Security

last person joined: 23 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CPPM - profiling + ingress event processing, performance issue ?

This thread has been viewed 3 times

  • 1.  CPPM - profiling + ingress event processing, performance issue ?

    Posted Dec 05, 2017 09:09 AM

    Hi,

     

    I'm going to deploy a 2xCPVA-5K cluster, for a network of approximatly 6-8k clients, with authentication and Guest access.

     

    I plan on balancing tasks between the two nodes as follows :

     

    Publisher (handling all write operations) :

    - Config changes and replication

    - Insight, Insight master

    - Profiling (active)

    - Ingress events (syslog) processing from a Palo Alto FW

     

    Subscriber (worker node handling client requests) :

    - RADIUS requests handling

    - HTTP requests handling

    - Insight

     

    I'm concernend about performance issues arising from the fact that profiling and event processins are both activated on the same node (strongly discourage by technotes I've read).

     

    Does anybody have experience in that matter, that they could share ?

    Should I plan on adding a third node to the cluster ?

    Sould I go for a diffrent blancing ?

     

    Thanks for your advice.

     



  • 2.  RE: CPPM - profiling + ingress event processing, performance issue ?

    EMPLOYEE
    Posted Dec 05, 2017 09:12 AM
    This is one of the reasons we decoupled licensing from hardware in 6.7. The new licensing model in 6.7 will allow you to stand up another box for very little cost and use it as a dedicated node for profiling, Insight, AirGroup authorization, Ingress Event Engine, etc without having to purchase a set of policy manager licenses.