The HPE Aruba Networking ClearPass Policy Manager provides role- and device-based network access control for employees, contractors and guests across multi-vendor wired, wireless and VPN infrastructures.
N/A
Tempered Airwall
Score 10.0 out of 10
N/A
Tempered Networks is network security technology from the company of the same name in Seattle, Washington.
Aruba ClearPass is suited well for large enterprise networks with many connecting buildings and branches. Aruba ClearPass protects your endpoints from unauthorized or unknown devices accessing your network. You can apply policies that prevent devices from meeting the required policies in ClearPass. ClearPass will allow only authorized access for devices that are using the policies.
It's very well suited for geographically dispersed organizations, where deploying and managing remote firewalls and other network security functions aren't practical. Once deployed, and the deployment isn't difficult after planning and understanding the data flows of the IoT devices, the system is easily managed and flexible. You're able to allow front line operations people to add devices into a role without sacrificing the integrity of the security model.
You can use ClearPass authenticate using wired and wireless network devices. This is helpful that you don't have to have multiple systems to accomplish this.
Because devices can have different purposes Clearpass can configure groups that will specify what access they have. You can use parameters such as vendor or mac address so clearpass know what group to push them to.
It is very easy to view device logs. This is really helpful to troubleshoot auth issues. Once you find the device Clearpass provides more than enough info to know what the issue is and to fix it.
Though Aruba ClearPass offers a lot of insight and features, it is not the easiest to navigate. A lot of other systems can be figured out as you go, but Aruba ClearPass often requires a lot of research in order to set something up correctly. It's not always easy to find what you're looking for. Once you learn the basics, it becomes a lot more manageable, but it's definitely worth investing in some sort of training.
This product has consistently provided the results needed from it and when issues arose, Aruba TAC was able to provide support effectively. In the previous question, I stated that Aruba Wireless is used as well. With those systems in place with ClearPass troubleshooting becomes much easier. I am sure other issues may arise if calling support while using another vendor for wireless such as Cisco, Juniper, etc.
It's pretty darned good for a new company. We had to hash through a couple of instances that no one had ever run into, but once we got to the right person on the engineering team, they were able to work through the solution pretty quickly. The nice thing is, unlike Cisco, once you fix something, you don't find three new things that have to be changed.
From my experience, ClearPass has been the best NAC server of all I've seen. Even though configuration is somewhat hard and it's hard to get training, once you learn how to configure it it works very well. The policies are very granular and scalable and the interface is a well-done web GUI that does not need any extra plugins installed, as some of Cisco's product require. There are many more options than with FortiNAC, and many more integration options. Also, troubleshooting and logging is good.
The cost and complexity vs. ISE is as different as Uber and Lift are from trying to take a taxi in Duluth, Minnesota. The complexity of Cisco's IoT security is a joke. It was going to take us over a year just to deploy all the Cisco equipment, and that was if we could have gotten it all working together. We got the entire project deployed in just under 3 months, and that includes working out all the bugs and logistics. Honestly, I don't think all the Cisco parts would have ever been running like Cisco promised it would. It's just way too complicated.
ClearPass has streamlined everything so we don't have to have as many people managing our device auth systems.
Our Security team loves that ClearPass can deny unauthorized users and devices from the network. This alone has probably saved us a lot of money and headaches.
