Aruba ClearPass NAC Solution Review

See the complete list of top 9 network access control (NAC) solutions.

Company Description

Aruba, a Hewlett Packard Enterprise (HPE) company, provides mobility and IoT solutions for organizations of all sizes. With infrastructure services offered as software from the public or private cloud, Aruba enables secure connectivity for mobile and IoT. The company was founded in 2003 and is a wholly owned subsidiary of HPE.

Product Description

Aruba ClearPass provides role- and device-based network access control for employees, students, contractors and guests across any multivendor wired, wireless and VPN infrastructure. With a built-in context-based policy engine, support for multiple enforcement methods (RADIUS, TACACS, SNMP), device fingerprinting and comprehensive posture assessment, onboarding and guest access options, ClearPass provides a foundation for network security. It includes the ability to identify users and devices connecting to networks, to detect the state of those devices, to construct and enforce policies, and is vendor agnostic, said Madani Adjali, director of product management, Aruba.


For endpoint posture assessment and remediation, Aruba offers ClearPass OnGuard which is available as an always-on agent or web browser-based plug-in. The always-on agent (often referred to as persistent agent) is designed for applications where real-time endpoint compliance is required. This is deployed predominately in company/institution-owned computers. The web browser-based plug-in is typically used in applications where customers want to ensure BYOD devices meet at least certain requirements before allowing access. This latter option is invoked on an as-needed basis via a captive portal. Both technologies are supported on Windows, MacOS and Linux. Additionally, ClearPass can integrate with third-party MDM/EMM platforms to include mobile device posture validation before allowing access.

Markets and Use Cases

It is strong in areas such as education, finance, healthcare and retail.

Applicable Metrics

Aruba ClearPass is deployed in high-volume authentication environments (e.g. 10+ million authentications a day) as well as distributed environments requiring local authentication survivability across multiple geographies (e.g. 30 points of presence). The company also maintains over 120+ third party integrations (firewalls, SIEMs, MDM/EMM, Network Access Devices, etc.).

Security Qualifications

When ClearPass is running in FIPS Approved mode, it utilizes a FIPS 140 2 validated cryptographic module. It is also on the U.S. Department of Defense Unified Capabilities Approved Products List (UC-APL).


ClearPass Exchange and ClearPass Extensions allow integration with third parties to share information with other vendor platforms. Additionally, it can bi-directionally share information from UEBA products such as Aruba IntroSpect (formerly Niara), which provides machine learning based-security analytics to adjust network access should threat indexes reach certain levels.


It is offered as virtual appliance running on VMware vSphere Hypervisor (formerly ESXi), Microsoft Hyper-V and Linux KVM, in addition to hardware appliances.


Costs vary with size. Example: a smaller site with 500 endpoints with the ability to reach the larger cluster to provide redundancy, OnGuard services and central management capabilities – OnGuard device posture (if desired) is included as an option in the main site quote (approximately $10,000 U.S. list).

Drew Robb
Drew Robb
Drew Robb has been a full-time professional writer and editor for more than twenty years. He currently works freelance for a number of IT publications, including ServerWatch and CIO Insight. He is also the editor-in-chief of an international engineering magazine.

Latest articles

Top Cybersecurity Companies

Related articles