Security

Reply
Frequent Contributor I

ClearPass Failover Issues

Performed a DR test this last weekend and was unable to succesfully failover the ClearPass publisher to the subscriber.  They are on 2 geographically separated networks so there is no VIP shared between them.  

My "Standby Publisher" setting wasn't originally configured prior to the DR test, however this was fixed with a quick call to TAC. (pictured here)
Failover setting.JPG

 

However, even though the Standby Publisher was configured in the pic above, when the Publisher VM was shut down, the Subscriber did not take over and self-promote to Publisher.  Waited my configured 5 minutes, then waited the recommended 10 minutes...nothing.  Placed another call to TAC and was informed that the database has to be initialized on the Subscriber during the change-to-a-Publisher process, and that it could take up to 1/2 hour on a 5K.  That to me isn't a logical failover scenario at all...1/2 hour until ClearPass becomes available again?  Not sure if TAC provided me the correct information, but wanted to see if anyone had a similar setup and if so, did you ever succesfully failover to the Subscriber.  

Contributor I

Re: ClearPass Failover Issues

Yes, I have similar setup like you but my cluster is larger which consists 4 subcribers.

Those nodes are sitting at different location geographically and the failover process took around 40 minutes to complete the publisher promotion eventhough the failover check time has configured to 5minutes.

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: