Oh, in a nutshell, install the new VMs 'in parallel' to your existing environment (on new IPs); upgrade appliances to latest version, then backup existing configuration (and certs/domain memberships, etc separate), restore on your new publisher, join the subscribers. Test, and change your equipments/applications to the new IPs; switch off the old appliances.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Aug 06, 2024 10:04 PM
From: waqas.harisco
Subject: Aruba ClearPass Policy Manager firmware upgrade from version 6.9.12 to 6.11.x.
@Herman Robers, Thanks for your reply.
Surely, I'll touch base with TAC team in regards to Scenario 2.
In the meantime, could you please provide detailed guidance on Scenario 1? Specifically, I'm interested to know about migration steps, necessary precautions, and potential fallback plans. Any relevant documentation would be greatly appreciated.
Thanks in Advance.
Original Message:
Sent: Aug 06, 2024 11:02 AM
From: Herman Robers
Subject: Aruba ClearPass Policy Manager firmware upgrade from version 6.9.12 to 6.11.x.
Unsure what would be the benefit of scenario 2, besides the point that in AWS the IP addressing is controlled by AWS, so it may not be possible to control this from ClearPass.
If you can (easily) change IP addresses in external applications, switches, or through DNS, it may be most controlled to build a fully separate environment, then switch over your equipment. In that case, you have a quick failback scenario.
I would work on such a migration scenario together with your Aruba partner, or with TAC to get it validated before you go.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Aug 04, 2024 09:25 PM
From: waqas.harisco
Subject: Aruba ClearPass Policy Manager firmware upgrade from version 6.9.12 to 6.11.x.
Hello All,
I'm seeking your recommendations regarding the Aruba ClearPass Policy Manager firmware upgrade from version 6.9.12 to 6.11.x.
Our current environment consists of a single Publisher in AWS and a single Subscriber in a datacenter.
I require guidance on the optimal upgrade approach for the following scenarios:
- Scenario 1: Assigning new IP addresses to both Publisher and Subscriber.
- Scenario 2: Assigning a new IP address to the Subscriber while maintaining the existing Publisher IP
Steps for Scenario 1:
- Build two new ClearPass instances (Publisher and Subscriber) with different IP addresses and firmware version 6.11.x or 6.12.x. Activate evaluation licenses, join the domain, form a cluster (Publisher + Subscriber), and test the AAA services on test end-user devices to ensure everything is functioning correctly.
- On the day of migration, restore backups of the existing ClearPass instances, including certificates and configurations. Then, turn off the existing Publisher and Subscriber.
Steps for Scenario 2:
- I'm unsure how to proceed with this scenario due to potential IP conflicts between devices.
I would greatly appreciate detailed steps for both scenarios and any available migration documentation from the experts in the community.
Thanks in Advance