Security

I'm thinking there's no easy way to accomplish this, but an API integration we have pushes attributes to ClearPass endpoints. The 3rd party system recently updated their attribute naming and so now i have duplicate copies of each attribute, where i would normally have 5, I have 10. In the past, I've had issues with database upgrades during firmware upgrades because each attribute adds another point of data into the underlying database. I would like to delete the unused attributes, but i can't because they still exist on the devices. 

I assume i have the following options, but hoping there's something easier:

1. Work with TAC to get into the Linux shell and scrub the old attributes from the endpoints in the database
2. Manually go through each of the 65,000 devices with the attributes and manually delete them
3. Export all of our endpoints, remove those attributes and re-import
4. Delete all of our endpoints and allow the API integration to push the endpoint data back into ClearPass

Thanks!

------------------------------
Michael Haring
------------------------------

I worked with TAC and was able to remove the attribute successfully from 315,000 devices (in batches). We did not have to remove the entire endpoint, rather just the attribute itself. This was by far the easiest option and was very successful. I would recommend if anyone is in the same situation and is looking to remove an attribute from thousands of devices, work with TAC to do so.

------------------------------
Michael Haring
------------------------------

Original Message:
Sent: Apr 26, 2022 10:29 AM
From: Michael Haring
Subject: Mass deletion of endpoint attributes from endpoints

I'm thinking there's no easy way to accomplish this, but an API integration we have pushes attributes to ClearPass endpoints. The 3rd party system recently updated their attribute naming and so now i have duplicate copies of each attribute, where i would normally have 5, I have 10. In the past, I've had issues with database upgrades during firmware upgrades because each attribute adds another point of data into the underlying database. I would like to delete the unused attributes, but i can't because they still exist on the devices. 

I assume i have the following options, but hoping there's something easier:

1. Work with TAC to get into the Linux shell and scrub the old attributes from the endpoints in the database
2. Manually go through each of the 65,000 devices with the attributes and manually delete them
3. Export all of our endpoints, remove those attributes and re-import
4. Delete all of our endpoints and allow the API integration to push the endpoint data back into ClearPass

Thanks!

------------------------------
Michael Haring
------------------------------