April 03, 2022

Network Security Made Easy: Dissecting Aruba ClearPass

Let’s talk about ClearPass, the family of rock-solid network access control solutions from Aruba, a Hewlett Packard Enterprise company. Wait – you’ve never heard of ClearPass? It has been a bit of a hidden gem, quietly getting on with its job without skipping a beat while networks kept evolving from wired to wireless, from BYOD to IoT, and from the data centre to the cloud.

What is its job?

Officially, it provides uniform profiling, authentication and authorisation of your users, systems and devices seeking access to IT resources. Although, a more relatable description is that it makes sure NOTHING connects to your wired, wireless or VPN network without your permission – and what is allowed to connect can be secured and protected with very granular permissions and policies that govern access and use. That includes the new iPhone your CEO just bought and tried to connect themselves, or that Smart TV that your facilities manager connected to test out its features.

ClearPass is actually a family of products comprising of:

  • Policy Manager – comprehensive policy control and real-time enforcement
  • Endpoint Profiler – an efficient and accurate way to differentiate access by device type i.e., laptop, printer or phone
  • Guest – quickly and securely managing guest network access
  • Onboard – automatically configuring and provisioning mobile devices
  • OnGuard – advanced endpoint posture assessments
  • Device Insight – detecting and classifying anything connected to the network

You also don’t need to be an Aruba customer to make use of ClearPass. While you do get some additional device insight capabilities if you have Aruba infrastructure, its hardware and software agnostic and works with any vendor and device.

What if you don’t want – or need – to introduce all the capabilities of ClearPass? Can you just install one or two? Absolutely. It’s designed to be modular with each capability working standalone, but if you have more than one, they are tightly integrated, sharing information for an even more powerful solution.

Given these details alone – and we’ve only just touched on what ClearPass can do – don’t let the fact that things have gone quiet on the ClearPass front make you think it’s not still working and evolving. If you peel back the layers of Aruba Edge Services Platform (ESP) and Central, its cloud-based network management hub, you’ll discover ClearPass plays a pivotal role.

So, whether you currently use Aruba products, or not, or whether you use ClearPass, or not, we want to look closely at ClearPass Device Insight and ClearPass Policy Manager – two solutions that go well beyond simple guest and device onboarding.

Aruba’s ClearPass Device Insight

Cloud-hosted, ClearPass Device Insight is like having an all-seeing eye, monitoring and controlling all device connections on all networks.

It continuously scans the networks to detect and collect information about devices such as attribution, destination IPs and applications used. It then groups unknown and known devices into device clusters. Using user-defined device classification rules, it can also classify or reclassify devices that are discovered on the network that match the rule criteria. If a device or network activity changes, it catches that too. It also makes use of crowdsourcing technology to share new device information captured on networks across multiple ClearPass Device Insight customers’ sites. It is most powerful in the case of IoT devices where they are often just ‘plugged in’ and connected outside of IT. In short, all devices are authenticated or authorised – completely eliminating unknown devices from the network without the need for manual intervention.

IT can then use the Device Insight user interface to gain granular visibility into the devices on the network and make more informed network access control decisions.

Aruba’s ClearPass Policy Manager

If ClearPass Device Insight acts as your gatekeeper, profiling, authenticating and authorising every user and device, then ClearPass Policy Manager is the sheriff enforcing your rules on anything allowed in.

To put it more officially, ClearPass Policy Manager delivers role- and device-based secure network access control for all your IoT, BYOD and corporate devices plus all users including employees, contractors and guests – and this extends across your entire multivendor wired, wireless and VPN infrastructure. The entire solution includes a built-in context-based policy engine, device profiling, posture assessment, onboarding, and secure self-service capabilities for end users trying to access the network.

How you can get more out of ClearPass

They say humans only use a small portion of our brains. It’s the same with ClearPass. Most customers use ClearPass for device onboarding and guest access, but there is plenty more functionality in the application. ClearPass is the foundational piece – as from there you can go in multiple directions. Here are some further avenues to explore:

  • ClearPass can federate identity across networks and even corporate boundaries, or government agencies, without replacing existing authentication or identity services such as Active Directory.
  • It supports secure, self-service capabilities, making it easier for end users trying to access the network. Users can securely configure their own devices for enterprise use, or Internet access, based on admin policy controls.
  • It provides comprehensive integrated security coverage and response using firewalls, Unified Endpoint Management (UEM) and other existing solutions via the Aruba 360 Security Exchange Program. This allows for automated threat detection and response workflows that integrate with third-party security vendors and IT systems previously requiring manual IT intervention.
  • Granular policy enforcement is based on a user’s role, device type and role, authentication method, UEM attributes, device health, traffic patterns, location, and time-of-day.
  • Deployment scalability supports tens of thousands of devices and authentications which surpasses the capabilities offered by legacy AAA solutions.
  • Built-in support for commercial-oriented guest Wi-Fi hotspots with credit card billing and 3rd party advertising-driven workflows make it simple to integrate into a wide variety of environments.

Did we say ClearPass is hardware agnostic?

It’s worth stating again that ClearPass supports a diverse and wide range of third-party systems and solutions, to provide a coordinated defence from one fully integrated system.

What about deployment in public clouds?

ClearPass has that covered too and can be natively operated in Microsoft Azure and Amazon AWS as a virtual platform.

Finally, we want to shine a light on ClearPass innovation through the lens of time.

As we hinted up front, ClearPass has been around for a while now starting life in the early 2000s as the AmigoPod solution. Since then, the platform has been constantly evolving to provide authentication, identity, security and policy management through every technology change and network evolution, right up to today where the influx of IoT has created havoc for network security (but more on that in our next blog). We highly recommend taking a look at this infographic, which provides a more detailed look at ClearPass’ rich heritage.

What we want you to understand here is that ClearPass has been innovating from day dot and continues to do so by leveraging technologies such as crowdsourcing, AI and machine learning algorithms. Need another example? It’s part of the corporate mainstream today, but ClearPass was using the concept of Zero Trust before the term was even in common usage. The ClearPass mantra has always been nothing is trusted or gets access until it is first authenticated – guest users, mobile devices, BYOD, IoT – any device, anywhere.

No matter how much the world moves to cloud and ‘aaS, we believe ClearPass will remain the most dependable, reliable and scalable way to secure what you’ve got, and to protect your network wherever you’re going next.

Data#3 is an Aruba Platinum Partner and current National Partner of the Year. Contact one of our Networking Specialists to request a demonstration or trial of ClearPass today.