Security

Reply
Occasional Contributor II
Posts: 20
Registered: ‎04-21-2014

sizing Clearpass for customer at 3 sites

[ Edited ]

Hi all, 

I  has 3 sites: Site 1 (800 users), Site 2 (300 users), Site 3 (300 users). 3 sites connect together by WAN line and each site also connect to Data Center by WAN. I uses AD for authentication. Each site also has local AD and main Domain controller put at Data Center. I only allow to use laptop and desktop to connect to wired network. 

So, I want to control all laptop or destop must join domain and can connect to network. Otherwise, all laptop wil be disable. 

So, I choose: 

Site 1: 3 x CP-500 

Site 2: 1 x CP-500 

Site 3: 1 x CP-500 

Data Center: 1 x CP-5K

The question: 

1/ I can configure the CP as follow? 

Site 1: 2 x CP-500 (cluster) and 1 x CP-500 for backup for 3 sites: Site 1, Site 2, Site 3. 

Site 2: 1 x CP-500, if CP-500 failed, all devices will connect to CP-500 at Site 1 for authenticate. 

Site 3: the same site 2. 

 

2/ if the CP-500 at site 2 and site 3 that is fail, I want all devices still can connect to network without authentication? Can I do that?

Thanks & Best regards, 

Khang

 

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: sizing Clearpass for customer at 3 sites

I would work with an Aruba partner. There are many considerations in multi site designs. 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 20
Registered: ‎04-21-2014

Re: sizing Clearpass for customer at 3 sites

Thank you for your reply. But you can help me to answer: 

1/ I can configure the CP as follow? 

Site 1: 2 x CP-500 (cluster) and 1 x CP-500 for backup for 3 sites: Site 1, Site 2, Site 3. 

Site 2: 1 x CP-500, if CP-500 failed, all devices will connect to CP-500 at Site 1 for authenticate. 

Site 3: the same site 2. 

 

2/ if the CP-500 at site 2 and site 3 that is fail, I want all devices still can connect to network without authentication? Can I do that?

Aruba
Posts: 1,545
Registered: ‎06-12-2012

Re: sizing Clearpass for customer at 3 sites

As Tim state you need to work with your local SE and or partner. ClearPass is based on unique MAC address not users so you will need to size accordingly.

Even if the servers are clustered they do not share the core lic only the feature ( guest, onboard, on guard)
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Occasional Contributor II
Posts: 20
Registered: ‎04-21-2014

Re: sizing Clearpass for customer at 3 sites

Thank you. I understand your question. 

I also have 1 more question: if we only use Clearpass Policy Manager to manage laptop and desktop, we can do as the above way?

Thanks, 

Moderator
Posts: 492
Registered: ‎11-09-2012

Re: sizing Clearpass for customer at 3 sites

A lot of your answer + other things you've not thought of yet shoul dbe in my doc

 

CPPM TechNote - Clustering Design Guidelines V1

 

 


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Occasional Contributor II
Posts: 20
Registered: ‎04-21-2014

Re: sizing Clearpass for customer at 3 sites

thank alot.
Search Airheads
Showing results for 
Search instead for 
Did you mean: