IC Active/Active

Rohit_ · ‎02-28-2009

I need to build a solution with below queries: -

1. Can I configure two or more IC units in active/active configuration (without using load balancers) wherein the units are in separate IP subnets (as all are placed in different locations for redundancy).

I will configure the UAC clients to have IP addresses of all the IC units of the cluster. Half of the UAC clients will have one unit as primary IC (Unit A) and the other unit as secondary IC (Unit B). Similarly remaining UAC clients will have one unit as primary IC (Unit B) and the other unit as secondary IC (Unit A).

Will the above scenario work?

2. Also how will the switches (authenticator) behave as now there are two RADIUS servers?

3. And can I integrate all the IC to integrate with all the Infranet enforcer (SSG firewall) and push dynamic polices to all of them simultaneouslyƒ?

JintsFan_ · ‎03-16-2009

1. If you are using 802.1X and no layer 3, then the scenario you described in option 1 will work. If you are doing any layer 3, then you will need a LB.

2. You will configure 1/2 of the switches with IC A as the first RADIUS servers (IC B as second) and the rest with IC B as Primary for the other 1/2.

3. If you have the IC configured to talk to all of your I.Es. You will be able to do that. If you have more then a single cluster of ICs, then you will need to use UAC 3.0 and it's new Federation feature. UAC 3.0 is scheduled to be released by the end of March, 2009.

IC Active/Active

IC Active/Active

Re: IC Active/Active