CLEARPASS CONVERSATION GUIDE Aruba Guide ClearPass Conversation

ClearPass Conversation
This document is designed to help you steer customer discussions with respect to the ClearPass solution. It will be useful as an initial conversation starter or after positioning Aruba/
MOVE to begin discussing ClearPass.
Goal: By following this guide, you will step through a series of solution based qualifying questions to arrive at the specific ClearPass features in which to focus on.
How to use: Start on page 2 by posing the high level questions shown in the dark blue text boxes. If the customer responds positively, proceed to the second level questions shown in the gray
arrows attached to each blue text box. Once you have posed those questions, proceed to the appropriate flow chart:
t BYOD (page 3)
t AAA (page 5)
t NAC (page 6)
t Guest (page 7)
On page 4, you will also notice a chart entitled No BYOD. Use this when a customer states that they do not have a BYOD initiative.
On the final page is a chart with key features, benefits, and sizing tips for each of the products.
Aruba Guide
ClearPass Conversation
Aruba Guide
Do you have a
BYOD initiative?
How do users
authenticate for
network access?
Go to
AAA chart
Go to
NAC chart
Are you looking to
deploy NAC or replace
an old NAC system?
Do guests/visitors
require network access?
Go to
BYOD chart
Go to
Guest chart
ClearPass Conversation
Aruba Guide
Known (identified or Company
owned) vs. Unknown (Unidentified
or Personally owned)
1. Position CPPM + profiling for
device based, differentiated
access or CPPM with basic
MAC authentication.
2. Position CPPM+Onboard for
benefits listed below
Access will be granted by
device type (laptops have full
access while tablets are restricted)
Position CPPM + Onboard for
automated device
configuration/provisioning and
detailed device information for policy.
What is your decision
criteria for device access?
Describe the different
types/classes of users & devices
in your environment.
Is network security a
driver for your BYOD initiative?
(For user handling, refer to AAA chart)
Is your IT staff spending
too much time configuring
endpoint devices?
Position Aruba's strengths as
an enterprise wide,
policy based security platform
Device specific security options
are important, especially password,
remote wipe, jailbroken devices
Onboard + CPPM provides device
revocation & iOS password
options. Today, we do not have
other MDM functions.
Present the benefits of Onboard
with respect to automating the
user workflow and
configuring the device
Position CPPM and Onboard
for automated device
ClearPass Conversation
Aruba Guide
Do you have security
concerns? What are they?
Do you allow personally owned
devices on your network?
Security concerns will dictate
the need for deploying a
policy based approach. Go to
BYOD and AAA charts.
Denying access IS a policy.
Describe how ClearPass can
help today and in the future
when a BYOD project is initiated.
Are you authenticating users?
If YES, go to AAA chart.
If NO, pitch QuickConnect for
auto configuration if using .1X.
ClearPass Conversation
Aruba Guide
Do you have a AAA/RADIUS
solution in place today?
State that ACS 4.X and SBR are
End of Life (EOL). Pitch benefits of
CPPM and ACS trade-in program.
Microsoft or Free RADIUS
Posiiton platform not optimized
for today's network security
demands. Pitch benefits of CPPM.
Using Active Directory
Pitch CPPM as full AAA/policy
solution for extra security
and policy flexibility to support
differentiated access.
What AAA solution are
you currently using?
Do you authenticate
your users today?
CIsco ACS or Juniper Steel
Pitch CPPM as full AAA/policy
solution for extra security
and policy flexibility to support
differentiated access.
A RADIUS server is a
required component in an
802.1X enabled network.
Are you planning to
deploy 802.1X?
Position CPPM and
captive portal for web based
user authentication.
Pitch CPPM as full AAA/policy
solution for extra security
and policy flexibility to
support differentiated access.
ClearPass Conversation
Aruba Guide
Printers and other devices that
do not support 802.1X or have
users associated with them.
(Goal to prevent MAC spoofing.)
Position CPPM + profiling for
device based, differentiated
access or CPPM with basic
MAC authentication.
Known (identified or
Company owned)
Describe the different types/classes
of devices in your environment.
Do you define NAC as
device based access control?
Are you attempting to secure
all wired ports?
Position CPPM + profiling to
auto discover all devices on
the network and provide visibility
Go to BYOD conversation
Position CPPM + OnGuard for
health checks via permanent
or dissolvable agents.
Do you wish to perform health
or posture checks on devices?
What types of devices
(Windows, Linux, Mac)
and what type of checks do
you wish to support?
Highlight our support for
the embedded Microsoft NAP
agent for Windows platforms.
ClearPass Conversation
Aruba Guide
What are your guest access
management requirements?
Self registration
Position ClearPass Guest – fully
automated guest registration and
delivery of credentials via
SMS, email, or print
Mostly day visitors that
require internet access
Sponsor based registration
Position ClearPass Guest – secure,
sponsored based approval
workflow to ensure authorized,
trackable access
Longer term visitors
(temporary workers or contractors)
that are connected to a
department or project
Position CPPM with local user
accounts (or AD) and
differentiated access based
on identity and project
Large events with many people
requiring internet access
Do you require customization
of the captive portal?
Position ClearPass Guest
and the customization service
Position ClearPass Guest and
highlight the capability to import
bulk visitor accounts and provide
credentials pre-registration.
ClearPass Conversation
Policy Manager
Aruba Guide
Key Features
Automatic configuration of endpoint for 802.1X and
other parameters
Reduction of IT effort to manually configure devices
Automatic provisioning of unique credentials and
device registration
Complete visibility of devices and associated users. Secure
mgmt of device if lost/stolen.
Flexible, policy based system to satisfy multiple use
case scenarios
Reduced cost - Single platform to manage all network
based policy
Increased visibility and correlation of user, device,
authentication data
Reduce IT time and effort to view collection of data points
to solve issues faster
Automatic detection of all devices on the network
Reduce IT effort - Visibility to all network connected
Detection and categorization of unmanageable devices
Increase security - Prevent MAC spoofing and wired
port hijacking
Device categorization and population of CPPM database
Enable BYOD by creating device based policies
Health/posture checking of laptop and desktop devices
Reduce chances of virus and malware based attacks
Compliance based checking of devices for unacceptable
applications or behavior
Reduce risk and network usage associated with unsecure
or problematic applications
Automated workflow for enabling guest access
Reduction of IT staff (sponsors) time and effort to manually
provision guests
Custom look-and-feel for different guest or sponsor portals
Improved user experience
Total number of endpoint devices that will connect
to portals
Total number of authenticating devices
Total number of devices connected to the network
Total number of devices being health checked (Windows,
Linux and Macintosh only)
Total number of guests per day
1344 Crossman Avenue. Sunnyvale, CA 94089
1-866-55-ARUBA | Tel. +1 408.227.4500 | Fax. +1 408.227.4550 | [email protected]
© 2012 Aruba Networks, Inc. Aruba Networks’ trademarks include AirWave®, Aruba Networks®, Aruba Wireless Networks®, the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System®, Mobile Edge Architecture®, People Move. Networks
Must Follow®, RFProtect®, and Green Island®. All rights reserved. All other trademarks are the property of their respective owners. Guide_ClearPassConversation_06XX12
Related flashcards
Create Flashcards