Security

last person joined: 21 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Licensing

This thread has been viewed 3 times

  • 1.  Clearpass Licensing

    Posted May 13, 2015 03:15 PM

    There have been a number of Aruba articles about Clearpass Licensing and I am still confused.  I understand how endpoints are calculated by do not understand the differences between different licenses required.

    Firstly, there are references to Guest licensing and Policy Manager licensing - are these one and the same, as there seems to be no licensing configuration within Guest, and CPPM Policy Manager licenses used match the endpoints expected.  Can anyone confirm this or if there is a separate license for Guest as well as the Policy Manager license ?

    Secondly, with a recently purchased 5K appliance, there are 500 Policy Manager licences and 500 Clearpass Enterprise licences.  Can the Policy Manager licences required burst beyond 500 and use the Enterprise licences (so long as the Enterprise functionality is not used) ?

     

    Thanks,

    Scott.



  • 2.  RE: Clearpass Licensing

    EMPLOYEE
    Posted May 13, 2015 03:22 PM

    There are 4 types of lic

     

    Core lic: lic that come with each appliance/VM (if you bought a 5k then you will get 5k core lic)

    Guest: Lic that is used if a guest is created in cppm guest user repository

    Onguard: Lic that is used if a device is postured with an agent (Persistent or disolvable)

    Onboard: Lic that is used if you issue a certificate to a device with CPPM

     

    if you had a guest that connected to CPPM and they created a guest account then it would use

     

    1 core lic

    1 guest lic

     

    if you had a employee that onboarded a device and is scanned when they connect then you would use

     

    1 core lic

    1 onboard

    1 onguard.

     

    Does this help?



  • 3.  RE: Clearpass Licensing

    Posted May 13, 2015 03:31 PM

    Thanks for the quick reply.

    So how do I determine how many Core Licences I have in use or do I have to calculate that manually ?  Each of the CPPM's we have all list POLICY MANAGER and CLEARPASS ENTERPRISE - and how many we have for each and how many are in use.

    Cheers



  • 4.  RE: Clearpass Licensing

    EMPLOYEE
    Posted May 13, 2015 03:40 PM

    Remember that all feature lic (guest, onboard, onguard or in your case enterprise which covers all 3 are shared within a cluster. Each appliance can grab from that single pool of lic.)

     

    There a 3 different ways you can check lic.

     

    1. On the Publisher you can check under lic.

    2. You can run an insight report

    3. if you have Splunk you can add the CPPM module.

     

    Screen Shot 2015-05-13 at 2.33.09 PM.png

     

    Screen Shot 2015-05-13 at 2.34.00 PM.png

     

    Screen Shot 2015-05-13 at 2.37.15 PM.png



  • 5.  RE: Clearpass Licensing

    Posted May 13, 2015 03:52 PM

    Hi again.

    Really sorry but penny not dropping into place for me.

     

    From your first example for a Guest user, I need one Core lic and one Guest lic.

    On our CP500, we have 500 Policy Manager lic and 25 Enterprise lic - this is from CPPM (Admin, Server Manager, Licensing)

    On the same CP500 I have created over 1000 user accounts and the used licences does not change. 

    When I connected with a Guest device, the Policy Manager lic used increases to 1.

     

    Hence my confusion - does the Core lic therefore match the Guest endpoints in the background ?  Or have I exceeded this with the number of Guests I have created (even though they are not all in use at same time).  Or is the Core lic a virtual licence that does not matter so long as the Guest is correctly licenced with Policy Manager licences ?

     

    Thanks again.



  • 6.  RE: Clearpass Licensing
    Best Answer

    EMPLOYEE
    Posted May 13, 2015 03:56 PM

    Usage is based on active devices. 

     

    You can create as many accounts that you want. It will only go against lic when they are active on the network and authenticate against CPPM

     

    If you created 1000 accounts and only 10 connected that day then you would use 

     

    10 core lic

    10 guest or enterprise lic



  • 7.  RE: Clearpass Licensing

    Posted Nov 11, 2015 06:40 AM

    In Onboard, will there be used one license for each Certificate or for each Onboarded Device?

     

    I created two certs. One using the OnBoard self service portal and one by manually generating a CSR.

    I thought only Onboarded Devices will need a license and manually generated certificates are "free".

     

    Onboard.JPG



  • 8.  RE: Clearpass Licensing

    EMPLOYEE
    Posted Nov 11, 2015 06:51 AM
    It's per signed certificate (which generally is a device)


    Thanks,
    Tim


  • 9.  RE: Clearpass Licensing

    Posted Sep 07, 2019 09:18 AM

    4 years on..

    a. Has the licensing architecture changed at all ?

    b. What 'bands' can you get the 'Policy Manager' / (Core) in ?



  • 10.  RE: Clearpass Licensing

    EMPLOYEE


  • 11.  RE: Clearpass Licensing



  • 12.  RE: Clearpass Licensing

    Posted Feb 26, 2020 01:37 AM

     

    Hi.


    Anyone know what level of support the licenses are that are by subscription in Aruba ClearPass.


    This to know if a perpetual license with extended support is better.


    Regards ...



  • 13.  RE: Clearpass Licensing

    EMPLOYEE
    Posted Feb 26, 2020 03:02 PM

    Hi Hector,

     

    Perpetual licenses are permanent (read - no expiry) and do not require renewal/re-subscription after the expiration. But I strongly recommend you to work with your local accounts team to explain your requirements to help you with this query.