Introduction

ClearPass OnGuard performs advanced endpoint posture assessments to ensure security and compliance requirements are met prior to devices connecting to the corporate network.

As a key component of the Aruba ClearPass Policy Manager platform, the advanced network access control (NAC) framework in ClearPass OnGuard offers exceptional safeguards against vulnerabilities.

Features

• Enhanced capabilities for endpoint compliance and control
• Supports Microsoft, Apple, and Linux operating systems
• Anti-virus, firewall checks and more
• Optional auto-remediation and quarantine capabilities
• System-wide endpoint messaging, notifications and session control
• Centrally view the online status of all devices from the ClearPass Policy Manager platform

Detailed Features

When running persistent OnGuard agents, ClearPass Policy Manager can centrally send system-wide notifications and alerts, and allow or deny network access based on real-time changes on the endpoint. The persistent agent also supports auto and manual remediation.

Alternatively, the web-based dissolvable agent is ideal for personal, non IT-issued devices that connect via a captive portal and do not allow agents to be permanently installed. A one-time check at login ensures policy compliance. Devices not meeting compliance can be redirected to a captive portal for manual remediation.

Automatic remediation

If unhealthy endpoints do not meet compliance requirements, the user receives a message about the endpoint status and instructions on how to achieve compliance if auto-remediation is not used.

Messages can include reasons for remediation, links to helpful URLs and helpdesk contact information. ClearPass persistent agents provide the same message and remediation capabilities for 802.1X and combined environments.

IT-managed and BYOD endpoint compliance

OnGuard persistent and dissolvable agents can be used together in environments where endpoints are owned by the organization, employees and visitors. This ensures that all devices are assessed and granted proper privileges before accessing the network.

Complete endpoint visibility

To simplify troubleshooting, endpoint control and compliance reporting, ClearPass Policy Manager allows IT to centrally manage health-check settings and policies. IT also has the
ability to view endpoint activity, including user and device data for each device that connects using OnGuard agents.

Real-time endpoint compliance

Depending on operating system type OnGuard performs the following level of posture and health checks.

ORDERING GUIDANCE

ClearPass OnGuard can be ordered via perpetual license or subscription that includes ArubaCare for the length of the subscription.

Ordering ClearPass OnGuard involves the following three steps:

• Determine the number of unique computer endpoints that will have posture/health checks performed prior to network access within your environment.
• Select the total number of OnGuard licenses.
  

Additional ClearPass OnGuard capacity can be purchased at any time to meet growth demands. ClearPass OnGuard is licensed on a per endpoint basis.

Advantages

THE CLEARPASS ADVANTAGE

In addition to anti-virus, anti-spyware and personal firewall audits performed by traditional NAC products, OnGuard agents can perform more granular posture and health checks, to ensure a greater level of endpoint compliance and network authorization.

Flexible Deployment Options

OnGuard can be deployed and configured in a variety of ways based on preference and specific infrastructure requirements. This includes the capability to deploy in an agentless configuration, utilize dissolvable agents, or take advantage of the continuous monitoring capabilities offered through a full OnGuard agent.

The following operating systems and versions are supported:

• Microsoft - Support for Windows 7 and above. Can be run as a service.
• Apple - Support for macOS 10.10 and above.
• Linux - Support for Red Hat Enterprise Linux 5 and above, Ubuntu 14.x LTS, 16.x LTS and 18.x LTS, Community Enterprise Operating System (CentOS) 5 and above, Fedora Core 24 and above, and SUSE Linux 12.x.