Security

Hi everyone,

Our old CPPM servers are going EOL in April so we purchased new ones to upgrade them.  I'm wondering what the best or simplest approach is to swap the existing gear out.  We have to keep the same IP addressing scheme as the current ones so that limits us to having a parallel environment of any kind.

My thoughts were to stage each one in our lab with just login credentials and the same IP address.  Then we would unplug the old one, plug the new one into the switch and then complete any finishing touches before joining it to the cluster.

If the above makes sense, is there a process to doing this like upgrading the subscribers first and then the publisher or doing the publisher first (by promoting another subscriber to become publisher first)?  

Thanks for any suggestions or tips.


------------------------------
Jose Robles
------------------------------

What I do is build new server up to same release
Assign IP address
Unbind old one and power down
Connect new server to prod net
Bind into cluster

Pretty much what you’ve suggested :-)
A


Original Message:
Sent: 1/7/2022 9:24:00 AM
From: lobotiger
Subject: Strategy to upgrade physical Clearpass servers

Hi everyone,

Our old CPPM servers are going EOL in April so we purchased new ones to upgrade them.  I'm wondering what the best or simplest approach is to swap the existing gear out.  We have to keep the same IP addressing scheme as the current ones so that limits us to having a parallel environment of any kind.

My thoughts were to stage each one in our lab with just login credentials and the same IP address.  Then we would unplug the old one, plug the new one into the switch and then complete any finishing touches before joining it to the cluster.

If the above makes sense, is there a process to doing this like upgrading the subscribers first and then the publisher or doing the publisher first (by promoting another subscriber to become publisher first)?  

Thanks for any suggestions or tips.


------------------------------
Jose Robles
------------------------------

Thanks @alexs-nd for the confirmation.  What about the publisher node?  Does what I suggested make sense?​

------------------------------
Jose Robles
------------------------------

Original Message:
Sent: Jan 08, 2022 04:50 AM
From: Alex Sharaz
Subject: Strategy to upgrade physical Clearpass servers

What I do is build new server up to same release
Assign IP address
Unbind old one and power down
Connect new server to prod net
Bind into cluster

Pretty much what you've suggested :-)
A


Original Message:
Sent: 1/7/2022 9:24:00 AM
From: lobotiger
Subject: Strategy to upgrade physical Clearpass servers

Hi everyone,

Our old CPPM servers are going EOL in April so we purchased new ones to upgrade them.  I'm wondering what the best or simplest approach is to swap the existing gear out.  We have to keep the same IP addressing scheme as the current ones so that limits us to having a parallel environment of any kind.

My thoughts were to stage each one in our lab with just login credentials and the same IP address.  Then we would unplug the old one, plug the new one into the switch and then complete any finishing touches before joining it to the cluster.

If the above makes sense, is there a process to doing this like upgrading the subscribers first and then the publisher or doing the publisher first (by promoting another subscriber to become publisher first)?  

Thanks for any suggestions or tips.


------------------------------
Jose Robles
------------------------------

As your jut upgrading hardware and not a cppm version,. Yes, once you’ve upgraded one of your subscribers, promote it to being the publisher and then upgrade original publisher
A


Original Message:
Sent: 1/8/2022 11:43:00 AM
From: lobotiger
Subject: RE: Strategy to upgrade physical Clearpass servers

Thanks @alexs-nd for the confirmation.  What about the publisher node?  Does what I suggested make sense?​

------------------------------
Jose Robles
------------------------------

Original Message:
Sent: Jan 08, 2022 04:50 AM
From: Alex Sharaz
Subject: Strategy to upgrade physical Clearpass servers

What I do is build new server up to same release
Assign IP address
Unbind old one and power down
Connect new server to prod net
Bind into cluster

Pretty much what you've suggested :-)
A


Original Message:
Sent: 1/7/2022 9:24:00 AM
From: lobotiger
Subject: Strategy to upgrade physical Clearpass servers

Hi everyone,

Our old CPPM servers are going EOL in April so we purchased new ones to upgrade them.  I'm wondering what the best or simplest approach is to swap the existing gear out.  We have to keep the same IP addressing scheme as the current ones so that limits us to having a parallel environment of any kind.

My thoughts were to stage each one in our lab with just login credentials and the same IP address.  Then we would unplug the old one, plug the new one into the switch and then complete any finishing touches before joining it to the cluster.

If the above makes sense, is there a process to doing this like upgrading the subscribers first and then the publisher or doing the publisher first (by promoting another subscriber to become publisher first)?  

Thanks for any suggestions or tips.


------------------------------
Jose Robles
------------------------------

Thanks for the confirmation. 

Cheers!

------------------------------
Jose Robles
------------------------------

Original Message:
Sent: Jan 10, 2022 01:49 AM
From: Alex Sharaz
Subject: Strategy to upgrade physical Clearpass servers

As your jut upgrading hardware and not a cppm version,. Yes, once you've upgraded one of your subscribers, promote it to being the publisher and then upgrade original publisher
A


Original Message:
Sent: 1/8/2022 11:43:00 AM
From: lobotiger
Subject: RE: Strategy to upgrade physical Clearpass servers

Thanks @alexs-nd for the confirmation.  What about the publisher node?  Does what I suggested make sense?​

------------------------------
Jose Robles

Original Message:
Sent: Jan 08, 2022 04:50 AM
From: Alex Sharaz
Subject: Strategy to upgrade physical Clearpass servers

What I do is build new server up to same release
Assign IP address
Unbind old one and power down
Connect new server to prod net
Bind into cluster

Pretty much what you've suggested :-)
A


Original Message:
Sent: 1/7/2022 9:24:00 AM
From: lobotiger
Subject: Strategy to upgrade physical Clearpass servers

Hi everyone,

Our old CPPM servers are going EOL in April so we purchased new ones to upgrade them.  I'm wondering what the best or simplest approach is to swap the existing gear out.  We have to keep the same IP addressing scheme as the current ones so that limits us to having a parallel environment of any kind.

My thoughts were to stage each one in our lab with just login credentials and the same IP address.  Then we would unplug the old one, plug the new one into the switch and then complete any finishing touches before joining it to the cluster.

If the above makes sense, is there a process to doing this like upgrading the subscribers first and then the publisher or doing the publisher first (by promoting another subscriber to become publisher first)?  

Thanks for any suggestions or tips.


------------------------------
Jose Robles
------------------------------

remember you’ll need to add all your certs to the new boxes

A


Original Message:
Sent: 1/10/2022 8:07:00 AM
From: lobotiger
Subject: RE: Strategy to upgrade physical Clearpass servers

Thanks for the confirmation. 

Cheers!

------------------------------
Jose Robles
------------------------------

Original Message:
Sent: Jan 10, 2022 01:49 AM
From: Alex Sharaz
Subject: Strategy to upgrade physical Clearpass servers

As your jut upgrading hardware and not a cppm version,. Yes, once you've upgraded one of your subscribers, promote it to being the publisher and then upgrade original publisher
A


Original Message:
Sent: 1/8/2022 11:43:00 AM
From: lobotiger
Subject: RE: Strategy to upgrade physical Clearpass servers

Thanks @alexs-nd for the confirmation.  What about the publisher node?  Does what I suggested make sense?​

------------------------------
Jose Robles

Original Message:
Sent: Jan 08, 2022 04:50 AM
From: Alex Sharaz
Subject: Strategy to upgrade physical Clearpass servers

What I do is build new server up to same release
Assign IP address
Unbind old one and power down
Connect new server to prod net
Bind into cluster

Pretty much what you've suggested :-)
A


Original Message:
Sent: 1/7/2022 9:24:00 AM
From: lobotiger
Subject: Strategy to upgrade physical Clearpass servers

Hi everyone,

Our old CPPM servers are going EOL in April so we purchased new ones to upgrade them.  I'm wondering what the best or simplest approach is to swap the existing gear out.  We have to keep the same IP addressing scheme as the current ones so that limits us to having a parallel environment of any kind.

My thoughts were to stage each one in our lab with just login credentials and the same IP address.  Then we would unplug the old one, plug the new one into the switch and then complete any finishing touches before joining it to the cluster.

If the above makes sense, is there a process to doing this like upgrading the subscribers first and then the publisher or doing the publisher first (by promoting another subscriber to become publisher first)?  

Thanks for any suggestions or tips.


------------------------------
Jose Robles
------------------------------

Great timing.  I logged in to ask this exact same question.  We're getting ready to upgrade our existing physical servers that are going EOL to virtual servers.

Our plan is to:

Give the two new servers a new IP
Upgrade to the same release as the existing servers (6.9.4)
Install certs on new servers
Break the virtual IP for the two physical servers in the cluster
Drop server from cluster and shutdown subscriber server
Change new virtual server to IP of old subscriber and power on
Join cluster, once synced promote new virtual to Publisher
Do the same with second virtual
Finally setup virtual IP.

Then we'll probably wait a week or so and then do an upgrade to 6.10

Sound about right?  Any issues with licensing and changing IP addresses?

Thanks
Andy

------------------------------
Andy Jezierski
------------------------------

Original Message:
Sent: Jan 07, 2022 09:23 AM
From: Jose Robles
Subject: Strategy to upgrade physical Clearpass servers

Hi everyone,

Our old CPPM servers are going EOL in April so we purchased new ones to upgrade them.  I'm wondering what the best or simplest approach is to swap the existing gear out.  We have to keep the same IP addressing scheme as the current ones so that limits us to having a parallel environment of any kind.

My thoughts were to stage each one in our lab with just login credentials and the same IP address.  Then we would unplug the old one, plug the new one into the switch and then complete any finishing touches before joining it to the cluster.

If the above makes sense, is there a process to doing this like upgrading the subscribers first and then the publisher or doing the publisher first (by promoting another subscriber to become publisher first)?  

Thanks for any suggestions or tips.


------------------------------
Jose Robles
------------------------------