Security

Even VMotion should work, as long as you follow the Tech Note CPPM and VMware vMotion V1 in this location.

If you can bring down the VMs before you move them, the risk appears to be even lower. I have moved ClearPass VMs (shut down) even with the standalone converter from one ESXi to another without problems.

In case you appreciate a specific view of your situation, you can contact Aruba TAC for validation of your migration plan.

Thank you for the reply! We are going to schedule downtime to perform this, so shutting them down is no problem. I read through the tech note you attached, thank you for that. The only difference I see is we are going to be migrating our Clearpass servers to a new host and new storage. In the guide it only changes the host. Have you migrated Clearpass servers to a new host and datastore? Just want to have a good plan for how to do this. 

Thanks again!

I have used the VMWare Standalone converter to move ClearPass appliances from one ESXi to another and that worked fine for me. I'm not familiar with your tooling, but if you can VMotion to another cluster is appears even much more advanced. If you have a path back, for example if you clone the VMs to the new cluster, I would give it a chance.

What I have done as well is backup ClearPass, and import it into a fresh one. Then reinstall certificates and re-join domain (and I believe there are few more settings that don't survive backup/restore on another appliance, but these are most important).

Our clearpass servers are already virtual, we are just moving the current virtual servers from one Cluster that is using Cisco Blades and EMC SAN Storage to a cluster that is a Cisco Hyperflex with it's own nodes and storage. So we are just wanting to take the current clearpass servers from one clusters hosts and storage to a new cluster hosts/storage. At this point I'm thinking clones might be a better bet and then we can always just turn the clones off and go back to "old" servers if we run into issues.