Unlisted 1

Reply
MVP

Re: ClearPass licensing explained - August-MHC

You buy the server for either 500, 5000 or 25000 devices. There is no other license needed to do tacacs/radius 802.1x.

 

Aa Tim said - TACACS licensing is special in the way that you count a unique user-login instead of a unique mac-address. So regardless if you login to 1000 different switches in a week - that is counted as one "license". If you have MAX 10 users that logon to the switch/network device management - then 10 licenses is the max you will use within the license period. So yes - a CP-VA-500 will be more than enough for that as it will scale up to 500 unique admin users... You might look at the other aspects of Clearpass to get the most out of your purchase ;)

 

 


Regards
John Solberg

-ACMX #316 :: ACCX #902 :: ACSA
Aruba Partner Ambassador
Intelecom/NetNordic - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Frequent Contributor I

Re: ClearPass licensing explained - August-MHC

Hi all,

 

And sorry for what may seem a mundane and simple BoM building exercise.

I have an old Dell OEM'd (very old) CPPM with the below licensing structure.

 

See attached 'Untitled.png' for licensing overview from CPPM UI.

 

I just want to ditch this old CPPM and move to new HPE/Aruba CPPM x 2 (also layering on some redundancy).

 

a. I presume i'm just going 2 x CP-5K's (appliance or virtual irrelevant).

b. 2 x Enterprise License which gives the 3 x Guest, OnGuard and OnBoard 25 seats

c. What is 'Workspace' ?

Guru Elite

Re: ClearPass licensing explained - August-MHC

a. Yes

b. Each appliance includes 25x enterprise licenses. You'll have 50x enterprise licenses which is used per feature, per device.

c. Old SKU, no longer used and will be removed when you upgrade to recent code.


Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I

Re: ClearPass licensing explained - August-MHC

Bless you @cappalli.  Thanks.

Frequent Contributor I

Re: ClearPass licensing explained - August-MHC

And at the risk of getting scolded... (But because this thread has been going on since 2014.. and I see geneology of this thread.. where occassionally a post is made that starts with 'UPDATE for 6.4 !' etc..) ...

The stance on 1 x Enterprise unit/count pertains to what for,

- GUEST

- ONBOARD

- ONGUARD

?

Rolling average ? Peak ? Concurrency ?

For the latest version of CPPM that is...

MVP

Re: ClearPass licensing explained - August-MHC

Hello mpgioia,

 

not sure I get your question correctly, but I'll give it a shot.

 

  • CPPM is based on the number of unique devices authenticated on a weekly basis. In enterprise situation you will have more or less the same devices each day during those 7 days, but in guest scenario you have to do X*7 to get the sizing of you Clearpass server.

 

  • Guest licenses needs to match with the number of unique devices authenticated on a daily basis. If you have on avg.100 guests per day you should assume more than one device per user so multiply with 2-2,5 to avoid licensing issues. 
  • Onboard needs to match with the number of active certificates. This means you need to revoke the certificate before you can re-use the license. 100 Onboard licenses allows for 100 enrolled/Onboarded devices.
  • Onguard is done in an Enterprise environment and consumes one license per device that does health-check. Ie. if all your 200 enterprise laptops requires health-check, then you need 200 Onguard licenses..

Regards
John Solberg

-ACMX #316 :: ACCX #902 :: ACSA
Aruba Partner Ambassador
Intelecom/NetNordic - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Highlighted
MVP

Re: ClearPass licensing explained - August-MHC

Thank you all for commenting, giving kudos and making this thread last as long as it has! With the Release of Clearpass 6.7 - this thread has become moot as the Clearpass licensing has been completely revamped. Pasting the top list from the release notes:

 

  • Decoupling licenses from hardware for better granularity
  • Concurrent license count vs. 7-day rolling averages for AAA
  • Guest functionality bundled as part of new Access licenses
  • Onboard license is now per-user

Some comments:

Access Licenses counts Concurrent users, and encompass 802.1x, MAC-Auth, TACACS, Guest, Onconnect, Endpoint profiling, Clearpass Exchange. 

No more High-Capacity Guest mode..

Servers are now called C1000, C2000, C3000

Accounting is vital in the new licensing setup to ensure that devices are removed from the concurrent licensing pool when they log off.

The licensing will be even more flexible than before in terms of over-usage.

 

You can buy the old licenses for 6 months, and once upgraded to 6.7 you will have 6 months period to install the converted licenses.

 

Now - good luck with migration all!


Regards
John Solberg

-ACMX #316 :: ACCX #902 :: ACSA
Aruba Partner Ambassador
Intelecom/NetNordic - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: