We have a two node cluster running on VMs and built new systems with the same IP addresses on an isolated network. We used a management station with interfaces on production and the isolated network to move configs and updates between the networks. We were able to install updates manually before going live. When we went live, we shut the old systems down and changed the new servers to be on the production network, joined the domain, built the cluster, set VIPs, activated licenses, etc. TAC reset the update stuff and it appears to be working OK.
Robert
Original Message:
Sent: 2/16/2024 3:58:00 AM
From: Herman Robers
Subject: RE: Couple of questions about migrating from 6.10.8 to 6.11
This is the information that I got. There is a warning in 6.11.1 but if you ignore that you can upgrade.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Feb 15, 2024 11:02 AM
From: bosborne
Subject: Couple of questions about migrating from 6.10.8 to 6.11
i have been using the 6.11.1VMWare VM image for quite a while, most recently, last month. the delay was still there at that time. My SE even saw it.
------------------------------
Bruce Osborne ACCP ACMP
Liberty University
The views expressed here are my personal views and not those of my employer
Original Message:
Sent: Feb 15, 2024 10:56 AM
From: Herman Robers
Subject: Couple of questions about migrating from 6.10.8 to 6.11
I think that support check delay was resolved in the 6.11.1image, which is why there is an updated image. This should no longer be an issue.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Feb 15, 2024 08:23 AM
From: bosborne
Subject: Couple of questions about migrating from 6.10.8 to 6.11
How did you handle the update activation delay? I have condfigured several 6.11.x servers and needed to wait close to 24 hours before being able to patch.
From past experiences working with RMA replacements I would not attempt to change an ip address after configuring the server wither.
------------------------------
Bruce Osborne ACCP ACMP
Liberty University
The views expressed here are my personal views and not those of my employer
Original Message:
Sent: Feb 15, 2024 04:15 AM
From: jonas.hammarback
Subject: Couple of questions about migrating from 6.10.8 to 6.11
Hi
Regarding the license you do not need to ask Aruba to enable it for activation again, as the 6.11 activation will work also if the license have been activated in 6.10. If you need to reactivate the license in the future, you have to contact Aruba TAC to enable the license for activation again, as we are used to do.
In most of the cases where I have migrated customers to 6.11 I have opted for new IP addresses on the 6.11 servers. This way I can complete all the updates, restore procedures, clustering etc before the active 6.10 nodes are taken offline.
Ofcourse this will lead to some additional work related to port openings, som new DNS records etc. But from my point it's almost always worth this extra tasks.
In addition most of the environments I work with we have VIP addresses for the authentication traffic. This way when it's time to change from 6.10 to 6.11 the only work is to remove the VIP addresses from the 6.10 cluster to the 6.11 cluster. If the old cluster doesn't have a VIP I usually take the old servers IP addresses as VIP addresses in the 6.11 cluster. By this I do not need to update any of the network equipment with new IP addresses or DNS namnes for Radius and TACACS+.
Another benefit with separate IP and server names is if you have a Active Directory domain join, you will join the 6.11 server under a new name. Thius way the 6.10 server will not lose it's domain join.
If you keep your initial plan to shut down the 6.10 host and start to work on the 6.11 I recommend to practice the restore process in a lab before hand. I have done the restore process with a customer under 4 hours but it's not optimal.
------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
Original Message:
Sent: Feb 14, 2024 04:54 PM
From: OESTech
Subject: Couple of questions about migrating from 6.10.8 to 6.11
Thanks. We just have a standalone Clearpass. It was just recommended to me to make a backup or cluster. I haven't looked at licensing for that yet.
I was planning on having all the backups ready from the 6.10 server, I'll have the new server installed and configured in ESXi, then I'll power on the new server for the first time and start working. We're a school so I can do this weekend and I'll start early. Plan for 4 hours maybe.
Yes I already contacted Aruba and verified our license is attached to our support contract.
So you think it's more common to use a new IP address on the new server?
Original Message:
Sent: Feb 14, 2024 04:27 PM
From: 802.zak
Subject: Couple of questions about migrating from 6.10.8 to 6.11
Sounds like you will have a complete Maintenace window, which is not as common of a scenario.
If that's the case the series of events is less critical:
I would get all nodes installed and updated before restoring the configuration or setting up publisher/subscriber relationship. This will ensure a stable OS and will be faster than a cluster update.
For Licensing - do you have your licensing registered in ASP/LMS with a support contract?
------------------------------
If my post was useful, please Accept Solution and Give Kudos.
------------------------------
Zak Chalupka
Principal Engineer - HPE Aruba
ACDX | ACMP | ACSP | ACCP
wifizak@hpe.com
------------------------------
Ideas expressed here are solely my own and not necessarily that of HPE Aruba.
Original Message:
Sent: Feb 14, 2024 02:48 PM
From: OESTech
Subject: Couple of questions about migrating from 6.10.8 to 6.11
Hi,
I'm getting ready to install and migrate to 6.11 from 6.10.8 C2000V on ESXi
- I downloaded the 6.11.1 version of the OVA. I was planing on also installing hotfix and patches to get it to 6.11.7 BEFORE I restore my configuration and certificates. Is this correct?
- I was also planning on using the same hostname and IP address for the new server. So in a maintenance window, I'll shutdown and deactivate the license of the old server before I start the Clearpass setup in the ESXI console. Is that what other people are doing?
Thanks