Original Message:
Sent: Oct 04, 2024 10:57 AM
From: lord
Subject: Importing backup from different ClearPass cluster
If you want to keep the configuration from the new box, you can backup and restore the guest module independently of the CPPM backup. The menu item is located in the guest module under Administration. You can export these services etc. from the CPPM to XML files. When exporting, select the option "with password protection". The XML file is saved in a zipped password-protected file. All password fields from e.g. auth-sources or NAD devices are saved in plain text.
First create a guest module backup from the new box. Then export services. ClearPass exports everything that is used in the service - auth-src, roles, rolemapping, enforcement policy with profles. All this must be present in the XML file. Check it to be on the safe side.
Now restore the backup from the cluster. All configuration in the new box will be lost. Then import the services from the XML file. Restore the backup from the guest module. When restoring, you can either restore the complete configuration from the guest module or only individual parts.
------------------------------
Regards,
Waldemar
ACCX # 1377, ACEP, ACX - Network Security
If you find my answer useful, consider giving kudos and/or mark as solution
Original Message:
Sent: Oct 04, 2024 09:59 AM
From: chulcher
Subject: Importing backup from different ClearPass cluster
Restoring a backup will cause all current operational data, other than server specific (i.e., OS level) configuration, to be removed.
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Oct 04, 2024 04:54 AM
From: cauliflower
Subject: Importing backup from different ClearPass cluster
Thanks Jonas,
Yes that's really helpful. With a full import are other parts of ClearPass affected - eg would Onboard config be overwritten?
Original Message:
Sent: Oct 03, 2024 10:57 AM
From: jonas.hammarback
Subject: Importing backup from different ClearPass cluster
Hi Guy
The easiest way to transfer the configuration from the production servers to the dev server is to take a configuration backup from Policy Manager, under Administration \ Server Manager\ Server Configuration, select any server and download a backup. All servers have the same configuration, but I often take the Publisher.
Restore the backup to the dev server. During the restore process the old database will be dropped, and all configuration in both Policy Manager and Guest is deleted, no merge will take place.
You don't need to do Policy Manager and Guest as separate jobs. But if you would like to just backup and restore the Guest part, it can be done under Guest.
Some settings are not transferred, such as licenses, and settings under the server object. I.e. Service Parameters SNMP settings etc.
Static routing information made in CLI isn't included in the backup either.
Hope this answer your questions
------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
Original Message:
Sent: Oct 03, 2024 10:42 AM
From: cauliflower
Subject: Importing backup from different ClearPass cluster
Hello,
We have a live ClearPass cluster (6 boxes). And we have just created a single dev ClearPass box for testing purposes. Ideally we'd like to pretty much replicate the live system on the dev box.
We have a reasonable amount of config on the live system, (including Guest and IoT device registration). It would be quite nice if we could just take a dump of it all and import it to the dev box, I know there are options in server config to take a backup, and I can see options to take a backup in Guest. But I have a couple of questions:
- Does it matter that the dev box is a single box and the live cluster is 6 boxes? Do we just take a backup from the live publisher and import that?
- Do we take backups from CPPM and Guest and import them separately?
- Unfortunately we have some config now on the dev box (we should have just imported the live backup when we first created the dev box, but it's always a schoolday!) does importing a config backup overwrite whatever is currently on the box? Or is there some way of merging the configs?
Thank you,
Guy