Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

sizing Clearpass for customer at 3 sites

This thread has been viewed 0 times

  • 1.  sizing Clearpass for customer at 3 sites

    Posted Sep 24, 2015 10:50 PM

    Hi all, 

    I  has 3 sites: Site 1 (800 users), Site 2 (300 users), Site 3 (300 users). 3 sites connect together by WAN line and each site also connect to Data Center by WAN. I uses AD for authentication. Each site also has local AD and main Domain controller put at Data Center. I only allow to use laptop and desktop to connect to wired network. 

    So, I want to control all laptop or destop must join domain and can connect to network. Otherwise, all laptop wil be disable. 

    So, I choose: 

    Site 1: 3 x CP-500 

    Site 2: 1 x CP-500 

    Site 3: 1 x CP-500 

    Data Center: 1 x CP-5K

    The question: 

    1/ I can configure the CP as follow? 

    Site 1: 2 x CP-500 (cluster) and 1 x CP-500 for backup for 3 sites: Site 1, Site 2, Site 3. 

    Site 2: 1 x CP-500, if CP-500 failed, all devices will connect to CP-500 at Site 1 for authenticate. 

    Site 3: the same site 2. 

     

    2/ if the CP-500 at site 2 and site 3 that is fail, I want all devices still can connect to network without authentication? Can I do that?

    Thanks & Best regards, 

    Khang

     



  • 2.  RE: sizing Clearpass for customer at 3 sites

    EMPLOYEE
    Posted Sep 24, 2015 10:54 PM
    I would work with an Aruba partner. There are many considerations in multi site designs. 


    Thanks, 
    Tim


  • 3.  RE: sizing Clearpass for customer at 3 sites

    Posted Sep 25, 2015 02:41 AM

    Thank you for your reply. But you can help me to answer: 

    1/ I can configure the CP as follow? 

    Site 1: 2 x CP-500 (cluster) and 1 x CP-500 for backup for 3 sites: Site 1, Site 2, Site 3. 

    Site 2: 1 x CP-500, if CP-500 failed, all devices will connect to CP-500 at Site 1 for authenticate. 

    Site 3: the same site 2. 

     

    2/ if the CP-500 at site 2 and site 3 that is fail, I want all devices still can connect to network without authentication? Can I do that?



  • 4.  RE: sizing Clearpass for customer at 3 sites

    EMPLOYEE
    Posted Sep 25, 2015 06:01 AM
    As Tim state you need to work with your local SE and or partner. ClearPass is based on unique MAC address not users so you will need to size accordingly.

    Even if the servers are clustered they do not share the core lic only the feature ( guest, onboard, on guard)


  • 5.  RE: sizing Clearpass for customer at 3 sites

    Posted Sep 27, 2015 09:33 PM

    Thank you. I understand your question. 

    I also have 1 more question: if we only use Clearpass Policy Manager to manage laptop and desktop, we can do as the above way?

    Thanks, 



  • 6.  RE: sizing Clearpass for customer at 3 sites

    Posted Sep 27, 2015 11:25 PM

    A lot of your answer + other things you've not thought of yet shoul dbe in my doc

     

    CPPM TechNote - Clustering Design Guidelines V1

     

     



  • 7.  RE: sizing Clearpass for customer at 3 sites

    Posted Sep 28, 2015 12:18 AM
    thank alot.