Aruba ClearPass Review

It helps us to ensure all sites are compliant with a unified set of standards passed down from our corporate headquarters.


Valuable Features

The most valuable feature for us it the granular, logic-based nesting of objects which gives highly customizable control over AAA for TACACS+ and RADIUS.

Device profiling for basic/intermediate NAC is also highly useful.

Improvements to My Organization

Providing granular control over which devices are permitted to join our corporate wireless network, as well as in-depth AAA (accounting, in particular) for TACACS+ sessions, is huge. We can refer back to these logs at any time, which are especially useful when we undergo organization-wide audits.

Having a global business presence, CPPM helps us to ensure all sites are compliant with a unified set of standards passed down from our corporate headquarters.

Room for Improvement

  • I'd like to see greater ability to customize backups – locations, transfer protocols (SCP/SFTP, etc).
  • Small tweaks like scroll bar distances within large Enforcement Policies. More customization for SNMP traps (types), a well as published MIB files so that we can utilize our network monitoring environment more heavily with polling specific aspects of CPPM.
  • Hardware requirements for VM templates we use (CP-VA-5K) are, quite frankly, absurd (very high disk storage requirements).

Use of Solution

I've used it for just over three years.

Deployment Issues

I don't recall any issues with deployment.

Stability Issues

I don't recall any issues with stability.

Scalability Issues

I don't recall any issues with scalability.

Customer Service and Technical Support

Technical support was not all that great, actually. They are responsive, but oftentimes are VERY reluctant to initiate a screen-sharing session or give in-depth answers. URL links to knowledge-base articles are very typical for initial answers, which (1) slows resolution, and (2) increases frustration.

It seems, in general, that technical support is more interested in closing new cases than they are in actually solving the root issues. 90% of the questions I’ve had I’ve had solved (for free, mind you, without any maintenance fees) using Aruba’s Airheads online user-based forums.

Initial Setup

The solution was implemented before I gained ownership of it. I'm not sure of the history behind it.

Implementation Team

A local vendor was used.

Other Advice

Do your due-diligence in understanding how the product works before you deploy. CPPM (and many like it – Cisco ISE and ACS) are very complex in the way they are configured and operate.

If you can design the solution before implementation, you have a much better chance of scaling well, easily, and with little down-time as you grow the product throughout its life cycle in your organization.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest

Sign Up with Email