Aruba Networks this week unveils software designed to protect corporate data and networks when accessed by employee-owned mobile clients, whether laptops, tablets or smartphones.
The software, ClearPass Policy Manager, offers a set of modules that let enterprise IT groups streamline provisioning, inventory, security and management for personal devices used for work purposes, a trend often dubbed "bring your own device" or BYOD.
Aruba's software is intended to make it simpler to securely manage a much more varied client environment, especially in mobile deployments, and to provision secure network access, a feature missing from at least some other mobile device management (MDM) applications.
ClearPass Policy Manager can be bought preloaded on a server appliance or as a VMware virtual machine instance. The application can work with the major mobile and PC operating systems in the enterprise: iOS, Android, BlackBerry OS, OS X and Windows 7. The new product combines code from two Aruba acquisitions, Amigopod, for guest access and management, and from last December, Avenda Systems, whose mobile management software is the heart of Policy Manager.
The new offering includes the FreeRADIUS open source software, for authentication, authorisation and accounting, but the Policy Manager also can work with an existing AAA/RADIUS infrastructure.
Policy Manager consists of the core application, and four separately licensed modules: Onboard, a self-service mobile provisioning portal for employees; Profiler, which creates a detailed inventory of each device; OnGuard, which is a Network Access Control application, including the quarantine and cleanup of compromised devices and Guest, for registering and managing guest access to the network.
One additional cloud service, ClearPass QuickConnect, can automatically configure wired and wireless network settings for personal devices.
The actual provisioning is set up in advance by IT administrators working with ClearPass Policy Manager, which lets them set a range of policies for devices by device type, OS, user groups and other variables.
Users then can register their devices for access on their own, via a Web portal, and have them automatically configured for such enterprise-standard protections and services as 802.1x authentication, a VPN client, Exchange ActiveSync, and machine IDs or certificates. When users attempt to log into the corporate network for the first time, they're redirected to the portal, where an application wizard walks them through the configuration process. Once that happens, these personal devices become uniquely visible to IT.
"By provisioning the device and giving it a unique ID, it gives us a degree of control over it that we wouldn't have otherwise," says Robert Fenstermacher, Aruba director of product marketing.
Since IT can see personal devices, it can centrally and immediately revoke access if a problem is detected, for example. Personal devices can be given limited access and privileges, while traffic from executive-level devices can be given high priority. Policies for Android devices can be different from those for iOS devices.
Aruba claims that ClearPass Policy Manager can be 50% less expensive than a comparable deployment of Cisco's Cisco Identity Services Engine, and if ISE requires network infrastructure upgrades for network switches, WLAN controllers and access points, the comparative savings are even greater, according to Fenstermacher.
The Guest management functions are based on the Amigopod software. Most of the other functions are from the Avenda acquisition. Aruba software engineers have been adding new code that integrates the two applications, and that creates a new workflows for the various self-service and administrative capabilities.