Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass Azure Image Deprecated

This thread has been viewed 23 times
  • 1.  ClearPass Azure Image Deprecated

    Posted Dec 07, 2023 11:21 AM

    Hi everyone,

    I'm new here and did not find any related discussions regarding my "issue".

    I've received an email in which Azure states that the currently used ClearPass Image 6.11 "aruba-clearpass-policy-manager-6_11" is deprecated.
    Our deployment is pretty simple... One ClearPass machine in the Azure Cloud and all Sites are connected via VPN.
    The APs are managed by Aruba Central and use the ClearPass for authentication.

    According to the mail from Azure I can keep running the existing Image. But using a deprecated Image sounds wrong even though we are running the latest ClearPass version (6.11.6).

    According to Azure I can also create a custom image out of the ClearPass machine. Problem: I'll have to generalize is - the docs mainly describes the generalization steps for the Windows OS.

    Did anyone else receive such a notification and how did you react?
    Should I pull the latest image from the marketplace or just let it be as it is?

    Really appreciate any help.

    Best regards,
    TG-IT



  • 2.  RE: ClearPass Azure Image Deprecated

    Posted Dec 08, 2023 05:45 AM

    Hi

    ClearPass 6.11 is a LSR (Long support release) and will continue to be supported for quite some time. To the next LSR and at least 2 years from release. ClearPass 6.12 is a SSR (Short Support Release) and will be supported to the next release of either an SSR or LSR.

    From the ClearPass 6.11 dokumentation:

    Releases will now be either Long Support Release (LSR) or Short Support Release (SSR). Long Support releases will be supported through all subsequent Short Support releases for customers who desire a release without the need to update to new features. Short Support releases will be released more regularly to include the addition of new features and functionality. The ClearPass 6.11 release is a Long Support Release (LSR).
    • Initial Release Date (T0): October 6, 2022
    • End of Support (EoST): Next LSR release date (minimum 2 years)

    https://www.arubanetworks.com/techdocs/ClearPass/6.11/Installation-Guide/Content/SystemRequirements/SR-EndOfSupport.htm 



    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP 2023, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACDP , ACEP, ACSA
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------



  • 3.  RE: ClearPass Azure Image Deprecated

    Posted Dec 08, 2023 06:13 AM

    Hi Jonas,

    thanks for the quick reply.

    I'm then just wondering why the image has been declared as deprecated by Aruba even though the 6.11 is a LSR and still supported.

    Our azure administrators will now regularly receive the notification that a deprecated image is being used.

    Would it be possible to extend the expiration time?

    Best regards,
    TG-IT 




  • 4.  RE: ClearPass Azure Image Deprecated

    Posted Dec 08, 2023 06:24 AM

    The 'recommended alternative' is aruba_cppm_6_11_1. There were some issues in the original release of ClearPass 6.11, and many of those were resolved in 6.11.1.

    My guess would be that if you deployed 6.11.0, then upgraded and are now running on a version > 6.11.1, you are in the same situation as you would have used the 6.11.1 directly.

    I'll try to find more information on this.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 5.  RE: ClearPass Azure Image Deprecated

    EMPLOYEE
    Posted Dec 08, 2023 11:23 AM

    Allow me to help answer this problem from the Product Line Manager viewpoint.  First off, I apologize for the problem and confusion that this may have caused.  We are 100% NOT deprecating 6.11 release.  It is a Long Support Release and will have support for some time still.  It is only the 6.11.0 base image that we re-deprecated for the 6.11.1 base image.

    For more information, please read the below.

    This week we released the 6.12 version of ClearPass in the VPC Marketplace stores.  During this process we performed a dry run earlier to the stores that we would be able to quickly update upon the release rather than having to wait the 1-2 days that typically take for Microsoft and Amazon to perform their security reviews of the product before they allow the updates to post.  Unfortunately, they also made some tool changes since the last postings that have now caused some problems.

    When we initially released 6.11.0 in the Marketplace stores it was listed as "6.11".  When we released the updated images for 6.11.1 release we decided to name those "6.11.1" for consistency with the ASP postings, but we then also moved the original postings to be "6.11.0" and removed them from visibility.  Because the stores do not allow you to delete or fully archive a posting the solution is to mark the release as deprecated.  This then no longer posts the image for new users, but it does allow existing users to still access it.  With 6.11 this had little impact to customers when we did it.

    While testing 6.12 in early form (essentially an early beta) we tested with version "6.12.0" to validate that they could complete the process of reviews without any problems with several weeks left to make any adjustments that may be required.  Unfortunately, both of those were then automatically published.  We then deprecated them immediately but multiple customers still may see those.  DO NOT USE the "6.12.0" marketplace offerings, use only the "6.12" offerings that are currently available.

    During the actual release this week the 6.12 versions were released and automatically posted in both marketplaces.  However, while publishing this we added a new location to the global marketplace posting in Azure to ensure customers could access the ClearPass functionality in both 6.11.1 and 6.12 in the updated locations.  Doing this then appears to have re-posted the 6.11.0 version at the same time.  When this was identified we again deprecated the 6.11.0 version in the marketplace.  However, a larger number of customers have already updated to the 6.11.x releases, so they are notified through the marketplace system automatically of the deprecation event.  This was not expected behavior and now that we are aware of the behavior, we will address this going forward.

    Why this is normally a good thing is that it is a reminder that older versions have reached their end of support life (EoSL milestones).  An example of this will be in 2024 when we deprecate the 6.9 and 6.10 versions as they reach the EoSL milestone.  Customers still have the option to continue to run with these versions, and may even deploy new systems with these releases, but new customers will no longer have the ability to see these old releases as they are then EoSL and no longer published.

    Hopefully this helps to explain why you may receive these Emails, why it is a good thing normally, and that we are not deprecating 6.11 (the LSR as noted previously) only that the 6.11.0 base image is deprecated in place of the 6.11.1 image.




  • 6.  RE: ClearPass Azure Image Deprecated

    MVP
    Posted Dec 09, 2023 05:49 AM

    i am trying to understand the SSR model. If 6.12.x is no longer supported when 6.13.0 is released, that means there is no supported upgrade path from 6.12. You surely do not support upgrades from unsupported releases.



    ------------------------------
    Bruce Osborne ACCP ACMP
    Liberty University

    The views expressed here are my personal views and not those of my employer
    ------------------------------