Make that CentOS... Fedora doesn't seem too happy about dependencies.... ________________________________________ From: Willis, Ben [[email protected]] Sent: Friday, February 11, 2011 3:29 PM To: [email protected] Subject: Re: [Packetfence-users] Packetfence Deployment
Jake, Thanks for the reply! This does make me feel much better and is actually what I envisioned us doing anyway. Guess it's time to install Fedora and start testing. Thank you, Ben Willis ________________________________________ From: Sallee, Stephen (Jake) [[email protected]] Sent: Friday, February 11, 2011 10:48 AM To: [email protected] Subject: Re: [Packetfence-users] Packetfence Deployment I am not sure how much it will help but here is what we did / are doing: We have 50+ buildings that operate independently, so while not truly "remote" sites they are routed links so they are very similar. We are expecting about 3K hosts (expecting bec we are not in FULL production yet ... PF is ready now its management that has to give us the go ahead!) so you may want to factor that into what I am about to say, also the VAST majority of our hosts are wireless... We have 2 servers: 1 PF server, 1 FreeRADIUS/MYSQL. The servers are not HUGE, single quad core proc @ 2.4 Ghz 8GB Ram RAID 1 Given how PF works with MYSQL in retrospect I probably would have gone with the PF and MYSQL on the same server with better disk IO and possibly slightly better HW and let the FR server stand alone on a smaller box, but live and learn... As for routing your vlans, what we did is setup a containment vlan on each building (for you building = site) then let the Pf server handle DHCP and DNS for that vlan, it works quite well for us. Our servers are safely tucked away behind our firewall on a dedicated server network ... (depending on your topology) there shouldn't be any reason that the servers would need to be @ a gateway location ... unless I am misunderstanding your question... According to Inverse our current setup should be fine for the amount of users we are expecting. ***CAUTION*** This setup does not have ANY redundancy, if either PF / MYSQL / FR fail then the whole thing will stop working! We will soon be looking into redundancy, so any out there with it set up, please share : ) ***/CAUTION*** BTW: A word about support, in an enterprise deployment such as yours where you cannot afford downtime and/or the application is considered "mission critical", I would highly suggest you purchase some support. AFAIK the only company selling support for PF is Inverse, the people who make it. Unless you are a Perl expert and have time to burn, they are an invaluable asset when you encounter a bug or need a new feature added. We used them in helping us with our proof of concept and pilot deployment, with excellent results. I'm not trying to sound like a fan-boy(I know I have posted about Inverse before), I am only giving my honest opinion. Jake Sallee Godfather Of Bandwidth Network Engineer Fone: 254-295-4658 Phax: 254-295-4221 -----Original Message----- From: Willis, Ben [mailto:[email protected]] Sent: Friday, February 11, 2011 9:06 AM To: [email protected] Subject: [Packetfence-users] Packetfence Deployment Hi, I'm looking to possibly deploy Packetfence on my network but I have several questions. 1. In a fairly large, destributed, network with 6k hosts where should I place the NAC? Do I need an instance on each segment or will one installation at the internet gateway work? 2. If one instance can be used will I have to route my remote vlans to the interface on the NAC to get the quarantine finctionality? 3. Will a single installation be able to handle 6k hosts across 22 remote locations? Thanks to anyone willing to give me some direction! Ben ________________________________ ANDERSON SCHOOL DISTRICT FIVE NOTICE: This email may contain business related information that is PERSONAL AND CONFIDENTIAL. If you have received this email in error, this does not constitute permission to examine, copy or distribute the accompanying material. If you receive this message in error, please notify the sender immediately or call 864-260-5000. ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ANDERSON SCHOOL DISTRICT FIVE NOTICE: This email may contain business related information that is PERSONAL AND CONFIDENTIAL. If you have received this email in error, this does not constitute permission to examine, copy or distribute the accompanying material. If you receive this message in error, please notify the sender immediately or call 864-260-5000. ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ANDERSON SCHOOL DISTRICT FIVE NOTICE: This email may contain business related information that is PERSONAL AND CONFIDENTIAL. If you have received this email in error, this does not constitute permission to examine, copy or distribute the accompanying material. If you receive this message in error, please notify the sender immediately or call 864-260-5000. ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
