Security

I understand that Clearpass process Services in a top down approach. I was thinking that where possible it would be best order the most commonly used Services towards the top of the list?

For example, if I have two SSIDs, called SSID-A and SSID-B. SSID-A is hit on average 100 times a day, while SSID-B is head 10,000 times a day, I should place SSID-B above SSID-A?

Does Aruba have any recommendations on disabling the Services that come with a default install? Or moving them to the bottom of the list?

For the record I don't have a Clearpass performance issue, more thing what would "best" to avoid any future performance issues.

Hello,

Yes, ClearPass services works in top down order. Services validated based on the Service filters.

In the current scenario, you need to place SSID-B above SSID-A since it handles more request.

I don't recommend to disable any default services, if we are not sure about the exact functionality of that service. For example, if you disable "[Policy Manager Admin Network Login Service]" service then Policy Manager cannot be accessed other than local admin accounts. If you have separate service created for the default services then you can disable. 

Regards,

James Immanuvel L.

I haven't really heard performance issues that were resolved by changing the order. If there is no functional difference to the order of your services, then yes you can put the service(s) that are used the most towards the top of the services list. I'm pretty sure that the request method (RADIUS/TACACS/Web/App/Disabled) is filtered out immediately, so it probably doesn't give any benefit to move a RADIUS service in front of a TACACS or WebAuth service.

Then, I'd prefer to have the service structure as clear as possible and keep related services together.

And you can monitor the transaction times as well if you move a service, to make sure the response time or system load goes down significantly.