Will Application Access control configuration be retained on the node while adding to the cluster?

MVP
MVP
Q:

We can configure Application Access Control on each server which could Allow/Deny Applications on ClearPass [like Onguard, Insight, Graphite etc] from certain client subnet by navigating to Administration » Server Manager » Server Configuration » Network as shown below:

Will these configuration be retained after adding the server as Subscriber to a cluster?

 



A:

When a server is added to a cluster, it's database would be reset and it will start replicating data from the Publisher server as shown below: 

INFO - Subscriber node entry added in publisher
INFO - Backup databases for AppPlatform
INFO - Backup databases for PolicyManager
INFO - Stopping services
INFO - Dropped existing databases for Policy Manager                                >>// Current Database on the server is wiped.
INFO - Create database and schema for Policy Manager
INFO - Local database setup done for Policy Manager databases
INFO - Subscriber password changed
INFO - Syncing up initial data...
INFO - Config database temporarily locked for updates
INFO - xx.xx.xx.xx: - Backup databases for AppPlatform
INFO - xx.xx.xx.xx: - Backup databases for PolicyManager
INFO - Config database lock released
INFO - Subscriber now replicating from publisher xx.xx.xx.xx
INFO - Retaining local node certificate
INFO - Restoring log database...
INFO - Restore started for AppPlatform databases
INFO - Restore complete for AppPlatform databases
INFO - Restore started for PolicyManager databases
INFO - Database size after restore for tipsLogDb: 12 MB
INFO - Restore complete for PolicyManager databases
INFO - Subscriber replication and node setup complete
INFO - Notify publisher that adding subscriber is complete
INFO - Subscriber added successfully
INFO - Restarting Policy Manager admin server
Make subscriber complete. Re-login after sometime

When the database is wiped on the server, it will also clear the Application access control Network rules [Note: It will not replicate the Application Access Control configuration from Publisher as these are server specific].

Server after adding to the cluster:

Hence when we are adding a server to the cluster which has Application Access Control configured it's recommended to manually add those configurations again. 

[Note: Backup will not have Application Access configuration]

Version history
Revision #:
2 of 2
Last update:
‎01-03-2018 02:52 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: