Security

Am I the only one who is annoyed by the new way CP subscriptions are managed? The old way with subscription ID seemed to be more convenient and logical – one ID during the support period and that is it. No hassle of managing accounts, expired passwords, locked accounts because of incorrect login attempts (forgot to update password on CP server) etc. I was not happy how HPE passport worked even before it was tied up to CP subscriptions, but now, for me, it looks like a disaster. As a partner, I am managing several server clusters  for customers. Some of them do not even want to know how it is done. Some keep forgetting to renew their account password. It definitely does not make my life easy.

Aivars,

Thanks for posting this feedback.

I'm assuming we are talking about the replacement of the Subscription ID with the HPE Passport account versus Subscription licenses (e.g. 1 year, 3 year and/or 5 year license options). Assuming the former, the Subscription ID actually created a lot of headaches for our customers, partners, TAC, entitlement and my team to properly maintain over the years. A week would not go by without a customer escalation due to an expired ID.

This occurred for different reasons such as:

• A customer having multiple Subscription IDs when they had multiple standalone boxes but weren't submitted during their support renewal.
• A Subscription ID expiring because of delays in a support renewal.
• Backend end issues where the renewal was received but the update to the Subscription ID system was delayed.

What we have recommended to customers and partners is to setup an ALIAS email address (e.g. clearpass@<customer-name>.com) strictly for use with ClearPass updates. If this account is only being used for this purpose, it should not be flagged for periodic password changes. Said another way, the more HPE services are associated with a HPE Passport account, the greater security scrutiny is put on the account (e.g. 30 day password intervals).

Best regards,

Madani Adjali

Director, Product Line Management - ClearPass

Hi,

Your assumption is correct.

I know about the suggestion to create a dedicated account for this purpose but at least in my case, it does not solve anything.

If I have 10 customers running CP and they are outsourcing management to me, what options do I have? Running 10 accounts and managing their passwords on servers and on-line? Does not look good from my point of view! Changing password policy to 30 days will make the matter even worse.

Sorry, but I do not get your arguments why the change from Subscription ID was necessary. If the key distribution was a problem (never in my case), it could be solved the same way you are distributing licenses – using some kind of portal (my networking). Subscription key needed to be reentered once in a subscription period. Passwords need to be changed at least once in their expiration period. I was not able to find information about default HP passport password validity period, but I believe it was 4 month or something.