Hi
I haven't done any upgrades where ClearPass is the SAML SP, but as you restore the same configuration and the same certificates to the ClearPass 6.11 servers I assume that the IDP would see it as the same host.
Start the upgrade on the subscriber, this way you will be able to manage the 6.10 server and have the two versions running in parallell and do verifications.
Do you have a VIP address in the cluster for the SP traffic? In that case you just move the VIP from the 6.10 server to the 6.11 server.
If you don't have a VIP maybe an update of the DNS record can change the active host. It dependes a bit on your setup.
This quistion should maybe have been a separate topic to not mix different questions in the same thread.
------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: Aug 22, 2024 03:58 AM
From: Charles.Zhuang
Subject: Clearpass firmware upgrade
Hi, I am planning a upgrade and wondering if anyone has the answer to below question ? Thanks
Our hardware based Clearpass Cluster (one publisher and one subscriber) is currently doing SAML service provider (SP) function. Does Clearpass SP Metadate needs to be reloaded into Identify provider (IDP) end in order to get SSO auth working when we are upgrading from 6.10.8 to 6.11.9 ?
In this case, what will be the best approach of upgrade to minimize downtime ?
Original Message:
Sent: Aug 21, 2024 10:04 PM
From: NHN
Subject: Clearpass firmware upgrade
6.10 is End of Support. you can upgrade to 6.11 but you have to build/reinstall 6.11 from scratch. read the below techdoc. please talk to your HPE-Aruba Partner/Local SE for further assistance.
https://www.arubanetworks.com/techdocs/ClearPass/6.11/PolicyManager/Content/CPPM_UserGuide/Cluster%20Upgrade/Cluster_Upgrade/Moving_to_CPPM_6.11.htm?Highlight=5433
------------------------------
Harendra
ACEX165
Original Message:
Sent: Aug 21, 2024 08:57 PM
From: yeowkm
Subject: Clearpass firmware upgrade
i received notification for CVE in clearpass firmware.
currently i am on 6.10.xx, what is the latest stable version that i should upgrade to?
1 have a 2 node cluster, pubublisher/subsriber.
what is the correct procedure to upgade the clearpass?