Ivy Consultants Inc.

Consulting Services for Security, Networking, Wi-Fi and Windows Server

You Are Here

Wireless

Aruba ClearPass Policy Manager (CPPM)

no Comments

In this blog we will discuss the Network Access Control (NAC) some times also referred as Network Admission Control. No matter what size one’s network is, NAC is one of the most important component of their security policy. With NAC, we can track all network devices authorized as well as unauthorized. With the increased adoption of BYOD and IOT, it is even more important to protect our networks from hidden and shadow devices. NAC can help track and thwart unauthorized devices from joining the network.

Now that we understand, what NAC is used for, let’s dive into what Aruba Offers

Aruba Networks offers ClearPass Policy Manager as their NAC solution. By default, it supports RADIUS though it also support TACACS+ with PAP authentication and SAML v2.0. It is available as a hardware appliance or as a Virtual appliance. The hardware based appliances support 500, 5000 and 25000 licence options. The Virtual appliance can be run over the following platforms:

  • VMware ESXi
  • Microsoft Hyper-V
  • Windows 2012/2016 R2 Enterprise
  • KVM on CentOS and Ubuntu
  • Amazon AWS

Aruba CPPM provides role-based and device-based NAC. It offers an in-built Certificate authority that makes BYOD and IOT implementations easier (We do not require a certificate from an external authority). The CPPM Onboard module delivers the capability to revoke and delete certificates. It can also be integrated with the Aruba 360 Security Exchange Program for automated threat detection.

CPPM is very scalable and can support thousands of devices. It offers a fully configurable guest/visitor workflow that can be customized with a wide range of options, such as sponsor approval, self-registration etc. It supports 802.1X authentication and thus can be implemented over both wired and wireless networks simultaneously. MAC address authentication is also supported as many IOT and headless devices may require along with SNMP-based support for wired switches.

On the backend it supports MS Active directory and SQL, MS Azure AD, Any LDAP compliant directory, Kerberos, and Google G suite.

ClearPass Onboard offers a guided portal that automates the onboarding of any macOS, Windows, iOS, Chromebook, Android, and Ubuntu devices. It also offers endpoint posture. CPPM OnGuard provides detailed security and compliance health-checks and offers a range of agentless and agent based install options.

Aruba CPPM is user friendly and easy to configure and manage compared to many of its rivals.