We changed our name from IT Central Station: Here's why
Get our free report covering Cisco, ForeScout, Fortinet, and other competitors of Aruba ClearPass. Updated: January 2022.
563,148 professionals have used our research since 2012.

Read reviews of Aruba ClearPass alternatives and competitors

Associate Consultant at a computer software company with 201-500 employees
MSP
Top 5
Streamlines security policy management and reduces operating costs
Pros and Cons
  • "In terms of features, I think they've done a lot of improvement on the graphical user interface — it looks really good right now."
  • "An issue with the product is it tends to have a lot of bugs whenever they release a new release."

What is our primary use case?

Our use cases are based around dot1x. Basically wired and wireless authentication, authorization, and accounting. 

In terms of administration, only our networking team uses this solution. Probably five to ten administrators manage the whole product. Their role pretty much is to make sure that we configure the use cases that we use ISE for — pretty much for authenticating users to the wired and wireless networks. We might have certain other advanced use cases depending on certain other business requirements, but their job is pretty much to make sure all the use cases work. If there are issues, if users are complaining, they log into ISE to troubleshoot those issues and have a look at the logs. They basically expand ISE to the rest of the network. There is ongoing activity there as well. The usage is administrative in nature, making sure the configurations are okay, deploying new use cases, and troubleshooting issues.

How has it helped my organization?

This solution has definitely improved the way our organization functions.

What is most valuable?

In terms of features, I think they've done a lot of improvement on the graphical user interface — it looks really good right now. ISE is always very complicated to deploy because it's GUI-based. So they came up with this feature called work centers, that kind of streamlines that process. That's a good feature in the product right now.

What needs improvement?

An issue with the product is it tends to have a lot of bugs whenever they release a new release.

We've always found ourselves battling out one bug or another. I think, overall they need to form a quality assurance standpoint. ISE has always had this issue with bugs. Even if you go to a Cisco website and you type all the bug releases for ISE, you'll find a lot of bugs. Because the product is kind of intrusive, right? It's in the network. Whenever you have a bug, if something doesn't work, that always creates a lot of noise. I would say that the biggest issue we're having is with all the product bugs.

Also, the graphical user interface is very heavy. By heavy, I mean it's quite fancy. It's equipped with a lot of features and animations that sometimes slow down the user interface.

It's a technical product — I don't think a lot of engineers really need fancy GUIs. We pretty much look for functionality, but I think Cisco, for some reason, is putting an emphasis on its GUIs looking better. We always look for functionality over fancy features.

We've had issues with different browsers, and sometimes it's really slow. From a functionality standpoint, we would rather the GUI was light and faster to navigate.

ISE has a very good logging capability but because their GUI is so slow, we feel it's not as flexible or user-friendly as we would like it to be, especially when it comes to monitoring and logging. At the end of the day, we're implementing ISE for security. And that means visibility.

Of course, you can export the data into other products to get that visibility, but we would like to have a better type of monitoring, maybe better dashboards, and better analytics capabilities within the product.

Analytics is one thing that's really lacking. Even if you're to extract a report, it just takes a lot of time. So, again, that comes down to product design, but that's definitely an area for improvement. I think it does the job well, but they can definitely improve on the monitoring and analytics side.

For how long have I used the solution?

I have been using this solution since they released the first version over ten years ago.

What do I think about the scalability of the solution?

Scalability is pretty good, provided that you design it properly from the get-go. There are design limitations, depending on the platforms, especially the hardware platforms that you select. On the scalability front, it's not a product that can be virtualized very well — that's an issue. Because in the world of virtualization, customers are always looking for products that they can put in their virtual environments. But ISE is not a truly virtualized product, as in it doesn't do a lot of resource sharing.

As a result, it's not truly virtualized. Although they do have the VM offering, it's not virtualization in the proper sense of the word. That's one limitation of the product. It's very resource-intensive. As a result, you always end up purchasing additional hardware, actual ISE physical servers. Whereas, we would like to have it deployed in virtual machines if it was better designed. I think when it comes to resource utilization, it probably isn't optimized very well. Ideally, we would like to have a better-virtualized platform.

How are customer service and technical support?

Tech support tends to be pretty good for ISE. We do use it extensively because of all of the bugs we encounter. 

Mostly it's at the beginning of setting the whole environment up. Typically, once it's set up properly, it tends to work. But it's just that the product itself integrates with a lot of other products in the network. It integrates with your switches, with your APs, etc. So, it's a part of an ecosystem. What happens is, if those products experience bugs, then it kind of affects the overall ISE solution as well — that is a bit of a dependency. The ISE use cases are dependent on your network access devices, but that's just the nature of it. The only issue with support is you might have to open a ticket with the ISE team, but if you're looking at issues in your wireless network or switches, you might have to open another ticket with their tech team for switches. 

For customers using Cisco, end-to-end, they should improve the integration and providing a seamless experience to the customer. But right now, they have to refer to other experts. They come in the call, but the whole process just takes some time.

That's an area that they can improve on. But typically, I would say that the support has been good. We've been able to resolve issues. They are responsive. They've been good.

Overall, I would give the support a rating of eight.

How was the initial setup?

The setup is not straightforward. It's complex. You need to have a high level of expertise.

What's my experience with pricing, setup cost, and licensing?

It's an expensive solution when compared to other vendors. It's definitely more expensive than ClearPass. It's expensive, but the issue, again, comes down to scalability. Because you can't virtualize the product, there's a lot of investment when it comes to your hardware resources. Your CapEx is one of the biggest issues here. That's something Cisco needs to improve because organizations are looking at reducing their hardware footprint. It's unfortunate that ISE is such a resource-intensive application to begin with. As it's not a properly virtualized application, you need to rely on physical hardware to get the best performance.

The CapEx cost is high. When it comes to operational expenditure, it all depends on the features you're using. They have their tiers, and it all depends on the features you're using. The basic tier, which is where most of the functionality is, is relatively quite cheap. But if you're using some advanced use cases, you need to go to their higher tiers. So, I'm not too worried about operations costs. You need to buy support for the hardware: you need space, power, and cooling for the hardware-side. All of that adds up. So, that all comes down to the product design and they need to make sure it's properly scalable and it's truly virtualized going forward.

Which other solutions did I evaluate?

We've evaluated other products, for example, Aruba ClearPass. There's another product, Forescout, but the use case is a bit different.

When it comes to dot1x authentication, I think it's ISE and Aruba ClearPass. Forescout also comes into the next space, but the use case is a bit different.

We prefer ISE because, I think if you're using Cisco devices, it really kind of integrates your ecosystem — that's why we prefer ISE. When it comes to NAC or dot1x products, from a feature standpoint, ISE has had that development now for 10 to 11 years. So, we've seen the product mature over time. And right now it's a pretty stable and functional product. It has a lot of features as well. So, I think the decision is mainly kind of driven by the fact that the rest of the ecosystem is Cisco as well. From a uniform figure standpoint, the other product is probably the industry leader at this point in time for network admission control.

What other advice do I have?

The main advice would be in terms of upfront design — this is where a lot of people get it very wrong. Depending on the platforms you choose, there are restrictions and limitations on how many users. We've got various nodes, so how many nodes you can implement, etc. Also, latency considerations must be taken into account; especially if you're deploying it across geographically dispersed regions. The main advice would be to get the design right. Because given that directly interferes with the network, if you don't get your design right it could be disruptive to the network. Once you've got the proper design in place and that translates into a bit of material, the implementation, you can always figure it out. Getting it right, upfront, is the most important thing.

Overall, I would give ISE a rating of eight out of ten. I don't want to give it a 10 out of 10 because of all the design issues. There is definitely room for improvement, but overall out there in the market, I think it's one of the best products. It has a good ecosystem. It integrates well with Cisco devices, but it also integrates with third-party solutions if you have to do that. It's based on open standards, and we've seen the ecosystem grow over the years. So, they're doing a good job in terms of growing the ecosystem and making sure ISE can work with other products, but there's definitely room for improvement on the product design itself — on monitoring, on analytics. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Director of Computer Information Services at a university with 5,001-10,000 employees
Real User
Top 20
Easy to scale, enforces policies well, and has responsive technical support
Pros and Cons
  • "It is very easy to scale the product."
  • "The solution would be much better if it offered self-service onboarding."

What is our primary use case?

We primarily use the solution for network security.

What is most valuable?

A lot of campuses use SafeConnect.

It gives us good visibility and enforces policies.

It helps enforce network security by scanning devices, making sure they have current and valid antivirus solutions with up-to-date antivirus definitions, and steers our end users by enforcing policy groups and steering them to the right access.

Technical support is responsive.

The stability is pretty good.

It is very easy to scale the product.

What needs improvement?

The solution would be much better if it offered self-service onboarding.

We'd like to have more granular visibility into the devices that are on the network.

It's a bit pricey as a product.

For how long have I used the solution?

SafeConnect has been around for a long time and they were purchased by OPSWAT. It's an NAC solution that we've had for probably about 12 years now.

What do I think about the stability of the solution?

It's been very stable for the most part.

It's been pretty reliable. At one time it was a hardware appliance, and now it's a cloud-hosted solution. The performance is good.

What do I think about the scalability of the solution?

The scalability is no issue. You just have to pay for the licensing pack that pertains to your tier. Therefore, it's pretty quick to scale. It's pretty simple and straightforward. 

How are customer service and support?

We've used technical support in the past. The response time is very good. We are very satisfied with the level of service.

Which solution did I use previously and why did I switch?

We currently have SafeConnect (or OPSWAT NAC) and we are looking to possibly move to another platform.

How was the initial setup?

I wasn't a part of the solution's initial setup. The system was already in place when I got here. I've been at this company for ten years and it was in place when I got here, so we haven't switched it yet. However, now we feel we need something that's a little more intelligent.

What's my experience with pricing, setup cost, and licensing?

The solution is a bit expensive. It could offer better pricing.

For our tier group, for one year, the cost is probably around $10,000 for the license. If you do multi-year, you could get two years, and you could get it for about $8,000 per year. If you do three years, you get it around $7,000 a year. The longer the license, the better the pricing.

Which other solutions did I evaluate?

I'm looking at ClearPass since we have Aruba Wi-Fi on campus and also for the FortiNAC solution as we have Fortinet firewalls. We're looking to upgrade it to something a little more intuitive, something a little smarter, like ClearPass or FortiNAC.

We couldn't get the pricing we were looking for with FortiNAC or ClearPass, and therefore, we just renewed the license for our SafeConnect for OPSWAT. As of right now, the project is off the table until next year, around this time.

What other advice do I have?

We're just a customer and an end-user.

The solution was purchased by OPSWAT. It's now referred to as OPSWOT.

I'd rate the solution at an eight out of ten overall. We've been happy with it, however, it's time to maybe look at other options.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Assistant Manager-Presales at a tech services company with 11-50 employees
Reseller
Top 5
Well-featured, price competitive, and great technical support
Pros and Cons
  • "I find the solution to be very rich in features."
  • "I believe the solution is missing some great features which are present in other solutions like Aruba, UiPath, and Cisco ISE."

What is our primary use case?

It is a BYOD solution which is a type of network access control solution(NAC). It can be used for guest services for the customer, as a BYOD, or a network access control.

What is most valuable?

I find the solution to be very rich in features. Some examples include great guest authentication, authorization, port-string, and network access control.

What needs improvement?

I believe the solution is missing some great features which are present in other solutions like Aruba, UiPath, and Cisco ISE. One example of an improvement could be regarding mobile device management(MDM) which the solution is lacking. 

In the additional release, I would want the solution to have better integration that would be compatible with third-party solutions. 

For how long have I used the solution?

I have used the solution for two years. 

What do I think about the stability of the solution?

I find the solution to be stable. It has a policy that is giving new software upgrades to its programs on a quarterly basis. As far as I am using it, there are a few bugs in the SSL certificate and also the certificate duration.

What do I think about the scalability of the solution?

I find the solution scalable. We are looking to expand it to our customers. 

How are customer service and technical support?

I have great experience with solutions technical and administrative support because they have their own team in their headquarters. It is very easy and they are helpful. The support is based on a certificate contract on a yearly basis. 

How was the initial setup?

The initial setup of the solution was straightforward. 

What about the implementation team?

All the features of the solution are very easy to deploy. It can be deployed on bare metal servers, or over the cloud. 

What's my experience with pricing, setup cost, and licensing?

The licensing of the solution is user-based and the price is good.

Which other solutions did I evaluate?

I have compared other solutions such as Aruba, UiPath, and Cisco ISE.

What other advice do I have?

The solution has all the training of Cloudpath integration with a controller over their training sites and on YouTube. They provide information on videos about the climate of Cloudpath with the controller as well as the third parties. Anybody who would want to use the solution can access information about it from these platforms. 

I would recommend the solution to other users because it is price competitive and well-featured. 

I rate Ruckus Cloudpath an eight out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor
Get our free report covering Cisco, ForeScout, Fortinet, and other competitors of Aruba ClearPass. Updated: January 2022.
563,148 professionals have used our research since 2012.