Aruba ClearPass Reviews

The most valuable feature for us it the granular, logic-based nesting of objects which gives highly customizable control over AAA for TACACS+ and RADIUS.

Device profiling for basic/intermediate NAC is also highly useful.

Providing granular control over which devices are permitted to join our corporate wireless network, as well as in-depth AAA (accounting, in particular) for TACACS+ sessions, is huge. We can refer back to these logs at any time, which are especially useful when we undergo organization-wide audits.

Having a global business presence, CPPM helps us to ensure all sites are compliant with a unified set of standards passed down from our corporate headquarters.

• I'd like to see greater ability to customize backups – locations, transfer protocols (SCP/SFTP, etc).
• Small tweaks like scroll bar distances within large Enforcement Policies. More customization for SNMP traps (types), a well as published MIB files so that we can utilize our network monitoring environment more heavily with polling specific aspects of CPPM.
• Hardware requirements for VM templates we use (CP-VA-5K) are, quite frankly, absurd (very high disk storage requirements).

I've used it for just over three years.

I don't recall any issues with deployment.

I don't recall any issues with stability.

I don't recall any issues with scalability.

Technical support was not all that great, actually. They are responsive, but oftentimes are VERY reluctant to initiate a screen-sharing session or give in-depth answers. URL links to knowledge-base articles are very typical for initial answers, which (1) slows resolution, and (2) increases frustration.

It seems, in general, that technical support is more interested in closing new cases than they are in actually solving the root issues. 90% of the questions I’ve had I’ve had solved (for free, mind you, without any maintenance fees) using Aruba’s Airheads online user-based forums.

The solution was implemented before I gained ownership of it. I'm not sure of the history behind it.

A local vendor was used.

Do your due-diligence in understanding how the product works before you deploy. CPPM (and many like it – Cisco ISE and ACS) are very complex in the way they are configured and operate.

If you can design the solution before implementation, you have a much better chance of scaling well, easily, and with little down-time as you grow the product throughout its life cycle in your organization.

• Open standards-based Networks Access Control, 802.1x
• Excellent API/third party integration module
• Radius server features
• Visibility reporting (see who accessed the network with which device, etc.)
• Onboarding solution for BYOD

• Security of wired and wireless network increased significantly without any complexity for our user community.
• Integration with existing tooling/databases improved efficiency and visibility.
• Less components to manage (we phased out MS NPS, Cisco ACS).
• Guest experience improved while "load" on IT lowered.

How the licenses-in-use counting works in educational environments could be improved.

Also, appliance sizing could be improved, as the gaps from 500 to 5,000 and from 5,000 to 250,000 is too large. There should be 2,500 and 10,000 appliances as well.

No issues with deployment.

No issues with stability.

No issues of scalability.

ClearPass offers a complete NAC solution including standard AAA functions with advanced policy enforcements for multi-vendor wired and wireless networks.

It has automated the bring-your-own-device process through the Onboard feature and posture health check validation through the OnGuard module, plus it has a robust and customized guest management experience.

I’ve designed and implemented ClearPass for several enterprises that were looking for a compete NAC and guest management solution. ClearPass was the best fit to address different client requirements and tailor the security access policy based on their needs.

Reporting module has room for improvement. It also need integration with SIEM solutions and Next Generation Firewalls.

We've used it for three years.

There are a few issues here and there but they're not worth mentioning.

It's very good.

It depends on the scenario, but if the use cases and prerequisites were defined correctly before the implementation then it will be easier to implement.

I started with an in-house implementation and consulted the vendor team when it’s required.

ClearPass has competitors, but it has kept its leadership position within the Magic Quadrant for the last three years.

I would advise you to at least include ClearPass in any PoC.

The most valuable feature is the OnGuard agent which performs posture assessments.

This product helps the organization to perform the NAC concept and check the health of computers before granting them access to the network.

Access Tracker section and ClearPass Insight have rooms of improvements.

For Access Tracker: it would be great if Aruba added more information in the Access Tracker section, such as an endpoint’s IP address, device category, name/description of network device, and SHL name, if any.

For ClearPass Insight: it currently has low limits and a lot of use cases couldn’t be applied by the customer which required customization by the Aruba TAC. This is the thing that consumes the most time and could lead to performance issues for ClearPass Insight.

We've used it for two years.

No issues encountered.

No issues encountered.

No issues encountered.

9/10

9/10

I didn’t use another solution.

When there are a lot of requirements, the initial setup will be complex, so it depends on the organization’s requirements.

It was through a vendor team, and I would advise anyone going to implement this solution to enable all features during the initial setup and try to get some reference from the vendor in order to contact them and ask them about their experience.

For licensing, it depends on the organization’s capacity.

I didn’t evaluate another solution.

I would advise you to get support directly from the vendor and not use the partner support.

Our company provides professional services and we implement the features based on the customer requirement. All the features in ClearPass are good and work the way they need to.

Based on our implementations for many customers, it seems that they're most interested in the OnGuard feature that checks the compliance of corporate laptops and which restricts network access for users who are not compliant with security policies.

The reporting feature in ClearPass has found devices that are non-compliant had has addressed issues during the initial implementation phase.

Our customers also often request the guest feature, which they find very useful.

The OnGuard agent requires some enhancements.

We've used it for the last three years.

It works best when you plan deployment according to device behavior while integrated in the network.

It's been generally stable.

It scales well in our customer network environments.

Our TAC is very responsive and very helpful. They are able to provide solutions for all the new requirements by creating customized SQL queries and configs.

I worked initially with Cisco ISE, but I didn't really get to know it well. My company currently provides ClearPass solutions only.

We plan deployments considering all the configuring that needs to be done on the other integrated devices. The setup always ends up smooth and straightforward.

You should test all the requirements during the PoC itself so that the planning and deployment will be smooth.

The most valuable feature is the guest on-boarding (BYOD provisioning, centralized access policies, posture assessment, etc.)

It has improved WiFi security and guest on-boarding to our networks.

It could be more vendor independent.

I've used it for one year.

I have had issues in regards to the stability.

The technical support is satisfactory. However, there is a room for improvement.

I did not use any other similar product.

The initial setup was quite complex because of the lack of detailed documentation.

I implemented it in-house. My advice is to first set up the pilot for a small environment and then go all out.

Aruba Clearpass has a great set of networking securing features and, with its four modules policy manager, guests, onboard, and insight, it will give you the best NAC solution along with AAA, RADIUS, TACACS+ and BYOD features, which will help you to have a robust security on your network.

Actually with many projects, I implemented it to make all authentication centralized and all vLAN assignments automated along with health checks to make network security much easier.

We've been using it for over three years.

No issues encountered.

No issues encountered.

No issues encountered.

It's excellent.

It's excellent.

Compared with all NAC vendors, it is the best.

It is complex in a good way that gives you full flexibility to do a lot of scenarios.

It has the best ROI as it will secure all critical data.

We use the platform to improve network security.

Aruba ClearPass's most valuable feature is dynamic segmentation. It assigns the right wired or wireless connections to the right user. We don't have to run the process manually.

The platform's API integration could be better. Additionally, its pricing could be affordable.

We have been using Aruba ClearPass for three years.

It is a stable product.

It is scalable for a small company.

The technical support team could work on a better process while escalating the issues from one engineer to another. Sometimes, we have to explain the issues from the beginning all over again.

Positive

The initial setup is straightforward and takes two months to complete.

The product is quite expensive. I rate its pricing a seven out of ten.

I rate Aruba ClearPass an eight out of ten. It has useful technology and good performance. It needs improvement in terms of pricing and support.