Security

Reply
Occasional Contributor I

CPPM - profiling + ingress event processing, performance issue ?

Hi,

 

I'm going to deploy a 2xCPVA-5K cluster, for a network of approximatly 6-8k clients, with authentication and Guest access.

 

I plan on balancing tasks between the two nodes as follows :

 

Publisher (handling all write operations) :

- Config changes and replication

- Insight, Insight master

- Profiling (active)

- Ingress events (syslog) processing from a Palo Alto FW

 

Subscriber (worker node handling client requests) :

- RADIUS requests handling

- HTTP requests handling

- Insight

 

I'm concernend about performance issues arising from the fact that profiling and event processins are both activated on the same node (strongly discourage by technotes I've read).

 

Does anybody have experience in that matter, that they could share ?

Should I plan on adding a third node to the cluster ?

Sould I go for a diffrent blancing ?

 

Thanks for your advice.

 

Highlighted
Guru Elite

Re: CPPM - profiling + ingress event processing, performance issue ?

This is one of the reasons we decoupled licensing from hardware in 6.7. The new licensing model in 6.7 will allow you to stand up another box for very little cost and use it as a dedicated node for profiling, Insight, AirGroup authorization, Ingress Event Engine, etc without having to purchase a set of policy manager licenses.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: