Security

Hello everyone, I just want to ask what is this command use for system morph-vm . right now we notice a little bit concern since our production cppm vm is running in C3000V as I noticed we did not get the recommended requirements. in order to solve this we need to downgrade from c3000v to c2000v since we can allocate a resources base on c2000v requirements. is it possible to use the sytem morph-vm command ?

for confirmation also, upon checking on this documentation. hardware appliance for model 2020 CPPM can cater up to 10,000 concurrent session. thus it the same with the c2000v appliance ?

reference : chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://www.arubanetworks.com/assets/og/OG_ClearPass.pdf

system morph-vm command reference : https://www.arubanetworks.com/techdocs/ClearPass/6.10/PolicyManager/Content/cmds/sys-mph-vm.htm

Hi

I don't know if it's possible to use the command 'system morph-vm' to down size a server. Also the command is designed to work with a new blank disk and migrate the data to this disk. If the server is working as expected I think, can be changes in the latest versions that block this, you can run it as a C3000V but with C2000V specification, it will complain in the log but work normally. 

The different sizes of VM ClearPass servers have some reference figures like CPU, RAM and disk. There are also a counter of the total number of autentications each day. C1000 start to complain at 40000 requests per day.

From Aruba TAC I got the information that the command system morph-vm should only be run on a server once, as running it may times could cause some issues. Didn't got more info than that, but could be good to know.

I think the easies way to downsize the server is to deploy a new VM. Take a backup of the current server, export certificates, save licenses and document any settings done under the server object like hardening, SNMP and service parameters.

Restore on the new VM, import certificates, licenses and make any special settings as needed. If the licenses was activated on the current server, contact Aruba TAC and explain that the server was reinstalled and the license must be enabled for activation again.

Regarding the capacity for a C2000V it's for up to 5000 concurrent devices, compared to the C2020 who has 10000. Back in the days before ClearPass 6.7 the hardware was called CP-HW-5k, and thus designed for 5000 devices. With the release of C2020 a few years ago the capacity was updated on this hardware model. Couldn't find a page with these figures right now.

------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------

Original Message:
Sent: Jul 04, 2024 12:25 AM
From: ajorigenes17
Subject: system morph-vm command for clearpass VM

Hello everyone, I just want to ask what is this command use for system morph-vm . right now we notice a little bit concern since our production cppm vm is running in C3000V as I noticed we did not get the recommended requirements. in order to solve this we need to downgrade from c3000v to c2000v since we can allocate a resources base on c2000v requirements. is it possible to use the sytem morph-vm command ?

for confirmation also, upon checking on this documentation. hardware appliance for model 2020 CPPM can cater up to 10,000 concurrent session. thus it the same with the c2000v appliance ?

reference : chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://www.arubanetworks.com/assets/og/OG_ClearPass.pdf

system morph-vm command reference : https://www.arubanetworks.com/techdocs/ClearPass/6.10/PolicyManager/Content/cmds/sys-mph-vm.htm

No, the morph-vm can only move upwards, so from LABV -> C1000V/C2000V/C3000V, or C1000->C2000/C3000, or C2000->C3000.

Redeploying the VM with proper size and resources, then restoring a backup is probably the best solution. You would need TAC Support to move/reactivate your licenses in that case.

The c2000v should indeed with the proper resources accomodate 10000 concurrent connected devices.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Jul 04, 2024 12:25 AM
From: ajorigenes17
Subject: system morph-vm command for clearpass VM

Hello everyone, I just want to ask what is this command use for system morph-vm . right now we notice a little bit concern since our production cppm vm is running in C3000V as I noticed we did not get the recommended requirements. in order to solve this we need to downgrade from c3000v to c2000v since we can allocate a resources base on c2000v requirements. is it possible to use the sytem morph-vm command ?

for confirmation also, upon checking on this documentation. hardware appliance for model 2020 CPPM can cater up to 10,000 concurrent session. thus it the same with the c2000v appliance ?

reference : chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://www.arubanetworks.com/assets/og/OG_ClearPass.pdf

system morph-vm command reference : https://www.arubanetworks.com/techdocs/ClearPass/6.10/PolicyManager/Content/cmds/sys-mph-vm.htm