Security

Hi,

We used to have a large CPPM 5K cluster ( members 0-8 with 2 hardware appliances and the rest VMs)  and had insight master assigned to one of the members that wan;t configured to process authentication requests.

Ater a shuffle around we pruned down the cluster to

master publisher - 5K vm no auths

clearpass1 - 25K VM

cleaspass2 - 25K VM

clearpass5 - 5K hardware

clearpass7 - 5K VM insight master

clearpass9 - 5K hardware

( names need changing) 

In a previous life in the cluster clearpass[12] were 5K VMs.

All old cluster members were removed from the cluster using the appropraite commands.

What we've found is that insight is only showing info from the hardware appliances and nothing from the new clearpass[12] 25K VMs even though they are processing authentication requests.

Given that clearpass7 has always been there is there an issue with us changing clearpass[12] to 25K VMs thats cauing a problem? The new clearpass[12] VMs have the same IP addresses as the old 5K ones.

don't think I've ever set anything up spoecifically for insight other than defining the master insight server

Do you have Insight enabled on at least 2 nodes ? Is Insight master running on the node with less usage ?

Nope, Just got 1 insight server on a cluster member that doesn't do authentication.

Only got 1 insight server defined .... the thing is that looking at the insight web page, in the dropdown list where you can select which cluser member you want to view data about, you can see all the old cluster members and not the new cluster members

Sounds like a bug that might require TAC help.

I know this won't fix your problem but I would suggest you to have Insight enabled on 2 nodes for a cluster this big.