Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Aruba ClearPass Competitive Update September, 2012

advertisement 
Aruba ClearPass
Competitive Update
September, 2012
CONFIDENTIAL Internal / Partner
CONFIDENTIAL
© Copyright 2011. Aruba Networks, Inc.
©
2011. Aruba Networks, Inc.
AllCopyright
rights reserved
All rights reserved
Agenda
•
•
•
•
•
2
Where we’re winning
Superior scalability
Onboarding advantages
In-depth profiling
Best-in-class guest access
CONFIDENTIAL
© Copyright 2011. Aruba Networks, Inc.
All rights reserved
Landscape Overview
Education
• Bradford
• ForeScout, Impulse
• Others
Enterprise
• Cisco
• Juniper
• Others
Gov’t
Other Major
Verticals
• ForeScout
• Cisco
• Others
• Cisco
• Juniper
• Others
Others can be vendors listed as well as Avaya,
Alcatel, McAfee, Enterasys and other niche vendors
3
CONFIDENTIAL
© Copyright 2011. Aruba Networks, Inc.
All rights reserved
Innovation Leadership
2011
• Aruba MOST innovative
2012
• Integration of AAA, NAC, and
industry’s leading guest
solutions
• Introduction of Onboard and
Profile
• Channel partner growth
• New Professional Services
• 2X Eval requests in just 9
months over 2011
4
CONFIDENTIAL
© Copyright 2011. Aruba Networks, Inc.
All rights reserved
Why Customers are Buying ClearPass
• Scalability
– CPPM performs uniformly regardless of use-case/load
• Multivendor centric
– Network devices, identity stores, and operating systems
• Onboarding solution for iOS, Windows, Mac OS X and
Android since July
– With built-in CA
• Use of all Profile and Onboard/OnGuard context in
policy
– For example: “Allow Android version 4.0, and deny 3.2 devices”
• Intuitive deployment and administrative interface
• Most feature comprehensive Guest solution
5
CONFIDENTIAL
© Copyright 2011. Aruba Networks, Inc.
All rights reserved
Scalability – Key Takeaways
ClearPass
Cisco
Juniper
ForeScout
Bradford
Max. # of
devices per
appliance
25,000
10,000
30,000
4,000
25,000
(requires 2
appliances)
Cluster Zones
Yes
No
No
Yes
No
# Appliances
for 100,000
endpoints
4
10 +
4
25 + 1 Mgmt
8 + 1 Mgmt
Built-in Webbased GUI
Yes
No
No
No
No
All services
supported
Yes
Yes
No
(Onboard,
Guest, etc.)
6
CONFIDENTIAL
© Copyright 2011. Aruba Networks, Inc.
All rights reserved
No
No
Neither 3 have onboarding
All 4 have limited guest applications
Scalability – ISE comparison
100,000
Devices
•
•
•
•
1M devices max cluster size
25K max devices per appliance
Only 4 appliances needed
Fewer boxes overall; all functionality
available on single box*
• 64bit VM option available, can use
>4GB RAM
7
CONFIDENTIAL
© Copyright 2011. Aruba Networks, Inc.
All rights reserved
* Q3 CY12 onward
• 100K devices max cluster size**
• 10K max devices per appliance**
• 10+ appliances required to support
100K endpoints
• Requires dedicated policy, monitoring
administration and posture nodes
• Only 32bit VMWare option available,
cannot use >4GB RAM
** Cisco Design Guide
Multivendor – Key Takeaways
RADIUS &
TACACS+
8
ClearPass
Cisco
Juniper
ForeScout
Bradford
Yes
2 solutions
No
No (just
announced
RADIUS server)
No (very
limited
RADIUS)
Multi-AD, LDAP, Yes
SQL dB, Token
Servers
No
No
No
No
Role-based
Yes
policies & DACL
enforcement
No
No
No
No
Over 130 3rd
party NADs
supported - .1X
Yes
No
No
No
No
Microsoft
Support
Multiple
domains,
Can replace
IAS, NAP
CONFIDENTIAL
© Copyright 2011. Aruba Networks, Inc.
All rights reserved
Support for .1X does not = multivendor support
No
NAP
No
No
BYOD Multi-vendor Policy Enforcement
ClearPass Policy Manager
Policy Decision Point
POLICY
ENFORCEMENT:
Any Network
Policy Enforcement Optimized for Aruba,
But Works with Any
9
CONFIDENTIAL
© Copyright 2011. Aruba Networks, Inc.
All rights reserved
Onboarding - Key Advantages
• BYOD means that users will bring a variety of devices
and users will lose, buy, and constantly replace
devices
• Automatic detection and provisioning of these devices
is important
• Simplicity is key, but so is the customer’s ability to use
the onboarding data within a policy
• Not having onboarding with user and device
differentiation only partially supports BYOD
10
CONFIDENTIAL
© Copyright 2011. Aruba Networks, Inc.
All rights reserved
BYOD Onboarding Advantages
ClearPass
11
Cisco
Juniper
ForeScout
Bradford
All Major Device Yes
Types
Supported
Yes
No
No
No
Certificate
Revocation
Yes
No
No
No
No
Built-in
Certificate
Authority
Yes
No
No
No
No
Policies Use
Role-based
Onboarding
Data
Yes
Yes, if full
Trustsec is
supported
No
No
No
Microsoft
Support
Multiple
domains,
Can replace
IAS, NAP
No
NAP
No
No
CONFIDENTIAL
© Copyright 2011. Aruba Networks, Inc.
All rights reserved
Profile - Key Advantages
• Allows customers to maintain device visibility thru
real-time data capture
• Eliminates the need for manual device registration for
large environments
• Enables the use of category-based policies
• Weak profiling can cause policy misinterpretation
(i.e., a policy set to allow iPad use by doctors could be
applied to an iPhone which will not work for certain
applications)
12
CONFIDENTIAL
© Copyright 2011. Aruba Networks, Inc.
All rights reserved
Profiling – Key Takeaways
ClearPass
Cisco
Juniper
ForeScout
Bradford
Yes
Yes
Requires
Great
Bay
Use Span Port
Data
No
Use
Yes
Onboarding and
Health Data
No
No
No
No
Automatic
Fingerprinting
Updates
Yes
No
No
No
No
Can Apply Role- Yes
based Policies
No
No
No
No
Also Provides
Device
Registration
No
No
No
They only
provide
device
registration
DHCP & Static
IP Addressing
Support
13
CONFIDENTIAL
© Copyright 2011. Aruba Networks, Inc.
All rights reserved
Yes
ClearPass Profile Visibility
14
CONFIDENTIAL
© Copyright 2011. Aruba Networks, Inc.
All rights reserved
Usability - Key Advantages
• Templates and intuitive forms speed the process of
creating and managing policies
• Per page context sensitive Help enables IT to quickly
get up to speed
• Dynamic visuals and troubleshooting tools streamline
user issues and the addition of new features
• Lack of good interface tools for authentication
completely hamper deployment, scalability, and
troubleshooting
15
CONFIDENTIAL
© Copyright 2011. Aruba Networks, Inc.
All rights reserved
Usability – Key Takeaways
16
ClearPass
Cisco
Juniper
ForeScout
Bradford
Supports All
Functions from
Built-in GUI
Yes
No
No
No
No
Wizard-based
Policy Creation
Yes
Yes, but
many more
steps
No
No
No
Templates:
Yes
Wireless, Wired,
MAC-Auth,
TACACS+, etc.
No
No
No
No
Auth Data - per
Session Logs
Yes
No
No
No
No
Built-in Full
reporting
Yes
No
No
No
No
CONFIDENTIAL
© Copyright 2011. Aruba Networks, Inc.
All rights reserved
Requires separate reporting packages
Guest Access - Key Advantages
• Easy to distribute credentials on short notice offload
employee and IT demands
• Differentiation by time, role, location, etc.
• Full compliance tracking
• Sponsor capabilities
• Health checks
• Under-performing solutions require unwanted IT time,
IT store edits, delays for users, scalability, and more...
17
CONFIDENTIAL
© Copyright 2011. Aruba Networks, Inc.
All rights reserved
Guest Access – 3 Categories
1. Home grown (separate VLANs/SSID) or use of existing
RADIUS/AD with static accounts (guest1, guest2)
– Weak security, no auditing, no compliance with data protection
regulations
– Lack of operator interfaces for non technical staff
– Best effort given IT resources
2. Built in features by wireless manufacturers
– Limited in flexibility and configuration options
– Requires operations people to access the controller
– Doesn’t work across multiple vendors or locations
3. Hotspot style gateways
– Duplicate wireless controller network and security features
– Focused on billing and PMS, lack corporate feature set
– Pre-set style GUI that limits configuration options
18
CONFIDENTIAL
© Copyright 2011. Aruba Networks, Inc.
All rights reserved
Guest – Key Takeaways
ClearPass Cisco
19
Juniper
ForeScout
Bradford
Scalable Guest
Licensing for
Large
Deployments
Yes
Yes, but
requires
many
appliances
No
No
No
Dedicated HW
or VM options
Yes
Yes, but
lacks
performance
Yes, but
lacks
performance
No
No
Multivendor
Integration
Yes
No
Yes, but
limited
Yes, but
limited
wireless
No
Full Featured
Policies
Yes
Limited
No
Limited
No
Complete
Branding /
Advertising
Services
Yes
No
No
No
No
CONFIDENTIAL
© Copyright 2011. Aruba Networks, Inc.
All rights reserved
ClearPass Guest Skin Technology
• Complete
Customization
– Replicate existing
corporate web / intranet
for guest administration
and access portals
– Automatically identifies
and optimizes content for
mobile browsers
– Familiarity for employees
& brand loyalty for
customers
20
CONFIDENTIAL
© Copyright 2011. Aruba Networks, Inc.
All rights reserved
Visitor Intelligence
• Personal Greetings
• Birthday coupons
• Volume/Time quotas
Recognise previously registered visitors
from their device’s MAC address
21
CONFIDENTIAL
© Copyright 2011. Aruba Networks, Inc.
All rights reserved
Key ClearPass Takeaways
22
1
Most intuitive policy admin interface. (Pre-configured
templates, built-in troubleshooting and compliance tools)
2
Full featured AAA services that support RADIUS, TACACS+,
Web & MAC auth
3
Authentication and enforcement on multivendor WLAN, Wired,
and VPN infrastructure. Including Aruba, Cisco, HP, & Juniper
4
Supports onboarding, posture/health, profiling, device
registration, Apple Bonjour protocol, captive portals, and
more
5
Identity and device-based policy services for employees,
guests, contractors, partners…
CONFIDENTIAL
© Copyright 2011. Aruba Networks, Inc.
All rights reserved
23
CONFIDENTIAL
© Copyright 2011. Aruba Networks, Inc.
All rights reserved
Related documents
Greg Peterson - Green Aruba where Europe Meets the Americas
Greg Peterson - Green Aruba where Europe Meets the Americas
Words in italics are to be deleted in the completed... UNIVERSITY OF SASKATCHEWAN BOARD OF GOVERNORS
Words in italics are to be deleted in the completed... UNIVERSITY OF SASKATCHEWAN BOARD OF GOVERNORS
Aruba Networks Secure Mobility Access Aruba ClearPass @arubanetworks
Aruba Networks Secure Mobility Access Aruba ClearPass @arubanetworks
Download
advertisement