Aruba ClearPass Reviews

There are several valuable features, and the two most valuable to use are--

• ClearPass Policy Manager 
• ClearPass Guest

ClearPass Guest allows us to build a structured external captive portal with customized landing page for each customer.

ClearPass Policy Manager has to be easier to configure. Now, it is very powerful but very complex when you want to set some “profile enforcement” only for some type of guests or a disconnection policy with Radius COA.

We've had no issues with deploying this solution.

It's a very stable product and we haven't had any issues with instability.

It's scaled for our needs.

Plan very carefully your final configuration or you can lose yourself in the configurations phase.

The greatest feature in Aruba ClearPass, in my opinion, is its modularity and its openness to all vendors. Unlike its competitor (Cisco ISE), Aruba ClearPass supports integration with almost all vendors, and the ClearPass Guest module is unmatched by any other vendor. 

The ability to tune small details is really powerful and is always a selling point. 

Of course, let's not forget that the ClearPass Insight module which produces such valuable reports with small pieces of configurations is a great feature.

Customers who have used ClearPass had their organized improved with the ability to control all devices connecting to their network and the ability to even form a database of all the endpoints in the network and their fingerprints as well. 

Also, the integration with Aruba Wireless is always a plus point.

The main issue I have seen with Aruba ClearPass is specific integration with Juniper firewalls, and this is definitely something I would like to see in the future.

I've had no issues with deployment.

I didn't encounter any issues with stability.

I didn't encounter any issues with scalability.

I would advise customers who want to protect their network, do health checks on BYOD, provide guest access and of course AAA functions to manage their network devices to go for ClearPass, but they have to be ready to get into so much details as the power of ClearPass is in its ability to customize even the smallest details as they wish of course.

A major feature that I deploy and all my customers enjoy is the On-boarding function. Once properly set-up, it is very easy to configure and maintain all on boarded devices and users associated with those devices.

The feature that I use the most is the Access Tracker. It displays all relevant information of each authentication request and troubleshooting is a breeze on how the data is displayed.

I have deployed ClearPass in a number of organizations that have been using any number of outdated and obsolete security protocols for their wireless security from WEP and PSKs to MAC based authentication and global user names and passwords. Deploying ClearPass allowed these organizations to move from weak security protocols to industry standard security protocols.

Every deployment of ClearPass I have run into a bug or a feature that is not as user friendly as it could be. This can be easily improved upon by providing documentation and guides of proper syntax inputs. I have gotten around these issues by purely trial and error.

I have used ClearPass for the past five years and have deployed all the features that ClearPass has to offer. I have deployed it in school districts, hospitals, government agencies and all major industry verticals.

It is not as user-friendly and intuitive when first using it as it takes some time to know were everything is.

I have deployed Clearpass in environments that require over 500,000 authentications per day and have not had any issues.

I have deployed Clearpass in environments that require over 500,000 authentications per day and have not had any issues

For 90% of troubleshooting and basic configuration the Technical Assistance Center has always been very good, once the issue becomes a unique case specific to the customer that’s when resolving issues may take longer the three hours. Overall, Aruba Networks is really good in supporting ClearPass.

The basic network set-up is straightforward to get it on the network. Activating the licenses and getting the subscription key for ClearPass is a bulky and compression process with very little guidance or documentation. If there is an issue with the license, the only solution to almost always call Aruba tech support. Once the licenses are sorted out an upgrade needs to happen and the size of the update is 1.4Gb or more and based on the customers network, may take a long time. Finally, after ClearPass is on-line and fully updated, the configuration and basic troubleshooting is pretty straightforward. If it’s the first time someone is looking at it there is defiantly a learning curve.

I am the system integrator if it would be done in-house. If the person that is deploying ClearPass has experience with radius servers, deploying it would take three to six times longer than to hire a system integrator. Unless the in-house IT team has the time and resources to learn to deploy and troubleshoot ClearPass out of the box, then I definitely recommend getting a systems integrator. They would know how the system works, what questions to ask and troubleshooting techniques.

There are a lot of questions need to be answered before answering the real ROI question correctly, the biggest questions are how secure is your current network? Does it meet the industry security standards? Can you afford to have your network infiltrated or have loss of data? And can you afford to lose data? If not then pricing and licensing can be worked out.

Before you buy licensing know how and way you are using clearpass. I cant count how many times a customer has perched the wrong license or to many or not enough.

It can easily handle all types of authentication methods and has a large amount of flexibility, which can cover all scenarios. However it is lacking in third party integrations and little to no documentation on customization. Aruba assumes that you have working knowledge of their CSS tags, JavaScript, REST API integration and others.

If you are looking for a NAC solution ClearPass is one of the best all in one solution it covers all authentication methods and has a large flexibility that can be easily customized to fit any scenario in any industry vertical.

The two most valuable features for us are ClearPass guest and policy manager.

It keeps your organization secure in many ways, has easy guest logins, tons of options to customize the portal page, and many other useful enterprise-level features.

Automated guest account creation and the customizable captive portal has reduced the burden of the receptionist generating a token for guest access. It supports multiple authentication methods and the access tracker makes admin life easy for troubleshooting.

ClearPass onboard reduces the IT admin burden as well.

ClearPass Insight needs to be worked on. The functionality is not quite there yet.

Also, add-on licenses are expensive.

I've used it for one year.

There were no issues with deployment.

There have been no issues with stability.

There have been no issues with scaling it.

Aruba has one of the best support teams amongst all the vendors.

Technical support is the best.

There was no solution in place previously.

It was a little complex to set up. Following the installation guide makes the initial setup easy.

We implemented it in-house.

But if you do use a vendor, make sure your implementation partner is aware of all CleaPass features. Otherwise, it will be tough. Since ClearPass is a mix of AAA, NAC, Guest Module, Onguard, Profiling, and On-Boarding, make sure your partner is an expert in ClearPass.

The VM version is good for the cost, but add-on licenses are costly.

The VM version is good for the cost, but add-on licenses are costly.

We also looked at Cisco ISE.

• 802.1x quick, easy, and secure wireless access for our staff machines
• Customizable captive portal for quick and easy BYOD access for students
• Quick and easy ability to allow guests to use the wireless network

Bringing mobile devices on to the network has been simplified and secured at the same time.

Installation can be time-consuming, so Hire an Aruba consultant to do the install and save yourself a lot of time. There will be plenty of time for you to learn the product later. Plus, the consultant can pass on some valuable information during the process.

I've used it for two years.

There were no issues with the deployment.

There have been no issues with the stability.

There have been no issues with the scalability.

Aruba Support is fast and accurate. I never have problems getting someone on the line that can find a resolution the problem we are having.

The initial set-up was straightforward.

We had a vendor team on site which helped accelerate the process.

Before ClearPass we were using the native captive-portal on our Wi-Fi controllers (Aruba) to authenticate users but this was causing httpd daemons to overload the CPU on the controllers. This situation created a denial of service condition on the Wi-Fi which was a major call driver for us.

Before ClearPass we were using the native captive-portal on our Wi-Fi controllers (Aruba) to authenticate users but this was causing httpd daemons to overload the CPU on the controllers. This situation created a denial of service condition on the Wi-Fi which was a major call driver for us.

Ability to drill down on items like “System CPU Utilization” or “Device Family” stats from the dashboard. As of right now you need to pick up to 5 items listed on the Dashboard but they seem to be static.

The interface is a little confusing as is setting up some of the options but this is partially due to the flexibility of the product. There are wizards available to create policy which is helpful. We’re primarily using it for RADIUS based AAA for 802.1x Wireless.

One and a half years primarily using the Policy Manager module, and one year using the Guest module. No Onboarding use as of yet.

MS AD integration was a bit of a problem at the beginning until our SE realized that the ClearPass servers need to be joined to the domain before AD lookups can be done.

I haven't experienced any issues.

I haven't experienced any issues.

Mixed – our current SE does not seem to have much knowledge about configuration of ClearPass and I have been referred to their “ClearPass Expert” on a couple of occasions but I have yet to speak to him/her. Aruba TAC has been able to help the few times I’ve called.

Our existing wireless infrastructure is Aruba so it made sense to use their solution for AAA. We did a trial with Win Server 2012 RADIUS and that worked as well, however it does not offer as many options as ClearPass does.

Initial setup was fairly straightforward following the “Start Here” wizard. Our only real “snag” was the Active Directory integration, but that was remedied by our SE.

The licensing model wasn’t explained terribly well to us so we vastly under-purchased. This has unfortunately caused us a bit of trouble over the last year. The licensing numbers are based on unique connected authenticating endpoints per day, averaged over 7 days. When we purchased the product we were under the impression that the licensed nodes were concurrent devices, of which we typically see 8000+ in the middle of the day. Our licensing ended up being 19000+ unique devices and we’ve had to put together a cluster of 4 Clearpass nodes to accommodate this.

The licensing model wasn't explained terribly well to us so we vastly under-purchased. This has unfortunately caused us a bit of trouble over the last year. The licensing numbers are based on unique connected authenticating endpoints per day, averaged over 7 days. When we purchased the product we were under the impression that the licensed nodes were concurrent devices, of which we typically see 8000+ in the middle of the day. Our licensing ended up being 19000+ unique devices and we’ve had to put together a cluster of 4 ClearPass nodes to accommodate this.

Tread carefully when estimating the number of unique device nodes for licensing. If using Active Directory for MSCHAPv2 authentication make sure that you add Clearpass to the Windows Domain.

There are many features of ClearPass that are worth mentioning -- mainly the extensive support of almost all networking protocols ‎and mobile platforms, the flexibility to integrate with other systems, the debugging and logging facilities, and finally the ability to fully customize web login and payment pages.

It has eliminated unauthorized access to the corporate network, hence minimizing the threat level.

If the UI is simplified and improved, bugs are minimized, and the support becomes more responsive, it would be perfect.

I've used it for two years.

There were major bugs that caused us to spend an extensive amount of time for recovering the configurations. Aruba has fixed it upon our request and provided details.

It's very good, but not excellent.

No, we did not.

It was extremely complex in our heterogeneous, scattered environment. To be able to deploy a NAC solution without ‎causing downtime is a tedious task.

It was a mixed team working together.

Sizing is very important as the licenses of Aruba ClearPass are quite expensive.

Use the DHCP options for a long time to profile all types of devices communicating on a network. ‎Keep ClearPass in monitoring mode and start blocking profiled devices in batch.

The most valuable feature for us it the granular, logic-based nesting of objects which gives highly customizable control over AAA for TACACS+ and RADIUS.

Device profiling for basic/intermediate NAC is also highly useful.

Providing granular control over which devices are permitted to join our corporate wireless network, as well as in-depth AAA (accounting, in particular) for TACACS+ sessions, is huge. We can refer back to these logs at any time, which are especially useful when we undergo organization-wide audits.

Having a global business presence, CPPM helps us to ensure all sites are compliant with a unified set of standards passed down from our corporate headquarters.

• I'd like to see greater ability to customize backups – locations, transfer protocols (SCP/SFTP, etc).
• Small tweaks like scroll bar distances within large Enforcement Policies. More customization for SNMP traps (types), a well as published MIB files so that we can utilize our network monitoring environment more heavily with polling specific aspects of CPPM.
• Hardware requirements for VM templates we use (CP-VA-5K) are, quite frankly, absurd (very high disk storage requirements).

I've used it for just over three years.

I don't recall any issues with deployment.

I don't recall any issues with stability.

I don't recall any issues with scalability.

Technical support was not all that great, actually. They are responsive, but oftentimes are VERY reluctant to initiate a screen-sharing session or give in-depth answers. URL links to knowledge-base articles are very typical for initial answers, which (1) slows resolution, and (2) increases frustration.

It seems, in general, that technical support is more interested in closing new cases than they are in actually solving the root issues. 90% of the questions I’ve had I’ve had solved (for free, mind you, without any maintenance fees) using Aruba’s Airheads online user-based forums.

The solution was implemented before I gained ownership of it. I'm not sure of the history behind it.

A local vendor was used.

Do your due-diligence in understanding how the product works before you deploy. CPPM (and many like it – Cisco ISE and ACS) are very complex in the way they are configured and operate.

If you can design the solution before implementation, you have a much better chance of scaling well, easily, and with little down-time as you grow the product throughout its life cycle in your organization.