Security

Reply
Occasional Contributor II
Posts: 16
Registered: ‎09-27-2010

CPPM Authentication Source Cache Timeout to 0 ?

[ Edited ]

Does anyone see a problem with setting the Cache Timeout to 0 - 300s? What we are trying to achieve is only allowing users connect to wifi if they badge in using their campus ID card. We want to utilize CPPM and its functionality to search AD/LDAP attributes.

So we would want to achieve the following:

  • When student arrives on campus, they will badge in with their ID.
  • The ID software will then update an attribute in ActiveDirectory/LDAP, "pager" and will change it to say 1, so that we know that this user has tapped into the system and is on campus.
  • CPPM Rules:
    • If user is a "student" AND "pager = 1" then user can connect. (User is a student and has badged in)
    • If user is a "student" AND "pager is not 1" then user can't connect. (User is a student but has not badged in, no wifi)
  • I've tested a trial run in our Test environment, with CPPM, I have two authentication sources from Active Directory.
    • Authentication Source: AD Server 1, with cache timeout set to it's default 36000s. This will be for main authentication
    • Authentication Source: AD Server 2, which is looking for a change in the "pager" attribute., with cache timeout set to 0-300s

I know I can do all of this using one authentication source with a very low Cache Timout, but I'm just not sure if the load will be too great? We would hypothetically have 1500 users authenticating at peak hours or beginning of the day.

 

Any recommended settings would be appreciated? My main worry is if CPPM could handle that load?

 

Thanks

Aruba
Posts: 1,540
Registered: ‎06-12-2012

Re: CPPM Authentication Source Cache Timeout to 0 ?

We have customers doing 2 million plus Auths and authZ request a day on a single 25k appliances with no performance issues on the CPPM side. The only issue that I have seen is if the AD is not running to full specs
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Occasional Contributor II
Posts: 16
Registered: ‎09-27-2010

Re: CPPM Authentication Source Cache Timeout to 0 ?

Thanks for the quick reply Troy. 

 

We are on a single 5K -VM Appliance. So we are only a fraction of the type of environment you are mentioning. But that is comforting to know that CPPM can do this. We wiil most likely bump up the specs on our Authentiaction servers to handle the load.

Search Airheads
Showing results for 
Search instead for 
Did you mean: