AAA, NAC, Guest Access & BYOD

How does Insight Authentication Source fallback feature in CPPM Version 6.4 work

Environment         Cluster with Insight enabled on atleast 2 or more nodes

 

In High Availability enabled cluster, the insight data on a failed Publisher may be stale once it comes back into action from a down state.

Authorizations pointing to Insight as Authentication Source may hit this failed Publisher, if the Publisher is set as Primary source in the Insight Repository Authentication source and the Publisher (once up) may respond  with stale information. To avoid getting into such issues, we have added a feature in CPPM 6.4.x to handle Insight authentication source fallback order to be appropriate.

Once the Standby Publisher takes over the Publisher role in Publisher failover scenario, it moves from Backup to Primary position in the Insight Repository Authentication source.

Failed Publisher once added back to the cluster as Subscriber and after enabling Insight on this Server, it will be listed as Backup or the last Backup server in the list if the Cluster has 3 or more nodes.




 Below is an example illustrating this behavior:

Let us consider a cluster with 3 Nodes A,B,C where A is the Publisher and B is Standby Publisher with insight enabled on all 3 nodes. Insight repository shows Primary = A, Backup1 = B, Backup2 = C.
 
In 6.3, when a Publisher failure happens, Insight authorization falls back to B, which is Backup1 in the Insight Repository. Once the failed Publisher A is in action, Insight authorization will fall back to Node-A as it was Primary.
 
We have changed this behavior in 6.4 where, once Standby Publisher takes over the Publisher role, Node B which was earlier Backup1 becomes Primary in the Insight Repository and Node-C which is Backup2 becomes Backup1.
 
Once Node-A is back in action, insight authorization does not fall back at all to Node-A as it is not in the insight authorization fallback list. After Node-A is added back to cluster as Subscriber with insight enabled on it, it will then be listed as Backup2 in the Insight Repository Authentication source list.

Version History
Revision #:
1 of 1
Last update:
‎11-12-2014 04:39 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.