Security

Hi everyone,

My scenario is the following. I have two CPPMs in different segments, CPPM1 (publisher) and CPPM2 (subscriber), and I have two clusters of IAPs. What is the best option for handling the authentications?

1. Configured cluster 1 to point to CPPM1 and fail through to CPPM2, and configure cluster 2 to point to CPPM2 and fail through to CPPM1.

2. Configure both clusters to point to CPPM1 and fail through to CPPM2.

3. Configure both clusters to load balance between between CPPM1 and CPPM2.

The load is not and issue and each CPPM can handle all the authentications.

Regards,
Julián

That looks good .

The best option if available is to have a load balancer because it can take in consideration the amount of radius request coming from each site but if not available , your config will do the trick



Thank you

Victor Fabian

Pardon typos sent from Mobile

Hi Victor,

 

Currently customer doesn't have a load balancer, then do you mean the best option is 3 (configure both clusters to load balance between between CPPM1 and CPPM2)?

 

Regards,

Julián

Yes

Sent from Mail for Windows 10

Hi Victor,

 

Many thanks, just a last question. The NAD is load balancing the authentication requests between the two nodes. In the case node 1 fails, does the NAD keep load balancing or it is aware node 1 failed and starts forwarding all the authentication requests to only node 2?

 

Regards,

Julián

The IAP will mark the CPPM-1 down if it is no longer available
Sent from Mail for Windows 10