01-21-2014 08:19 AM - last edited on 05-13-2014 01:19 PM by /chiefAirhead/
I was told in my C;earpass bootcamp that if I am going to have 100 unique guest clients per day (inlcuding Sat and Sun), I would need to provision for 700 Clearpass Policy Manager License which mean s I will need either 2 X CPPM 500 or 1 X CPPM 5k. Please advise if this is the ocrrect way to size.
Solved! Go to Solution.
01-21-2014 08:27 AM - edited 01-21-2014 08:29 AM
No, that is incorrect. Guest is licensed as the number of devices that authenticate per day (a guest being an authentication against the local db). The number is averaged out over 7 days.
In your scenario, 100 guest licenses and a CP-VA-500 would suffice.
Also, your CP-VA-500 will also have 25 enterprise licenses for use with guest, onboard, or onguard.
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX
01-22-2014 11:12 PM
Clearpass Policy Manager
• Licenses based on the number of unique authenticating endpoints (devices) per day
• This is averaged across a 7 day period to take into account normal peaks and valleys to determine whether or not you are exceeding your limit.
• If you exceed your limit you will get a warning in the WebUI
• If it was an abnormal week, nothing will happen and that warning will disappear.
• If you exceed your license count for 4 out of 6 months, you will be locked out of the WebUI until you resolve the issue
• At no point will we disable the system from authenticating users if you exceed the license limit.
Pasted from <http://community.arubanetworks.com/t5/ClearPass-formerly-known-as/Clearpass-Guest-Queries/m-p/39894/highlight/true#M605>
Yes...we enact the 7 day moving average to take care of inevitable peaks and valleys in usage of the system. In the event that you exceed the 25 limit for a trailing 7 days, the system will do the following:
Each month a licensing management feature within ClearPass monitors the 7-day rolling average as described and if capacity is exceeded, then the current month is flagged as “out of policy”.
This will trigger a warning message to the administrator that is displayed on the ClearPass Policy Manager dashboard.
If authentications of guests’ devices continue to exceed 25 devices for 4 months out of a 6 month period the next step is to go beyond the warning message described above and actually lock the administrator out of the Policy Manager GUI.
While users will continue to be authenticated, exceeding the warnings will prevent the administrator from making any policy changes, running any usage reports or troubleshooting any connectivity issues that might arise.
Guest is special, the MAC addresses refresh per day. You end up with a weekly view so that you can see a daily average though. We understand that in guest environments users come and go on a much quicker basis than in the enterprise itself.
The policy manager tracks the unique MAC addresses that it sees on a daily basis, but the refresh is weekly
Guest uses a daily reset model. If you have 1 appliance and use the starter bundle (25 licenses) all for guest, you can authenticate 25 unique MAC addresses per day that are connected by guests (we support bursting so that if you have not purchased the right level of licenses, users are not denied access). The next day you may see some of the same MAC addresses and new ones. If you stay under or at 25 authentications you have enough licensing (again bursting is supported).
The problem starts when you consistently see 30/40/90 authentications per day over 3 months. Then it's time to buy the next level license bundle.
ClearPass Product Management
-ACMX #316 :: ACCP-
Intelecom - Norway
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
01-22-2014 11:13 PM
This is the calculation that I gotten from Aruba:-
Policy manager licensing it’ll display the 30-day average of 7-day totals as calculated on each day. E.g. on day 7 it’ll calculate 7-day total as days1-7, then day 8 it’ll calculate 7-day total as days 2-8. Then, it’ll average these numbers over 30-day period.