Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
cameronem
Participant

Identity Awareness MUH agent queries

Jump to solution

Hi

 

We are currently running IA collector and looking to install MUH agent on our terminal servers.  Something that concerns me in sk164998 is the below line.  Surely this doesn't mean that we should only have the agent installed on 50 term servers or what does this 50 relate to?  Is there a way for the MUH agent to feed into the IA collector and then send the identities that way to save opening up FW rules between all the TS to the GW?  I presume we don't need to update the gateway "allowed-client" list to include the TS as this connectivity is to the GW itself on https?

 

How many MUHv2 Agents are supported on one Security Gateway?

It is a recommended best practice to have a maximum of 50 MUHv2 agents on one Security Gateway.

0 Kudos
2 Solutions

Accepted Solutions
_Val_
Admin
Admin

Each terminal server should have a MUH agent. SK is saying, a single PDP should not have more than 50 agents reporting to it.

View solution in original post

0 Kudos
PhoneBoy
Admin
Admin

And a PDP exists on a gateway, so yes, it means no more than 50 MUHv2 agents should be reporting to a single gateway.
You can, of course, have different MUHv2 agents reporting to different gateways which share identities.
You may also want to have dedicated Identity Awareness gateways in some configurations that merely exist to consume and share identities with other gateways.

View solution in original post

0 Kudos
5 Replies
_Val_
Admin
Admin

Each terminal server should have a MUH agent. SK is saying, a single PDP should not have more than 50 agents reporting to it.

View solution in original post

0 Kudos
PhoneBoy
Admin
Admin

And a PDP exists on a gateway, so yes, it means no more than 50 MUHv2 agents should be reporting to a single gateway.
You can, of course, have different MUHv2 agents reporting to different gateways which share identities.
You may also want to have dedicated Identity Awareness gateways in some configurations that merely exist to consume and share identities with other gateways.

View solution in original post

0 Kudos
cameronem
Participant

Thanks for clarifying, I am surprised but does the number of expected users come into play on the recommendation of 50 agents?  EG if some TS are likely to only have a few users logged in at a time or is user count irrelevant and just the total number of TS should be less than 50?

0 Kudos
_Val_
Admin
Admin

Each agent can work with 256 users at the same terminal server, but you are correct, the amount of users connected is not in play here. One PDP - up to 50 MUHv2

 

0 Kudos
cameronem
Participant

Awesome thanks for clarifying 🙂

0 Kudos