Security

last person joined: 4 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

What happens if the ClearPass Access License is overrun?

Jump to Best Answer
This thread has been viewed 40 times
  • 1.  What happens if the ClearPass Access License is overrun?

    Posted 25 days ago
    Hi all,

    I have a simple question; What happens if the activated Access Licenses in ClearPass get overrun? 
    E.g. we have 100 Access Licenses for our PoC, what happens if the 101st endpoint tries to authenticate using ClearPass? Does it get rejected because no more access license is available? Or does it go along with authentication and displays a warning in the webinterface? 

    Thanks in advance!

    ------------------------------
    Lex
    ------------------------------


  • 2.  RE: What happens if the ClearPass Access License is overrun?

    Posted 25 days ago
    It does not reject the authentication.  You just get a warning in the web interface.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 3.  RE: What happens if the ClearPass Access License is overrun?

    Posted 25 days ago
    Hi cjoseph,

    Thanks for your quick reply.
    Thats good to hear, but then i'm wondering, what is the limitation of the 100 access licenses if i can allow more than 100 simultaneously endpoints to connect?

    ------------------------------
    Lex
    ------------------------------



  • 4.  RE: What happens if the ClearPass Access License is overrun?

    Posted 25 days ago
    Over a certain period of time if you continue to exeed it (a few weeks, maybe?), it will lock you out of the web interface and ask you for a license key.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 5.  RE: What happens if the ClearPass Access License is overrun?
    Best Answer

    Posted 24 days ago
    Lex,

    A license is a 'right to use' that you purchase. And some products choose to hard-enforce that and if you have x licenses, with the x+1-th user that will be blocked. ClearPass does not hard-enforce the license, but will notify if you exceed the license that you purchased, 'soft enforcement'. In fact it will tell you that you are violating the legal licensing terms.

    This is a choice, btw one that I 'fought for' in the past, as for a product like network authentication, the risk to lock users out of the network with a strict enforcement is not a risk that you should be willing to accept as the potential damage may outcount the financial interests by magnitudes. The mentioned admin lock-out is something that happened in previous versions of ClearPass.

    With this, you have as a customer the flexibility to 'grow as you go' and once you reach your license limit, you can purchase additional licenses, but while that process runs you can simply resume your normal operations. It also allows you that if you have an event once a year, that you are not forced to buy licenses for that very exception when you would go over licensing, as long as it can be considered fair use in the spirit of the license agreement (this by the way is my personal opinion, for an official statement reach out to your local Aruba sales team). If your business is operating event networks, this may lay different.

    This means the way of license enforcement is a kind of trust that Aruba has in the customers that they purchase their fair license count. It does not mean that with a 100 user license you run a 500 user network, while you technically CAN you are not allowed to and there MAY be legal actions once Aruba finds out as you have a legal (license) contract and are violating the conditions.

    It's just another way of looking at it, and personally I feel that licensing should help customers to achieve their goals rather than limit it.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 6.  RE: What happens if the ClearPass Access License is overrun?

    Posted 25 days ago
    That sounds like something you would want to avoid. Do you have any source to validate your answer with Aruba's documentation?
    There's no official documentation on this, that I can find.. Thanks in advance!

    ------------------------------
    Lex
    ------------------------------



  • 7.  RE: What happens if the ClearPass Access License is overrun?

    Posted 25 days ago
    https://www.arubanetworks.com/techdocs/ClearPass/6.9/PolicyManager/Content/CPPM_UserGuide/Admin/License-types.htm

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 8.  RE: What happens if the ClearPass Access License is overrun?

    Posted 25 days ago
    Okay.  Speaking to others, you do not get locked out, but you get warnings.  If you have a license that has expired, that is when you get locked out (which is what I was experiencing).

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 9.  RE: What happens if the ClearPass Access License is overrun?

    Posted 22 days ago
    Hi Herman,

    Once again, thanks for your reply and clear explanation, this makes total sense to me!

    ------------------------------
    Lex
    ------------------------------