Security

Hi,

 

I have a deployment where the Amigopod has to act as a RADIUS server for local users and users located in an AD. As the Amigopod is licensed based on the number of users that it can support, I want to know if it is possible to prioritize the AD users  in case the maximum number of supported users is reached.

Kind regards,

Monica

 

 

 

From what I understand, licensing is based on guest user accounts residing on the Amigopod server. Proxied users should not count against your user license limit. Also, the user license limit is for simultaneous connected guest users. So, you should have no need to prioritize your AD users.

I'm checking this....thank you :smileyhappy:

MonicaOC are you using this with an Aruba WLAN controller?

 

yes,  there will be 2 controllers 3600 and the Amigopod server at the CPD , at the remote sites there will be one RAP5 and Cisco Autonomous Access Points.

So, the authenticator will be the Cisco Access Point and the Amigopod will be the authention server (RADIUS) that access the AD for the 802.1x users. 

Therefore the Amigopod will have guest users and will provide authentication to the AD users at the same time. AD users should have priority in case we reach the licensing limitation,  but if the AD users don't consume licenses, as zjennings says, there won't be any problem. I'm checking this, since I have to be sure the corporate users (AD) won't have any problems.

Thank you... 

Monicaoc,

 

Amigopod is licensed on concurrent user connections and not the capacity of user account created in our local database. Therefore both your local guest account and proxy AD users will count towards your concurrent user licensing. This allows customers with large user communities to only invest in licenses for their peak load of active sessions connecting to the service at the same time.

---

@-cam- wrote:

Monicaoc,

 

Amigopod is licensed on concurrent user connections and not the capacity of user account created in our local database. Therefore both your local guest account and proxy AD users will count towards your concurrent user licensing. This allows customers with large user communities to only invest in licenses for their peak load of active sessions connecting to the service at the same time.

---

Cam,

Thanks for clarifying this. Would this be any different if it was RADIUS proxy (aka Amigopod RADIUS proxy to another RADIUS server)? Is there any circumstance where this would not be the case (Amigopod as a CP replacement with user lookup via RADIUS or LDAP, etc.)?

zjennings wrote

Cam,

Thanks for clarifying this. Would this be any different if it was RADIUS proxy (aka Amigopod RADIUS proxy to another RADIUS server)? Is there any circumstance where this would not be the case (Amigopod as a CP replacement with user lookup via RADIUS or LDAP, etc.)?

---

Our licensing model is based on active RADIUS authentications in flight at any given time so regardless of whether the user account exists in the local database, exteranal RADIUS server or Active Directory.

 

If you were using Amigopod for just a branded Captive Portal replacement and the WLAN controller was talking directly to another RADIUS server or Active Directory you could potentially minimise the licensing requirements on Amigopod but I personally think you would be losing a significant amount of Amigopod's core value in this design.

 

Thank you cam. So, is there any way that we can have these AD users prioritize?  The AD users are corporate users.

Sure, you can change the rank of the available Authentication Servers under the RADIUS Services > Authentication > Authentication Servers page. By default the local database you are using for your guest accounts is set to a rank of 10 so you could potentially adjust the rank of your Active Directory proxy definition to have a lower rank (higher prority)

Thank you! :smileyhappy: Everything is clear now.

Kind regards,

MONICA

Thanks Cam. I agree with the benefits of Amigopod. I just thought I had heard something like that from someone.