Aruba Networks

Secure Mobility Access

Aruba ClearPass

CONFIDENTIAL
© Copyright 2013. Aruba Networks, Inc. @arubanetworks
All rights reserved
 Are you ready for

CONFIDENTIAL
© Copyright 2013. Aruba Networks, Inc.
All rights reserved
Aruba’s FY’2013 ClearPass Business
Gartner 2013 NAC
MAGIC QUADRANT CLEARPASS
OPENING DOORS
INDUSTRY at NON-ARUBA
LEADER CUSTOMERS

MORE THAN 2200

TOTAL CUSTOMERS

CONFIDENTIAL
© Copyright 2013. Aruba Networks, Inc.
3 @arubanetworks
All rights reserved
Why We’re Winning

GUEST Beating Cisco with

ACS REPLACEMENT:
integrated RADIUS & TACACS+, built-in profiling
and ease of management!

GUEST ACCESS: ClearPass works in multivendor

networks, scales and makes the customer brand
look good!

MOBILITY SERVICES: ClearPass Onboard with

built-in CA, AirGroup, and IT Off-load features are
making BYOD roll-outs easy!

CONFIDENTIAL
© Copyright 2013. Aruba Networks, Inc.
4 @arubanetworks
All rights reserved
 Inside the ClearPass Solution

Industry leading Security and Access Control for Mobility

VISIBILITY WORKFLOW POLICY

Onboarding, Role-based
Device Profiling
Registration Enforcement

Guest Health/Posture
Troubleshooting
Management Checks

Per Session MDM

Device Context
Tracking Integration

CONFIDENTIAL
© Copyright 2013. Aruba Networks, Inc.
5 @arubanetworks
All rights reserved
Pitching The ClearPass Platform

DEVICE SECURITY

Guest
DEVICE
OnGuard Onboard
DIFFERENTIATED UNIFIED
Visitor
VISIBILITY Posture & ACCESS DevicePOLICIES
Management Health Checks Provisioning
VPN
GUEST EMPLOYEE

ClearPass Policy Manager

Policy SERVICES
POLICY Services
AAA Services Policy Engine
ENTERPRISE-CLASS AAA
Profiling
RADIUS, TACACS+

Identity 3rd Party App Multivendor

Stores MDM Servers Networks

CONFIDENTIAL
© Copyright 2013. Aruba Networks, Inc.
6 @arubanetworks
All rights reserved
ClearPass 6.3 – January 2014

INTEROPERABILITY INTEGRATION

CONFIDENTIAL
© Copyright 2013. Aruba Networks, Inc.
7 @arubanetworks
All rights reserved
Auto Sign On to Work Apps

1. 2. 3.

Successful network authentication validates the user for

automatic access to SAML enabled web/work apps

CONFIDENTIAL
© Copyright 2013. Aruba Networks, Inc.
8 @arubanetworks
All rights reserved
Auto Sign-On with Partners

Only Aruba lets you sign-in once & you’re good to go

• One login for all web/mobile apps

– Uses valid network login
• NO App logins
• IBM, Okta, Ping
• ClearPass as Provider (IdP)
– Uses SAML, not RADIUS

CONFIDENTIAL
© Copyright 2013. Aruba Networks, Inc.
9 @arubanetworks
All rights reserved
More in ClearPass 6.3

INTEROPERABILITY INTEGRATION

CONFIDENTIAL
© Copyright 2013. Aruba Networks, Inc.
10 @arubanetworks
All rights reserved
ClearPass Exchange

Two-way Third-Party Integration

1. Jail-broken
device
detected

ClearPass
denies access
to device
Syslog Messages / RESTful APIs

3. 2.
Message to Helpdesk
device auto ticket auto
generated generated

CONFIDENTIAL
© Copyright 2013. Aruba Networks, Inc.
11 @arubanetworks
All rights reserved
Recent Win!: Cisco ACS Replacement

Bechtel WHO / WHY?

Corporation
• Industry: Engineering, Construction
• Objective: Role out of BYOD initiative

AAA PROBLEM?
• Address lack of Cisco scalability for AAA
and onboarding of personal devices
RESOLUTION?

• Solution: ClearPass, plus Onboard

• Why Aruba: Cisco could not meet ease of
policy management, scalability and
onboarding capabilities
GUEST
CONFIDENTIAL
© Copyright 2013. Aruba Networks, Inc.
12 @arubanetworks
All rights reserved
Selling ClearPass Core Mobility Services

How Bechtel was Won!

1. Installed product was being phased out.

– EOL of Cisco ACS. Policy in ClearPass versus just AAA
2. Organization has > 1000 users
– IT NOT onboarding ~ 1500 devices
3. Customer also expressed interest in Guest Access
– ClearPass Guest more customizable and scalable than
Cisco ISE

CONFIDENTIAL
© Copyright 2013. Aruba Networks, Inc.
13 @arubanetworks
All rights reserved
 Recent Win!: Guest

San Francisco WHO / WHY?

Intl Airport
• Industry: Transportation/Public Facing Ent.
• Objective: Free & reliable Wi-Fi for guests

GUEST PROBLEM?
• Replacement of Cisco guest to support
high density of daily visitors
RESOLUTION?

• Solution: ClearPass Guest, Aruba Wi-Fi

GUEST
• Why Aruba: Cisco could not meet the key
requirement to provide visibility and
workflow control in a multivendor network

CONFIDENTIAL
© Copyright 2013. Aruba Networks, Inc.
14 @arubanetworks
All rights reserved
Selling ClearPass Guest Access

How SFO was Won!

1. Large volume of daily visitors.

– Old Cisco Wi-Fi and guest solution not scalable
2. Multivendor requirement.
– Cisco ISE guest fails in mixed Aruba and Cisco environment
3. Branding and guest experience.
– Aruba Guest portal fully customizable and sized for laptops /
tablets / smart phones

CONFIDENTIAL
© Copyright 2013. Aruba Networks, Inc.
15 @arubanetworks
All rights reserved
Recent Win!: Onboarding Mobile Devices

L.A. Unified WHO?

School District
• Industry: Education
• Objective: Every student has a tablet

PROBLEM?
ONBOARD
• Simple way to configure iPads and protect
content

END RESULT!
• Solution: ClearPass, plus Onboard
• Why Aruba: Ability to scale, off-load IT
and support network policies based on
MDM data for largest Onboard deployment

CONFIDENTIAL
© Copyright 2013. Aruba Networks, Inc.
16 @arubanetworks
All rights reserved
Selling Device Onboarding

How LAUSD was Won!

1. District concerned with device security.

– ClearPass MDM Connector leverages data from 3rd party
MDM solution
2. Ease of device configuration.
– ClearPass Onboard easier to manage than competing
solutions
3. Multivendor interoperability.
– ClearPass policy enforcement works across multivendor
wireless equipment deployed at individual schools

CONFIDENTIAL
© Copyright 2013. Aruba Networks, Inc.
17 @arubanetworks
All rights reserved
 Handling a Proof of Concept

Scope creep leads to endless PoC ClearPass Canned PoC

2014 2015

Customer learning on Aruba’s time Available to all partners

SE’s stuck for long periods Only requires access to SEEL
No end dates Limits scope and time

CONFIDENTIAL
© Copyright 2013. Aruba Networks, Inc.
18 @arubanetworks
All rights reserved
Industry Wide Deployments

CONFIDENTIAL
© Copyright 2013. Aruba Networks, Inc.
19 @arubanetworks
All rights reserved
What Makes ClearPass Different?

Multi-vendor
Independence

Built-in Services for RADIUS,

TACACS+, CA, MDM, SSO, Guest

Self-service and
Automated Workflows

CONFIDENTIAL
© Copyright 2013. Aruba Networks, Inc.
20 @arubanetworks
All rights reserved
 Competitive Differentiation

CONFIDENTIAL
© Copyright 2013. Aruba Networks, Inc. 21 @arubanetworks
All rights reserved
Competitive: Built-in Services

1 Integrated ISE NAC

CA
ClearPass System
TACACS Bonjour

ClearPass does not Cisco claims ISE is an

require multiple systems extensible Enterprise
for full featured service. Class platform.
Silos Silos

CONFIDENTIAL
© Copyright 2013. Aruba Networks, Inc.
22 @arubanetworks
All rights reserved
Competitive: Multivendor Support

100 Built-in
RADIUS
Dictionaries

Deployed in 2K Cisco claims to have a

multivendor accounts few Aruba Wi-Fi
reference customers.
Interoperability

CONFIDENTIAL
© Copyright 2013. Aruba Networks, Inc.
23 @arubanetworks
All rights reserved
Competitive: Guest Access

Full
Customization
and Branding

ClearPass Guest is Cisco guest meets quick

enterprise ready. & easy access needs.

Custom Skins 1 Template – 3 Colors

Branding Branding
Advertising Advertising
Multivendor Multivendor

CONFIDENTIAL
© Copyright 2013. Aruba Networks, Inc.
24 @arubanetworks
All rights reserved
 Thank You

CONFIDENTIAL
© Copyright 2013. Aruba Networks, Inc. 28 @arubanetworks
All rights reserved