Aruba ClearPass is network access control (NAC) technology from HPE company Aruba Networks. Aruba acquired Avenda and its eTips NAC in 2011.
N/A
Cisco Identity Services Engine (ISE)
Score 8.9 out of 10
N/A
The Cisco Identity Services Engine (ISE) offers a network-based approach for adaptable, trusted access everywhere, based on context. It gives the user intelligent, integrated protection through intent-based policy and compliance solutions.
From my experience, ClearPass has been the best NAC server of all I've seen. Even though configuration is somewhat hard and it's hard to get training, once you learn how to configure it it works very well. The policies are very granular and scalable and the interface is a …
ClearPass by far is a more versatile system it seems that it has more features and can configure how you want it. Cisco ISE is extremely complicated to deploy where I felt that ClearPass was more straight forward and user-friendly. Clearpass does what Cisco ISE can do and …
So we have Aruba ClearPass manager, so we evaluated that one as well that what is the future around it, but we found Cisco ISE better, so that's why we made a decision to move to Cisco. So we evaluated CPPM, which is an Aruba product, Aruba platform.
Aruba ClearPass and Cisco ISE are very similar in nature. The biggest differentiator that I have seen is the Cisco ISE ecosystem around native Adaptive Network Controls, programmable interfaces, pxGrid, and Cisco TrustSec environment. Due to the span of products Cisco has in …
When comparing Cisco Identity Services Engine and Aurba ClearPass, Cisco Identity Services Engine provides more complex graphic user interface - it is easy to get lost within it, but on the other hand you can find everything you need. Cisco Identity Services Engine is very …
I know we looked at ClearPass. ClearPass was the other solution we had looked at a long time ago, but haven't really looked back, so I don't remember too much about it.
Cisco Identity Services Engine (ISE) is definitely better, PxGrid alone wins the race. Cisco Identity Services Engine (ISE) is more dynamic and vibrant, with a myriad of features.
We made more progress with Forescout in 2 days than we did in 8 months trying to get ISE operational. It isn't even close. The MDM add-in worked almost immediately, and the lack of reliance on 802.1x made the entire setup process extremely quick.
Cisco ISE stacks up well against other systems because it does what it says and is stable. For us, ISE is great for managing access to our network devices and systems. Cisco ISE might not do as much as other products, but you will pay more for those options. If you are looking …
Aruba ClearPass is suited well for large enterprise networks with many connecting buildings and branches. Aruba ClearPass protects your endpoints from unauthorized or unknown devices accessing your network. You can apply policies that prevent devices from meeting the required policies in ClearPass. ClearPass will allow only authorized access for devices that are using the policies.
One scenario I already mentioned is authentication integration. So that works well. We haven't run any situation where it is not suited, so we haven't run into that situation. So I am not really sure that would it work or not. But right now, so far so good.
You can use ClearPass authenticate using wired and wireless network devices. This is helpful that you don't have to have multiple systems to accomplish this.
Because devices can have different purposes Clearpass can configure groups that will specify what access they have. You can use parameters such as vendor or mac address so clearpass know what group to push them to.
It is very easy to view device logs. This is really helpful to troubleshoot auth issues. Once you find the device Clearpass provides more than enough info to know what the issue is and to fix it.
The most beneficial thing that I love about it, there are tons of things that I love about ISE and that it does well, but the most fascinating that I feel about is its integration with DNA center or Catalyst Center using PX Grid as the protocol wherein ISE acts as a policy server for the entire campus hand in hand with Catalyst Center to make sure that the policy policy follows the user and also in the background hand in hand with DNA Center or Catalyst Center makes sure microsegmentation is implemented so that east west traffic is blocked and takes care of the campus.
I guess the user experience itself, it's sometimes a little bit slow, but this is also dependent on the platform and the scale of the deployment of course. But actually functionality-wise it's really, really good. But yeah, it could sometimes be a little quicker to react on the good front.
Aruba Clearpass is straight forward in terms of day to day use for monitoring and basic user connectivity issues. The system is very robust on the back end, therefore some larger configuration changes may not be the most intuitive. System upgrades and license management are not the most intuitive either.
For us the solution is very easily useable on its own. Perhaps that has to do because we started using ISE in the 1.2 days and have seen it grow during the years. Policy creation, etc. is all very visible and thus easy to use. Deployment of multiple nodes is also incredibly easy and flexible. You can easily add or remove nodes as you wish.
We do have to occasionally reboot the servers when they get low on memory, but we're also a few versions behind. Availability has generally been pretty good though with no major outages in the time that we've had it implemented.
We had some issues with ClearPass integration with AirGroup on Aruba Controller Clusters. Basically, it was tough to get coordinated between the controller support and the ClearPass support.
Cisco support is second to none, both in terms of how you access support but also the knowledge of the individual support teams. If you focus on one technology and provide "manufacturer support" then you can rest assured that you are accessing Cisco's top individuals. I feel like this is a USP for Cisco support.
I did participate in the implementation of Cisco ISE and while there were times when it was confusing and we had a lot of trial and error, overall the experience was fine.
From my experience, ClearPass has been the best NAC server of all I've seen. Even though configuration is somewhat hard and it's hard to get training, once you learn how to configure it it works very well. The policies are very granular and scalable and the interface is a well-done web GUI that does not need any extra plugins installed, as some of Cisco's product require. There are many more options than with FortiNAC, and many more integration options. Also, troubleshooting and logging is good.
In our case, the entire core of our network is based on Cisco technologies as well as user access. For this reason it was the simplest choice given that both by integration and by knowledge of the platform it was the solution with the least complexity and the best adoption curve offered us. At the level of capabilities, they seemed really similar to us, each option having some point where it surpassed the others and others where it was surpassed.
It's fully customised and comprehensive. only thing is you need to know what you want. Proper research and planning would save lots of time and effort .
Set and forget. It made a positive contribution in terms of labor and cost without needing much technical support. Since NAC and TACACS features come together, you can meet your needs with a single license.
The number of supporting companies may be limited in the country you are affiliated with. Therefore, agreements with third-party companies are expensive and your support requests may take a long time.
Cisco ISE is fairly expensive, but I feel that the time it saves our team is well worth it.
We have been able to roll this our to all of our teams, and they can each manage their own device and it is really convenient to have each team mange their own devices
Once it is deployed and configured, it seems like there isn't much upkeep, so we don't have to hire someone to manage it we do it by committee.
