Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass N1000 as local server on remote site

This thread has been viewed 12 times
  • 1.  ClearPass N1000 as local server on remote site

    Posted Aug 26, 2024 10:08 AM

    Hi

    This is a more theoretical question, let's say we have customer with offices in four European countries. Total number of concurrent connected devices are 15000. Latency and communication speed well within limits.

    One country as the main country there two N3000 servers are placed with the majority of the users. Two countries have about 2000 concurrent connections and one N3000 server and the first country as secondary Radius server.

    The last country have only 500 concurrent connection. Based on the limits of the concurrent sessions for N1000 this hardware would be enough for this country. But in the Scaling and Ordering Guide it's mentioned a maximum of 4000 Endpoints in the database. 

    If this server is a Subscriber in the same cluster it will get all the endpoints from the other countries, would this be a problem?

    I haven't noticed the same figures before in older versions of the document. But maybe just missed them.



    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------


  • 2.  RE: ClearPass N1000 as local server on remote site

    Posted Aug 27, 2024 04:31 AM

    That table, how I read it, is the endpoint visibility capacity, so you should not profile more than 4000 endpoints.

    If you need a legally binding, confirmative statement that what you do is supported, reach out to TAC or to your local Aruba SE. But I think the answer lies already in your question.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: ClearPass N1000 as local server on remote site

    MVP EXPERT
    Posted 6 days ago
    Haven’t used the function , but in your case you’d use the domain feature in your server config so if you have a widely distributed cluster you define different domains for cluster members and only store endpoints associated with given domain on a given appliance
    (Function might not be called domain, not near a server)
    Sent from my iPhone