Security

Hello

One of our customers want to deploy Clearpass in Azure. They have a cloud first philosophy. The company is located in many different country’s and interconnected via WAN and all have local internet breakout. They want to deploy Clearpass fully in the cloud and ask the question what the bandwidth requirements are between site’s and cloud for this kind on Clearpass deployment

 Looking around I clouded find and reference numbers for this. The only answer I got so far “its equal to and on prem solution”. I know bandwidth consumption for Radius is low and RTT is time critical( <150mS). but we are looking for figures for bandwidth consumption for x number of Radius, Tacacs authentications and x Guest portal usages. per sec

Not an easy one to answer, but let me start by correcting the 150ms, this got out somehow a few months back when we were in the infancy of deploying CPPM in VPC's / VNets.... 200ms RTT like what is used for traditional CPPM on-prem clusters, but note this is a guideline, RTT is only ONE SMALL metric in relation to clustering over a WAN, the TRUE figure is data-path throughput, and that's very much tied into my answer below that there is a correlation to load, and load is the sum of authN, Captive-Portal, TACACS+ etc.

My own feeling but we've no evidence for this currently is that 200ms for cloud to cloud cluster is low, with no last-mile thin-pipe to deal with, over time I want to have our QA validate cluster perf over higher RTT data-paths, buts that's not something we have to time to do today.

In a doc I write 5+ years back, CPPM clustering I did provide guidelines for bandwidth, can I suggest you start their for guidance.

https://support.hpe.com/hpsc/doc/public/display?docId=a00100359en_us