Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

131

132

133

134

135

136

137

138

139

140

132 | Deploying W-ClearPass Clusters Dell Networking W-ClearPass Deployment Guide

The cluster feature allows for shared configuration and databases. However, it does not provide a virtual IP

address for the cluster, so failover/redundancy for captive portal for Guest relies on Domain Name System

(DNS) lookup or load balancing.

RADIUS clients must define a primary and backup RADIUS server.

Authentication Requests in a Cluster

The typical use case for Policy Manager is to process authentication requests using the policy framework. The

policy framework is a selection of services that work to process authentication requests, but the policy

framework also determines authentication, authorization, posture, enforcement, role, etc. of the

endpoint/end-user.

In the context of cluster operations, authentication typically involves a read-only operation from the

configuration database. A cluster node receives an authentication request, determines the appropriate policies

to apply, and responds appropriately. This does not require a configuration change, and can therefore be

scaled across the entire cluster.

Authentication is performed from the node itself to the configured identity store, whether locally (as synchronized by

the Publisher, for example, a Guest account) or externally, such as with Microsoft Active Directory.

Logs relevant to each authentication request are recorded separately on each node, using that node’s log

database. Centralized reporting is handled by generating a Netevent from the node, which is sent to all Insight

nodes and recorded in the Insight database (for related information, see Deploying W-ClearPass Insight in a

Cluster on page 152).

W-ClearPass Databases

Each W-ClearPass server makes use of the following databases:

l Configuration database. Contains most of the editable entries that can be seen in the W-ClearPass user

interface. This includes, but is not limited to:

n Administrative user accounts

n Local user accounts

n Service definitions

n Role definitions

n Enforcement policies and profiles

n Network access devices

n Guest accounts

n Onboard certificates

n Most of the configuration shown within Guest and Onboard

l Log database. Contains activity logs generated by typical usage of the system. This includes information

shown in Access Tracker and the Event Viewer.

l Insight database. Records historical information generated by the Netevents framework. This database is

used to generate reports (for related information, see Deploying W-ClearPass Insight in a Cluster on page

152).

Publisher/Subscriber Model

W-ClearPass uses a Publisher/Subscriber model to provide multiple-box clustering. Another term for this model

is hub and spoke, where the hub corresponds to the Publisher, and the spokes correspond to the Subscribers.