Security

last person joined: yesterday 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Configuring CPPM to communicate with closest server in the AD forest

  • 1.  Configuring CPPM to communicate with closest server in the AD forest

    Posted Jan 03, 2021 06:48 AM
    Hi,

    I heard about an enhancement that started in Clearpass 6.8.X/6.9 for terminating AD queries
    in the closest AD server in forest, i would like to get more information about the 
    setup/configuration that need to be done i order to achieve that.

    Regards,
    Me



  • 2.  RE: Configuring CPPM to communicate with closest server in the AD forest

    Posted Jan 05, 2021 12:31 PM
    I htin what you after is a feature added by Aruba about 1.5-year back initially in 6.8.4..... so its been there quite some time. The feature called site awareness;

    Features Added in 6.8.4

    * Policy Manager now supports Active Directory site awareness to assist users with domain joins. As part of this feature: (CP‑11528, CP‑35942)
    - The Join AD Domain form now displays a warning message if Policy Manager detects that the domain controller being joined is not the closest one. Users should be aware that they should always join to the domain controller that is physically closest, otherwise authentication might fail or the controller's performance might be impacted.
    - If a user-specified join is not the closest and the warning message is displayed, a Find Domain Controller button is also provided to help the user find the closest domain controllers, and the Join AD Domain form expands to display the list of controllers, or indicates if none were found. Again, the user may still proceed with the join they had first specified.
    - In the CLI, a warning message is also displayed if the specified domain controller is detected as not the closest. However, the CLI does not provide the "find domain controller" functionality that is provided in the Join AD Domain form.


    ------------------------------
    Danny Jump
    "Passionate about CPPM"
    ------------------------------