Aruba ClearPass Revives NAC for BYOD
The BYOD trend impacts devices, applications and the network itself. BYOD demands policy and control of applications as well as the network itself. This is where a new solution from Aruba Networks comes into play. Aruba Networks is expanding its ClearPass Access Management System this week with added capabilities for control of mobile devices and applications.
The ClearPass solution was first introduced in February of 2012. ClearPass is a Linux-based server appliance that provides FreeRADIUS-based access control. ClearPass 6.2 combines Network Access Control (NAC) for employees with NAC for guests. NAC technology provides device health and posture checks to ensure that a device is secure and able to join the network safely. Prior to the ClearPass 6.2 release, the NAC-for-guests component was a separate product from Aruba, called Amigopod.
In the first Aruba ClearPass release, a server-side component validated user names and did some device profiling, as Manav Khurana, senior director of product and solutions marketing for Aruba Networks, explained to Enterprise Networking Planet. ClearPass 6.2, according to Khurana, "adds device control with Mobile Device Management (MDM) and application control with policy management."
Khurana added that prior to the new release, Aruba only did network access restrictions. With the new release, enforcement on mobile devices on a per-application basis is now possible.
For example, if a user has a personal instance of the Box filesharing application and a corporate instance of Box, they can be controlled by policy. The corporate instance of Box can look up the policy from the ClearPass solution and enforce it. One policy might be that all data must encrypted; another might be that data cannot be copy/pasted or shared with personal apps on a given device, resulting in app-specific security for business-critical data.
Khurana noted that over Aruba's 10 year history, the company has often improved its network devices with application awareness. Now the company is flipping that model by helping make applications network-aware.
"An application can now signal the network if it is business-critical so that the network can assign more bandwidth," Khurana said. "Or if an application is being used outside the corporate network, the work application can automatically establish a secure VPN back to the corporate network."
For developers, Aruba offers App Wrapping to enable network awareness. Aruba has worked with software partners to "wrap" over 40 popular mobile applications.
"App Wrapper is a very lightweight piece of code that gets added to an application that connects to ClearPass to look up policy," Khurana said.
Going a step further, the new WorkSpace component of ClearPass is a mobile app that runs on a user device.
WorkSpace enables enterprises to distribute approved corporate apps. WorkSpace also provides a user portal with visibility into approved apps, devices, and access controls, and allows users to see all of the devices they might have on their network, including laptops, smartphones, and tablets. Sharing rules for resources, such as printers, can also be configured via WorkSpace.
The challenge of enterprise mobility and BYOD is a multi-headed one, as it crosses many different IT functions.
"Many different parts of the IT department need to come together to enable BYOD," Khurana said. "Solutions like this that provide a common ground to unite on are helpful."
Khurana added that there is also a skillset challenge that needs to be addressed. In his view, IT staff need to understand the risks of smartphone security and how WiFi architectures need to change to support BYOD environments.