Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

141

142

143

144

145

146

147

148

149

150

Table 25: Configuring Standby Publisher Parameters

Parameter Action/Description

Enable Publisher Failover

1. To authorize a node in a cluster on the system to act as a

Publisher if the primary Publisher fails, select TRUE.

The default value is FALSE.

Designated Standby Publisher

2. From the drop-down, select the CPPM server in the cluster that

will serve as the Standby Publisher.

Failover Wait Time

3. Specify the time (in minutes) for which the secondary node waits

after the primary node fails before it acquires a virtual IP address.

The default failover wait time is 10 minutes, 5 minutes being the

minimum value you can select before the Standby Publisher

begins to promote itself to an active state. This prevents the

secondary node from taking over when the primary node is

temporarily unavailable during restart.

4. When finished, click Save.

About the Fail-Over Process

The Standby Publisher health-checks the primary Publisher every 60 seconds by making an SQL call to the

active Publisher. If this SQL call fails, after ten additional attempts (one per minute), the Standby Publisher

begins the process of promoting itself to be the active Publisher.

The process used to verify the reachability of the remote W-ClearPassPolicy Manager nodes uses an outbound

HTTPS call. As noted in Network Ports That Must Be Enabled on page 134, port 443/TCP must be open

between all the nodes in the cluster. Utilizing this HTTPS health check provides for a more robust and

predictable failover process.

When a Publisher failure is detected, the designated subscriber node is promoted to active Publisher status.

The other subscriber nodes automatically update and replicate their configuration with the new Publisher,

which resolves the issue.

Mitigation Strategies

The recommended mitigation strategies for deploying a Standby Publisher are as follows:

l Use a virtual IP address for the Publisher.

Doing so reduces the potential for a prolonged service outage while the active Publisher is out of service or

promoting the Standby Publisher (for related information, see Virtual IPAddress Considerations.

It is good practice that when you configure a Standby Publisher and deploy a virtual IPaddress, the Standby Publisher

should be paired with the active Publisher in the VIP group.

l Ensure that the cluster nodes are being monitored.

Determine if a Publisher node is no longer reachable or not providing service (for example, by SNMP host

checking).

l Set up the network access devices (NADs) to point to a primary node, backup node, and a tertiary node.

Doing so provides for continuity of the RADIUS authentication and accounting traffic until the Standby

Publisher transitions to the active state.

Dell Networking W-ClearPass Deployment Guide Deploying W-ClearPass Clusters | 145