Hi Ludovic, Sorry for lack of up front information, and thanks for your response. Out of band enforcement with multiple roles/VLANs on a single SSID or wired switch ports using 802.1x (EAP-TLS). Currently served from primary site hence refresh is to move it to somewhere more central and remove the site as a point of failure.
>From my digging into previous threads so far it looks like another good approach may be to have discrete instances (clustered or not) in a regional VPC, but to use a provisioning method like the one discussed here <https://sourceforge.net/p/packetfence/mailman/message/36724974/> using an asset database for sourcing MAC and users from. I haven't dabbled in provisioners much yet, but my understanding is that a client with a valid cert could then autoregister using the asset information to derive roles and offer a pretty seamless and consistent user experience despite the instances not speaking to one and other. Best, David On Fri, Apr 23, 2021 at 1:29 PM Zammit, Ludovic <luza...@akamai.com> wrote: > Hello David, > > How’s your PacketFence deployment looks like ? > > How many SSIDs? Open ? 802.1x ? Are you doing wired authentication ? > Remote registration sites? > > Thanks, > > *Ludovic Zammit* > *Product Support Engineer Principal* > *Cell:* +1.613.670.8432 > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > Connect with Us: <https://community.akamai.com> <http://blogs.akamai.com> > <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> > <http://www.linkedin.com/company/akamai-technologies> > <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > > On Apr 22, 2021, at 1:16 PM, David Harvey via PacketFence-users < > packetfence-users@lists.sourceforge.net> wrote: > > I'm starting to wonder if I dreamed this now... > I thought I recalled seeing a diagram or guide to a distributed topology > featuring clustering and some kind of local caching, but I can't locate it > anywhere, so thinking I may have confused it with something else now.. > > We're looking to refresh our packetfence deployment, with instance(s) > installed on a cloud provider VPC which would be reachable from on-prem via > site to site tunnels or ideally with on-prem caching. > > Ideally we would have instances or caches in different regions that can > remain in sync to reduce latency from having all of the pieces in close > proximity. > > Loosely like what is described under the title "The good: Technology++" > on slide 13 here: > https://www.defcon.org/images/defcon-19/dc-19-presentations/Bilodeau/DEFCON-19-Bilodeau-PacketFence.pdf > <https://urldefense.com/v3/__https://www.defcon.org/images/defcon-19/dc-19-presentations/Bilodeau/DEFCON-19-Bilodeau-PacketFence.pdf__;!!GjvTz_vk!Hum2Oh0CzTvZLg9tXNUu6ILtuvc7Jtqw9mjxsHTUkwgHTcjv5IDDGBqRyTZ7kjdy$> > > Any tips? > > Thanks as ever, > > David > > Thought Machine Group a limited company registered in England & Wales. > Registered number: 11114277. > Registered Office: 5 New Street Square, London EC4A 3TW > <https://urldefense.com/v3/__https://maps.google.com/?q=5*New*Street*Square,*London*EC4A*3TW&entry=gmail&source=g__;KysrKysr!!GjvTz_vk!Hum2Oh0CzTvZLg9tXNUu6ILtuvc7Jtqw9mjxsHTUkwgHTcjv5IDDGBqRyTvermvP$> > . > > The content of this email is confidential and intended for the recipient > specified in message only. It is strictly forbidden to share any part of > this message with any third party, without a written consent of the sender. > If you received this message by mistake, please reply to this message and > follow with its deletion, so that we can ensure such a mistake does not > occur in the future. > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!Hum2Oh0CzTvZLg9tXNUu6ILtuvc7Jtqw9mjxsHTUkwgHTcjv5IDDGBqRyYihIYCc$ > > > -- David Harvey Director of Internal Technology, Thought Machine Data Classification: Public -- Thought Machine Group a limited company registered in England & Wales. Registered number: 11114277. Registered Office: 5 New Street Square, London EC4A 3TW <https://maps.google.com/?q=5+New+Street+Square,+London+EC4A+3TW&entry=gmail&source=g>. The content of this email is confidential and intended for the recipient specified in message only. It is strictly forbidden to share any part of this message with any third party, without a written consent of the sender. If you received this message by mistake, please reply to this message and follow with its deletion, so that we can ensure such a mistake does not occur in the future.
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
