ClearPass 6.6.1 – What’s In and What’s Out?

By Trent Fierro, Blog Contributor
Share Post

The engineering team is on fire. Seems they're working harder than our political speech writers, but we're actually seeing results. The ClearPass 6.6 release was made available on April 6th of 2016 and they've already provided an update that includes some fixes, and several new features.

If you haven't upgraded to 6.6 it's probably wise to download the Release Note documentation from here. You'll want to read about supported browsers, VM requirements and expected installation times. The time it takes to upgrade can depend on the type of appliance that upgrading, the size of the Config and Insight databases, and the overall performance of your network.

What we've changed or added

As there are a number of new features in the following areas:

  • The Policy Manager base code
  • Insight reporting tool
  • Guest access

Policy Manager:

Virtual images –VMs are now shipped as a single virtual machine installation image per hypervisor type: either VMware ESXi or Microsoft Hyper-V image. During installation, a new menu option lets the administrator select the type of image they want to install.

MDM/EMM - If you're using the AirWatch solution, we've cleaned up the polling process for when you pull data from their context database. After an initial poll, you'll receive attributes for each device. To save time during secondary polls, only a device list is pulled instead of grabbing all device attributes gain.

If you're using SOTI and the user removes the supplicant, ClearPass will mark that device, "unmanaged" so that the device can be directed back through the onboarding process.

CLI login – We now provide the ability to lock the CLI account for a specified duration after a maximum number of consecutive password failures. Seems simple, but if you're the administrator you'll like the assurance that you're keeping someone that's messing with something they shouldn't be.

Network Discovery – Address Resolution Protocol (ARP) probing can now be enabled for use during scans. Network discovery uses Simple Network Management Protocol (SNMP) to read a variety of Management Information Base (MIB) data from a Network Access Device. When this option is enabled, the scan will now also probe all available ARP entries to capture better device information.

Social Logins – To capture metrics for guest access use, you can now generate a report for all devices where a guest was connected after entering a social login (Facebook, LinkedIn, etc.).

OnGuard-centric devices – For better tracking, you can now see a Hostname record for each device and you can see both MAC addresses for devices where both wired or wireless connection were established.

Guest access:

Expiration notices – For long-term guests, you can now send an account expiration notice 30 days to their credentials ending so that users are never caught off-guard and lose network access.

Password changes – To help automate a long-term guests credentials you can automatically extend the credentials of a guest that changes their password on or before the timeframe that you've assigned.

What's out

VM images - If you're using VMware ESX4.0 it is no longer supported.

Legacy APIs – We're building on the unified REST-based API framework that was introduced in ClearPass 6.5, so we're so removing the TipsAPI (XML), Guest SOAP APIs, and Guest XML-RPC APIs. The REST-based API now includes replacements for those.

That's it for now. More in September as the engineering is hard at it.