Security

 View Only
last person joined: 20 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass Failover Issues

This thread has been viewed 1 times

  • 1.  ClearPass Failover Issues

    Posted May 23, 2016 04:02 PM

    Performed a DR test this last weekend and was unable to succesfully failover the ClearPass publisher to the subscriber.  They are on 2 geographically separated networks so there is no VIP shared between them.  

    My "Standby Publisher" setting wasn't originally configured prior to the DR test, however this was fixed with a quick call to TAC. (pictured here)
    Failover setting.JPG

     

    However, even though the Standby Publisher was configured in the pic above, when the Publisher VM was shut down, the Subscriber did not take over and self-promote to Publisher.  Waited my configured 5 minutes, then waited the recommended 10 minutes...nothing.  Placed another call to TAC and was informed that the database has to be initialized on the Subscriber during the change-to-a-Publisher process, and that it could take up to 1/2 hour on a 5K.  That to me isn't a logical failover scenario at all...1/2 hour until ClearPass becomes available again?  Not sure if TAC provided me the correct information, but wanted to see if anyone had a similar setup and if so, did you ever succesfully failover to the Subscriber.  



  • 2.  RE: ClearPass Failover Issues

    Posted May 25, 2016 11:20 AM

    Yes, I have similar setup like you but my cluster is larger which consists 4 subcribers.

    Those nodes are sitting at different location geographically and the failover process took around 40 minutes to complete the publisher promotion eventhough the failover check time has configured to 5minutes.