Security

Hi,

a customer requested support for a Clearpass migration from VMWare to Hyper-V. It's a Clearpass cluster, 2 nodes. Only the Publisher need to migrate, the subscriber is in a different datacenter.

The migration itself is not a concern. Would I promote the subscriber to publisher when the publisher is down or would it be best to leave it a subscriber? 

thanks,

Erik

------------------------------
Erik Eckhardt
ACMX #1245, ACDX #968, ACCP, ACSP
------------------------------

Any of your workflows require endpoint / guest account to replicated from publisher will be impacted when publisher is down. For example, if you are using guest registration/ endpoint updates / MDM sync etc as part of your authentication flows, not having a publisher means these accounts / endpoints are not replicated to sub and not available for auth / authz. If you are just doing dot1x / mac auth against the subscriber, publisher being down doesn't impact the authentication. 

Also if the publisher is down for more than 24 hours, you would have drop and re-form the cluster.

Hence it's safer to promote the subscriber as publisher if you are not sure about the change timeline / workflows.


------------------------------
Mathew George
------------------------------

Original Message:
Sent: Jan 26, 2022 03:05 AM
From: Erik Eckhardt
Subject: Clearpass Migration to HyperV

Hi,

a customer requested support for a Clearpass migration from VMWare to Hyper-V. It's a Clearpass cluster, 2 nodes. Only the Publisher need to migrate, the subscriber is in a different datacenter.

The migration itself is not a concern. Would I promote the subscriber to publisher when the publisher is down or would it be best to leave it a subscriber? 

thanks,

Erik

------------------------------
Erik Eckhardt
ACMX #1245, ACDX #968, ACCP, ACSP
------------------------------