Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Publisher failover

This thread has been viewed 7 times

  • 1.  Publisher failover

    Posted Oct 17, 2014 05:18 AM

    What are the failover times between publisher and Designated publisherwhen L2 or L3 failover is employed in a clearpass environment .



  • 2.  RE: Publisher failover

    EMPLOYEE
    Posted Oct 17, 2014 08:10 AM

    That is designated with the failover timer on this screen...Administration --> Server manager --> server configuration --> Cluster wide parameters in the top right.

     

    Screenshot 2014-10-17 08.09.07.png



  • 3.  RE: Publisher failover

    Posted Oct 17, 2014 08:31 AM

    So 10 seconds for VIP failover then 10 minutes for standby Publisher failover. Do you know what the range of values are? the user guide doesn't say. At the moment I only have access to a live system and don't want to play around to find out.



  • 4.  RE: Publisher failover

    Posted Oct 17, 2014 12:33 PM

    The minimum failover setting is 5 minutes. However it takes a few minutes for the standby Pub to promote into an active state. Here is a copy/paste from a CPPm Clustering TechNote that is close to being pubished.

     

    The Standby-Publisher

    Any subscriber within a cluster can be manually promoted to be the active Publisher for the cluster once the Active Publisher has failed. Sometimes its pertinent that this be a manual procedure but during the time that a cluster does not have an active Publisher some functions across the cluster do not exist, e.g. Creation of Guest accounts… the full list is documented later in this section What do you lose when the Publisher fails?

     

    Now, whilst some customers may be content with having to manually promote a Subscriber, demand from the field and our customers required that we provide an automated method to allow for a specific node to auto-promote itself within the cluster thus ensuring that any service degradation is limited to an absolute minimum.

     

    This feature was introduced in CPPM 6.1 to allow for a Subscriber to AUTO promote itself from a Standby Subscriber to that of the Active Publisher. Configuration of the Standby Publisher is completed in the Cluster-Wide Parameters under Administration -> Server Manager -> Server Configuration -> Cluster-Wide Parameters

     

    Note: Before you can designate a CPPM node as a Designated Publisher, the nodes have to be clustered. For more information covering the process of cluster operations, see the section below on Cluster Operation Commands.

     

    Ensure that ‘Enable Publisher Failover’ is set to TRUE, in the ‘Designated Standby Publisher’ drop down, then select the CPPM node required to operate as the Standby node.

     

    Note: The Standby-Publisher can still perform full Subscriber duties. However in large deployment, say when over 20 CPPM nodes are deployed the Publisher and Standby-Publisher might be dedicated nodes and not be performing ANY work beyond cluster configuration and creating Guest accounts and Onboarding users.

     

    Note: The default failover timer is set to 10 minutes, 5 minutes being the minimum value you can select before the standby publisher begins to promote itself to an active state.