Aruba Networks Clearpass
Home — Partners — Aruba Networks — Aruba Networks Clearpass

The Aruba Networks ClearPass Access Management System from Aruba Networks takes a fresh approach to solving the mobility challenge ― one that gives IT a simpler way to build a foundation that supports enterprise-wide policies, strong security and an enhanced user experience. Aruba Networks ClearPass solves today’s security challenges across any multi-vendor wired or wireless network by replacing outdated legacy AAA with context-aware policies. It delivers visibility, policy control and workflow automation in one cohesive solution. Policy management with mobility in mind — Aruba Networks ClearPass clearness takes a fresh approach to solving today’s mobility challenges across any multi vendor network by replacing outdated legacy AAA with context-aware policies. And Aruba Networks ClearPass scales and adapts to your evolving user, security and business needs. Policy management proxy services enable legacy AAA to support use cases that previously required lots of customization, such as wired VoIP implementations.

With Aruba Networks ClearPass the best policy management systems can be implemented on existing wireless and wired networks and support 802.1X, standard RADIUS, change-of-authorization (CoA) RFC 3576 and external captive portals. Although most vendors support these features software or hardware upgrades might be necessary if older equipment is utilized. Knowing what devices are connected to the network makes it easier for IT to define basic wireless and wired access policies. Device ownership is also important. It allows it to create more granular policies based on a specific type of device and as well as device ownership. Consequently, an IT-issued laptop can be allowed to securely access a wider range of network resources or be given more bandwidth than a personally owned smartphone used by the same employee.

Aruba Networks Clearpass — Policy Management

With Aruba Networks ClearPass a quick look at why authentication, authorization and accounting. Or AAA and RADIUS — were developed can easily take you back more than a decade. Acronyms and phrases like modems, roaming between iSPs, Unix, and AOL come to mind. Users had one device and were chained to wired desktops. and it managed everything. Devices, applications and access to network resources. Authentication for one user with one device, using very fixed criteria, is a thing of the past. In fact, 65% of users now have three or more devices. They access email and secure enterprise resources from anywhere and at any time. This next generation workforce, known as #GenMobile. Is pushing the limits of it and legacy AAA platforms. So we are now faced with a new challenge. What’s the best way to implement policy management to enforce behavioral policies related to mobility.

Aruba Networks Clearpass — Automated Policies

Older AAA rules sets have transitioned to policy management systems that leverage contextual data-user roles. And device types, application flows and location — to dynamically enforce what resources can be accessed. What’s different and better is that policies can be created based on expected results as well as unexpected results. For example, a laptop that had been deemed compliant can change state overnight, requiring remediation. Or given limited access until resolved. Aruba Networks ClearPass has built-in services. This one’s a game changer. It can use baseline AAA and policy elements to automatically exchange data with third-party applications and implement self-service workflows. These capabilities do not exist in legacy AAA solutions and can impede the roll out of bring-your-own-device (BYOD) initiatives. Today’s policy management systems let users configure their own devices for secure Wi-Fi connectivity. Leveraging data from a mobile device management (MDM). Or enterprise mobility management (EMM) solution makes it easy to detect if a device can securely connect to enterprise networks.
Aruba Networks Clearpass


IntroSpect User and Entity Behavior Analytics (UEBA) uses AI-based machine learning to spot changes in user behavior that often indicate inside attacks that have evaded perimeter defenses. Security teams are armed with insights into malicious, compromised or negligent users, systems and devices — cutting off the threat before it does damage. Entity360 represents an entity’s security-relevant activity regardless of data source, devices used or activity type. It includes a risk score (0 to 100) as well as a full security profile with hours worth of investigation available in a single click. Entity risk scores based on machine learning can account for key factors like the order and time of incidents across various attack stages as well as time since detection and business context.

Accurate, normalized scores mean security analysts can confidently prioritize their efforts. Machine learning-based analytics build baselines for normal behavior of both individual entities and groups by continuously monitoring IT activities — like authentication, remote access, internal access to high-value resources and cloud app usage — across network and log data. Attack detection and forensics are intrinsically tied together, providing analysts with instant access to complete investigative records. Security teams can now triage more efficiently, make more informed decisions, and respond before damage is done. Aruba security provides 360 degree protection by combining ClearPass network access control with behavior analytics-based attack detection and alerting for a complete solution that secures your organization from malicious threats.


Using policy management in a mobile environment, where users connect over wireless and wired networks throughout the day solves a set of entirely new challenges that didn’t previously exist. If a device is denied access today, user and it productivity is lost. With the right policy management approach, it organizations can ensure that the growing universe of #GenMobile workers get instant access to the apps, printers and network services they’re authorized to use, no matter where they are or what device they have. Mobile devices — authentication services are fairly consistent between AAA and policy management systems.

However, any form of health checks or device interrogation will require a policy management system. A critical policy management capability entails making real-time decisions based on intelligence gathered from devices using NAC and/or MDM agents. the policy management system determines if a device can connect, if remediation is required or if access should be denied. Most it organizations currently rely on active Directory or lDap to assign and enforce security policies for users and devices.


Aruba is in the midst of a massive transition away from networking technologies that were designed for the 20th century when mobile, IoT and cloud did not exist. The surge in mobile and IoT means that the wired and wireless network must deliver more than just connectivity — the network is expected to provide actionable insights about the use of mobile and IoT to justify future investments, so that businesses can adopt new technologies and serve the needs of GenMobile — while keeping the network secure and without breaking the budget.

Cloud networking — Aruba Central manages, monitors and secures wired, Wi-Fi and wide area networks from the public cloud. Thanks to its multi-tenant operation, it enables Aruba and end users to support multiple disparate networks from a single location. Aruba Networks Mobile First Networks are optimized for today’s enterprise and SMB environments where mobile and IoT are pervasive. Aruba Mobile First Platform is the software layer between the Aruba network infrastructure and is designed to share rich, contextual insights with third-party business, IT and end-user facing applications.

Mobile Virtual Enterprise

This capability enables guests to quickly and easily navigate hospitality properties, and, via Aruba Networks Beacons, for hospitality marketing departments to engage them using context-relevant, location-based services while they are doing so. Operating over Aruba Networks’ PIC — compliant Wi-Fi networks, these devices reliably stay connected to the back-office LightSpeed database as users roam, allowing sales to be processed anywhere in the store. Aruba Networks’ context-aware Mobile Virtual Enterprise (MOVE) architecture provides policy enforcement based on device-fingerprinting, application-fingerprinting, and location, ensuring a good in-store experience by prioritizing LightSpeed’s mobile POS applications over other less critical network traffic.

Monscierge is a global software company specializing in innovative hospitality solutions for properties, owners and brands. Monscierge Connect enhances communication between a hotel’s guest and staff through mobile, tablet, large-format touch-screen devices, and a central web-based platform that manages property content. Skyfii IO is a mobile technology and venue analytics company whose solutions capture, analyze, and visualize customer behavior.

Mobility Controllers

Enterprises moving to voice and video calling on Wi-Fi need their IT departments to design a wireless infrastructure that supports these apps at high density. Wired infrastructure — the integration of the HP Enterprise and Aruba Networks access portfolios is a key ingredient in Aruba's mobile-first approach. As organizations transition to the digital workplace, they won’t need as many ports as before because of the increased use of Wi-Fi. Although a highly mobile workforce means that the majority of users will connect via wireless, the surge in IoT devices and the increasing use of Wi-Fi bandwidth means that the wired infrastructure is critical, too.

Predict network issues before they happen — with the huge scale of devices connecting to the network, IT needs granular visibility into the access layer — at the user, device, and app level — to keep things running without disruptions to the business. Aruba Networks AirWave is a powerful and easy-to-use network management system that manages Aruba Networks wired, wireless, and remote access networks, as well as multi vendor wired and wireless infrastructures.