Hi
A virtual machine backup will have a few problems. As you mention it's not possible to quiesce the OS. Also if you have more than one server in a cluster and perform a restore from a VM backup or revert a snap shot, the cluster will come out of sync. I have not tested what happens if you revert all servers in a cluster, but my guess is that it will not work, at least if the backup or snap shot is more than 24 hours old.
Instead, if you have a cluster and loses one of the nodes, install a new VM and add certificate, PAK license and optionally any custom configurations under the server object and routing entries. Join the cluster and all cluster wide configuration will be replicated. If you have had extensions installed on the crashed server these must also be installed again.
I'm not sure there are any disaster recovery tech note, but you can utilize the ClearPass 6.11 migration guide as this document describe every step you need to take to move configuration from one server to another.
Backing up to an external server via SFTP, SCP or NFS is also possible, where the nightly backup is copied to the external server.
------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: Jul 08, 2024 11:45 PM
From: lwat
Subject: Clearpass Backup Recommendations
I know we can back the Clearpass configuration via Clearpass under Server Manager > Server Configuration page and clicking on the Backup Button.
Is it recommended to also backup the Virtual Machines hosting the Clearpass Database?
I thought I read somewhere the Virtual Machines are encrypted and backing up the Virtual Machine is not required.
If anyone is performing Virtual Machine backups have you been able to successfully quiesce the Operating System?
Also is there a guide on rebuilding the Clearpass servers in the event of a disaster?