Security

According to the datasheet you shared: yes it will synchronize accounts:

This tool enables efficient sync of configuration, user, guest, and device objects across individual CPPM clusters.

CPPM Sync is a professional service, and it will be configured for you:

To find out more about how our ClearPass Synchronization Service can dramatically simplify your approach to managing ClearPass clusters across numerous geographically remote sites, please contact Aruba Sales. Request to see a demonstration walk-through of the CPPMSync tool.

Thank you for the quick response Herman. I am not really sure if I can relay on the Document to propose this solution to the customer. If I can get a confirmation from Aruba or anyone who implemented this solution, That'll be a great help.

We are unable to conclude this with HPE professional services so far.

Thank you,

Bharath Kumar.

According to the datasheet you shared: yes it will synchronize accounts:

This tool enables efficient sync of configuration, user, guest, and device objects across individual CPPM clusters.

CPPM Sync is a professional service, and it will be configured for you:

To find out more about how our ClearPass Synchronization Service can dramatically simplify your approach to managing ClearPass clusters across numerous geographically remote sites, please contact Aruba Sales. Request to see a demonstration walk-through of the CPPMSync tool.

Hi

What is your exact use case to replicate data between the clusters?

I have been looking at the CPPM Sync service a bit for a customer running three clusters today, but they had six clusters a few years ago. The idea in that case was to replicate configuration to eliminate the need to do configuration changes on multiple clusters when new rules where added.

I concluded that the CPPM Sync Service is too expensive to use in such scenario, but it will for sure solve some cases if you have a lot of clusters, tens or hundreds, where you need to replicate the configuration.

With the customer I now have regional configurations for the different clusters and the configuration have some minor differences as the servers are connecting to the nearest AD domain controllers etc. I do not have a need to replicate local users, as authentication and authorization is done with AD users, There are also no need to replicate guest accounts in this case as it's "unlikely" that a guest user registered in the US will appear within a few hours in an European office.

I can see a use case for the Sync service for another customer where they would like the Staging and Production environments to be identical. In this case it would be nice to only push the validated configuration from the Staging cluster to the Production cluster and not do any administation and configuration changes in production. But the price tag is to high to implement this.

Thank you for the quick response Herman. I am not really sure if I can relay on the Document to propose this solution to the customer. If I can get a confirmation from Aruba or anyone who implemented this solution, That'll be a great help.

We are unable to conclude this with HPE professional services so far.

Thank you,

Bharath Kumar.

According to the datasheet you shared: yes it will synchronize accounts:

This tool enables efficient sync of configuration, user, guest, and device objects across individual CPPM clusters.

CPPM Sync is a professional service, and it will be configured for you:

To find out more about how our ClearPass Synchronization Service can dramatically simplify your approach to managing ClearPass clusters across numerous geographically remote sites, please contact Aruba Sales. Request to see a demonstration walk-through of the CPPMSync tool.

Hello Jonas,

The customer is creating Credentials (Local User accounts and Guest Accounts using API's from a centralized portal globally).  This setup is only pointed to one of the current prod cluster. They acquired a new entity where they want to replicate the same credentials from Global Cluster to the new Cluster. Due to security reasons, They do not want to point the New Entity to their application for user creation  .

Thank you,

Bharath.

Hi

What is your exact use case to replicate data between the clusters?

I have been looking at the CPPM Sync service a bit for a customer running three clusters today, but they had six clusters a few years ago. The idea in that case was to replicate configuration to eliminate the need to do configuration changes on multiple clusters when new rules where added.

I concluded that the CPPM Sync Service is too expensive to use in such scenario, but it will for sure solve some cases if you have a lot of clusters, tens or hundreds, where you need to replicate the configuration.

With the customer I now have regional configurations for the different clusters and the configuration have some minor differences as the servers are connecting to the nearest AD domain controllers etc. I do not have a need to replicate local users, as authentication and authorization is done with AD users, There are also no need to replicate guest accounts in this case as it's "unlikely" that a guest user registered in the US will appear within a few hours in an European office.

I can see a use case for the Sync service for another customer where they would like the Staging and Production environments to be identical. In this case it would be nice to only push the validated configuration from the Staging cluster to the Production cluster and not do any administation and configuration changes in production. But the price tag is to high to implement this.

Thank you for the quick response Herman. I am not really sure if I can relay on the Document to propose this solution to the customer. If I can get a confirmation from Aruba or anyone who implemented this solution, That'll be a great help.

We are unable to conclude this with HPE professional services so far.

Thank you,

Bharath Kumar.

According to the datasheet you shared: yes it will synchronize accounts:

This tool enables efficient sync of configuration, user, guest, and device objects across individual CPPM clusters.

CPPM Sync is a professional service, and it will be configured for you:

To find out more about how our ClearPass Synchronization Service can dramatically simplify your approach to managing ClearPass clusters across numerous geographically remote sites, please contact Aruba Sales. Request to see a demonstration walk-through of the CPPMSync tool.

Hello Jonas,

The customer is creating Credentials (Local User accounts and Guest Accounts using API's from a centralized portal globally).  This setup is only pointed to one of the current prod cluster. They acquired a new entity where they want to replicate the same credentials from Global Cluster to the new Cluster. Due to security reasons, They do not want to point the New Entity to their application for user creation  .

Thank you,

Bharath.

Hi

What is your exact use case to replicate data between the clusters?

I have been looking at the CPPM Sync service a bit for a customer running three clusters today, but they had six clusters a few years ago. The idea in that case was to replicate configuration to eliminate the need to do configuration changes on multiple clusters when new rules where added.

I concluded that the CPPM Sync Service is too expensive to use in such scenario, but it will for sure solve some cases if you have a lot of clusters, tens or hundreds, where you need to replicate the configuration.

With the customer I now have regional configurations for the different clusters and the configuration have some minor differences as the servers are connecting to the nearest AD domain controllers etc. I do not have a need to replicate local users, as authentication and authorization is done with AD users, There are also no need to replicate guest accounts in this case as it's "unlikely" that a guest user registered in the US will appear within a few hours in an European office.

I can see a use case for the Sync service for another customer where they would like the Staging and Production environments to be identical. In this case it would be nice to only push the validated configuration from the Staging cluster to the Production cluster and not do any administation and configuration changes in production. But the price tag is to high to implement this.

Thank you for the quick response Herman. I am not really sure if I can relay on the Document to propose this solution to the customer. If I can get a confirmation from Aruba or anyone who implemented this solution, That'll be a great help.

We are unable to conclude this with HPE professional services so far.

Thank you,

Bharath Kumar.

According to the datasheet you shared: yes it will synchronize accounts:

This tool enables efficient sync of configuration, user, guest, and device objects across individual CPPM clusters.

CPPM Sync is a professional service, and it will be configured for you:

To find out more about how our ClearPass Synchronization Service can dramatically simplify your approach to managing ClearPass clusters across numerous geographically remote sites, please contact Aruba Sales. Request to see a demonstration walk-through of the CPPMSync tool.

If that is the use-case, creating credentials in multiple clusters via the API, why not send that API call to 2 publishers instead of just the current one?

CPPMSync sounds like over-kill for this scenario.

Hello Jonas,

The customer is creating Credentials (Local User accounts and Guest Accounts using API's from a centralized portal globally).  This setup is only pointed to one of the current prod cluster. They acquired a new entity where they want to replicate the same credentials from Global Cluster to the new Cluster. Due to security reasons, They do not want to point the New Entity to their application for user creation  .

Thank you,

Bharath.

Hi

What is your exact use case to replicate data between the clusters?

I have been looking at the CPPM Sync service a bit for a customer running three clusters today, but they had six clusters a few years ago. The idea in that case was to replicate configuration to eliminate the need to do configuration changes on multiple clusters when new rules where added.

I concluded that the CPPM Sync Service is too expensive to use in such scenario, but it will for sure solve some cases if you have a lot of clusters, tens or hundreds, where you need to replicate the configuration.

With the customer I now have regional configurations for the different clusters and the configuration have some minor differences as the servers are connecting to the nearest AD domain controllers etc. I do not have a need to replicate local users, as authentication and authorization is done with AD users, There are also no need to replicate guest accounts in this case as it's "unlikely" that a guest user registered in the US will appear within a few hours in an European office.

I can see a use case for the Sync service for another customer where they would like the Staging and Production environments to be identical. In this case it would be nice to only push the validated configuration from the Staging cluster to the Production cluster and not do any administation and configuration changes in production. But the price tag is to high to implement this.

Thank you for the quick response Herman. I am not really sure if I can relay on the Document to propose this solution to the customer. If I can get a confirmation from Aruba or anyone who implemented this solution, That'll be a great help.

We are unable to conclude this with HPE professional services so far.

Thank you,

Bharath Kumar.

According to the datasheet you shared: yes it will synchronize accounts:

This tool enables efficient sync of configuration, user, guest, and device objects across individual CPPM clusters.

CPPM Sync is a professional service, and it will be configured for you:

To find out more about how our ClearPass Synchronization Service can dramatically simplify your approach to managing ClearPass clusters across numerous geographically remote sites, please contact Aruba Sales. Request to see a demonstration walk-through of the CPPMSync tool.

Hello Herman,

They do not want to link the New entity with their Central User repository due to some security concerns. I am struggling to get the confirmation  regarding the Credential sync using CPPM Sync Extension from HPE sales/PS .

I believe this is the only solution which can tackle our problem . 

Thank you,

Bharath.

If that is the use-case, creating credentials in multiple clusters via the API, why not send that API call to 2 publishers instead of just the current one?

CPPMSync sounds like over-kill for this scenario.

Hello Jonas,

The customer is creating Credentials (Local User accounts and Guest Accounts using API's from a centralized portal globally).  This setup is only pointed to one of the current prod cluster. They acquired a new entity where they want to replicate the same credentials from Global Cluster to the new Cluster. Due to security reasons, They do not want to point the New Entity to their application for user creation  .

Thank you,

Bharath.

Hi

What is your exact use case to replicate data between the clusters?

I have been looking at the CPPM Sync service a bit for a customer running three clusters today, but they had six clusters a few years ago. The idea in that case was to replicate configuration to eliminate the need to do configuration changes on multiple clusters when new rules where added.

I concluded that the CPPM Sync Service is too expensive to use in such scenario, but it will for sure solve some cases if you have a lot of clusters, tens or hundreds, where you need to replicate the configuration.

With the customer I now have regional configurations for the different clusters and the configuration have some minor differences as the servers are connecting to the nearest AD domain controllers etc. I do not have a need to replicate local users, as authentication and authorization is done with AD users, There are also no need to replicate guest accounts in this case as it's "unlikely" that a guest user registered in the US will appear within a few hours in an European office.

I can see a use case for the Sync service for another customer where they would like the Staging and Production environments to be identical. In this case it would be nice to only push the validated configuration from the Staging cluster to the Production cluster and not do any administation and configuration changes in production. But the price tag is to high to implement this.

Thank you for the quick response Herman. I am not really sure if I can relay on the Document to propose this solution to the customer. If I can get a confirmation from Aruba or anyone who implemented this solution, That'll be a great help.

We are unable to conclude this with HPE professional services so far.

Thank you,

Bharath Kumar.

According to the datasheet you shared: yes it will synchronize accounts:

This tool enables efficient sync of configuration, user, guest, and device objects across individual CPPM clusters.

CPPM Sync is a professional service, and it will be configured for you:

To find out more about how our ClearPass Synchronization Service can dramatically simplify your approach to managing ClearPass clusters across numerous geographically remote sites, please contact Aruba Sales. Request to see a demonstration walk-through of the CPPMSync tool.