Security

Reply
Highlighted
Occasional Contributor II

Migrating CPPM to new hardware

Hi
We are currently running a CPPM 6.7.1 cluster on C3000 hardware platform. We are in the planning-process of migrating these two servers to our Hyper-V (VMM) virtual environment. We think the hardware recommendments of the 25k virtual servers are insane, but I guess theres nothing to do with that.

 

The plan is to install a brand new 6.8/6.9 cluster, with new IP-adresses, and export/import the config from the existing cluster, and do some config improvement (too many policyes, too many settings not in use anymore.
From what I can see, the following settings will have to be configured all over again after the config-import:

 

  • Certificates (both radius and captive portal)
  • Active directory connections
  • IP-addresses
  • Licenses
  • Custom captive portal skin

 

It would be a much easier task to use the same IP-addresses/cluster all over again. Then we could just add servers to the existing cluster, and turn off the hardware hosts when done. I guess most of the configuration above would still be there as well.
The problem with that approach is that we would have to use the new cluster for all our wireless controllers, radius/8021x enabled switches, airwave etc at the same time - while we want to do a "controlled migration", over a month or so.

 

What do you experts think of this migration plan? Is this a good way to do it, or have I missed something?
Any comments will be much appreciated!

Highlighted
MVP Expert

Re: Migrating CPPM to new hardware

You should consider deploying the new ClearPass cluster running the same version as your production environment , that way you can perform the backup/restore with no issues and then upgrade to the desire version you want to run on the new Cluster.

The certificates will not be included in the backup so make sure you have the private key and private password.

Configure a test SSID for Guest / 802.1X and validate that everything works as expected prior to the migration.


Sent from Mail for Windows 10
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Highlighted

Re: Migrating CPPM to new hardware

Agree to Victor here. It is not recommended to restore 6.7.1 backup on 6.8/6.9. We might run into some issue.
Best practice would be restore on same code and upgrade.

 

Regards,
Vishnu
If my post helped you, don't forget to give kudos ;)
Highlighted
MVP Expert
MVP Expert

Re: Migrating CPPM to new hardware

Agree with Vishnu

 

 

 

Kind Regards Marcel Koedijk
HPE ASE Flexnetwork | ACMP | ACCP | Ekahau ECSE Design - Was this post usefull, Kudos are welcome.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: