The most important high-level changes are:
As mentioned above, the AAA licensing will be decoupled from hardware and Virtual Machine Appliances. One virtual appliance SKU and 3 hardware platforms SKUs are available.
ClearPass is currently supported on the following hypervisors:
ClearPass application licenses are available in three types, Access, Onboard and OnGuard. They are available as perpetual and subscription-based licenses.
The Access license is used to enable 802.1X, MAC Authentication, TACACS+, Guest, OnConnect, Security Exchange (previously ClearPass Exchange) and Endpoint Profiling. Access license consumption is based upon a concurrent session per-endpoint model. Security Exchange and Endpoint Profiling are enabled when any Access license is installed but not restricted to any licensed capacity limits.
The OnBoard license is used to enable automated provisioning and the creation of unique device identity certificates for any Windows, macOS, iOS, Android, ChromeOS, and Linux devices via a user-driven, self-guided portal.
OnBoard license consumption is based upon an active certificate per-user model. For example, if a given user has four devices with an active certificate each, only one OnBoard license is required. If over time, three out of the four devices are retired, and their associated certificates revoked, the fourth device certificate being active will still keep the OnBoard license associated to the user.
ClearPass OnGuard leverages persistent and dissolvable agents to perform advanced endpoint posture assessments over wireless, wired and VPN connections. OnGuard’s health-check capabilities ensure compliance and network safeguards before devices connect. OnGuard license consumption is based upon a per-endpoint model. For example, if the OnGuard persistent agent is to be installed (persistent agent) or used (dissolvable agent) on five endpoints within a 24-hour period, five OnGuard licenses are required.
If you upgrade to Clearpass 6.7, you will need to convert your existing licenses to the new license model. The migration to the 6.7 license model will follow the 1:1 license exchange principle. Examples:
With the bundling of Guest into Access license, the Guest license type will no longer be available. You will receive additional Access licenses during the conversion.
The Enterprise license type will no longer be available in ClearPass 6.7. An Enterprise license can be converted into X number of Access, Y number of Onboard and Z number of OnGuard license in multiples of 25. For example, a customer with 100 Enterprise licenses can get the following:
Most licenses can be converted via the My Networking Portal of HPE/Aruba (An HPE Passport account will be required to login). Due to the multiple options available, Enterprise license conversions requires assistance by Aruba Support and are not supported by the My Networking Places conversion tool. The Enterprise license conversion is a one-time, one-way process per license key.
The new ClearPass 6.7 keys are not immediately required after the upgrade. The Policy Manager license key (previously the 500, 5K and 25K) will auto-convert into a pre-activated Platform Activation Key. The updated system will also be pre-activated with temporary licenses that are set to expire 180 days after the upgrade has completed.
A detailed explanation of the license upgrade process can be found here: https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Default.aspx?EntryId=28178
With a valid SecureLink support contract, you can contact the SecureLink service desk and we will help you with the conversion process of your existing ClearPass licenses.
What happens when I exceed a license?
A warning will be displayed in the web user interface as well as over syslog and SNMP
Is the High Capacity Guest (HCG) mode still available?
The bundling of Guest Access into the Access license along with the introduction of the concurrent session per-endpoint consumption model provides a more flexible alternative for customers.
Do I need to double the number of Access licenses for high-availability applications?
Access licenses are shared across all appliances in a cluster.
Is the Enterprise license still available?
The bundling of Guest Access into the Access license and per user Onboard consumption provides more value than the legacy Enterprise license.Do you have a question or would you like more information? Please do not hesitate to contact us.