Aruba Networks this week unveils software designed to protect corporate data and networks when accessed by employee-owned mobile clients, whether laptops, tablets or smartphones.
The software, ClearPass Policy Manager, offers a set of modules that let enterprise IT groups streamline provisioning, inventory, security and management for personal devices used for work purposes, a trend often dubbed "bring your own device" or BYOD. Aruba's software is intended to make it simpler to securely manage a much more varied client environment, especially in mobile deployments, and to provision secure network access, a feature missing from at least some other mobile device management (MDM) applications.
SECURITY MINEFIELD: 'Bring your own device' will bedevil IT security in 2012
ClearPass Policy Manager can be bought preloaded on a server appliance or as a VMware virtual machine instance. The application can work with the major mobile and PC operating systems in the enterprise: iOS, Android, BlackBerry OS, OS X and Windows 7. The new product combines code from two Aruba acquisitions, Amigopod, for guest access and management, and from last December, Avenda Systems, whose mobile management software is the heart of Policy Manager.
The new offering includes the FreeRADIUS open source software, for authentication, authorization and accounting, but the Policy Manager also can work with an existing AAA/RADIUS infrastructure.
Policy Manager consists of the core application, and four separately licensed modules: Onboard, a self-service mobile provisioning portal for employees; Profiler, which creates a detailed inventory of each device; OnGuard, which is a Network Access Control application, including the quarantine and cleanup of compromised devices; and Guest, for registering and managing guest access to the network.
One additional cloud service, ClearPass QuickConnect, can automatically configure wired and wireless network settings for personal devices.
The actual provisioning is set up in advance by IT administrators working with ClearPass Policy Manager, which lets them set a range of policies for devices by device type, OS, user groups and other variables.
Users then can register their devices for access on their own, via a Web portal, and have them automatically configured for such enterprise-standard protections and services as 802.1x authentication, a VPN client, Exchange ActiveSync, and machine IDs or certificates. When users attempt to log into the corporate network for the first time, they're redirected to the portal, where an application wizard walks them through the configuration process. Once that happens, these personal devices become uniquely visible to IT.
"By provisioning the device and giving it a unique ID, it gives us a degree of control over it that we wouldn't have otherwise," says Robert Fenstermacher, director of product marketing, for Aruba, Sunnyvale, Calif.
Since IT can see personal devices, it can centrally and immediately revoke access if a problem is detected, for example. Personal devices can be given limited access and privileges, while traffic from executive-level devices can be given high priority. Policies for Android devices can be different from those for iOS devices.
Aruba claims that ClearPass Policy Manager can be 50% less expensive than a comparable deployment of Cisco's Cisco Identity Services Engine; and if ISE requires network infrastructure upgrades for network switches, WLAN controllers and access points, the comparative savings are even greater, according to Fenstermacher.
The Guest management functions are based on the Amigopod software. Most of the other functions are from the Avenda acquisition. Aruba software engineers have been adding new code that integrates the two applications, and that creates a new workflows for the various self-service and administrative capabilities.
ClearPass Policy Manager will be released in March. Pricing is on a per-user basis, and varies with the total number of users and their devices. According to Aruba, 1,000 users averaging 2.5 devices, and 100 guests, would yield a charge of $17 per user.
Aruba also announced what it says is the first technical certification for network engineers designed for the new challenges of personally owned devices in the enterprise. The Aruba Certified Solutions Professional (ACSP) course work includes subjects such as "RF fundamentals, Wi-Fi design for high density client environments, secure authentication and encryption and mobile device provisioning for employees and guests," according to the vendor. The course is $1,500 per class, and will be offered starting in March. More information about these certifications is on the Aruba website.
John Cox covers wireless networking and mobile computing for Network World. Twitter: http://twitter.com/johnwcoxnww Email: [email protected] Blog RSS feed: http://www.networkworld.com/community/blog/2989/feed
Read more about anti-malware in Network World's Anti-malware section.