03-09-2014 08:53 AM
im looking at load balancing ClearPass with a hardware load balancer and looking at what to consider. if anyone has set this up do share your experience.
what is the wise setup on the ClearPass side, multiple standalone ones or a publisher with subscribers?
in the publisher / subscriber model will this mean i have to access multiple ClearPasses to look at the access tracker or is this combined on the publisher (cant find this anywhere, a technote on all effects for ClearPass clustering would be nice)? what about radius accounting, is it shared?
is "persistence" needed / useful? so should radius traffic from a source always go to the same ClearPass (as long as it is available of course).
for the server certificate, a SAN certificate with the clustername and the device name would be best right? and as a second only the clustername?
what about OnGuard, is it wise to load balance it (so HTTPS i assume) also? is the OnGuard info shared between the ClearPasses or should i have the radius and OnGuard traffic end up on the same server?
and while on the topic, what about Guest, is that also simply load balancable?
i have checked these also:
Solved! Go to Solution.
03-09-2014 11:20 AM
I have attached a document that might help
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
03-13-2014 12:09 PM
I currently have 3 clearpass servers behind a hardware load balancer (1 publisher, 2 subscribers).
You can view the access tracker on just the publisher but you have to choose which server you want to view it for by select it in the drop down list.
I have found that persistance is based on your wireless clients. If you have highly mobile clients you will want to set persistance because when a client roams they may land on a different server and have to go through a full re-auth everytime they roam. I currently have my perisistance set to 12 hours.
I do not currently use onGuard so I can't answer any questions related to that nad hwlb.
07-09-2015 09:57 AM
I am using a hardware load balancer for three CPPMs, what need to be configured on CPPM to make the harware load balancer (citrix load balancer) work?
07-09-2015 02:40 PM
We've not looked at integration with NetScaler specifically. However I suggest you take a look at my TechNote that covers integration with F5 BigIP as a lot of the fundamentals I cover here would apply to ANY SLB. You can find my F5 SLB TechNote on the support site here CPPM and F5 Load-Balancing TechNote v1.0.pdf
Snr Tech Marketing Engineer - ClearPass
-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
07-09-2015 02:52 PM
Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation.