/ 01
Mixed AOS-CX / ArubaOS-Switch session recording
Both platforms supported with appropriate CLI parsing. Configuration mode, commits, and operator-level commands all captured. Searchable text across the mixed fleet.
HPE Aruba covers wired and wireless campus networking, with ArubaOS for legacy switches and access points, AOS-CX for newer data centre and campus, and ClearPass for network access control. Innovexus brokers SSH sessions to every Aruba CLI-accessible platform — no agent, no Aruba Central dependency. Vault, rotation, session recording, and drift detection work consistently across the line.
Innovexus is agentless from the Aruba device perspective. SSH (preferred) and console access supported. Authentication via TACACS+, RADIUS, or local users.
Most Aruba fleets are running through Innovexus within 1–2 business days. The mix of legacy ArubaOS-Switch and modern AOS-CX devices is handled cleanly because both expose standard SSH-based AAA.
Pull existing local admin credentials from each device class (ArubaOS-Switch typically `manager`/`operator`; AOS-CX typically `admin`). Vault them. Rotation runs on schedule, accommodating the different update syntax between AOS-Switch and AOS-CX.
Add the Innovexus pod's outbound IP to your management ACLs. Existing TACACS+/RADIUS continues at the device level. ClearPass can be added as a TACACS+ source if not already in place.
Map Aruba role profiles to Innovexus role definitions. AOS-CX has clean role-based authorization; legacy ArubaOS-Switch maps to manager / operator privilege levels. ClearPass admin roles map separately for web SSO.
Session recording captures the full CLI experience across both AOS variants. Configuration drift collection uses the appropriate `show running-config` syntax for each platform.
Engineers log into Innovexus with their FIDO2 hardware key, click into an Aruba device, and the brokered SSH session opens with the assigned role. Recording, audit, and credential lifecycle operate automatically.
Both platforms supported with appropriate CLI parsing. Configuration mode, commits, and operator-level commands all captured. Searchable text across the mixed fleet.
Local admin credentials and AAA shared secrets rotate on schedule. Rotation handles the syntactic differences between ArubaOS-Switch and AOS-CX automatically.
Aruba devices accept connections only from the Innovexus pod IP via management ACLs. Out-of-band emergency access via vaulted credentials remains available.
Continuous baseline collection across mixed-version fleets. Drift detected outside approved sessions fires an alert. Approved-change baseline promotion via the brokered-session workflow.
ClearPass remains the network access control layer for endpoint authentication and authorisation. Innovexus adds the privileged-administrator layer above it. ClearPass admin access flows through Innovexus identity for hardware-rooted attribution.
Network monitoring (link state, AP health, controller capacity) and security operations alongside PAM. Same console, one audit trail.
Direct, sourced answers about how Innovexus integrates with this vendor's platforms.
No. The integration is direct via SSH using each Aruba platform's standard AAA primitives. Aruba Central, AirWave, and Aruba Mobility Master are not dependencies. If you run Aruba Central for orchestration, Innovexus runs alongside it — we handle privileged human and vendor access; Aruba Central handles cloud management and analytics.
The integration handles both. Each platform has different CLI syntax for credential changes (`password manager` on ArubaOS-Switch versus `user admin password` on AOS-CX), and Innovexus's rotation workflow uses the appropriate syntax per device class. Engineers see a unified experience; the per-platform implementation differences are abstracted.
No. ClearPass is a network access control product — it authenticates endpoints (laptops, phones, IoT devices) joining your network. Innovexus is privileged access management — it controls administrator access TO network devices. The two solve different layers and are commonly run together. ClearPass admin web access can flow through Innovexus SAML SSO for hardware-rooted attribution.
Yes. SNMP community strings (used as low-privilege management credentials in some workflows) are vaulted and rotated like any other credential. Rotation pushes the new community to the device and to authorised SNMP polling sources atomically. This addresses the common audit finding of unrotated SNMPv2 community strings on legacy ArubaOS-Switch fleets.
Engineers connect to mobility controllers (7000/7200/9000 series) through brokered Innovexus sessions. AP-level configuration is typically managed via the controller, not directly on the AP, so the controller-level audit captures the relevant administrative actions. Direct AP CLI access is supported but rarely the primary administrative path.
Aruba Instant APs cluster among themselves with one acting as virtual controller. Innovexus brokers SSH access to the virtual controller IP; configuration changes propagate to the cluster as Aruba Instant does natively. Session recording captures the full administrative session at the virtual controller level.
Vault credentials for one device class, allowlist the pod IP, point engineers at it. AOS-CX and legacy ArubaOS-Switch supported in the same trial. 5-day trial, no card required.