Security

last person joined: 10 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Backups for CPPM sources

This thread has been viewed 2 times

  • 1.  Backups for CPPM sources

    Posted Nov 06, 2013 04:46 AM

    I have a Clearpass service setup with three sources. Each source has a number of backups. Lets say each source has a primary and two backups. If a user is not found in the primary of the first source will policy manager check the backups in the same source, then move on to the primary in the next source then each backup in the second source.

    My question basically is - are the backups only used if the primary is unavailable or are the backups used even if the primaries in the sources are active?



  • 2.  RE: Backups for CPPM sources

    EMPLOYEE
    Posted Nov 06, 2013 05:40 AM
    @matt Finnie wrote:

    I have a Clearpass service setup with three sources. Each source has a number of backups. Lets say each source has a primary and two backups. If a user is not found in the primary of the first source will policy manager check the backups in the same source, then move on to the primary in the next source then each backup in the second source.

    My question basically is - are the backups only used if the primary is unavailable or are the backups used even if the primaries in the sources are active?

    Matt,

     

    The backup in any authentication source is only checked after the Timeout Parameter if there is no answer from the primary.  An authentication source is only checked once for the existence of a user.  If the user does not exist, it moves onto the next authentication source.  Again, the backup server is only checked if there is no answer from the primary.

     



  • 3.  RE: Backups for CPPM sources

    Posted Nov 06, 2013 05:59 AM

    Thanks for that - one more question, I have a customer with a cluster that does not have a designated publisher. If the publisher were to fail would a subscriber promoted to a publisher still have the Clearpass Guest pages available if we pointed the IAPs and controllers to the IP address of the new Publisher.



  • 4.  RE: Backups for CPPM sources
    Best Answer

    EMPLOYEE
    Posted Nov 06, 2013 07:25 AM
    @matt Finnie wrote:

    Thanks for that - one more question, I have a customer with a cluster that does not have a designated publisher. If the publisher were to fail would a subscriber promoted to a publisher still have the Clearpass Guest pages available if we pointed the IAPs and controllers to the IP address of the new Publisher.

    Matt Finnie,

     

    The ClearPass guest pages ARE replicated to the subscriber; however, you would have to designate a backup publisher for Guest Self-Registration to work, because the guest database is read-only on the subscriber.  How to configure a backup publisher  is here:  http://community.arubanetworks.com/t5/Video/VIDEO-High-availability-for-a-ClearPass-Cluster/ta-p/78562



  • 5.  RE: Backups for CPPM sources

    Posted Nov 06, 2013 08:04 AM

    The reason I specify "promotion to a publisher" is because they are on different subnets. Once the Subscriber is promoted to a Publisher would the guest DB become a read/write DB for the new publisher.



  • 6.  RE: Backups for CPPM sources
    Best Answer

    EMPLOYEE
    Posted Nov 06, 2013 08:07 AM

    Yes.