im looking at load balancing ClearPass with a hardware load balancer and looking at what to consider. if anyone has set this up do share your experience.
what is the wise setup on the ClearPass side, multiple standalone ones or a publisher with subscribers?
in the publisher / subscriber model will this mean i have to access multiple ClearPasses to look at the access tracker or is this combined on the publisher (cant find this anywhere, a technote on all effects for ClearPass clustering would be nice)? what about radius accounting, is it shared?
is "persistence" needed / useful? so should radius traffic from a source always go to the same ClearPass (as long as it is available of course).
for the server certificate, a SAN certificate with the clustername and the device name would be best right? and as a second only the clustername?
what about OnGuard, is it wise to load balance it (so HTTPS i assume) also? is the OnGuard info shared between the ClearPasses or should i have the radius and OnGuard traffic end up on the same server?
and while on the topic, what about Guest, is that also simply load balancable?
i have checked these also:
http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Aruba-clearpass-servers-load-balacing-with-F5-Big-IP/td-p/93026/
http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Load-balance-clearpass-servers/m-p/80122/
http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Best-practice-Load-balancing-radius-over-four-ClearPass-servers/m-p/49228