Security

last person joined: 13 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Onboarding in a global cluster?

This thread has been viewed 0 times

  • 1.  Onboarding in a global cluster?

    Posted Mar 05, 2017 07:10 PM

    Hi Forum,

     

    To simplify it (for myself of course), I have 3 CP 5k (one in each global region) with a publisher in the US. I configured onboarding and it is working fine. My question is:

    Under Onboard>>Configuration>>Network Settings>>edit>>trust tab>>Configure trust:

    If I set it to manually configure certificate trust settings, which CP's cert should I add here(from the dropdown)? I understand this cert will be installed on enduser root certs store.

    Should it be the publisher's cert or should I add all 4 CP's here? if so, what should I do if I have 10 CPs instead of 4!!

     

    Thanks in advance.



  • 2.  RE: Onboarding in a global cluster?

    EMPLOYEE
    Posted Mar 05, 2017 07:12 PM
    It's recommended to use a single RADIUS/EAP server certificate in a cluster. Is that the case in your environment?


  • 3.  RE: Onboarding in a global cluster?

    Posted Mar 05, 2017 07:18 PM

    Thanks for the response Tim!

    Each node has it's own Radius cert issued by the root CA (MS PKI).



  • 4.  RE: Onboarding in a global cluster?

    EMPLOYEE
    Posted Mar 05, 2017 07:22 PM
    You should use the auto trust config then.


  • 5.  RE: Onboarding in a global cluster?

    Posted Mar 05, 2017 07:24 PM
    I've noticed with auto trust, iOS devices fail to install the profile.


  • 6.  RE: Onboarding in a global cluster?

    EMPLOYEE
    Posted Mar 05, 2017 07:26 PM
    Did you do step 1 during onboarding which installs your root CA?