Security

last person joined: 21 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass deployment

This thread has been viewed 1 times

  • 1.  Clearpass deployment

    Posted Aug 31, 2017 11:21 PM

    Hi 

     

    If I have 2 Clearpass on HQ. One is publisher and another one is subscriber. 

     

    Now customer have a new branch and they would like to add more one clearpass. My question is

     

    1. Should I design its as subscriber?

    2. When publisher is fail which subscriber will be promote as publisher? or you recommend manually promote publisher by administrator

    3. All authentication requests from branch will be sent to only subscriber at branch or not

    4. Can I load balance all request across site?

    5. Do you have any design guide for recommend me?

     

    Thank you 



  • 2.  RE: Clearpass deployment

    EMPLOYEE
    Posted Aug 31, 2017 11:34 PM
    It's generally recommended to reach out to your Aruba ClearPass partner when working on a design.

    Take a look at the cluster TechNote which should answer your questions.

    https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=25030


  • 3.  RE: Clearpass deployment

    Posted Sep 01, 2017 02:26 AM

    Thank you

    but When publisher is fail which subscriber will be promote as publisher? Can I set Designated Standby Publisher as 1 for identify Standby Publisher?



  • 4.  RE: Clearpass deployment

    Posted Sep 01, 2017 02:21 PM

    My reading of the document linked above (see page 23) is that you designate one node to be Publisher, and one node to be Standby Publisher.

    If both nodes fail [you have bigger problems] then you will have to manually promote the non-designated node.

    Just my thoughts on reading the tech-note, I've only got two nodes.