Security

Reply
Frequent Contributor I

Clearpass deployment

Hi 

 

If I have 2 Clearpass on HQ. One is publisher and another one is subscriber. 

 

Now customer have a new branch and they would like to add more one clearpass. My question is

 

1. Should I design its as subscriber?

2. When publisher is fail which subscriber will be promote as publisher? or you recommend manually promote publisher by administrator

3. All authentication requests from branch will be sent to only subscriber at branch or not

4. Can I load balance all request across site?

5. Do you have any design guide for recommend me?

 

Thank you 

Guru Elite

Re: Clearpass deployment

It's generally recommended to reach out to your Aruba ClearPass partner when working on a design.

Take a look at the cluster TechNote which should answer your questions.

https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=25030

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I

Re: Clearpass deployment

Thank you

but When publisher is fail which subscriber will be promote as publisher? Can I set Designated Standby Publisher as 1 for identify Standby Publisher?

MVP

Re: Clearpass deployment

My reading of the document linked above (see page 23) is that you designate one node to be Publisher, and one node to be Standby Publisher.

If both nodes fail [you have bigger problems] then you will have to manually promote the non-designated node.

Just my thoughts on reading the tech-note, I've only got two nodes.

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: