Review: Visualize Your BYOD Network with Aruba's ClearPass

Combining an Aruba RAP-3 remote access point with ClearPass Policy Manager lets learning happen anywhere, always fully supported and fully protected by the school’s home network, applications and policies.

Aruba Networks’ ClearPass Policy Manager can be deployed quickly on district networks of any size. Rules governing user locations, type, credentials, the health of connecting devices and other factors can be easily programmed into the software using a flowchart-like interface. Users who don’t match any of the set requirements fall into a “catchall” rule, which can be used for guest access.

The platform works well because it doesn’t simply deny users who fail an access challenge; rather, it tells them why they failed, based on the part in the rules flowchart that applies to them, and it helps them become compliant (if possible).

During testing, for example, a valid user’s notebook computer couldn’t access a network because the device didn’t have updated virus protection. ClearPass responded by detailing how the user could obtain anti-virus protection. The solution also denied the device access to the test network because the user already had three registered devices — the maximum allowed for users at the “faculty” level. In this case, ClearPass offered several compliance options, which included self-excluding one of the user’s current devices to make room for the new one.

Networks running ClearPass Policy Manager continuously scan user devices to ensure that once they become compliant, they stay that way. So when a compliant notebook sitting on the network has its Windows firewall disabled, it takes only a minute for ClearPass to detect that this action violates a security requirement. The solution can be set to reactivate the firewall automatically or boot the user, and to communicate the reason for the action.

Network administrators, meanwhile, get a detailed overview of every device connecting to the network in real time and can use that data to help users trying to gain access — or to actively block attacks. IT staff can also send pop-up alerts to inform active users of network performance issues or even a campus emergency.

Remote AP with ClearPass

The remote AP works with ClearPass to set up a virtual and secure connection anywhere in the world. Simply plug it into a wired, wireless or 3G/4G Internet connection to trigger the RAP-3 to call home automatically. Once that connection is made, it will update any new policies as needed and then extend the school network directly to connected devices — or wirelessly to students and teachers at the remote location. All those working remotely can use the same devices, networks and applications that they do when working at the school. In fact, the user experience is identical, with all the same security policies in place. Administrators can manage users who accessing the network through remote connections just as easily as they do local staff.

The RAP-3 is perfect for students or nontechnical teachers. Once powered up and plugged into a home or remote network, it will automatically know what school it belongs to through a free cloud provisioning service. It then finds that school’s network controller, registers itself and sets up its services for authorized users.

Alternatively, a pool of RAP-3s could be kept handy and distributed to teachers who need to work or teach remotely, or to students taking field trips.