What information should be collected prior to initiating an Upgrade/Update on the ClearPass server, so that the ClearPass server can be restored back to its original state incase of a failure or if the appliance itself needs to be RMA'ed?
ClearPass Upgrade/Update Pre-requisites:
- Collect and download the ClearPass backup of the most current Configuration along with the Insight data if enabled from that node.
- Collect the Server Certificates (RADIUS and HTTPS) along with their respective Private Key Files and Private Key Passwords
- If the server is joined to any AD Domains, collect the following information for each domain the server is joined to:
- The correct FQDN for the Domain Controller
- Username/Password to join to the Domain Controller
- Any Password Servers that maybe configured on each Domain Controller
- Licensing Information for all the nodes in the cluster (appadmin_cli# show license)
- Subscription ID for the account
- Disable Standby Publisher Failover Option if enabled and make sure to save the information of the current configuration
- Collect information for the Virtual IP Settings if enabled
- Collect information from the Network Application Access Control (Under Server Configuration > Network Tab)
- Collect information for any custom filter that maybe used. Note that the custom filter would need to be manually configured after migration.
Note: If using the Cluster Upgrade Tool it would give a warning that there is # of custom filters in the Authentication Sources that need changes manually
- It is recommended to set the “Auto Backup Configuration Options” to Off as it could interfere with the Migration Process ( Under Cluster-Wide Parameters > Database Tab)
- It is recommended that the upgrade/update is performed during non-production hours or need to temporary redirect the AAA traffic on the Controllers to another server, depending on the requirement.
Additional pre-requisites for ClearPass Virtual Machine setups:
- Verify the System requirements for version you are trying to upgrade/update to and verify that the system resources meet the minimum specs mentioned in the respective Release Notes for that version.
- Take a Snapshot of the ClearPass VM to be able to revert back to this snapshot in-case of an upgrade/update failure.
Read through the Release Notes of the respective ClearPass versions before upgrading/updating to that version.
If using the Cluster Upgrade/Update Tool for an Upgrade/Update, make sure to read through its respective Release Notes before using that tool for known issues.