View Only
last person joined: 3 days ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass Migration to HyperV

This thread has been viewed 5 times
  • 1.  Clearpass Migration to HyperV

    Posted Jan 26, 2022 03:05 AM

    a customer requested support for a Clearpass migration from VMWare to Hyper-V. It's a Clearpass cluster, 2 nodes. Only the Publisher need to migrate, the subscriber is in a different datacenter.

    The migration itself is not a concern. Would I promote the subscriber to publisher when the publisher is down or would it be best to leave it a subscriber? 



    Erik Eckhardt
    ACMX #1245, ACDX #968, ACCP, ACSP

  • 2.  RE: Clearpass Migration to HyperV

    Posted Jan 31, 2022 01:29 PM
    Any of your workflows require endpoint / guest account to replicated from publisher will be impacted when publisher is down. For example, if you are using guest registration/ endpoint updates / MDM sync etc as part of your authentication flows, not having a publisher means these accounts / endpoints are not replicated to sub and not available for auth / authz. If you are just doing dot1x / mac auth against the subscriber, publisher being down doesn't impact the authentication. 

    Also if the publisher is down for more than 24 hours, you would have drop and re-form the cluster.

    Hence it's safer to promote the subscriber as publisher if you are not sure about the change timeline / workflows.

    Mathew George