Hi.
You create a new publisher and restore old publisher backup to it. You can reuse IP addresses if you power down the old VM. And apply node specific configuration like joining to domain.
Other VMs you just deploy from fresh or reuse old VMs with a new image and join them into the cluster as subscribers. You don't do a subscriber restore. You need to migrate certs, extensions and other subscriber specific settings like custom skins.
Original Message:
Sent: Jun 11, 2024 04:49 PM
From: RVTO
Subject: Clearpass hardware upgrade to version 6.11.1
That all sounds good and makes good sense, thanks for that. I wasn't sure that you could promote a subscriber to publisher but a little digging found that it is do-able. So if I detach 2 subs, and I fire them up on the new images, what is the best way to deal with IP addressing? Right now all of our devices are pointing to 3 or 4 IP addresses, individual addresses of the devices. i.e. not a single virtual IP. Do I just let the devices like switches and AP controller find out that the old primary is unreachable and it starts to hit one of the alternates? Or will I have to be careful of restoring an image onto the new VM? Maybe I'm thinking about it wrong....will I actually be doing individual backups of each device, and restoring each one of them to the newly created replacement servers? In my head I was thinking that one backup of the publisher would be all I'd be doing. I'll have to read that link you provided and start to digest the process. Thanks for the info!
Original Message:
Sent: Jun 11, 2024 04:34 PM
From: aboehm
Subject: Clearpass hardware upgrade to version 6.11.1
I think in your case it's even easier as you don't need to reinstall all of your CPPM appliances on hardware, expect the publisher node. Just create new appliances based on the 6.11.1 Image and upgrade them to the current patches. Restore them with your backup and reinstall all licenses + certificates. You can find a guide with more detailed steps here:
https://www.arubanetworks.com/techdocs/ClearPass/6.11/Installation-Guide/Content/UpgradeUpdate/Up-UpgradingTo_6.11.htm?tocpath=Installing%20ClearPass%206.11%7C_____0
When you have the new Cluster running you can convert your hardware appliance with the ISO file and join it. Last step would be then to promote the hardware appliance to publisher in Server Manager > Server Configuration.
Original Message:
Sent: Jun 11, 2024 03:27 PM
From: RVTO
Subject: Clearpass hardware upgrade to version 6.11.1
Would the above also apply to my use case?
I'm running 6.9.13.138003 on 4 nodes. The publisher is a physical hardware appliance. The subscribers are all virtual. Pup+1 Sub at the HQ site, and 2 Subs at a remote site. I would like to end up with the hardware appliance being the publisher in the end again. Am I better off pulling our a couple of VM subs and building them as the new cluster, and then moving to it and doing the other 2? Can a subscriber be "promoted" to a publisher so I could start by making #3 and #4 the active Pub and Sub while I upgrade #1 and #2? What kind of timeframe are people having that it takes to accomplish an upgrade?
Since I'm back on 6.9.13, will I be needing any licenses in advance, before I even start the process? Also, will I need to make extra hops in versions to get to what would be considered current stable?
I've never done any sort of Clearpass upgrade in the past, so I'll be reaching out to a partner for help, but I'd like to know what I'm getting into before I dig in. Also, if this is going to involve a downtime where the process is long enough that it will have to be after hours on a weekend, I'll push it all out into October. But if it's a quick and easy process and in theory I could push 2 units offline and rebuild them during the weekday daytime since we have 4, then I'd love to just get it done in June.
Original Message:
Sent: Jun 10, 2024 09:21 AM
From: aboehm
Subject: Clearpass hardware upgrade to version 6.11.1
I did it exactly the same way in a similar setup and it worked without problem. As Herman said you can just go with your existing prod license in the new cluster.
If you have hardware appliances make sure to convert your PAK to 6.8 or newer format to activate the re-installed nodes.
Original Message:
Sent: Jun 08, 2024 11:23 AM
From: KemPetFi
Subject: Clearpass hardware upgrade to version 6.11.1
Hi!
We have four node cluster. Two nodes are site 1, Publisher and subscriber. Site 2 we have two subscriber nodes.
We have configured virtual ip for authentication. Site 1 have own virtual ip and site 2 have own virtual ips.
My plan is to remove one node both sites and remove nodes behind virtual ip. In that case all authentication goes two nodes. One node per site.
If all works well, i drop those nodes from cluster. Then i can install new 6.11. version to these nodes. I have then two separate clusters, This newly installed cluster i have to get evaluation licenses from aruba. Then i restore backups, certificates etc. After this i can point some authentication to new cluster, If authentication works fine, i am planning to disable virtual ip from old cluster and add it to new. Could this be done ?
If authenctication works with new cluster, i can make install process to old two nodes. Join them to new cluster and then i have again four node cluster,
After this is only license problem. Can i replace eva access license what i have new cluster old permanent access licenses?
I
Is there gonna be any problems with this plan? This system is very critical nowadays and downtime should be so short as possible.
Maybe someone have same kind of environment and done this process succesfully? :) I hope that i can get support to do this from here.