Security

I just ran into an issue while attempting a CPPM cluster update from 6.8.3 to 6.8.4 to a six node international cluster.  I didn't pre-load the images at each server as this was a new install.  When i kicked off the update the pub tries pushing a 1.15G image to each subscriber, this pegged a 10MB circuit at a remote location housing two subscribers for roughly 25Mins.  

Is it possible for the upgrade process to pull the images locally in an automated fashion rather than manually, to aloid the bottle neck on the MPLS link?  Can CPPM set throttle points for remote servers?  Also, during these file transfers, what protocol is used? HTTPS?  if so it will be difficult to handle via traffic classification on MPLS.  Any suggestions here?

Thanks,

Jeff

Link proivdes list of ports used by CPPM

https://community.arubanetworks.com/t5/Security/Clearpass-cluster-traffic-firewall/td-p/59360

Clearpass uses https in cluster for bi-directional communication, it is expected behaviour. If you are using cluster tool to upgrade servers we need to upload package in publisher itself, publisher will automiatcally push image to subcribers.

We can download image on individual servers if server have internet access and initiate upgrade on each server manually, we need to first upgrade publisher and then subcribers each.

Pavan,

I understand the upgrade process and how the files are pushed from the pub to all subs.  The question is, Is there any way to limit the throughput of those transmissions from the PUB?  For example can i say that the max upgrade file xfer rate is 5Mbps per node?  to avoid causing network bottlenecks like we experienced.

Thanks

Jeff

No this is not possible. If you really need this you can maybe throttle the bandwidth using a qos policy at the switches or firewall. However, in mine opinion this is something you don’t want to implement because of maybe some unexpected side effects.

Thanks William!  sounds like a feature request

Jeff