Hi
We are currently working on a project to replace a legacy Cisco ACS solution with a Clearpass solution for our corporate wireless authentication. Currently our security leaves a little to be desired and as such we want to address this with the Clearpass solution. Our current Cisco ACS solution makes use of an LDAP repository (it queries a global catalogue sever) for user/device attributes.
Our plan is to have a global cluster of CPPM appliances, with two in three regions of the world, so six in total. Each region is served by a different domain with a trust established between them all.
With the above in mind, I was wondering what is the recommended approach for the authentication source, is it 1) join each of the CPPM appliances to its respective domain or 2) continue with an LDAP GC repository. Our AD guys are suggesting the latter of the two, but documentation and other posts in the communities suggest option 1.
Also, what benefit do I gain from using one over the other?
Thanks