AAA, NAC, Guest Access & BYOD

 View Only
last person joined: one year ago 

Solutions for legacy and existing products and solutions, including Clearpass, CPPM, OnBoard, OnGuard, Guest, QuickConnect, AirGroup, and Introspect
Back to Library

Will Application Access control configuration be retained on the node while adding to the cluster? 

Jan 03, 2018 05:51 AM

Q:

We can configure Application Access Control on each server which could Allow/Deny Applications on ClearPass [like Onguard, Insight, Graphite etc] from certain client subnet by navigating to Administration » Server Manager » Server Configuration » Network as shown below:

Will these configuration be retained after adding the server as Subscriber to a cluster?

 



A:

When a server is added to a cluster, it's database would be reset and it will start replicating data from the Publisher server as shown below: 

INFO - Subscriber node entry added in publisher
INFO - Backup databases for AppPlatform
INFO - Backup databases for PolicyManager
INFO - Stopping services
INFO - Dropped existing databases for Policy Manager                                >>// Current Database on the server is wiped.
INFO - Create database and schema for Policy Manager
INFO - Local database setup done for Policy Manager databases
INFO - Subscriber password changed
INFO - Syncing up initial data...
INFO - Config database temporarily locked for updates
INFO - xx.xx.xx.xx: - Backup databases for AppPlatform
INFO - xx.xx.xx.xx: - Backup databases for PolicyManager
INFO - Config database lock released
INFO - Subscriber now replicating from publisher xx.xx.xx.xx
INFO - Retaining local node certificate
INFO - Restoring log database...
INFO - Restore started for AppPlatform databases
INFO - Restore complete for AppPlatform databases
INFO - Restore started for PolicyManager databases
INFO - Database size after restore for tipsLogDb: 12 MB
INFO - Restore complete for PolicyManager databases
INFO - Subscriber replication and node setup complete
INFO - Notify publisher that adding subscriber is complete
INFO - Subscriber added successfully
INFO - Restarting Policy Manager admin server
Make subscriber complete. Re-login after sometime

When the database is wiped on the server, it will also clear the Application access control Network rules [Note: It will not replicate the Application Access Control configuration from Publisher as these are server specific].

Server after adding to the cluster:

Hence when we are adding a server to the cluster which has Application Access Control configured it's recommended to manually add those configurations again. 

[Note: Backup will not have Application Access configuration]


#6.5

Statistics
0 Favorited
4 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.