Partners
Partners—Aruba Networks Clearpass

The Aruba Networks ClearPass Access Management System™ from Aruba Networks™ takes a fresh approach to solving the mobility challenge―one that gives IT a simpler way to build a foundation that supports enterprise—wide policies, strong security and an enhanced user experience. Aruba Networks ClearPass™ solves today’s security challenges across any multi—vendor wired or wireless network by replacing outdated legacy AAA with context—aware policies. It delivers visibility, policy control and workflow automation in one cohesive solution. Policy management with mobility in mind—Aruba Networks ClearPass™ clearness takes a fresh approach to solving today’s mobility challenges across any multi vendor network by replacing outdated legacy AAA with context—aware policies. And Aruba Networks ClearPass scales and adapts to your evolving user, security and business needs. Policy management proxy services enable legacy AAA to support use cases that previously required lots of customization, such as wired VoIP implementations. once it becomes familiar with a policy management system’s AAA capabilities, services from the legacy AAA server can be retired.

Network infrastructure—the best policy management systems can be implemented on existing wireless and wired networks and support 802.1X, standard RADIUS, change—of—authorization (CoA) RFC 3576 and external captive portals. Although most vendors support these features software or hardware upgrades might be necessary if older equipment is utilized. Visibility and profiling—knowing what devices are connected to the network makes it easier for IT to define basic wireless and wired access policies. Device ownership is also important. it allows it to create more granular policies based on a specific type of device and as well as device ownership. Consequently, an IT—issued laptop can be allowed to securely access a wider range of network resources or be given more bandwidth than a personally owned smartphone used by the same employee. Security starts with understanding what’s on the network. What devices are being used, how many, and which operating systems are supported? Aruba Networks ClearPass has a built—in profiling engine that collects real-time data including device categories, vendors, and OS versions. And the new standalone Aruba Networks ClearPass Universal Profiler™ provides the same visibility for those not ready for full policy enforcement.

Aruba Clearpass Policy Management

A quick look at why authentication, authorization and accounting—or AAA and RADIUS—were developed can easily take you back more than a decade. Acronyms and phrases like modems, roaming between iSPs, UniX™, and AOL™ come to mind. Users had one device and were chained to wired desktops. and it managed everything—devices, applications and access to network resources. Authentication for one user with one device, using very fixed criteria, is a thing of the past. In fact, 65% of users now have three or more devices. they access email and secure enterprise resources from anywhere and at any time. this next generation workforce, known as #GenMobile, is pushing the limits of it and legacy AAA platforms. So we are now faced with a new challenge—what’s the best way to implement policy management to enforce behavioral policies related to mobility, the use of personally owned devices and multiple types of devices per person? One thing is certain—policy management is the key to enforcing secure mobility. It’s more cost—effective and easier to manage than the tedious and complex rule sets associated with legacy AAA. and it accommodates armies of users with lots of mobile devices.

Automated Policies

Older AAA rules sets have transitioned to policy management systems that leverage contextual data—user roles, device types, application flows and location—to dynamically enforce what resources can be accessed. What’s different and better is that policies can be created based on expected results as well as unexpected results. For example, a laptop that had been deemed compliant can change state overnight, requiring remediation or given limited access until resolved. Built—in services—This one’s a game changer: it can use baseline AAA and policy elements to automatically exchange data with third—party applications and implement self—service workflows. These capabilities do not exist in legacy AAA solutions and can impede the roll out of bring—your—own-device (BYOD) initiatives. Today’s policy management systems let users configure their own devices for secure Wi—Fi connectivity. Leveraging data from a mobile device management (MDM) or enterprise mobility management (EMM) solution makes it easy to detect if a device can securely connect to enterprise networks. Guest authentication—Centralized management of guest policies also provides a big advantage over legacy AAA. Exhibiting greater flexibility, policy management systems can accommodate modules that enable it to leverage authentication and enforcement methods and leverage an internal database. They also allow it to create security policies that separate guest traffic from enterprise traffic. It’s even possible to define simple rules that determine when and how long guests can stay connected to the network.

Features And Benefits

Using policy management in a mobile environment, where users connect over wireless and wired networks throughout the day solves a set of entirely new challenges that didn’t previously exist. If a device is denied access today, user and it productivity is lost. With the right policy management approach, it organizations can ensure that the growing universe of #GenMobile workers get instant access to the apps, printers and network services they’re authorized to use, no matter where they are or what device they have. Mobile devices—authentication services are fairly consistent between AAA and policy management systems. however, any form of health checks or device interrogation will require a policy management system. A critical policy management capability entails making real—time decisions based on intelligence gathered from devices using NAC and/or MDM agents. the policy management system determines if a device can connect, if remediation is required or if access should be denied. Most it organizations currently rely on active Directory or lDap to assign and enforce security policies for users and devices.