WIXLIB

4. Configure the Policy Manager hardware appliance.Follow the prompts, replacing the placeholder entries in the following illustration with the information youentered in Table 1:lEnter hostname:lEnter Management Port IP Address:lEnter Management Port Subnet Mask:lEnter Management Port Gateway:lEnter Data Port IP Address:lEnter Data Port Subnet Mask:lEnter Data Port Gateway:lEnter Primary DNS:lEnter Secondary DNS:5. Specify the cluster password.Setting the cluster password also changes the password for the CLI user appadmin, as well as the Administrativeuser admin. If you want the admin password to be unique, see Changing the Administration Password on page 13a. Enter any string with a minimum of six characters, then you are prompted to confirm the clusterpassword.b. After this configuration is applied, use this new password for cluster administration and managementof the Policy Manager virtual appliance.6. Configure the system date and time.a. Follow the prompts to configure the system date and time.b. To set the date and time by configuring the NTP server, use the primary and secondary NTP serverinformation you entered in Table 1.7. Apply the configuration.a. To apply the configuration, press Y.lTo restart the configuration procedure, press N.lTo quit the setup process, press Q.Configuration on the hardware appliance console is now complete. The next task is to activate Policy Manager.Activating Policy ManagerTo activate Policy Manager and apply the Policy Manager license:1. After the configuration has been applied at the virtual appliance console, open a web browser and go tothe Policy Manager management interface:https://x.x.x.x/tips/, where x.x.x.x is the IP address of the management interface defined for the PolicyManager server in Table 1.2. Accept any security warnings from your browser regarding the self-signed SSL certificate, which comesinstalled in Policy Manager by default.The Admin Login screen appears with a message indicating that you have 90 days to activate the productand a link to activate the product.ClearPass Policy Manager 6.9.x Gettng Started Guide 10

Figure 1 Activating Policy Manager3. To activate Policy Manager on this hardware appliance, click Activate Now. When you click ActivateNow, Policy Manager attempts to activate the product over the Internet with Aruba license activationservers. If the Policy Manager hardware appliance does not have Internet access, you can perform theproduct activation offline by following the steps for offline activation presented in the Offline Activationsection shown in Figure 2.Figure 2 Performing Offline ActivationAfter successfully activating Policy Manager online, you will see a message above the Admin Login screenindicating that the product has been successfully activated.Logging in to the Policy Manager Hardware ApplianceAfter a successful activation, the Admin Login dialog opens.Figure 3 Logging in to the Policy Manager Hardware Appliance11 ClearPass Policy Manager 6.9.x Gettng Started Guide

1. Log in to the Policy Manager hardware appliance with the following credentials:lUsername: adminlPassword: Enter the cluster password defined in Configuring the Policy Manager Hardware Appliance.2. Click Log In.The Policy Manager home page is displayed.Figure 4 Policy Manager Policy Manager Home PageSigning Up for Live Software UpdatesUpon your initial login to Policy Manager, register for software updates.1. Navigate to the Administration Agents and Software Updates Software Updates page. Amessage is displayed indicating that the Policy Manager hardware appliance is not signed up for live updatesand that you must enter your subscription ID.Figure 5 Entering the Subscription ID for Live Updates2. If the Policy Manager server has Internet access, enter your subscription ID, then click Save. Aftersuccessfully applying the subscription ID, you will see a message indicating that the subscription ID wasupdated successfully and Policy Manager is processing updates from the Policy Manager Webservice. Notethat Posture & Profile Data Updates are downloaded and installed automatically, while Firmware & PatchUpdates are displayed only.ClearPass Policy Manager 6.9.x Gettng Started Guide 12

Changing the Administration PasswordWhen the cluster password for this Policy Manager server is set upon initial configuration, the administrationpassword is also set to the same password (see Configuring the Policy Manager Hardware Appliance). If youwish to assign a unique admin password, use this procedure to change it.To change the administration password:1. In Policy Manager, navigate to Administration Users and Privileges Admin Users.The Admin Users page appears.Figure 6 Admin Users Page2. Select the appropriate admin user. The Edit Admin User dialog appears.Figure 7 Changing the Administration Password3. Change the administration password, verify the new password, then click Save.Powering Off the Policy Manager Hardware ApplianceThis procedure gracefully shuts down the hardware appliance without having to log in. To power off the PolicyManager hardware appliance:1. Connect to the CLI from the console using the serial port.2. Enter the following commands:llogin: powerofflpassword: poweroffThe Policy Manager hardware appliance shuts down.You can also power off from the WebUI and the appadmin prompt.13 ClearPass Policy Manager 6.9.x Gettng Started Guide

Resetting the System Passwords to the Factory DefaultsTo reset the system account passwords in Policy Manager to the factory defaults, you must first generate apassword recovery key, then log in as the apprecovery user to reset the system account passwords.Generating the Password Recovery KeyTo generate the password recovery key:1. If you are employing a hardware connection, connect to the Policy Manager hardware appliance using theserial port (using any terminal program). See Configuring the Policy Manager Hardware Appliance fordetails.a. If you are employing a virtual appliance, use the VMware vSphere console (see Using VMware vSphereWeb Client to Install Policy Manager on a Virtual Machine) or the Hyper-V hypervisor (Using MicrosoftHyper-V to Install Policy Manager on a Virtual Appliance).2. Reboot the system using the restart command.3. After the system reboots, the following prompt is displayed for ten seconds:Generate support keys? [y/n]:4. At the prompt, enter y. The system prompts you with the following choices:Please select a support key generation option.1) Generate password recovery key2) Generate a support key3) Generate password recovery and support keysEnter the option or press any key to quit.5. To generate a password recovery key, select option 1.6. After the password recovery key is generated, open a support case with Policy Manager TechnicalSupportA unique password will be dynamically generated from the recovery key and sent to you.Resetting the System Account Passwords to the Factory DefaultsTo reset the administrator password:1. Log in as the apprecovery user with the password recovery key provided by Policy Manager TechnicalSupport.2. Enter the following command at the command prompt:[apprecovery] app ****************** WARNING: This command will reset the system account ** passwords to factory default ************Are you sure you want to continue? [y/n]: yINFO - Password changed on local nodeINFO - System account passwords have been reset to factory default values3. To reset the system account passwords to the factory default values, enter y.4. You can now log in with the new administrator password sent to you by Policy Manager TechnicalSupport.ClearPass Policy Manager 6.9.x Gettng Started Guide 14

Initial Login and Activation of the Policy Manager PlatformLicenseUpon initial login to a Policy Manager server and later, you are prompted to enter the Policy Manager PlatformLicense Key. The Policy Manager Platform License provides a platform activation code that is installed on all thenodes in a Policy Manager cluster. The Policy Manager Platform License is the base-level license. Each PolicyManager server has one Policy Manager Platform License for the physical hardware. Virtual devices have aPolicy Manager Platform License as well on a per-expected device level.License keys are encoded for a specific application type (for example, Platform, Onboard, or Access). For this reason,you are not prompted to select the application type.If you are upgrading to Policy Manager 6.9.x from Policy Manager 6.6.x or later, your existing Policy ManagerLicense Key will be automatically converted to a Platform Activation Key (PAK). You will not need to do anythingto make the conversion happen, and the Platform Activation Key is preactivated. The Policy Manager licenseson each cluster node are converted to Policy Manager Platform Licenses. The Policy Manager Platform Licenseprovides a platform activation code that is installed on all the nodes in a Policy Manager cluster. For detailsabout managing Policy Manager licenses, see License Management on page 1. For complete upgradeinformation, refer to theClearPass Release Notes.You cannot have more than one Policy Manager Platform license installed on a Policy Manager node.To specify the Policy Manager Platform License Key upon initial login:1. Navigate to the Policy Manager publisher: https://x.x.x.x/tips/where x.x.x.x is the IP address of the management interface defined for the server.2. Log in to the Policy Manager 6.9 or later server. The Policy Manager End-User Software LicenseAgreement dialog appears. The Select Application field is preset to Policy Manager Platform.Figure 8 Entering the Policy Manager Platform License Key3. Enter the Policy Manager Platform License Key.4. Click the check box for I agree to the above terms and conditions. The Add License button is nowenabled.5. Click Add License.15 ClearPass Policy Manager 6.9.x Gettng Started Guide

The Admin Login screen appears with a message indicating that you have 90 days to activate the productand a link to activate the product.Figure 9 Activating the Policy Manager Node6. To activate the Policy Manager Platform License on this appliance, click the Activate Now link. TheActivate License dialog opens:Figure 10 Activating the Policy Manager Platform License7. If the Policy Manager server is connected to the Internet, click the Activate Now button. The message,"Product has been successfully activated" appears, and the Admin Login dialog is displayed.Figure 11 Activation Successful: Admin Login AvailableLogging in to the Policy Manager Server1. Log in to the Policy Manager server with the following credentials:lUsername: adminlPassword: Enter the Policy Manager cluster password.ClearPass Policy Manager 6.9.x Gettng Started Guide 16

2. Click Log In. The What's New in ClearPass Policy Manager modal is displayed. This modal provides a listof new features for the release, a link to the release notes, and any changes of behavior that would beimportant to a system administrator.3. If you don't wish to see the What's New modal when you log in to this server again, click the Do notshow again check box.4. Click the Close button.The Policy Manager Landing Page is displayed.Figure 12 Policy Manager Landing PageCustomizing the Landing Page LayoutTo customize the Landing Page layout to display the information you most want to see (refer to Using the[[[Undefined variable aruba style guide.ShortPrdNm2]]] Dashboard on page 1), drag and drop from the list ofthe Widget elements on Dashboard to one of the available Dashboard slots in the right pane.ClearPass MenuThe Policy Manager Menu is available on the upper-right corner of every page in the Policy Manager userinterface.Figure 13 Policy Manager MenuFrom the Policy Manager Menu, you can:17 ClearPass Policy Manager 6.9.x Gettng Started Guide

nNavigate to any of the Policy Manager modules: Policy Manager, Guest, Onboard, and Insight (Report tool).nBring up online Help for the current page of the Policy Manager user interface.nAccess the Support information: Contact Support, Remote Assistance, and Documentation.nLog out of the current Policy Manager server.ClearPass Policy Manager 6.9.x Gettng Started Guide 18

Chapter 2Setting Up Virtual MachinesThis sectionchapter of the ClearPass Getting Started Guide documents the proceduresfor using the VMware vSphere Web Client to install Policy Manager on an ESXi host, aswell as completing important administrative tasks, such as registering for PolicyManager software updates and changing the admin password. The VMware vSphere Web Client enables you to connect to a vCenter Server system to manage an ESX hostthrough a browser.This sectionchapter also documents the procedures for installing the ClearPass PolicyManager virtual appliance on a host that runs Microsoft's hypvervisor, Hyper-V , aswell as completing important administrative tasks, such as registering for PolicyManager software updates and changing the admin password.This chapter includes the following information:nUsing VMware vSphere Web Client to Install Policy Manager on a Virtual MachinenUsing Microsoft Hyper-V to Install Policy Manager on a Virtual ApplianceUsing VMware vSphere Web Client to Install Policy Manager on aVirtual MachineThis section assumes that the VMware vSphere Web Client has been installed. For information about installingand starting the vSphere Web Client, go to VMware Documentation.Meeting the Recommended ESX/ESXi Server SpecificationsCarefully review all virtual appliance requirements, including functional IOP ratings, and verify that your systemmeets these requirements. These recommendations supersede earlier requirements that were published forPolicy Manager 6.x installations. Virtual appliance recommendations are adjusted to align with therequirements for Policy Manager hardware appliances. If you do not have the virtual appliance resources tosupport a full workload, you should consider ordering the Policy Manager hardware appliance. Be sure thatyour system meets the recommended specifications required for the Policy Manager virtual appliance.Supplemental Storage/Hard Disk RequirementAll VMware ESXi virtual machines use hardware version 8. Policy Manager VMware ships with a 20 GB hard diskvolume. This must be supplemented with additional storage/hard disk by adding a virtual hard disk (see Addinga Virtual Hard Disk on page 24 for details). The additional space required depends on the Policy Managervirtual appliance version.Processing and Memory RequirementsTo ensure scalability, dedicate or reserve the processing and memory to the Policy Manager VM instance. Youmust also ensure that the disk subsystem can maintain the IOPs (I/O operations per second) throughput asdetailed below.ClearPass Policy Manager 6.9.x Gettng Started GuideSetting Up Virtual Machines 19

Policy Manager Server I/O RateMost virtualized environments use a shared disk subsystem, assuming that each application will have bursts ofI/O without a sustained high I/O throughput. Policy Manager requires a continuous sustained high data I/Orate.Supported HypervisorsPolicy Manager supports the following following hypervisors. Hypervisors that run on a client computer suchas VMware Player are not supported.nVMware vSphere Hypervisor (ESXi) 6.0, 6.5, 6.5 U1, 6.5 U2, 6.7, 6.7 U1, 6.7 U2, 6.7 U3, and 7.0.nMicrosoft Hyper-V Server 2012 R2, Microsoft Hyper-V Server 2016, Windows Server 2012 R2 with Hyper-V,Windows Server 2016 with Hyper-V, or Windows Server 2019 with Hyper-V.nKVM on CentOS 8 and Ubuntu 18.04 LTS.For the latest information on the supported hypervisors and virtual hardware requirements, refer to ClearPass 6.9Release Notes.Before Starting the Policy Manager InstallationBefore starting the Policy Manager installation and configuration procedures for the virtual appliance,determine the following Policy Manager server information on your network, note the corresponding valuesfor the parameters listed in Table 2, and keep it for your records.Policy Manager now supports Classless Inter-Domain Routing (CIDR) notation to configure IPv4 and IPv6 addresseson the management and data ports when the system is bootstrapped during installation or upgrade. As part of thischange, the prefix length of the address is required as part of the input, and the input prompt displays an example ofthis address format. Netmask format is no longer used to acquire IP addresses.Table 2: Policy Manager Server Configuration InformationRequired InformationValue for Your InstallationHost name (Policy Managerserver)Management interface IPaddressManagement interfacesubnet maskManagement interfacegatewayData port IP address(optional)NOTE: Make sure that the Data interface IP address is not in the samesubnet as the Management interface IP address.Data interface subnet mask(optional)Data interface gateway(optional)20 Setting Up Virtual MachinesClearPass Policy Manager 6.9.x Gettng Started Guide

Required InformationValue for Your InstallationPrimary DNSSecondary DNSNTP server (optional)vSphere Web Client Policy Manager Installation OverviewPolicy Manager 6.x VMware software packages are distributed as Zip files.The process of installing the Policy Manager virtual appliance on a host that runs VMware vSphere Web Clientconsists of four stages:1. Download the VMware ESXi package from the from the Policy Manager Support Center DownloadSoftware Policy Manager Policy Manager Current Release ESXi folder to a folder accessible byyour VMware ESXi server.2. To extract the files, unzip the files to a folder on your server.3. Follow the steps in the OVF wizard to deploy the OVF file, but do not power on yet.There is only one OVF file with all the variant types and sizes selectable when the virtual appliance boots.4. Add a new hard disk, based on the requirements for your type of virtual machine.5. Power on and configure the virtual appliance.Policy Manager VMware Virtual Appliance Installation SetupTo set up the Policy Manager virtual appliance installation on a host that runs VMware vSphere Web Clientconsists of four stages:1. Download the Release Notes for the version of Policy Manager that you want to install as a virtualappliance.2. Then check the recommended virtual hardware specifications and verify that your system meets thoserequirements.Release Notes are available in the appropriate version folders under Policy Manager Support Center Documentation Software User & Reference Guides ClearPass Release Notes.3. Start the VMware vSphere Web Client.4. Extract the files into a folder on your desktop.5. Using either the VMware vSphere Web Client or the standard vSphere Client, deploy the OpenVirtualization Format (OVF) template that was downloaded and extracted in Steps 2 and Step 3.The Deploy OVF Template appears.If you are not using the vSphere Web Client or the standard vSphere Client, follow the instructions for your method ofdeploying the OVF file.ClearPass Policy Manager 6.9.x Gettng Started GuideSetting Up Virtual Machines 21

Figure 14 Deploy OVF Template: Selecting the Source Location6. Select Loc

ClearPass PolicyManager 6.6 ClearPassPolicy Manager6.7 ClearPass PolicyManager 6.6 ClearPass PolicyManager 6.7 FormFactor Rackmount Included 1USFFEasy InstallRail 1UCable Management Arm 1USFFEasy InstallRail 1UCable Management Arm 1USFFEasy InstallRail 1UCable Management Arm 1USFFEasy InstallRail 1UCable Management Arm Dimensions (WxHxD) 17.2 .