ClearPass Conversation Aruba Guide

clearpass conversation guide

This document is designed to help you steer customer discussions with respect to the ClearPass solution. It will be useful as an initial conversation starter or after positioning Aruba/
Purpose:
MOVE to begin discussing ClearPass.

Goal: By following this guide, you will step through a series of solution based qualifying questions to arrive at the specific ClearPass product modules on which to focus.

How to use: Start on page 2 by posing the high level questions shown in the dark blue text boxes. If the customer responds positively, proceed to the second level questions shown in the gray
arrows attached to each blue text box. Once you have posed those questions, proceed to the appropriate flow chart:

• BYOD (page 3)
• AAA (page 5)
• NAC (page 6)
• Guest (page 7)

On page 4, you will also notice a chart entitled No BYOD. Use this when a customer states that they do not have a BYOD initiative.

On the final page is a chart with key features, benefits, and sizing tips for each of the products.
ClearPass Conversation Aruba Guide

• What are your objectives for the project?

Do you have a • What are your key use cases? Go to
BYOD initiative? • Describe the ideal behavior when a user connects to the network with a new device. BYOD chart
• What are your biggest challenges? Security? IT Staff burden? Mgmt/Visibility?

• What are you currently using for your AAA/RADIUS infrastructure?

How do users • Are you currently considering a refesh or upgrade?
Go to
authenticate for • Please describe any issues or limitations that you are experiencing with your
current solution? AAA chart
network access?
• Describe your wired and wireless infrastructure equipment.

• Describe what NAC means to you.

Are you looking to
• Describe what segment of the user/device population will be controlled by NAC? Go to
deploy NAC or replace
• If you are replacing an existing solution, what are the biggest problems with NAC chart
an old NAC system? the deployment?

• Describe your guest access management requirements?

Do guests/visitors • How do you handle guest access today? Go to
require network access? • Do you employ contractors or temporary workers? Guest chart
• Do you host events or seminars?
ClearPass Conversation Aruba Guide

BYOD

1. Position CPPM + Profile for

Known (identified or Company device based, differentiated
owned) vs. Unknown (Unidentified access or CPPM with basic
or Personally owned) MAC authentication.
2. Position CPPM+Onboard for
benefits listed below
What is your decision
criteria for device access?

Position CPPM + OnBoard for

Access will be granted by
automated device
device type (laptops have full
configuration/provisioning and
access while tablets are restricted)
detailed device information for policy.

Describe the different

Position Aruba's strengths as
types/classes of users & devices Is network security a Yes
an enterprise wide,
in your environment. driver for your BYOD initiative?
policy based security platform
(For user handling, refer to AAA chart)

Onboard + CPPM provides device

Device specific security options
revocation & iOS password
are important, especially password,
No options. Today, we do not have
remote wipe, jailbroken devices
other MDM functions.

Present the benefits of Onboard

Is your IT staff spending Position CPPM and OnBoard
Yes with respect to automating the
too much time configuring for automated device
user workflow and
endpoint devices? configuration/provisioning.
configuring the device
ClearPass Conversation Aruba Guide

No BYOD

Security concerns will dictate

Yes the need for deploying a
policy based approach. Go to
BYOD and AAA charts.

Yes Do you have security

concerns? What are they?

Are you authenticating users?

Do you allow personally owned If YES, go to AAA chart.
devices on your network? If NO, pitch QuickConnect for
No
auto configuration if using .1X.

Denying access IS a policy.

Describe how ClearPass can
help today and in the future
No
when a BYOD project is initiated.
ClearPass Conversation Aruba Guide

AAA

State that ACS 4.X and SBR are

CIsco ACS or Juniper Steel
End of Life (EOL). Pitch benefits of
Belted RADIUS (SBR)
CPPM and ACS trade-in program.

Yes What AAA solution are

you currently using?

Posiiton platform not optimized

Microsoft or Free RADIUS for today's network security
demands. Pitch benefits of CPPM.

Pitch CPPM as full AAA/policy

Do you have a AAA/RADIUS No Do you authenticate Yes solution for extra security
Using Active Directory
solution in place today? your users today? and policy flexibility to support
differentiated access.

Pitch CPPM as full AAA/policy

solution for extra security
and policy flexibility to support
No
differentiated access.

Pitch CPPM as full AAA/policy

Yes A RADIUS server is a
solution for extra security
required component in an
and policy flexibility to
802.1X enabled network.
support differentiated access.

Are you planning to

deploy 802.1X?
No

Position CPPM and

captive portal for web based
No user authentication.
ClearPass Conversation Aruba Guide

nac

Printers and other devices that Position CPPM + Profile for

do not support 802.1X or have device based, differentiated
users associated with them. access or CPPM with basic
(Goal to prevent MAC spoofing.) MAC authentication.

Known (identified or
Company owned)

Yes Describe the different types/classes

of devices in your environment.

Do you define NAC as Position CPPM + Profile to

device based access control? Unknown auto discover all devices on
Are you attempting to secure the network and provide visibility
all wired ports?

BYOD Go to BYOD conversation

Position CPPM + OnGuard for

health checks via permanent
or dissolvable agents.

What types of devices

Do you wish to perform health Yes (Windows, Linux, Mac)
or posture checks on devices? and what type of checks do
No
you wish to support?

Highlight our support for

the embedded Microsoft NAP
agent for Windows platforms.
ClearPass Conversation Aruba Guide

guest

Position ClearPass Guest – fully

automated guest registration and
Self registration
delivery of credentials via
SMS, email, or print

Position ClearPass Guest – secure,

Mostly day visitors that sponsored based approval
Sponsor based registration
require internet access workflow to ensure authorized,
trackable access

Longer term visitors Position CPPM with local user

What are your guest access (temporary workers or contractors) accounts (or AD) and
management requirements? that are connected to a differentiated access based
department or project on identity and project

Large events with many people Do you require customization Position ClearPass Guest
requiring internet access of the captive portal? and the customization service

Position ClearPass Guest and

highlight the capability to import
bulk visitor accounts and provide
credentials pre-registration.
ClearPass Conversation Aruba Guide

Product Key Features Benefit Sizing

Automatic configuration of endpoint for 802.1X and Total number of endpoint devices that will connect
Reduction of IT effort to manually configure devices
other parameters to portals
Onboard
Automatic provisioning of unique credentials and Complete visibility of devices and associated users. Secure
device registration mgmt of device if lost/stolen.

Flexible, policy based system to satisfy multiple use Reduced cost - Single platform to manage all network
Total number of authenticating devices
case scenarios based policy
CPPM
Increased visibility and correlation of user, device, Reduce IT time and effort to view collection of data points
authentication data to solve issues faster

Reduce IT effort - Visibility to all network connected

Automatic detection of all devices on the network Total number of devices connected to the network
devices

Increase security - Prevent MAC spoofing and wired

Profile Detection and categorization of unmanageable devices
port hijacking

Device categorization and population of CPPM database Enable BYOD by creating device based policies

Total number of devices being health checked (Windows,

Health/posture checking of laptop and desktop devices Reduce chances of virus and malware based attacks
Linux and Macintosh only)
OnGuard
Compliance based checking of devices for unacceptable Reduce risk and network usage associated with unsecure
applications or behavior or problematic applications

Reduction of IT staff time and effort to manually

Automated workflow for enabling guest access Total number of concurrent guests
provision guests
Guest
Custom look-and-feel for different guests or sponsors Improved guest experience

www.arubanetworks.com
1344 Crossman Avenue. Sunnyvale, CA 94089
1-866-55-ARUBA | Tel. +1 408.227.4500 | Fax. +1 408.227.4550 | [email protected]

© 2012 Aruba Networks, Inc. Aruba Networks’ trademarks include AirWave®, Aruba Networks®, Aruba Wireless Networks®, the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System®, Mobile Edge Architecture®, People Move. Networks
Must Follow®, RFProtect®, and Green Island®. All rights reserved. All other trademarks are the property of their respective owners. Guide_ClearPassConversation_06XX12