Aruba ClearPass Reviews

The two most valuable features for us are ClearPass guest and policy manager.

It keeps your organization secure in many ways, has easy guest logins, tons of options to customize the portal page, and many other useful enterprise-level features.

Automated guest account creation and the customizable captive portal has reduced the burden of the receptionist generating a token for guest access. It supports multiple authentication methods and the access tracker makes admin life easy for troubleshooting.

ClearPass onboard reduces the IT admin burden as well.

ClearPass Insight needs to be worked on. The functionality is not quite there yet.

Also, add-on licenses are expensive.

I've used it for one year.

There were no issues with deployment.

There have been no issues with stability.

There have been no issues with scaling it.

Aruba has one of the best support teams amongst all the vendors.

Technical support is the best.

There was no solution in place previously.

It was a little complex to set up. Following the installation guide makes the initial setup easy.

We implemented it in-house.

But if you do use a vendor, make sure your implementation partner is aware of all CleaPass features. Otherwise, it will be tough. Since ClearPass is a mix of AAA, NAC, Guest Module, Onguard, Profiling, and On-Boarding, make sure your partner is an expert in ClearPass.

The VM version is good for the cost, but add-on licenses are costly.

The VM version is good for the cost, but add-on licenses are costly.

We also looked at Cisco ISE.

• 802.1x quick, easy, and secure wireless access for our staff machines
• Customizable captive portal for quick and easy BYOD access for students
• Quick and easy ability to allow guests to use the wireless network

Bringing mobile devices on to the network has been simplified and secured at the same time.

Installation can be time-consuming, so Hire an Aruba consultant to do the install and save yourself a lot of time. There will be plenty of time for you to learn the product later. Plus, the consultant can pass on some valuable information during the process.

I've used it for two years.

There were no issues with the deployment.

There have been no issues with the stability.

There have been no issues with the scalability.

Aruba Support is fast and accurate. I never have problems getting someone on the line that can find a resolution the problem we are having.

The initial set-up was straightforward.

We had a vendor team on site which helped accelerate the process.

Before ClearPass we were using the native captive-portal on our Wi-Fi controllers (Aruba) to authenticate users but this was causing httpd daemons to overload the CPU on the controllers. This situation created a denial of service condition on the Wi-Fi which was a major call driver for us.

Before ClearPass we were using the native captive-portal on our Wi-Fi controllers (Aruba) to authenticate users but this was causing httpd daemons to overload the CPU on the controllers. This situation created a denial of service condition on the Wi-Fi which was a major call driver for us.

Ability to drill down on items like “System CPU Utilization” or “Device Family” stats from the dashboard. As of right now you need to pick up to 5 items listed on the Dashboard but they seem to be static.

The interface is a little confusing as is setting up some of the options but this is partially due to the flexibility of the product. There are wizards available to create policy which is helpful. We’re primarily using it for RADIUS based AAA for 802.1x Wireless.

One and a half years primarily using the Policy Manager module, and one year using the Guest module. No Onboarding use as of yet.

MS AD integration was a bit of a problem at the beginning until our SE realized that the ClearPass servers need to be joined to the domain before AD lookups can be done.

I haven't experienced any issues.

I haven't experienced any issues.

Mixed – our current SE does not seem to have much knowledge about configuration of ClearPass and I have been referred to their “ClearPass Expert” on a couple of occasions but I have yet to speak to him/her. Aruba TAC has been able to help the few times I’ve called.

Our existing wireless infrastructure is Aruba so it made sense to use their solution for AAA. We did a trial with Win Server 2012 RADIUS and that worked as well, however it does not offer as many options as ClearPass does.

Initial setup was fairly straightforward following the “Start Here” wizard. Our only real “snag” was the Active Directory integration, but that was remedied by our SE.

The licensing model wasn’t explained terribly well to us so we vastly under-purchased. This has unfortunately caused us a bit of trouble over the last year. The licensing numbers are based on unique connected authenticating endpoints per day, averaged over 7 days. When we purchased the product we were under the impression that the licensed nodes were concurrent devices, of which we typically see 8000+ in the middle of the day. Our licensing ended up being 19000+ unique devices and we’ve had to put together a cluster of 4 Clearpass nodes to accommodate this.

The licensing model wasn't explained terribly well to us so we vastly under-purchased. This has unfortunately caused us a bit of trouble over the last year. The licensing numbers are based on unique connected authenticating endpoints per day, averaged over 7 days. When we purchased the product we were under the impression that the licensed nodes were concurrent devices, of which we typically see 8000+ in the middle of the day. Our licensing ended up being 19000+ unique devices and we’ve had to put together a cluster of 4 ClearPass nodes to accommodate this.

Tread carefully when estimating the number of unique device nodes for licensing. If using Active Directory for MSCHAPv2 authentication make sure that you add Clearpass to the Windows Domain.

There are many features of ClearPass that are worth mentioning -- mainly the extensive support of almost all networking protocols ‎and mobile platforms, the flexibility to integrate with other systems, the debugging and logging facilities, and finally the ability to fully customize web login and payment pages.

It has eliminated unauthorized access to the corporate network, hence minimizing the threat level.

If the UI is simplified and improved, bugs are minimized, and the support becomes more responsive, it would be perfect.

I've used it for two years.

There were major bugs that caused us to spend an extensive amount of time for recovering the configurations. Aruba has fixed it upon our request and provided details.

It's very good, but not excellent.

No, we did not.

It was extremely complex in our heterogeneous, scattered environment. To be able to deploy a NAC solution without ‎causing downtime is a tedious task.

It was a mixed team working together.

Sizing is very important as the licenses of Aruba ClearPass are quite expensive.

Use the DHCP options for a long time to profile all types of devices communicating on a network. ‎Keep ClearPass in monitoring mode and start blocking profiled devices in batch.

The most valuable feature for us it the granular, logic-based nesting of objects which gives highly customizable control over AAA for TACACS+ and RADIUS.

Device profiling for basic/intermediate NAC is also highly useful.

Providing granular control over which devices are permitted to join our corporate wireless network, as well as in-depth AAA (accounting, in particular) for TACACS+ sessions, is huge. We can refer back to these logs at any time, which are especially useful when we undergo organization-wide audits.

Having a global business presence, CPPM helps us to ensure all sites are compliant with a unified set of standards passed down from our corporate headquarters.

• I'd like to see greater ability to customize backups – locations, transfer protocols (SCP/SFTP, etc).
• Small tweaks like scroll bar distances within large Enforcement Policies. More customization for SNMP traps (types), a well as published MIB files so that we can utilize our network monitoring environment more heavily with polling specific aspects of CPPM.
• Hardware requirements for VM templates we use (CP-VA-5K) are, quite frankly, absurd (very high disk storage requirements).

I've used it for just over three years.

I don't recall any issues with deployment.

I don't recall any issues with stability.

I don't recall any issues with scalability.

Technical support was not all that great, actually. They are responsive, but oftentimes are VERY reluctant to initiate a screen-sharing session or give in-depth answers. URL links to knowledge-base articles are very typical for initial answers, which (1) slows resolution, and (2) increases frustration.

It seems, in general, that technical support is more interested in closing new cases than they are in actually solving the root issues. 90% of the questions I’ve had I’ve had solved (for free, mind you, without any maintenance fees) using Aruba’s Airheads online user-based forums.

The solution was implemented before I gained ownership of it. I'm not sure of the history behind it.

A local vendor was used.

Do your due-diligence in understanding how the product works before you deploy. CPPM (and many like it – Cisco ISE and ACS) are very complex in the way they are configured and operate.

If you can design the solution before implementation, you have a much better chance of scaling well, easily, and with little down-time as you grow the product throughout its life cycle in your organization.

• Open standards-based Networks Access Control, 802.1x
• Excellent API/third party integration module
• Radius server features
• Visibility reporting (see who accessed the network with which device, etc.)
• Onboarding solution for BYOD

• Security of wired and wireless network increased significantly without any complexity for our user community.
• Integration with existing tooling/databases improved efficiency and visibility.
• Less components to manage (we phased out MS NPS, Cisco ACS).
• Guest experience improved while "load" on IT lowered.

How the licenses-in-use counting works in educational environments could be improved.

Also, appliance sizing could be improved, as the gaps from 500 to 5,000 and from 5,000 to 250,000 is too large. There should be 2,500 and 10,000 appliances as well.

No issues with deployment.

No issues with stability.

No issues of scalability.

ClearPass offers a complete NAC solution including standard AAA functions with advanced policy enforcements for multi-vendor wired and wireless networks.

It has automated the bring-your-own-device process through the Onboard feature and posture health check validation through the OnGuard module, plus it has a robust and customized guest management experience.

I’ve designed and implemented ClearPass for several enterprises that were looking for a compete NAC and guest management solution. ClearPass was the best fit to address different client requirements and tailor the security access policy based on their needs.

Reporting module has room for improvement. It also need integration with SIEM solutions and Next Generation Firewalls.

We've used it for three years.

There are a few issues here and there but they're not worth mentioning.

It's very good.

It depends on the scenario, but if the use cases and prerequisites were defined correctly before the implementation then it will be easier to implement.

I started with an in-house implementation and consulted the vendor team when it’s required.

ClearPass has competitors, but it has kept its leadership position within the Magic Quadrant for the last three years.

I would advise you to at least include ClearPass in any PoC.

The most valuable feature is the OnGuard agent which performs posture assessments.

This product helps the organization to perform the NAC concept and check the health of computers before granting them access to the network.

Access Tracker section and ClearPass Insight have rooms of improvements.

For Access Tracker: it would be great if Aruba added more information in the Access Tracker section, such as an endpoint’s IP address, device category, name/description of network device, and SHL name, if any.

For ClearPass Insight: it currently has low limits and a lot of use cases couldn’t be applied by the customer which required customization by the Aruba TAC. This is the thing that consumes the most time and could lead to performance issues for ClearPass Insight.

We've used it for two years.

No issues encountered.

No issues encountered.

No issues encountered.

9/10

9/10

I didn’t use another solution.

When there are a lot of requirements, the initial setup will be complex, so it depends on the organization’s requirements.

It was through a vendor team, and I would advise anyone going to implement this solution to enable all features during the initial setup and try to get some reference from the vendor in order to contact them and ask them about their experience.

For licensing, it depends on the organization’s capacity.

I didn’t evaluate another solution.

I would advise you to get support directly from the vendor and not use the partner support.