Aruba ClearPass + JSS ?

lionelgruenberg
New Contributor III

Anyone integrating their JSS with Aruba ClearPass?
Pros / Cons ?
Ty!
-Lionel

18 REPLIES 18

bbergstein
New Contributor III

not yet, but we will probably be looking at it shortly...

bbergstein
New Contributor III

not yet, but we will probably be looking at it shortly... i'm interested to see if anyone else has...

lionelgruenberg
New Contributor III

@bbergstein][/url hmmm can't find much documentation online about what features/improvements this integration would provide (we don't need Aruba WorkSpace for iOS) our Mac OS clients enrolled in JSS. We have a big BYOD. 90% of the devices on our WLAN are not enrolled in our JSS. We don't have any serious issues with wifi w/o the JSS integration and Feel strongly if it isn't broken, don't fix it'
Last point- I'm very excited for ClientMatch feature on the soon to be released ArubaOS - occasionally We see sticky client issues... Thinking out loud here with the hope someone has more info for us :)

pchang
New Contributor

@bbergstein][/url have you done any integration yet with ClearPass and the JSS? We are starting to look at this and am wondering if you have started integrating ?

Anyone else out there using ClearPass and JSS together?

Over9000
New Contributor III

We recently implemented ClearPass with JSS. We assumed ClearPass was using the API and we setup a proxy account so it can grab the information it needs from JSS. We ran into a hiccup where it wasn't grabbing all the machines and this was due to the fact we had setup multiple sites and during the login and gathering of the computer information it was defaulting to a smaller site. Other than that, it's been working pretty well.

libertyboom
New Contributor

What account/privileges did you grant on the JSS to allow ClearPass access?

bheitzig
New Contributor II

We are working to implement ClearPass with JSS and had to give full API and full admin rights to the JSS for the setup to work. However, ClearPass isn't making changes to the JSS so I'm not sure why it needs full access...

lisacherie
Contributor II

Reviving an old thread..

We're looking at ClearPass at the moment, and hopefully automating the SCEP device certificate request.

Anyone have any experiences to share with giving ClearPass access to the JSS API? And/Or the SCEP request process?

Thank you!

bheitzig
New Contributor II

ClearPass needs full access to the JSS and API though I have yet to see documentation explaining why that level of access is necessary. We are experiencing difficulties with ClearPass seeing newly enrolled iPads correctly (which prevents newly enrolled devices from access our new WiFi).

Simmo
Contributor II
Contributor II

I did a quick read of some documents from the Aruba site, but I didn't really see what I wanted.
What real benefits are there to integrating the two that would make it worth the time spent?

lisacherie
Contributor II

Was able to get it pulling info from the JSS with audit permissions - didn't want it to have write.

Anyone been successful with clearpass using the info obtained from the JSS to populate device certs subject alt name fields via scep (without enrolling to clearpass)?
(The additional fields in the subject alt name that are created if you enrolled to clearpass.)

Or if it is possible to limit scep certificates to only devices already known? (the ones imported from the JSS).

Chris_Hafner
Valued Contributor II

I'm going to be following this thread for a bit. We're headed down this route as well. Actually, I'm really interested in figuring out whether or not we can use ClearPass as our method for authenticating devices against AD for certain types of authentication. At present we refuse to load AD bound accounts because of significant performance issues. Yet, since ClearPass knows who our users are based on AD credentials I'd love to use that for certain authenticated services such as PaperCut and the like.

alviskoon
New Contributor

Please follow as we had a customer with 1000 licenses in China encountering this problem.
Integration solution would be great. And this involves downloading of the root certificate as well.

makander
Contributor

Reviving this thread again, how'd the ClearPass + JSS integration work out for you?

Chris_Hafner
Valued Contributor II

We never ended up going down this route. At this point, we're running down the SAML path and have a ways to go.

mbezzo
Contributor III

Checking in again - anybody have any updated experiences they're able to share?

pchang
New Contributor

We got rid of Aruba and ClearPass. The support over here from Aruba was frustrating and disappointing, so we got rid of it. We are now using Extreme Networks, with JSS integration, and it has been great so far.

alanfoley
New Contributor II

Stood up AD, almost exclusively for this solution. Design was to have auth via AD and then also have AD's root CA trust ClearPass PKI, and CP will hand out individual certificates to machines. Seems like the SI that we're using for Aruba implementation is only used to deploying wireless solutions where the laptops are in AD, which ours are not (yet). Now looking at auth via Okta instead and I would love to implement API to JAMFPro (MacOS and managed iOS) and AirWatch (Win10). I'll update with the path we choose, anyone else please share your experiences.