DS ClearPass PolicyManager
DS ClearPass PolicyManager
DS ClearPass PolicyManager
Enforcement and visibility for wired and wireless ClearPass OnGuard delivers endpoint posture assessments
over wireless, wired and VPN connections. OnGuard’s
With ClearPass, organizations can deploy wired or wireless
health-check capabilities ensure endpoints meet security
using standards-based 802.1X enforcement for secure
and compliance policies before they connect to the
authentication. ClearPass also supports MAC address
network. OnGuard offers a variety of flexible deployment
authentication for IoT and headless devices that may lack
options including agentless, disolvable agents and agent-
support for 802.1X. For wired environments where RADIUS
based configuration.
based authentication cannot be deployed, OnConnect, offers
an alternative using SNMP based enforcement. Customizable visitor management
ClearPass Device Insight provides next generation profiling ClearPass Guest simplifies visitor workflow processes to
capabilities to ClearPass Policy Manager through a cloud enable employees, receptionists, and other non-IT staff to
based machine learning algorithm that also leverage deep create temporary guest accounts for secure wireless and
packet inspection support. wired access. Highly customizable, mobile friendly portals
provide easy-to-use login processes that include self-
Authentication methods can be used to concurrently support
registration, sponsor approval, and bulk credential creation
a variety of use-cases. It also includes support for multi-
support any visitor needs – enterprise, retail, education,
factor authentication based on log-in times, posture checks,
large public venue. Credentials can be delivered by SMS,
and other context such as new user, new device, and more.
email, printed badges, or input directly through cloud identity
Attributes from multiple identity stores such as Microsoft Active providers such as Facebook or Twitter.
Directory, LDAP-compliant directory, ODBC-compliant SQL
Built in support for commercial oriented guest Wi-Fi hotspots
database, token servers and internal databases across domains
with credit card billing and 3rd party advertising driven workflows
can be used within a single policy for fine- grained control.
make it simple to integrate into a wide variety of environments.
Contextual data from these profiled devices allows for IT
to define what devices can access either the wired, VPN, or ARUBA 360 SECURITY EXCHANGE PROGRAM
wireless network. Device profile changes are dynamically
Integrate with security and workflow systems
used to modify authorization privileges. For example, if a
Support for the Aruba 360 Security Exchange Program is
Windows laptop appears as a printer, ClearPass policies can
an integrated component of ClearPass. Using features like
automatically deny access.
REST-based APIs, RADIUS Accounting Proxy, and Syslog
Secure device configuration of personal devices ingestion help facilitate workflows with UEM, SIEM, firewalls,
ClearPass Onboard provides automated provisioning of any help-desk systems and more. Context is shared between each
Windows, macOS, iOS, Android, Chromebook, and Ubuntu component for end-to-end policy enforcement and visibility.
devices via a user driven self-guided portal. Network details, The ClearPass Ingress Event Engine provides 3rd party
security settings and unique device identity certificates systems the means to share information in real-time using
are automatically configured on authorized devices. Cloud Syslog. This enables ClearPass to respond to changing
identity services like Microsoft Azure Active Directory, Google threats for users and devices after they have authenticated
G Suite and Okta can also be leveraged as identity providers to the network. By utilizing an open dictionary approach,
with Onboard for secure certificate enrollment. anyone can write a parsing ruleset without the need for
costly add-ons or locked in 3rd party ecosystems.
2
DATA SHEET
ARUBA CLEARPASS POLICY MANAGER
For networks managed by Aruba Central, Central • TTLS (EAP-MSCHAPv2, EAP-GTC, EAP- TLS, EAP-MD5,
with simple business-logic interface and workflows. Central • PAP, CHAP, MSCHAPv1, MSCHAPv2, EAP-MD5
Platform
RFC standards
• Deployment templates for any network type, identity store
2246, 2248, 2407, 2408, 2409, 2548, 2759, 2865, 2866, 2869,
and endpoint
2882, 3079, 3579, 3580, 3748, 3779, 4017, 4137, 4301, 4302,
• 802.1X, MAC authentication and captive portal support
4303, 4308, 4346, 4514, 4518, 4809, 4849, 4851, 4945, 5176,
• ClearPass OnConnect for SNMP-based enforcement on
5216, 5246, 5280, 5281, 5282, 5424, 5755, 5759, 6614, 6818,
wired switches
6960, 7030, 7170, 7296, 7321, 7468, 7748, 7815, 8031, 8032,
• Advanced reporting, analytics and troubleshooting tools
8247, 8446, 8709, 8894, 8908
• Interactive policy simulation and monitor mode utilities
• Multiple device registration portals – Guest, Aruba Internet drafts
AirGroup, BYOD, and un-managed devices
Protected EAP Versions 0 and 1, Microsoft CHAP extensions,
• Admin/operator access security via CAC and TLS certificates
dynamic provisioning using EAP-FAST.
3
DATA SHEET
ARUBA CLEARPASS POLICY MANAGER
Profiling methods
• Active: Nmap, WMI, SSH, SNMP
• Passive: MAC OUI, DHCP, TCP, Netflow v5/v10, IPFIX,
sFLOW, ‘SPAN’ Port, HTTP User-Agent, IF-MAP
• ClearPass Device Insight
• Integrated & 3rd Party: Onboard, OnGuard, ArubaOS,
EMM/MDM, Cisco device sensor
IPv6 Support
• RADIUS and RadSec
• TACACS+
• Clustering (intra-node communication)
• Web and CLI based management
• IPv6 addressed authentication & authorization servers
• IPv6 accounting proxy
• IPv6 addressed endpoint context servers
• Syslog, DNS, NTP, IPsec IPv6 targets
• IPv6 Virtual IP for high availability
• HTTP Proxy
• Ingress Event Engine Syslog sources
• Onboard, OnGuard
4
DATA SHEET
ARUBA CLEARPASS POLICY MANAGER
Hardware Model Unicom S-1200 R4 HPE DL20 Gen10 HPE DL360 Gen10
(1) Atom 2.4GHz C2758 with Eight (1) Xeon 2.3GHz Gold 5118 with
(1) Xeon 4.0GHz E-2274G with
CPU Cores Twelve Cores
Four Cores (8 Threads)
(8 Threads) (24 Threads)
Memory 8 GB 16 GB 64 GB
(6) SAS (10K RPM)
(1) SATA (7.3K RPM) (2) SATA (7.2K RPM) 1TB hard
Hard drive storage 600GB Hot-Plug hard drives
1TB hard drive drives, RAID-1 controller
RAID-10 controller
HPE Integrated Lights-Out (iLO)
Out of Band Management N/A HPE Integrated Lights-Out (iLO)
Advanced
Network Interfaces 4 x 1GbE 4 x 1GbE 4 x 1GbE
Serial Port Yes (RJ-45) Yes (DB-9) Yes (DB-9)
Performance & Scale Please refer to the ClearPass Scaling & Ordering Guide
Minimum Software Version ClearPass Policy Manager 6.6 ClearPass Policy Manager 6.7 ClearPass Policy Manager 6.7
FORM FACTOR
Rackmount Included Included Included
Dimensions (WxHxD) 17.2” x 1.7” x 11.3” 17.11" x 1.70" x 15.05" 17.1 x 1.7 x 27.8”
Weight (Max Config) 8.5 Lbs Up to 19.18 Lbs Up to 36 Lbs
POWER
HPE 500W Flex Slot Platinum Hot HPE 500W Flex Slot Platinum
Power supply 200 watts max
Plug Power Supply Hot Plug Power Supply
C13 - NEMA 5-15P US/CA 110V C13 - C14 WW 250V 10Amp C13 - C14 WW 250V 10Amp
Power Cord
10Amp Power Cord Jumper Cord Jumper Cord
Power redundancy N/A Optional Optional
AC input voltage 100/240 VAC auto-selecting
AC input frequency 50/60 Hz auto-selecting
ENVIRONMENTAL
5º C to 35º C (41º F to 10° to 35°C (50° to
Operating temperature 10º C to 35º C (50º F to 95º F)
95º F) 95°F)
Random vibration at 0.000075 Random vibration at 0.000075 G²/
0.25 G at 5 Hz to 200 Hz G2/ Hz, Hz,
Operating vibration
for 15 minutes 10Hz to 300Hz, 10Hz to 300Hz,
(0.15 G’s nominal) (0.15 G’s nominal)
1 shock pulse of 20 G
Operating shock 2 G’s 2 G’s
for up to 2.5 ms
-16 m to 3,048 m
Operating altitude 3,050 m (10,000 ft) 3,050 m (10,000 ft)
(-50 ft to 10,000 ft)
5
DATA SHEET
ARUBA CLEARPASS POLICY MANAGER
ORDERING GUIDANCE
Please refer to the ClearPass Scaling and Ordering Guide for detailed information on appropriate sizing and required
licensing to deploy ClearPass. More information can be found on the Aruba support website in the ClearPass documentation
section.
ORDERING INFORMATION
Hardware Appliances
JZ508A Aruba ClearPass C1000 S-1200 R4 HW-Based Appliance
R1V81A Aruba ClearPass C2010 DL20 Gen10 HW-Based Appliance
R1V82A Aruba ClearPass C3010 DL360 Gen10 HW-Based Appliance
Virtual Appliances
JZ399AAE Aruba ClearPass Cx000V VM-Based Appliance E-LTU
Power Supplies
R1T38A Aruba DL360 Gen10 500W Spare Power Supply (for use with R1V81A and R1V82A)
Warranty Information
Hardware Warranty 1 year parts*
Software Warranty 90 days*
Perpetual Software License
90 days*
Warranty
Perpetual Licenses
JZ400AAE Aruba ClearPass New Licensing Access 100 Concurrent Endpoints E-LTU
JZ401AAE Aruba ClearPass New Licensing Access 500 Concurrent Endpoints E-LTU
JZ402AAE Aruba ClearPass New Licensing Access 1K Concurrent Endpoints E-LTU
JZ403AAE Aruba ClearPass New Licensing Access 2500 Concurrent Endpoints E-LTU
JZ404AAE Aruba ClearPass New Licensing Access 5K Concurrent Endpoints E-LTU
JZ405AAE Aruba ClearPass New Licensing Access 10K Concurrent Endpoints E-LTU
JZ406AAE Aruba ClearPass New Licensing Access 25K Concurrent Endpoints E-LTU
JZ407AAE Aruba ClearPass New Licensing Access 50K Concurrent Endpoints E-LTU
JZ408AAE Aruba ClearPass New Licensing Access 100K Concurrent Endpoints E-LTU
R1U35AAE Aruba ClearPass New Licensing Entry 100 Concurrent Endpoints E-LTU
R1U36AAE Aruba ClearPass New Licensing Entry 500 Concurrent Endpoints E-LTU
R1U37AAE Aruba ClearPass New Licensing Entry 1K Concurrent Endpoints E-LTU
R1U38AAE Aruba ClearPass New Licensing Entry 2500 Concurrent Endpoints E-LTU
R1U39AAE Aruba ClearPass New Licensing Entry 5K Concurrent Endpoints E-LTU
R1U40AAE Aruba ClearPass New Licensing Entry 10K Concurrent Endpoints E-LTU
R1U41AAE Aruba ClearPass New Licensing Entry 25K Concurrent Endpoints E-LTU
R1U42AAE Aruba ClearPass New Licensing Entry 50K Concurrent Endpoints E-LTU
R1U43AAE Aruba ClearPass New Licensing Entry 100K Concurrent Endpoints E-LTU
R1U44AAE Aruba ClearPass New Licensing Access Upgrade 100 Concurrent Endpoints E-LTU
R1U45AAE Aruba ClearPass New Licensing Access Upgrade 500 Concurrent Endpoints E-LTU
R1U46AAE Aruba ClearPass New Licensing Access Upgrade 1K Concurrent Endpoints E-LTU
6
DATA SHEET
ARUBA CLEARPASS POLICY MANAGER
ORDERING INFORMATION
Perpetual Licenses
R1U47AAE Aruba ClearPass New Licensing Access Upgrade 2500 Concurrent Endpoints E-LTU
R1U48AAE Aruba ClearPass New Licensing Access Upgrade 5K Concurrent Endpoints E-LTU
R1U49AAE Aruba ClearPass New Licensing Access Upgrade 10K Concurrent Endpoints E-LTU
R1U50AAE Aruba ClearPass New Licensing Access Upgrade 25K Concurrent Endpoints E-LTU
R1U51AAE Aruba ClearPass New Licensing Access Upgrade 50K Concurrent Endpoints E-LTU
R1U52AAE Aruba ClearPass New Licensing Access Upgrade 100K Concurrent Endpoints E-LTU
Subscription Licenses (1 Year)
JZ409AAE Aruba ClearPass New Licensing Access 100 Concurrent Endpoints 1yr E-STU
JZ410AAE Aruba ClearPass New Licensing Access 500 Concurrent Endpoints 1yr E-STU
JZ411AAE Aruba ClearPass New Licensing Access 1K Concurrent Endpoints 1yr E-STU
JZ412AAE Aruba ClearPass New Licensing Access 2500 Concurrent Endpoints 1yr E-STU
JZ413AAE Aruba ClearPass New Licensing Access 5K Concurrent Endpoints 1yr E-STU
JZ414AAE Aruba ClearPass New Licensing Access 10K Concurrent Endpoints 1yr E-STU
JZ415AAE Aruba ClearPass New Licensing Access 25K Concurrent Endpoints 1yr E-STU
JZ416AAE Aruba ClearPass New Licensing Access 50K Concurrent Endpoints 1yr E-STU
JZ417AAE Aruba ClearPass New Licensing Access 100K Concurrent Endpoints 1yr E-STU
Subscription Licenses (3 Year)
JZ418AAE Aruba ClearPass New Licensing Access 100 Concurrent Endpoints 3yr E-STU
JZ419AAE Aruba ClearPass New Licensing Access 500 Concurrent Endpoints 3yr E-STU
JZ420AAE Aruba ClearPass New Licensing Access 1K Concurrent Endpoints 3yr E-STU
JZ421AAE Aruba ClearPass New Licensing Access 2500 Concurrent Endpoints 3yr E-STU
JZ422AAE Aruba ClearPass New Licensing Access 5K Concurrent Endpoints 3yr E-STU
JZ423AAE Aruba ClearPass New Licensing Access 10K Concurrent Endpoints 3yr E-STU
JZ424AAE Aruba ClearPass New Licensing Access 25K Concurrent Endpoints 3yr E-STU
JZ425AAE Aruba ClearPass New Licensing Access 50K Concurrent Endpoints 3yr E-STU
JZ426AAE Aruba ClearPass New Licensing Access 100K Concurrent Endpoints 3yr E-STU
Subscription Licenses (5 Year)
JZ427AAE Aruba ClearPass New Licensing Access 100 Concurrent Endpoints 5yr E-STU
JZ428AAE Aruba ClearPass New Licensing Access 500 Concurrent Endpoints 5yr E-STU
JZ429AAE Aruba ClearPass New Licensing Access 1K Concurrent Endpoints 5yr E-STU
JZ430AAE Aruba ClearPass New Licensing Access 2500 Concurrent Endpoints 5yr E-STU
JZ431AAE Aruba ClearPass New Licensing Access 5K Concurrent Endpoints 5yr E-STU
JZ432AAE Aruba ClearPass New Licensing Access 10K Concurrent Endpoints 5yr E-STU
JZ433AAE Aruba ClearPass New Licensing Access 25K Concurrent Endpoints 5yr E-STU
JZ434AAE Aruba ClearPass New Licensing Access 50K Concurrent Endpoints 5yr E-STU
JZ435AAE Aruba ClearPass New Licensing Access 100K Concurrent Endpoints 5yr E-STU
7
DATA SHEET
ARUBA CLEARPASS POLICY MANAGER
ORDERING INFORMATION
In the Cyber CatalystSM program, leading cyber insurers evaluate and identify solutions they consider effective in reducing cyber
risk. Participating insurers include Allianz; AXIS; AXA XL, a division of AXA; Beazley; CFC; Munich Re; Sompo International; and Zurich
North America. Microsoft is a technical advisor to the program.
© Copyright 2022 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without
notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements
accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett
Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
DS_ArubaClearPassPolicyManager_RVK_091322 a00064815enw
Contact us at www.arubanetworks.com/contact