry 100 Concurrent Endpoints E-LTU
R1U37AAE Aruba ClearPass New Licensing Entry 1K Concurrent Endpoints E-LTU
R1U44AAE Aruba ClearPass New Licensing Access Upgrade 100 Concurrent Endpoints E-LTU
R1U46AAE Aruba ClearPass New Licensing Access Upgrade 1K Concurrent Endpoints E-LTU
* Extended with support contract

DATA SHEET
Perpetual Licenses
Perpetual Licenses Warranty
Software 90 days*
Subscription Licenses (1 Year)
JZ409AAE Aruba ClearPass New Licensing Access 100 Concurrent Endpoints 1yr E-STU
JZ411AAE Aruba ClearPass New Licensing Access 1K Concurrent Endpoints 1yr E-STU

DATA SHEET
Customized Guest Portal
JW470AAE Aruba ClearPass Guest Custom Skin E-LTU
Expandable application software

ClearPass Onboard – device Refer to ClearPass Onboard Datasheet
configuration and certificate
management
ClearPass OnGuard – endpoint Refer to ClearPass OnGuard Datasheet
device health
© Copyright 2019 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without
notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements
accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett
Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
DS_ClearPassPolicyManager_SK_072219 a00064815enw
Contact Us Share

Aruba Clearpass Policy Manager: The Most Advanced Secure NAC Platform Available

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Aruba Clearpass Policy Manager: The Most Advanced Secure NAC Platform Available

Uploaded by

Copyright:

Available Formats

DATA SHEET

Aruba’s ClearPass Policy Manager, part of the Aruba 360

advantage of unique integration capabilities such as AirGroup,

ADVANCED POLICY MANAGEMENT Customizable visitor management

network. OnGuard offers a variety of flexible deployment

SPECIFICATIONS Supported identity stores

ClearPass is available as hardware or as a virtual appliance. Virtual • RADIUS

C1000 Appliance C2000 Appliance C3000 Appliance C3010 Appliance

Part Number Description

* Extended with support contract

Part Number Description

* Extended with support contract

Part Number Description

Customized Guest Portal

JW470AAE Aruba ClearPass Guest Custom Skin E-LTU

Expandable application software

* Extended with support contract

You might also like