The Cisco Identity Services Engine (ISE) offers a network-based approach for adaptable, trusted access everywhere, based on context. It gives the user intelligent, integrated protection through intent-based policy and compliance solutions.
N/A
HPE Aruba Networking ClearPass Policy Manager
Score 8.8 out of 10
N/A
The HPE Aruba Networking ClearPass Policy Manager provides role- and device-based network access control for employees, contractors and guests across multi-vendor wired, wireless and VPN infrastructures.
Since it mainly works best with the Cisco ecosystem, we prefer a single vendor if possible. It is more mature for example of FortiNAC. The support level of the vendor is better. The licenses are available in suites hence it can be included in a group of services so a richer …
When comparing Cisco Identity Services Engine and Aurba ClearPass, Cisco Identity Services Engine provides more complex graphic user interface - it is easy to get lost within it, but on the other hand you can find everything you need. Cisco Identity Services Engine is very …
Aruba ClearPass and Cisco ISE are very similar in nature. The biggest differentiator that I have seen is the Cisco ISE ecosystem around native Adaptive Network Controls, programmable interfaces, pxGrid, and Cisco TrustSec environment. Due to the span of products Cisco has in …
I know we looked at ClearPass. ClearPass was the other solution we had looked at a long time ago, but haven't really looked back, so I don't remember too much about it.
So we have Aruba ClearPass manager, so we evaluated that one as well that what is the future around it, but we found Cisco ISE better, so that's why we made a decision to move to Cisco. So we evaluated CPPM, which is an Aruba product, Aruba platform.
Cisco Identity Services Engine (ISE) is definitely better, PxGrid alone wins the race. Cisco Identity Services Engine (ISE) is more dynamic and vibrant, with a myriad of features.
We made more progress with Forescout in 2 days than we did in 8 months trying to get ISE operational. It isn't even close. The MDM add-in worked almost immediately, and the lack of reliance on 802.1x made the entire setup process extremely quick.
Cisco ISE stacks up well against other systems because it does what it says and is stable. For us, ISE is great for managing access to our network devices and systems. Cisco ISE might not do as much as other products, but you will pay more for those options. If you are looking …
From my experience, ClearPass has been the best NAC server of all I've seen. Even though configuration is somewhat hard and it's hard to get training, once you learn how to configure it it works very well. The policies are very granular and scalable and the interface is a …
ClearPass by far is a more versatile system it seems that it has more features and can configure how you want it. Cisco ISE is extremely complicated to deploy where I felt that ClearPass was more straight forward and user-friendly. Clearpass does what Cisco ISE can do and …
Cisco ISE integrates will with a Cisco solution such as firewalls, network switches and routers. It does an incredible job of granting access based on the role that an individual or groups have, and the ability to remove access to that individual or group is also east. In our environment ISE is used to authenticate external users that have access by vpn, and also to manage access to the large network infrastructure
Aruba ClearPass is suited well for large enterprise networks with many connecting buildings and branches. Aruba ClearPass protects your endpoints from unauthorized or unknown devices accessing your network. You can apply policies that prevent devices from meeting the required policies in ClearPass. ClearPass will allow only authorized access for devices that are using the policies.
The most beneficial thing that I love about it, there are tons of things that I love about ISE and that it does well, but the most fascinating that I feel about is its integration with DNA center or Catalyst Center using PX Grid as the protocol wherein ISE acts as a policy server for the entire campus hand in hand with Catalyst Center to make sure that the policy policy follows the user and also in the background hand in hand with DNA Center or Catalyst Center makes sure microsegmentation is implemented so that east west traffic is blocked and takes care of the campus.
You can use ClearPass authenticate using wired and wireless network devices. This is helpful that you don't have to have multiple systems to accomplish this.
Because devices can have different purposes Clearpass can configure groups that will specify what access they have. You can use parameters such as vendor or mac address so clearpass know what group to push them to.
It is very easy to view device logs. This is really helpful to troubleshoot auth issues. Once you find the device Clearpass provides more than enough info to know what the issue is and to fix it.
For us the solution is very easily useable on its own. Perhaps that has to do because we started using ISE in the 1.2 days and have seen it grow during the years. Policy creation, etc. is all very visible and thus easy to use. Deployment of multiple nodes is also incredibly easy and flexible. You can easily add or remove nodes as you wish.
Though Aruba ClearPass offers a lot of insight and features, it is not the easiest to navigate. A lot of other systems can be figured out as you go, but Aruba ClearPass often requires a lot of research in order to set something up correctly. It's not always easy to find what you're looking for. Once you learn the basics, it becomes a lot more manageable, but it's definitely worth investing in some sort of training.
We do have to occasionally reboot the servers when they get low on memory, but we're also a few versions behind. Availability has generally been pretty good though with no major outages in the time that we've had it implemented.
Cisco support is second to none, both in terms of how you access support but also the knowledge of the individual support teams. If you focus on one technology and provide "manufacturer support" then you can rest assured that you are accessing Cisco's top individuals. I feel like this is a USP for Cisco support.
This product has consistently provided the results needed from it and when issues arose, Aruba TAC was able to provide support effectively. In the previous question, I stated that Aruba Wireless is used as well. With those systems in place with ClearPass troubleshooting becomes much easier. I am sure other issues may arise if calling support while using another vendor for wireless such as Cisco, Juniper, etc.
I did participate in the implementation of Cisco ISE and while there were times when it was confusing and we had a lot of trial and error, overall the experience was fine.
I think all give some visibility of device monitoring and management, but Cisco Identity Services Engine gives a good way to manage more details about the device in a centralized way that gives a wider range of monitoring and control than the other softwares individually. I don't think Cisco Identity Services Engine eliminates the need for these other software as of now, but there is potential for Cisco Identity Services Engine to be able to take over more of these roles.
From my experience, ClearPass has been the best NAC server of all I've seen. Even though configuration is somewhat hard and it's hard to get training, once you learn how to configure it it works very well. The policies are very granular and scalable and the interface is a well-done web GUI that does not need any extra plugins installed, as some of Cisco's product require. There are many more options than with FortiNAC, and many more integration options. Also, troubleshooting and logging is good.
It's fully customised and comprehensive. only thing is you need to know what you want. Proper research and planning would save lots of time and effort .
I don't know about negatives because we haven't seen it right now, but positive impact is one is the roadmap we have. And now since we are going ahead with doing the deployment of Cisco ISE, we see that we are getting closure to, so at the end of the day, we have to make sure that operationally we stay excellent. So that's where operational excellence comes in. Cisco ISE is basically addressing that for us. Right now we are in a situation if there is a WIFI issue or if there is an authentication issue, it gets really difficult to isolate the problem. But with Cisco ISE , this functionality is going to come in. So we believe that it would be a good ROI.
ClearPass has streamlined everything so we don't have to have as many people managing our device auth systems.
Our Security team loves that ClearPass can deny unauthorized users and devices from the network. This alone has probably saved us a lot of money and headaches.
