Clear Licensing Explained 41x3x

Clear licensing explained - August-MHC OPTIONS

08-19-2014 10:13 AM - edited 08-28-2014 04:18 AM I often get questions from customers and our own organization on how Clear licensing works. Also – on the Aruba Airheads forums there are many questions – and answers – on the topic of Clear licensing. This document/post seek to summarize that. Parts of the document is information collected from the Airheads forum – see the reference list at the end. Please let me know if there are points I'm wrong on, or need further explanation for instance using examples/scenarios.

First - Clear Basics Common for licensing in Clear Policy Manager is that it’s counted towards endpoints/devices – and not s. One may have more than one device and the most common number today is 2-3 and steadily increasing. this when scaling your solution.

Clear Policy Manager (PM) •

This is the basic server that authenticates up to a certain a number of devices. These comes in the package of 500, 5000 and 25.000. Once you buy a server, you do not need any additional licenses to start authenticating devices. If your goal is straight up 802.1x authenticated using AD credentials then you’re set.

•

When installed you also have access to the three Applications; Guest, OnBoard and OnGuard

•

All PM’s comes bundled with 25 Enterprise application licenses so you can test the functionality of the Applications as this license can be used for any of them.

New functionality in 6.4! If you plan to use PM ONLY for the Guest application there is a feature you can activate called "High Capacity Guest mode". This doubles the amount of Guest devices you can authenticate on a single server. Meaning a -500 can authenticate 1000 Guest

devices. You will need the correct amount of Guest licenses, but this will save you the extra cost of an extra PM server if you need between 500-1000 devices. •

Note! This disables ALL 802.1x functionality, OnBoard and OnGuard. See screenshot below taken from the PM WebUI

Applications Clear Guest •

This Application adds functionality for visitor management – guest self-registration and employee lookup among some of it’s set of features.

•

Licensed through the Clear Guest or Enterprise license and is limited to the size of your PM.

News in 6.4! Introducing the High Capacity Guest mode feature where you can have double the amount of Guest devices on a PM server. For your -500 server you can then authenticate up to 1000 devices. You will need the correct amount of Guest licenses, but this will save you the extra cost of an extra PM server if you are slightly above 500 devices. Clear OnBoard

•

Clear Onboard offers self-provisioning and configuration of personal mobile devices enabling you to securely connect to the network in of BYOD initiatives.

•

Licensed through the Clear OnBoard or Enterprise license and is limited to the size of your PM.

News in 6.4! Not available if you are using High Capacity Guest Mode Clear OnGuard •

This application performs automated endpoint posture assessments on the ed device to ensure that compliance is met before the device is able to connect to wireless and wired networks.

•

Licensed through the Clear OnGuard or Enterprise license and is limited to the size of your PM

News in 6.4! Not available if you are using High Capacity Guest Mode

Licensing details Clear Policy Manager You will have to activate the server license through the WebUI within 90 days of installation, but it does not expire. For and be able to update to latest versions and patches through the WebUI you will also need an active subscription - either ArubaCare or PartnerCare. You buy a subscription for a period of x years and it is NOT automatically renewed. your Partner or Aruba for renewal. NOTE! The system continues to work even with an expired subscription, but no more or updates until renewal. Licensing is based on the number of unique authenticating endpoints (devices) per day. •

This is averaged across a 7 day period to take into normal peaks and valleys to determine whether or not you are exceeding your limit.

•

If you exceed your limit you will get a warning in the WebUI

•

If it was an abnormal week, nothing will happen and that warning will disappear.

•

If you exceed your license count for 4 out of 6 months, will be prevented from making any policy changes, running any usage reports or troubleshooting any connectivity issues that might arise.

•

At no point will the system stop authenticating s – even if you exceed the license limit.

PM Cluster If you reach your limit on your existing system, you can add additional servers to a PM cluster to be able to authenticate more devices. See attached figures

Clear Guest

The licenses count towards authenticated endpoints connected to a Guest , not the guest itself. The PM tracks the unique MAC addresses ed on a Guest that it sees on a daily basis, but the refresh is weekly. Example: If you have one appliance and use the starter bundle (25 Enterprise licenses) all for Guest, you can authenticate 25 unique MAC addresses per day connected by Guests. The system bursting so that if you have not purchased the right level of licenses, s are not denied access. The next day you may see some of the same MAC addresses and new ones. If you stay under or at 25 authentications you have enough licensing (again bursting is ed). The problem starts when you consistently see 30/40/90 authentications per day over 3 months. Then it is time to buy the next level license bundle. Cluster Application licenses in PM has a centralized license model. The Guest Application license is added to the Publisher and Subscriber nodes use from this pool when authenticating.

Clear Onboard Onboard licensing is based on the number of active and unique device certificates that have been provisioned. As the certificates expire or are revoked they will be removed from the license count. Cluster Application licenses in PM has a centralized license model. The Guest Application license is added to the Publisher and Subscriber nodes use from this pool when authenticating.

Clear Onguard The same model as PM for devices that go through a posture/health check.

Example. if you have 2500 devices authenticated through 802.1x, and of these only 1000 are Company owned laptops authenticated daily. You want to do Posture assessment of these 1000 devices, so you will then need 1000 OnGuard licenses. Cluster Application licenses in PM has a centralized license model. The Guest Application license is added to the Publisher and Subscriber nodes use from this pool when authenticating.

Reference list: Sourc URL

e

Author

http://community.arubanetworks.com/t5/AAA-NAC-GuestAccess-BYOD/How-License-Usage-count-is-shown-on-

Airhea

PM/ta-p/185596

ds

Arunkuma

forum

r

http://community.arubanetworks.com/t5/notifications/email messagepage/board-id/aaa-nac-guest-access-

Airhea

byod/message-id/4965

ds forum

tarinelli

http://community.arubanetworks.com/t5/AAA-NAC-GuestAccess-BYOD/Clear-Guest-Licensing-Question/m-

Airhea

p/88392

ds

SethFierM

forum

onti

Airhe Thanks to Tim Capalli for pointing out the new features for

ads

6.4

forum

capalli