Assuming your ASP portal has proper contracts and licenses, you do not need to worry about any demo licenses. You can install the same licenses on the new 6.11 while old and new servers are running in production. You should be able to activate them on 6.11 as well. Note that once activated, if you need to rebuild again, you cannot re-activate them.
Changing IP addresses may lead to issues with your Database Certificate as it is tied to the original IP you used to build 6.11. Make sure you test if it will be an issue and what needs to be done to correct it (Change the IP in the DB Certs / reboot, etc).
Also consider that during the time you have 6.9 shutdown and 6.11 running on old IPs. authentications will not work until you get the 6.11 IPs set to Prod IPs. Hence your maintenance window. You could consider keeping your new 6.11 IPs and changing the NADs that authenticate against it to point to those new IPs. You can then do a no-outage migration. This however may be a difficult task if you have the IPs configured on LOTs of switches. If you are just updating a wireless infrastructure that has servers and groups, then this is an easy transition (test first!) as you only have to touch a few things.
Lastly, if you are relying on Cached Machine Authentication in Clearpass for policy decision, the Cache is NOT carried over in the restore to the new servers. Your end devices will need to perform Machine Auth again through the new Clearpass servers. Make sure to account for this either in relaxed policy or other methods before cutting over.
As you are doing, make sure to test everything 1st if you can. There are all sorts of little things that might cause hiccups... like ASP Contracts not correct. Misc. server specific settings... VIP addresses... Auth sources with custom SQL Queries... etc.
------------------------------
Philip Wightman, ACEX #69
Aruba Partner Ambassador
------------------------------
Original Message:
Sent: Apr 25, 2024 11:29 PM
From: cdelarosa
Subject: 6.9 to 6.11 upgrade method
Hello everyone
I have already upgraded 6.10s to 6.11s with no issues but i have done it on a big maintaintenance window,
This include in creating all the new 6.11 and upgrade it and upload the certificates back ups and all that. And well i have to turn off the old VMs so i can use the license with no problems, and also that i dont need to do anything on other deivces i mean changes
The idea i have is if i could do this to reduce a lot the maintenace window is this:
Create the VMs, put a IP Address on the same network of the old Clearpass in 6.9, that way i can do this on bussiness hours, use a demo license so it let me upgrade the new clearpasses to the lastest patch, turn the machine down(this is the part that takes most of the time)
Then create a maintenance window, Turn off the old 6.9 and turn on the new 6.11, Chage the ip addresses to the same ip address that the old 6.9 had and just upload the backup, license certifcates and all that to one of the clearpasses then on the other one just change the ip address too and make it the subcriber and just test.
Doing this way does any kind of issue?
Also i have another question.
old 6.9 are on the AD. I would like not to take it out of the domain, so i bealive i just could use new names to the new clearpasses? without any issues? or changing the name would bring me any issue?
Thanks