Security

Reply
Super Contributor II
Posts: 429
Registered: ‎01-19-2011

Backups for CPPM sources

I have a Clearpass service setup with three sources. Each source has a number of backups. Lets say each source has a primary and two backups. If a user is not found in the primary of the first source will policy manager check the backups in the same source, then move on to the primary in the next source then each backup in the second source.

My question basically is - are the backups only used if the primary is unavailable or are the backups used even if the primaries in the sources are active?

Guru Elite
Posts: 19,995
Registered: ‎03-29-2007

Re: Backups for CPPM sources


Matt Finnie wrote:

I have a Clearpass service setup with three sources. Each source has a number of backups. Lets say each source has a primary and two backups. If a user is not found in the primary of the first source will policy manager check the backups in the same source, then move on to the primary in the next source then each backup in the second source.

My question basically is - are the backups only used if the primary is unavailable or are the backups used even if the primaries in the sources are active?


Matt,

 

The backup in any authentication source is only checked after the Timeout Parameter if there is no answer from the primary.  An authentication source is only checked once for the existence of a user.  If the user does not exist, it moves onto the next authentication source.  Again, the backup server is only checked if there is no answer from the primary.

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Super Contributor II
Posts: 429
Registered: ‎01-19-2011

Re: Backups for CPPM sources

Thanks for that - one more question, I have a customer with a cluster that does not have a designated publisher. If the publisher were to fail would a subscriber promoted to a publisher still have the Clearpass Guest pages available if we pointed the IAPs and controllers to the IP address of the new Publisher.

Guru Elite
Posts: 19,995
Registered: ‎03-29-2007

Re: Backups for CPPM sources


Matt Finnie wrote:

Thanks for that - one more question, I have a customer with a cluster that does not have a designated publisher. If the publisher were to fail would a subscriber promoted to a publisher still have the Clearpass Guest pages available if we pointed the IAPs and controllers to the IP address of the new Publisher.


Matt Finnie,

 

The ClearPass guest pages ARE replicated to the subscriber; however, you would have to designate a backup publisher for Guest Self-Registration to work, because the guest database is read-only on the subscriber.  How to configure a backup publisher  is here:  http://community.arubanetworks.com/t5/Video/VIDEO-High-availability-for-a-ClearPass-Cluster/ta-p/78562

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Super Contributor II
Posts: 429
Registered: ‎01-19-2011

Re: Backups for CPPM sources

The reason I specify "promotion to a publisher" is because they are on different subnets. Once the Subscriber is promoted to a Publisher would the guest DB become a read/write DB for the new publisher.

Guru Elite
Posts: 19,995
Registered: ‎03-29-2007

Re: Backups for CPPM sources

Yes.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: