Security

Reply
Highlighted
Frequent Contributor I

Best practice for HPE Passport credentials in ClearPass

Hi

 

Since the release of ClearPass 6.7 the old Subscription ID is gone on the Software update page in CPPM.

Now we provide a HPE Passport account. That works pretty well, until the password expire in and must be changed.

If the customer have only a few clusters it's still quite easy to handle.

For them I create one HPE Passport account for each cluster.

 

I have not found a really good way to handle this for customers with multi cluster implementations. 

Is it still best to have one account per cluster? I have tried to have the same account on all clusters, but when the password expire, it will be critical to change on all clusters at the same time. Otherwise the account will be temporary locked due to bad password.

 

Does anyone have any thoughts on this issue?



Best Regards
Jonas Hammarbäck | Aranya AB
Network Architect, ACMA, ACMP, ACCP

Accepted Solutions
Highlighted
Aruba Employee

Re: Best practice for HPE Passport credentials in ClearPass

The reason is that the HPE Passport account has access to information/services that are required by other HPE products to enforce a password change every 90 or 180 days. If you've an account that doesn't access those resources they don't have the change enforced.

 

If it is happening, we recommend that customers create another passport account for the CPPM system that is only able to access the required capabilities in MNP. Then you can use the same account across clusters. 

View solution in original post

Highlighted
MVP Expert

Re: Best practice for HPE Passport credentials in ClearPass

I would recommand to contact Aruba customer support and share your new HPE passport user details they will validate your account details. Legacy ClearPass licenses and their associated Subscription ID(s) should be moved to this account for validation purposes

 

https://www.arubanetworks.com/support-services/contact-support/

 

 


Pavan Arshewar | ACCP

If my post address your queries, give kudos and accept as solution!
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

View solution in original post


All Replies
Highlighted
Aruba Employee

Re: Best practice for HPE Passport credentials in ClearPass

The reason is that the HPE Passport account has access to information/services that are required by other HPE products to enforce a password change every 90 or 180 days. If you've an account that doesn't access those resources they don't have the change enforced.

 

If it is happening, we recommend that customers create another passport account for the CPPM system that is only able to access the required capabilities in MNP. Then you can use the same account across clusters. 

View solution in original post

Highlighted
Frequent Contributor I

Re: Best practice for HPE Passport credentials in ClearPass

Thank you for the advise.

How do I create an account with the correct permissions? Today I have dedicated HPE Passport accounts, but the passwords expires. So I assume something isn't correct with them.



Best Regards
Jonas Hammarbäck | Aranya AB
Network Architect, ACMA, ACMP, ACCP
Highlighted
MVP Expert

Re: Best practice for HPE Passport credentials in ClearPass

I would recommand to contact Aruba customer support and share your new HPE passport user details they will validate your account details. Legacy ClearPass licenses and their associated Subscription ID(s) should be moved to this account for validation purposes

 

https://www.arubanetworks.com/support-services/contact-support/

 

 


Pavan Arshewar | ACCP

If my post address your queries, give kudos and accept as solution!
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

View solution in original post

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: