Security

Hi

Since the release of ClearPass 6.7 the old Subscription ID is gone on the Software update page in CPPM.

Now we provide a HPE Passport account. That works pretty well, until the password expire in and must be changed.

If the customer have only a few clusters it's still quite easy to handle.

For them I create one HPE Passport account for each cluster.

I have not found a really good way to handle this for customers with multi cluster implementations. 

Is it still best to have one account per cluster? I have tried to have the same account on all clusters, but when the password expire, it will be critical to change on all clusters at the same time. Otherwise the account will be temporary locked due to bad password.

Does anyone have any thoughts on this issue?

The reason is that the HPE Passport account has access to information/services that are required by other HPE products to enforce a password change every 90 or 180 days. If you've an account that doesn't access those resources they don't have the change enforced.

If it is happening, we recommend that customers create another passport account for the CPPM system that is only able to access the required capabilities in MNP. Then you can use the same account across clusters. 

Thank you for the advise.

How do I create an account with the correct permissions? Today I have dedicated HPE Passport accounts, but the passwords expires. So I assume something isn't correct with them.

I would recommand to contact Aruba customer support and share your new HPE passport user details they will validate your account details. Legacy ClearPass licenses and their associated Subscription ID(s) should be moved to this account for validation purposes

https://www.arubanetworks.com/support-services/contact-support/