Security

Hi

A virtual machine backup will have a few problems. As you mention it's not possible to quiesce the OS. Also if you have more than one server in a cluster and perform a restore from a VM backup or revert a snap shot, the cluster will come out of sync. I have not tested what happens if you revert all servers in a cluster, but my guess is that it will not work, at least if the backup or snap shot is more than 24 hours old.

Instead, if you have a cluster and loses one of the nodes, install a new VM and add certificate, PAK license and optionally any custom configurations under the server object and routing entries. Join the cluster and all cluster wide configuration will be replicated. If you have had extensions installed on the crashed server these must also be installed again.

I'm not sure there are any disaster recovery tech note, but you can utilize the ClearPass 6.11 migration guide as this document describe every step you need to take to move configuration from one server to another.

Backing up to an external server via SFTP, SCP or NFS is also possible, where the nightly backup is copied to the external server.

------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------

Original Message:
Sent: Jul 08, 2024 11:45 PM
From: lwat
Subject: Clearpass Backup Recommendations

I know we can back the Clearpass configuration via Clearpass under Server Manager > Server Configuration page and clicking on the Backup Button.

 

Is it recommended to also backup the Virtual Machines hosting the Clearpass Database?

I thought I read somewhere the Virtual Machines are encrypted and backing up the Virtual Machine is not required.

 

If anyone is performing Virtual Machine backups have you been able to successfully quiesce the Operating System?

Also is there a guide on rebuilding the Clearpass servers in the event of a disaster?

For all my VMs & physical servers, I set up a File Backup Server to backup the configuration to a local Linux server, using SSH. We choose to then use rclone to move the backup files to our corporate Dropbox so the configuration backup is stored offsite, in the cloud. 

Be sure to have a backup of your license keys in case the licensing portal is temporarily unavailable.

------------------------------
Bruce Osborne ACCP ACMP
Liberty University

The views expressed here are my personal views and not those of my employer
------------------------------

Original Message:
Sent: Jul 08, 2024 11:45 PM
From: lwat
Subject: Clearpass Backup Recommendations

I know we can back the Clearpass configuration via Clearpass under Server Manager > Server Configuration page and clicking on the Backup Button.

 

Is it recommended to also backup the Virtual Machines hosting the Clearpass Database?

I thought I read somewhere the Virtual Machines are encrypted and backing up the Virtual Machine is not required.

 

If anyone is performing Virtual Machine backups have you been able to successfully quiesce the Operating System?

Also is there a guide on rebuilding the Clearpass servers in the event of a disaster?

Hi Bruce,

Thank you for the update. 

I confirmed we currently do not have a File Backup Server setup as per 

https://www.arubanetworks.com/techdocs/ClearPass/6.9/PolicyManager/Content/CPPM_UserGuide/Admin/FileBackupServers.html

I can setup a File Backup Server inside Clearpass but I wanted to check is there a way to schedule the configuration to Backup on a regular basis?

Original Message:
Sent: Jul 09, 2024 08:00 AM
From: bosborne
Subject: Clearpass Backup Recommendations

For all my VMs & physical servers, I set up a File Backup Server to backup the configuration to a local Linux server, using SSH. We choose to then use rclone to move the backup files to our corporate Dropbox so the configuration backup is stored offsite, in the cloud. 

Be sure to have a backup of your license keys in case the licensing portal is temporarily unavailable.

------------------------------
Bruce Osborne ACCP ACMP
Liberty University

The views expressed here are my personal views and not those of my employer

Original Message:
Sent: Jul 08, 2024 11:45 PM
From: lwat
Subject: Clearpass Backup Recommendations

I know we can back the Clearpass configuration via Clearpass under Server Manager > Server Configuration page and clicking on the Backup Button.

 

Is it recommended to also backup the Virtual Machines hosting the Clearpass Database?

I thought I read somewhere the Virtual Machines are encrypted and backing up the Virtual Machine is not required.

 

If anyone is performing Virtual Machine backups have you been able to successfully quiesce the Operating System?

Also is there a guide on rebuilding the Clearpass servers in the event of a disaster?

Hi.

When you setup External Backup Server, the backups will be automatically scheduled every night at 1:00.

Best, Gorazd

------------------------------
Gorazd Kikelj
MVP Guru 2024
------------------------------

Original Message:
Sent: Jul 14, 2024 10:31 PM
From: lwat
Subject: Clearpass Backup Recommendations

Hi Bruce,

Thank you for the update. 

I confirmed we currently do not have a File Backup Server setup as per 

https://www.arubanetworks.com/techdocs/ClearPass/6.9/PolicyManager/Content/CPPM_UserGuide/Admin/FileBackupServers.html

I can setup a File Backup Server inside Clearpass but I wanted to check is there a way to schedule the configuration to Backup on a regular basis?

Original Message:
Sent: Jul 09, 2024 08:00 AM
From: bosborne
Subject: Clearpass Backup Recommendations

For all my VMs & physical servers, I set up a File Backup Server to backup the configuration to a local Linux server, using SSH. We choose to then use rclone to move the backup files to our corporate Dropbox so the configuration backup is stored offsite, in the cloud. 

Be sure to have a backup of your license keys in case the licensing portal is temporarily unavailable.

------------------------------
Bruce Osborne ACCP ACMP
Liberty University

The views expressed here are my personal views and not those of my employer

Original Message:
Sent: Jul 08, 2024 11:45 PM
From: lwat
Subject: Clearpass Backup Recommendations

I know we can back the Clearpass configuration via Clearpass under Server Manager > Server Configuration page and clicking on the Backup Button.

 

Is it recommended to also backup the Virtual Machines hosting the Clearpass Database?

I thought I read somewhere the Virtual Machines are encrypted and backing up the Virtual Machine is not required.

 

If anyone is performing Virtual Machine backups have you been able to successfully quiesce the Operating System?

Also is there a guide on rebuilding the Clearpass servers in the event of a disaster?