Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass 6.7 and Hyper-V Best practices

This thread has been viewed 4 times

  • 1.  ClearPass 6.7 and Hyper-V Best practices

    Posted Feb 14, 2019 06:02 PM

    My question is a Hyper-V guest setting question.  My C3000V apliance takes a lot of disk space and I want to free some of it up.  I allowed for 70 Gb extra space on the Windows partition (after CPPM claimed its disk space), but what I didn't know about Hyper-V was that the default "Automatic Stop Action" is to "save the virtual machine."  The net result of this setting is a bin file equal in size to the quantity of RAM provisioned for the appliance, in this case, 64 Gb.  Now I have almost no space left on the Windows partition.  Theoretically CPPM should run, but I wouldn't ever want to create a checkpoint, for example, with only a couple GB free.

     

    The question - What is the best practice/recommendation around changing the "Automatic Stop Action" from "save" to "Turn off the virtual machine."  How likely am I to experience db corruption (oh yeah, and when will we get a db repair tool...)?  



  • 2.  RE: ClearPass 6.7 and Hyper-V Best practices

    MVP EXPERT
    Posted Feb 15, 2019 02:03 AM
    I think that you better dont use the save the virtual machine mode because when the publisher node server is down the subsciber becomes the publisher (database writes). When the old publischer comes back online again it thinks he is still the publisher because it was saving the current state in hyper-v. That can cause DB corruption.

    Iam not really sure, so maybe some other folks around here have some suggestions.


  • 3.  RE: ClearPass 6.7 and Hyper-V Best practices

    Posted Feb 15, 2019 11:33 AM

    The decision has been made to manually promote the subscriber in the case of a long term Publisher outage.  This may change in the future, but for the time being the "Enable Publisher Failover" option is set to "FALSE,"



  • 4.  RE: ClearPass 6.7 and Hyper-V Best practices

    EMPLOYEE
    Posted Feb 15, 2019 08:57 AM

    https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Default.aspx?EntryId=28162

     

    upgrade document provide recommanded disk space /RAM/CPU allocation. Make sure you have allocated recommanded disk space, we dont have an option in CPPM to extend disk space in later stage like how we do it in Airwave increasing LVMs partitions.

     

    only option in CPPM is to re-install and restore configuration.

     

    If you have lot of inactive guest/ end points , try decrease retention value in cluster-wide paramater/cleanup settings in Administration » Server Manager » Server Configuration page

     

     



  • 5.  RE: ClearPass 6.7 and Hyper-V Best practices

    Posted Feb 15, 2019 12:15 PM
      |   view attached

    Thank you, I am aware of the recommendations.  The CPPM's themselves have ample disk space.  It is the containing volume, from the Microsoft Server perspective, that is running low.  

     

    Please see attached screen shot for a reference to the setting I am asking about.  What is the recommendation for CPPM?  Is there a recommendation?  I would like to change this setting to "Turn off the virtual machine" from the default option of "Save the virtual machine state."

     

    There are no documents (that I could find), best practices, getting started guides or otherwise that address this setting.  Maybe there is no preference.