Clusters and Servers
Overview
2-2
Overview
NAC 800 uses clusters and servers. A "cluster" is a logical grouping of one or
more Enforcement servers (ESs) that are managed by one Management server
(MS).
A single-server installation is one where the MS and ES are on one server. The
ES is assigned to a Default cluster. This configuration is illustrated in figure 2-
1.
A multiple-server installation is one where the MS is on one server and there
are one or more ESs on separate servers. Each ES must be assigned to a
cluster. This configuration is illustrated in figure 2-2.
The responsibilities of the MS and ES are as follows:
Management server
■
•
Configuration
•
NAC policies
•
Quarantining
•
Endpoint activity
•
License
•
Test updates
■
Enforcement server
•
Testing
•
Access control
The quarantine method is defined per cluster; all of the Enforcement servers
in a given cluster use the same quarantine method (Inline, DHCP, or 802.1X).
When using multiple clusters, each cluster can have a different quarantine
method. Clusters cooperate to test and control access to the network,
although the ESs in each cluster are not able to communicate with any ES in
any other cluster.