Hi all
Sorry for the lengthy post, just trying to give as much info and clarity as possible while looking for some guidance.
I currently have a single 5k virtual cleapass in production running 6.6.5.93747 and I’m looking to migrate to a 25k physical appliance in anticipation of future growth with the least amount of downtime. I have several school districts attached to our WAN network using the 5k clearpass for RADIUS and guest only. No onboard on ongaurd. The current 5k is acting as a CA for eap-tls clients. The certs were created through clearpass manually (one per device type per customer.. total of about 10 certs) and distributed to endpoints using various MDM solutions (so 1 identity cert is being used for a few hundred endpoints at each site). The 5k is also being used to proxy RADIUS requests through it to other standalone clearpass or ISE deployments at 5 or 6 other school districts at the moment. We have a common 802.1x SSID throughout multiple school districts in our area that enterprise devices and BYOD users connect to. This allows users to go between sites and gain access easily to the WLAN by authenticating against their home school districts Novell or AD server.
I currently have both clearpass servers up and running in the same subnet but, I’m looking to see if anyone can point me in the direction they think is best to migrate to the 25k while planning on expanding clearpass to a pub sub cluster in the future. I already started configuring the 25k by taking a backup of the 5k and importing it to the 25k. I also copied over the CAcert and Identity certs. I’m not sure if what I’ve done so far is the best solution or even an advisable one. I was going to proxy requests between the two clearpass servers until I was able to cutover all school districts or maybe I should scrap what I’ve done and make the 25k a sub to the 5k pub than promote the 25k? Any opinions or recommendations are much appreciated.