Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Doubt about VA requirements for CPPM

This thread has been viewed 2 times

  • 1.  Doubt about VA requirements for CPPM

    Posted Jun 19, 2019 03:29 PM

    Hi experts,

     

    I am going to install ClearPass on a network which has around 300 devices simultaneously at most. In order to have redundancy, I am going to install two instances of C1000 VA on a server. In terms of licensing, I am clear I need 300 Access licenses. In terms of performance, when I check the VA requirements for C1000 VA, I see it requires 8 vCPUs, 8 GB RAM and 1 TB HDD. With those requirements ClearPass can support up to 1000 concurrent devices, but my network will have 300 devices at most, a value much lower. In this case, do I still need 8 vCPUs for each instance? Or can I reduce to 4 vCPUs for each without compromising performance? I wonder the same for RAM and HDD. What are your recommendations?

     

    Regards,

    Julián



  • 2.  RE: Doubt about VA requirements for CPPM

    EMPLOYEE
    Posted Jun 19, 2019 03:35 PM

    If you bought new tires for your car would you put half the air in them? :) CPPM is the same. There are specific requirements for a reason and its unsupported to run with less than the minimum requirements. 



  • 3.  RE: Doubt about VA requirements for CPPM

    MVP EXPERT
    Posted Jun 19, 2019 04:40 PM

    Stick to the requirements of a C1000V, keep in mind ClearPass is a core component of your infrastructure.

     

    https://www.arubanetworks.com/techdocs/ClearPass/CP_ReleaseNotes_6.7.0/Content/SystemRequirements/ESXiRequirements.htm



  • 4.  RE: Doubt about VA requirements for CPPM

    Posted Jun 20, 2019 11:06 AM

    Hi guys,

     

    Well, I know if I meet the VA requirements 100% I will have no problems. Maybe I didn't explained myself well. What I actually have is a server with 1 processor and 8 physical cores. Can I have the two instances of ClearPass and assign them 8 vCPU to each one? The Scaling & Ordering Guide talks about vCPU oversubscription:

     

    The ClearPass hardware appliances have the following performance characteristics. Virtual appliance performance for the same models (e.g. C3000V) may differ based hypervisor load (e.g. amount of vCPU oversubscription), CPU architectures and storage types (e.g. SAN vs Internal).

     

    Or do I need to have a server with 16 physical cores to meet the requirements? If so, I don't see the point of virtualization, I would need dedicated hardware for my ClearPass.

     

    Regards,

    Julián



  • 5.  RE: Doubt about VA requirements for CPPM

    MVP EXPERT
    Posted Jun 20, 2019 11:29 AM

    Hi Julian,

     

    In the requirements they talk about having 8 reserved virtual CPUs. Underlying CPU is recommended to have a PassMark® of 3000 or higher.

     

    So technical yes, you have to reservered all CPU if you use a eightcore server.

     

    But why running two ClearPass nodes on one physical server? Thats a strange situation from a redundancy standpoint, thats strongly recommended for a core infrastructure component.



  • 6.  RE: Doubt about VA requirements for CPPM

    Posted Jun 20, 2019 11:50 AM

    Yeah, I realized they said "reserved" vCPU.

     

    But why running two ClearPass nodes on one physical server? Thats a strange situation from a redundancy standpoint, thats strongly recommended for a core infrastructure component.

     

    Well, I know the correct scenario would be install two ClearPass in two different servers instead of one, just trying to make less expensive the solution.

     

    Regards,

    Julián