Aruba ClearPass Reviews

The most valuable feature for us it the granular, logic-based nesting of objects which gives highly customizable control over AAA for TACACS+ and RADIUS.

Device profiling for basic/intermediate NAC is also highly useful.

Providing granular control over which devices are permitted to join our corporate wireless network, as well as in-depth AAA (accounting, in particular) for TACACS+ sessions, is huge. We can refer back to these logs at any time, which are especially useful when we undergo organization-wide audits.

Having a global business presence, CPPM helps us to ensure all sites are compliant with a unified set of standards passed down from our corporate headquarters.

• I'd like to see greater ability to customize backups – locations, transfer protocols (SCP/SFTP, etc).
• Small tweaks like scroll bar distances within large Enforcement Policies. More customization for SNMP traps (types), a well as published MIB files so that we can utilize our network monitoring environment more heavily with polling specific aspects of CPPM.
• Hardware requirements for VM templates we use (CP-VA-5K) are, quite frankly, absurd (very high disk storage requirements).

I've used it for just over three years.

I don't recall any issues with deployment.

I don't recall any issues with stability.

I don't recall any issues with scalability.

Technical support was not all that great, actually. They are responsive, but oftentimes are VERY reluctant to initiate a screen-sharing session or give in-depth answers. URL links to knowledge-base articles are very typical for initial answers, which (1) slows resolution, and (2) increases frustration.

It seems, in general, that technical support is more interested in closing new cases than they are in actually solving the root issues. 90% of the questions I’ve had I’ve had solved (for free, mind you, without any maintenance fees) using Aruba’s Airheads online user-based forums.

The solution was implemented before I gained ownership of it. I'm not sure of the history behind it.

A local vendor was used.

Do your due-diligence in understanding how the product works before you deploy. CPPM (and many like it – Cisco ISE and ACS) are very complex in the way they are configured and operate.

If you can design the solution before implementation, you have a much better chance of scaling well, easily, and with little down-time as you grow the product throughout its life cycle in your organization.

We use ClearPass to authenticate users and have a product in development that will use NAC solutions. In addition to these, we also use ClearPass for network access control and guest management.

We have flexible and detailed options to implement our security policy using ClearPass Policy Manager engine.

The authentication capabilities are one of the most valuable features, including the ability to build rules within the system to anticipate users. We also have maximum or onboard margins, and a new product is coming soon that can be used onboard. Additionally, the integration with other systems is a great value and a standout feature of the product.

One area for improvement would be the possibility of using social media providers for user authentication. In Brazil, we have a government-sponsored service that indicates users who would like to see this feature supported. I have made a formal request for this feature, but I am unsure if it will be considered for the next release. However, it would be a valuable addition for us.

We use ClearPass with Aruba controllers for our wireless LAN. We have the 7220 gateway/controller model and wireless APs, specifically the 510 series.

It is a stable product. We've never experienced any downtime with ClearPass. We have a cluster of ClearPass servers, and we've never had any problems with stability or downtime.

The scalability is good. You can scale very well.

I had to call customer support once because I needed to reset the license for an upgrade, and I needed guidance on how to use the new license model. That was the only time I had to call support. They responded to me quickly and it was a good experience.

Positive

I would rate it an eight out of ten, where ten is the easiest and zero is the most difficult.

It took a few months to deploy the solution. I was the main technician involved in the deployment.

The pricing is a little bit more expensive than other options, but it's worth the value.

Overall, I would rate the solution a nine out of ten.

We mainly use it for 802.1X authentication.

Our customers like its ability to authenticate using not just certificates but also MAC addresses is very helpful in mitigating unauthenticated access on networks and switches.

There is room for improvement in terms of scalability. 

I have experience with Aruba ClearPass for five to six years.

I would rate the stability a nine out of ten.

I would rate the scalability an eight out of ten. Our customers are mostly medium-sized businesses.

I have some years of experience with FortiGate, Fortinet Firewalls, and Fortinet switches. Mostly with FortiSwitch models 6450, 548, and 124F.

I didn't set it up myself. I'm involved in operating the system.

Overall, I would rate the solution an eight out of ten.

Aruba ClearPass is used for enforcing certain security policies all around the organization, it covers certain security policies, which is in turn, is deducted from the business requirements. You start with a security policy, then you need technology to enforce it, this is where Aruba ClearPass is used.

A lot of the issues in Forescout are mitigated in Aruba ClearPass, it supports all the expected protocols.

Aruba ClearPass has fewer deployment scenarios and flexibility than Forescout.

I have been using Aruba ClearPass for five years.

Aruba ClearPass is reliable.

I have found Aruba ClearPass to be scalable.

I have approximately two clients with 400 users each, giving a total of 800 users using the solution.

Aruba ClearPass has a very good technical support team. Whenever we need the vendor to be involved, we find a good deal of technical support.

I have used Forescout and I would rate Aruba ClearPass second best.

The initial installation is simple. The deployment could be better since it has fewer capabilities than other solutions, it could be more flexible.

We have a dedicated engineer for Aruba ClearPass when it comes to deploying and support of the solution. One engineer is enough for my client's environment.

The licensing model is very straightforward. There are two types of licensing for Aruba ClearPass, a perpetual license, and a subscription. Both of them are straightforward. We don't need to read an ordering guide, it's very clear.

I would recommend this solution to others if they have a certain use case. If there is a lot of Cisco environments that need to be implied under the security policy, then ClearPass is the right solution for them. It supports a wide range of Cisco technologies and Cisco protocols.

I rate Aruba ClearPass an eight out of ten.

My clients primarily use the solution to control access to the network or their sites. If a computer is not recognized by ClearPass, it won't be able to gain access.

The solution is extremely stable.

We find that at the end of the projects we manage, all functionalities perform quite well. We've tested it a lot and find it to be overall a very good solution.

It's excellent in terms of securing local networks for our clients.

The solution needs to upgrade its user interface. Right now, it's not so user friendly, and it's an aspect that my clients' wish was improved upon.

The solution is quite large and complex in scope. If a person isn't familiar with the solution, they can quickly get overwhelmed with everything.

I've been installing the solution for one to two years now. The last project I worked on was around six months ago. 

We have never experienced any bugs, crashes, or glitches. In my opinion, everything is stable. It's excellent. I'd say it's quite reliable in that regard.

The solution is very scalable. A company will be able to expand the solution to meet their needs as necessary.

In the past, we have reached out to technical support. During the implementation process, all the way through the project, we only had just one or two specific instances where their assistance seemed to take a long time. However, overall, I would say we are completely satisfied with their level of support.

While the installation itself is not difficult per se, the process you need to go through before installing the solution is complex. There are a lot of configurations to do on the firewall network and it can take a while, depending on the company. 

While it's tedious before the installation, once you come to the actual installation itself, you'll realize it's not too bad.

We're working on a project right now that has ten deployments and that's taken us about four or five months. For this project, there have been five people involved in the deployment process.

We handle aspects of the implementation for our clients.

We've partnered with HPE and Aruba.

I work at a service company. I go and install solutions for customers. I just handle the install for my customers. I don't use the software myself every day or on a regular basis. My role is one of a project technician and director. I'm an architect.

Our organization handles all sizes of companies from small to large enterprises.

If there's a company out there considering the solution, I'd just caution them to be ready.  There is a lot of configuration to do on all of the infrastructure. Other than that, it's an excellent solution. It's great for securing a local network. Security, at the end of the day, shouldn't have a cost. It's imperative to protect your business and to not worry so much about price tags, because it's even more expensive when you are unprotected and things go wrong.

I'd rate the solution nine out of ten.

Our primary use case for Aruba ClearPass is to use it in IoT services.

Aruba has improved my organization because it supported me on my level of access. I hope to see Aruba add routers to their portfolio. 

A very important feature for me is its support of a multi-tenant solution on deliverables. For instance, I have three customers, or three users, and I want each customer to have his own portal and his own database to manage their subscriber for reporting and for provision. 

Aruba needs to improve and the processes must be clear. I also believe the marketing is very important, as well as to split the database to be more specific, like having a user name, access point name or site name. 

In general, Aruba is very stable and it supports me every time I have issues related to my database. 

The scalability is good. We currently have about 100 users but we expect this to grow to 10,000 by the end of the year. So we plan to increase our usage. We won't need to employ extra staff because the support from Aruba is very good.

The technical support from Aruba is very good.

Before we started using Aruba we worked on Cisco, which has the same setup. They had the same access layer, access points, access controller and management at Cisco. We were, however, looking for a wireless solution.

The deployment took about two years, and then it took about two weeks for the configurations to be activated. 

We've invested in Aruba to increase our customers to 10,000 by the end of the year so we hope to see a good return on investment. 

We pay an annual licensing fee for Aruba and there are no additional costs.

I can recommend this solution for anyone in terms of guest management or from a security perspective. I will rate this a nine out of ten.

ClearPass is the best Network Access Control "Swiss army knife" out there right now. It can do 802.1x (WPA2-Enterprise) for WiFi and LAN. It also has one of the slickest guest captive portal experiences and workflows out there, along with an easy, drop-in BYOD application.

I have not had too much experience with OnGuard, the endpoint integrity feature, but it does that too. With all of the ClearPass integrations and RADIUS Change of Authorization (CoA), it is possible to login wired or wireless endpoints based on a variety of identity stores, then create and associate security policies, e.g., DACLs, based on a device. 

Dynamically provision VLAN assignments, i.e., no more "color-coded ports", write Palo Alto Networks (PAN) NGFW policies that are associated with a specific user (rather than IP address), and quarantine or drop an endpoint off the network in an automated manner if an incident is detected.

All of this, naturally, comes with a lot of details in implementation, but my experience was, like all things InfoSec, implementing the controls is easy if you already have a clear, documented, executive-supported policy that you are using as the control to enforce. Otherwise, the control gets blamed for what is really a lack of clarity and leadership regarding the underlying business policy.

It makes it easy to require robust user authentication for both wired and wireless endpoints, including BYODs.

Access Tracker is definitely the feature that I use the most. It is invaluable for troubleshooting access control incidents and quickly getting to the root cause.

It should be clearer in the pre-sales stage that clear, documented, executive-supported InfoSec policy is the key to success.

It's a reliable solution for our guest network access as well as mobile device registration.

The key functionality we're using is Active Directory in unison with device authentication, so every 45 days a user has to log in their password on their mobile phone so that you can use WiFi services in the office. We're going to be looking at ClearPass to do device authentication, which means the users will only have to register the device once and never have to re-enter the password again.

It was a complex solution to set up because of its newness. We needed a third-party implementor to help us.

It's a brand new installation for us, and we've only had it for a month.

So far, we haven't had any issues with deployment.

From what we've seen it's been pretty stable.

Right now, it's scaled. We're using it for guest internet services and it seems to be working pretty well. Our next phase with that would be to roll in for device registration as we roll out to our mobile device strategy.

10/10 for HP and 8/10 for the third-party.

We haven't really run into any support issues yet. On the integration side, there's obviously some expertise with the vendor, which is going to help us take care of some issues in the future, but it hasn't really been a difficult product to support.

We decommissioned other options. We had another, but we've since decoupled it and are now using ClearPass to do that.

Because of its newness it was complex, but the end result was pretty straightforward.

We did need a third party to come in and help us do the implementation. We had some initial help from an HP engineer on the Aruba side who spent some time with us, showing us an evaluation version of it, but when we went into production we had to get a third party to help us.

We're not really calculating ROI for the service. It's a necessary service delivered by IT to the corporation.

We're currently doing an entire refresh of our access point network, which is approximately 80 access points across the country. We've recently acquired all new hardware. We're refreshing the entire footprint.

Because Aruba was our primary vendor for our access points, it just made more sense for us to try to consolidate more services towards the new strategy.

It's only providing a very small service to us right now. It's not like we're looking at ClearPass on a very full-blown basis. My advice would be to just make sure to do a proper spectrum analysis, and each of your properties are areas that you intend to put WiFi, because it will be critical to where you put APs and how closely you put them together.