Editor at Large
Published: 24 Apr 2017
This month's TechTarget Network Innovation Award winner is Aruba, a Hewlett Packard Enterprise company, for its ClearPass Universal Profiler.
The network device detection tool lets enterprises quickly and easily detect every device on a network, and it creates a database that administrators can use to monitor what's connected to their networks. In an era where the internet of things (IoT) is making it easier than ever before for users to add devices to their networks, the Profiler can help corral device proliferation.
SearchNetworking spoke with Trent Fierro, Aruba's director of software solutions marketing, to learn more about ClearPass Universal Profiler.
This interview was edited for length and clarity.
What led Aruba to develop the ClearPass Universal Profiler?
Trent Fierro: We were seeing that enterprises wanted an easier way to determine what was on their networks, but that they weren't necessarily ready to deploy a full-blown, max solution like ClearPass Policy Manager. We wanted to provide customers with the visibility they needed to see what was connecting across both their wired and wireless networks.
How is visibility being diminished?
Fierro: IT is losing visibility, especially as more and more IoT devices are connected. We had examples where someone in a department might have gone out, purchased a device and placed it on the network. IT then found out it was there, but had no idea where it came from. Not only that, the department expected IT to support that device.
Our idea was, 'OK, let's give people a simple way to at least begin seeing what's on the network.'
How does Profiler work? Does it support policy management?
Fierro: There is no policy management in the Universal Profiler itself. The idea there is that what you'll do is you'll take information about the devices connecting to the network, and then you'll use that information to then tailor your firewall policies.
So, does it perform network device detection automatically?
Fierro: So, for wireless and for devices that are going to get an address via DHCP, you basically do a redirect from your wireless equipment or your switching equipment to say that ClearPass is your DHCP IP-helper. And then, each time a connection is established, information about the device that's connecting gets pushed over to ClearPass. ClearPass then uses that in order to establish a database.
For wired, you'll basically crawl a network segment looking for devices, and then you'll use information either via Simple Network Management Protocol or other means in which to gather attributes about specific devices.
And what kind of devices are you seeing that are being connected to networks today? Is there a lot of difficulty trying to understand what exactly these little gadgets and devices will be?
Fierro: First of all, when you ask someone what's being connected on their networks, I don't think I've ever gotten a 100% accurate answer. But if you ask somebody, 'Do you know how many devices are on your network?' The answer is usually, 'No.' You might hear, 'I think,' but they don't say, 'Yes, I know how many devices are on my network.'
So, the profiling functionality [within the Universal Profiler] lets you go to a dashboard and see that you have X number of devices. Previous to using profiling, somebody was guessing.
Outside of understanding how many devices are on a network, what are some other benefits the network device detection Profiler lets enterprises exploit?
Fierro: You will be able to better understand network performance issues. You also now have a way to create different policies to differentiate access -- say, smartphones versus tablets versus a closed-circuit TV camera. There's no way to do that unless you have a good database device attributing information.
Is the Profiler tailored to smaller organizations, or is it marketed as a steppingstone to ClearPass Policy Manager?
Fierro: I think it's a steppingstone. It's a fast and easy way in which to identify what's on the network. And our opinion is that once you know that, you do have an issue; if you thought you had 3,000 devices and you have 10,000 devices on the network, you can determine what kind of policy you want to implement.
Trent Fierrodirector of software solutions marketing, Aruba
And if you start off with a Universal Profiler, you can then migrate to the full-blown Policy Manager. There's no setting up like you might do with the Policy Manager. It's just fast. And if you have thousands and thousands of switches, it's a nice way to just go and look for devices on any nonwired segment. So, we're seeing a lot of interest from small companies, as well as large companies.
Are you seeing more pickup among wireless users, rather than in the wired network?
Fierro: No. We're seeing a little more right now on wireless, but the wired component comes into play when you start talking about healthcare. Some of the IoT devices in healthcare are still going be connected on wired. In manufacturing organizations, there are still a lot of people using sensor devices that are connecting to wired networks because they're afraid to disrupt any continuity. So, they're going to maintain wire-type devices.
What kind of feedback are you getting from customers who want to improve their network device detection?
Fierro: People say that they're seeing more devices on the network than they thought they had. And it ranges from the typical devices that you're expecting to see on a network, like smartphones. One guy was telling me that they didn't realize they had Windows smartphones on their network. They're like, 'Who's using Windows?' But they're out there.
Avoiding legal issues when tracking devices
Tracking assets if they've been stolen
Risks of IoT and healthcare