Security

Hi,
quick question,
When using the cppm built in PKI/onboarding to install a client cert, from a liense point of view , do we need a license for every client that has a cert installed, or  for every client authenticated onto the net using the cert ?

So
10,000 users are configured to use eap-tls via cppm onboard, but only  1000 are logged on at a time, license  = 10,000 or license = 1000

Rgds
Alex

------------------------------
Alex Sharaz
------------------------------

I don't think this has changed:  https://community.arubanetworks.com/browse/articles/blogviewer?blogkey=2c90af57-8a53-4ba1-a252-2160cb85d8bc

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Jan 27, 2022 05:06 AM
From: Alex Sharaz
Subject: clearpass onboard licensing

Hi,
quick question,
When using the cppm built in PKI/onboarding to install a client cert, from a liense point of view , do we need a license for every client that has a cert installed, or  for every client authenticated onto the net using the cert ?

So
10,000 users are configured to use eap-tls via cppm onboard, but only  1000 are logged on at a time, license  = 10,000 or license = 1000

Rgds
Alex

------------------------------
Alex Sharaz
------------------------------

From the license conversion technote:
"Onboard license consumption beginning with ClearPass 6.7 is based upon an active certificate per-user model. For example, if a given user has four devices with an active certificate each, only one Onboard license is required."

If 10k users are enrolled with a certificate (which is still valid/not revoked), but only 1000 are active at one time, you will still need 10k Onboard licenses. Licenses like Access and OnGuard follow the concurrent active devices model.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Jan 27, 2022 05:06 AM
From: Alex Sharaz
Subject: clearpass onboard licensing

Hi,
quick question,
When using the cppm built in PKI/onboarding to install a client cert, from a liense point of view , do we need a license for every client that has a cert installed, or  for every client authenticated onto the net using the cert ?

So
10,000 users are configured to use eap-tls via cppm onboard, but only  1000 are logged on at a time, license  = 10,000 or license = 1000

Rgds
Alex

------------------------------
Alex Sharaz
------------------------------