Aruba Networks Intros Device Management Appliance for BYOD

Aruba Networks has entered the rapidly expanding mobile device network access control market with its own set of products, catering especially to environments such as campuses, where bring-your-own-device (BYOD) is common. This week, the company announced Aruba ClearPass, which includes an access management appliance and software modules for automating the secure provisioning of mobile devices on an enterprise network as well as more traditional computing systems. That network can be running Aruba network gear or infrastructure from other vendors.

The company also announced a new certification program to train IT people on wireless networking where BYOD predominates.

David Morton, director of mobile communication strategies at the University of Washington in Seattle, and blogger at "Freshly Mobile," is probably much more accustomed than the typical business IT manager to the dramatic rise in BYOD. In a Webcast announcing ClearPass, Morton said U Washington--like most other campuses--has been doing BYOD for a long time. "At education institutions everybody brings their own device. We have a relatively small number of devices that we supply to faculty and staff. But in reality most of those faculty and staff are also bringing their own devices. On the academic campus itself, we are very open. You can think of us as a service provider. We need to support just about everybody. And we give access to just about everything that they need to access."

The challenge U Washington faces, Morton noted, is that it also runs three major hospitals. In that environment, he said, "Things need to be tightened down. We're just now rolling out new policies in those areas to allow guests on a segregated guest network, as well as clinical applications and devices inside the firewall in the hospital. You don't want to have Aunt Betsy being cared for in the hospital and having that compete with somebody watching Netflix out in the waiting room."

The university IT organization is seeing more devices now on its wireless network than on its wired network, he said. "The biggest area that's growing are the handheld devices. We have about 45,000 students; and we're seeing 140,000 unique devices on our network in a given month." About 60,000 of those, he added, are handheld devices. A third are running iOS, Apple's mobile device operating system. Windows comes in at 30 percent, Mac at 21 percent, and Android with 10 percent. "It's continuing to grow really rapidly."

ClearPass is intended to help administrators manage explosive growth in network access by devices by providing self-service provisioning and automated security mechanisms, among other functions. At the heart of the product suite is ClearPass Policy Manager. This product, sold as either a physical or virtual appliance, provides device registration, device profiling, endpoint health assessments, and reporting for enforcing user and endpoint access policies as devices try to get onto the network.

Four ClearPass software modules extend the functionality of Policy Manager. Those include:

  • Onboard, for automating the on-boarding process for Windows, Mac OSX, iOS, and Android devices;
  • Profile, which provides endpoint device information, such as operating system and version, manufacturer, and device category, enabling for the differentiation of devices issued by the organization and those that are personally owned;
  • Guest, a guest management system that allows non-IT users to create temporary WiFi accounts for visitors; and
  • OnGuard, agents that deliver device posture assessments and health checks of security compliance and network protection before devices gain network access.

These components can be purchased as a system or individually, said Robert Fenstermacher, Aruba's director of product marketing. "For instance, someone who just wants guest access shouldn't have to purchase all of the functionality. Or someone just looking for advanced [authentication, authorization, and accounting, as provided by Policy Manager] shouldn't have to buy any of the software modules."

Aruba has also released ClearPass QuickConnect, a cloud-hosted provisioning utility to grant self-service for users in configuring 802.1x authentication on their devices to gain network access. QuickConnect is sold by subscription.

The price of the ClearPass system for 5,000 devices is $14,995, Fenstermacher said. However, there are many variables that affect pricing. For example, ClearPass Policy Manager comes in three models, each supporting a different number of devices (500, 5,000, or 25,000). "These appliances can be clustered to support up to 750,000 devices per cluster," he explained. Policy Manager is also sold as a virtual appliance that supports 10,000 devices.

The software modules are licensed based on the number of devices relevant to that license. "For instance, if you buy ClearPass Policy Manager for 5,000 users, you can purchase a much smaller Guest license, to support up to 500 concurrent guests," Fenstermacher noted.

The ClearPass QuickConnect cloud yearly subscription fee is based on the total number of users in the organization.

The company also announced a new program of training and certification designed specifically to address the networking requirements that have emerged as a result of the BYOD phenomenon. The Aruba Certified Solutions Professional (ACSP) program trains network people in radio frequency fundamentals, WiFi design for high density environments, secure authentication and encryption, and mobile device provisioning. The curriculum uses remote labs and delivers training online.

"The course takes a holistic approach to managing wireless networks, and the marriage of WiFi fundamentals with vendor-specific materials is certain to enhance engineering confidence for those that participate," said Ryan Holland, associate director of network operations for Fisher College of Business at Ohio State University. Holland is an Aruba-certified mobility and design expert.

The regular price for the course is $1,500. Those who complete the course by July 31 will pay $750. Delivery of instruction will begin in April.

"BYOD can be a double-edged sword for enterprise IT departments today," said Zeus Kerravala, principal of ZK Research. "On one hand, there are great productivity gains to be had by enabling workers to use their own devices on the business network. On the other, provisioning, securing, and managing those devices is a nightmare for IT. Solutions such as Aruba's ClearPass portfolio offload the work from IT, while the business gets to reap the benefits of BYOD."

Featured