Security

Hi,

I'm getting ready to install and migrate to 6.11 from 6.10.8 C2000V on ESXi

1. I downloaded the 6.11.1 version of the OVA.  I was planing on also installing hotfix and patches to get it to 6.11.7 BEFORE I restore my configuration and certificates.  Is this correct?
2. I was also planning on using the same hostname and IP address for the new server.  So in a maintenance window, I'll shutdown and deactivate the license of the old server before I start the Clearpass setup in the ESXI console.  Is that what other people are doing?

Thanks

Sounds like you will have a complete Maintenace window, which is not as common of a scenario. 

If that's the case the series of events is less critical:

I would get all nodes installed and updated before restoring the configuration or setting up publisher/subscriber relationship. This will ensure a stable OS and will be faster than a cluster update. 

For Licensing - do you have your licensing registered in ASP/LMS with a support contract?

Hi,

I'm getting ready to install and migrate to 6.11 from 6.10.8 C2000V on ESXi

1. I downloaded the 6.11.1 version of the OVA.  I was planing on also installing hotfix and patches to get it to 6.11.7 BEFORE I restore my configuration and certificates.  Is this correct?
2. I was also planning on using the same hostname and IP address for the new server.  So in a maintenance window, I'll shutdown and deactivate the license of the old server before I start the Clearpass setup in the ESXI console.  Is that what other people are doing?

Thanks

Thanks.  We just have a standalone Clearpass.  It was just recommended to me to make a backup or cluster.  I haven't looked at licensing for that yet.

I was planning on having all the backups ready from the 6.10 server, I'll have the new server installed and configured in ESXi, then I'll power on the new server for the first time and start working. We're a school so I can do this weekend and I'll start early.  Plan for 4 hours maybe.

Yes I already contacted Aruba and verified our license is attached to our support contract.

So you think it's more common to use a new IP address on the new server?

Sounds like you will have a complete Maintenace window, which is not as common of a scenario. 

If that's the case the series of events is less critical:

I would get all nodes installed and updated before restoring the configuration or setting up publisher/subscriber relationship. This will ensure a stable OS and will be faster than a cluster update. 

For Licensing - do you have your licensing registered in ASP/LMS with a support contract?

Hi,

I'm getting ready to install and migrate to 6.11 from 6.10.8 C2000V on ESXi

1. I downloaded the 6.11.1 version of the OVA.  I was planing on also installing hotfix and patches to get it to 6.11.7 BEFORE I restore my configuration and certificates.  Is this correct?
2. I was also planning on using the same hostname and IP address for the new server.  So in a maintenance window, I'll shutdown and deactivate the license of the old server before I start the Clearpass setup in the ESXI console.  Is that what other people are doing?

Thanks

Hi

Regarding the license you do not need to ask Aruba to enable it for activation again, as the 6.11 activation will work also if the license have been activated in 6.10. If you need to reactivate the license in the future, you have to contact Aruba TAC to enable the license for activation again, as we are used to do.

In most of the cases where I have migrated customers to 6.11 I have opted for new IP addresses on the 6.11 servers. This way I can complete all the updates, restore procedures, clustering etc before the active 6.10 nodes are taken offline.

Ofcourse this will lead to some additional work related to port openings, som new DNS records etc. But from my point it's almost always worth this extra tasks.

In addition most of the environments I work with we have VIP addresses for the authentication traffic. This way when it's time to change from 6.10 to 6.11 the only work is to remove the VIP addresses from the 6.10 cluster to the 6.11 cluster. If the old cluster doesn't have a VIP I usually take the old servers IP addresses as VIP addresses in the 6.11 cluster. By this I do not need to update any of the network equipment with new IP addresses or DNS namnes for Radius and TACACS+.

Another benefit with separate IP and server names is if you have a Active Directory domain join, you will join the 6.11 server under a new name. Thius way the 6.10 server will not lose it's domain join.

If you keep your initial plan to shut down the 6.10 host and start to work on the 6.11 I recommend to practice the restore process in a lab before hand. I have done the restore process with a customer under 4 hours but it's not optimal.

Thanks.  We just have a standalone Clearpass.  It was just recommended to me to make a backup or cluster.  I haven't looked at licensing for that yet.

I was planning on having all the backups ready from the 6.10 server, I'll have the new server installed and configured in ESXi, then I'll power on the new server for the first time and start working. We're a school so I can do this weekend and I'll start early.  Plan for 4 hours maybe.

Yes I already contacted Aruba and verified our license is attached to our support contract.

So you think it's more common to use a new IP address on the new server?

Sounds like you will have a complete Maintenace window, which is not as common of a scenario. 

If that's the case the series of events is less critical:

I would get all nodes installed and updated before restoring the configuration or setting up publisher/subscriber relationship. This will ensure a stable OS and will be faster than a cluster update. 

For Licensing - do you have your licensing registered in ASP/LMS with a support contract?

Hi,

I'm getting ready to install and migrate to 6.11 from 6.10.8 C2000V on ESXi

1. I downloaded the 6.11.1 version of the OVA.  I was planing on also installing hotfix and patches to get it to 6.11.7 BEFORE I restore my configuration and certificates.  Is this correct?
2. I was also planning on using the same hostname and IP address for the new server.  So in a maintenance window, I'll shutdown and deactivate the license of the old server before I start the Clearpass setup in the ESXI console.  Is that what other people are doing?

Thanks

@ Jonas: When you have two clusters running in parallel, the new 6.11 cluster is updated, licensed and ready.  When restoring the backup from 6.10 does the IP address restore?  I am afraid two clusters have the same IP address when finish restoring.

Hi

Regarding the license you do not need to ask Aruba to enable it for activation again, as the 6.11 activation will work also if the license have been activated in 6.10. If you need to reactivate the license in the future, you have to contact Aruba TAC to enable the license for activation again, as we are used to do.

In most of the cases where I have migrated customers to 6.11 I have opted for new IP addresses on the 6.11 servers. This way I can complete all the updates, restore procedures, clustering etc before the active 6.10 nodes are taken offline.

Ofcourse this will lead to some additional work related to port openings, som new DNS records etc. But from my point it's almost always worth this extra tasks.

In addition most of the environments I work with we have VIP addresses for the authentication traffic. This way when it's time to change from 6.10 to 6.11 the only work is to remove the VIP addresses from the 6.10 cluster to the 6.11 cluster. If the old cluster doesn't have a VIP I usually take the old servers IP addresses as VIP addresses in the 6.11 cluster. By this I do not need to update any of the network equipment with new IP addresses or DNS namnes for Radius and TACACS+.

Another benefit with separate IP and server names is if you have a Active Directory domain join, you will join the 6.11 server under a new name. Thius way the 6.10 server will not lose it's domain join.

If you keep your initial plan to shut down the 6.10 host and start to work on the 6.11 I recommend to practice the restore process in a lab before hand. I have done the restore process with a customer under 4 hours but it's not optimal.

Thanks.  We just have a standalone Clearpass.  It was just recommended to me to make a backup or cluster.  I haven't looked at licensing for that yet.

I was planning on having all the backups ready from the 6.10 server, I'll have the new server installed and configured in ESXi, then I'll power on the new server for the first time and start working. We're a school so I can do this weekend and I'll start early.  Plan for 4 hours maybe.

Yes I already contacted Aruba and verified our license is attached to our support contract.

So you think it's more common to use a new IP address on the new server?

Sounds like you will have a complete Maintenace window, which is not as common of a scenario. 

If that's the case the series of events is less critical:

I would get all nodes installed and updated before restoring the configuration or setting up publisher/subscriber relationship. This will ensure a stable OS and will be faster than a cluster update. 

For Licensing - do you have your licensing registered in ASP/LMS with a support contract?

Hi,

I'm getting ready to install and migrate to 6.11 from 6.10.8 C2000V on ESXi

1. I downloaded the 6.11.1 version of the OVA.  I was planing on also installing hotfix and patches to get it to 6.11.7 BEFORE I restore my configuration and certificates.  Is this correct?
2. I was also planning on using the same hostname and IP address for the new server.  So in a maintenance window, I'll shutdown and deactivate the license of the old server before I start the Clearpass setup in the ESXI console.  Is that what other people are doing?

Thanks

Hi

Regarding the license you do not need to ask Aruba to enable it for activation again, as the 6.11 activation will work also if the license have been activated in 6.10. If you need to reactivate the license in the future, you have to contact Aruba TAC to enable the license for activation again, as we are used to do.

In most of the cases where I have migrated customers to 6.11 I have opted for new IP addresses on the 6.11 servers. This way I can complete all the updates, restore procedures, clustering etc before the active 6.10 nodes are taken offline.

Ofcourse this will lead to some additional work related to port openings, som new DNS records etc. But from my point it's almost always worth this extra tasks.

In addition most of the environments I work with we have VIP addresses for the authentication traffic. This way when it's time to change from 6.10 to 6.11 the only work is to remove the VIP addresses from the 6.10 cluster to the 6.11 cluster. If the old cluster doesn't have a VIP I usually take the old servers IP addresses as VIP addresses in the 6.11 cluster. By this I do not need to update any of the network equipment with new IP addresses or DNS namnes for Radius and TACACS+.

Another benefit with separate IP and server names is if you have a Active Directory domain join, you will join the 6.11 server under a new name. Thius way the 6.10 server will not lose it's domain join.

If you keep your initial plan to shut down the 6.10 host and start to work on the 6.11 I recommend to practice the restore process in a lab before hand. I have done the restore process with a customer under 4 hours but it's not optimal.

Thanks.  We just have a standalone Clearpass.  It was just recommended to me to make a backup or cluster.  I haven't looked at licensing for that yet.

I was planning on having all the backups ready from the 6.10 server, I'll have the new server installed and configured in ESXi, then I'll power on the new server for the first time and start working. We're a school so I can do this weekend and I'll start early.  Plan for 4 hours maybe.

Yes I already contacted Aruba and verified our license is attached to our support contract.

So you think it's more common to use a new IP address on the new server?

Sounds like you will have a complete Maintenace window, which is not as common of a scenario. 

If that's the case the series of events is less critical:

I would get all nodes installed and updated before restoring the configuration or setting up publisher/subscriber relationship. This will ensure a stable OS and will be faster than a cluster update. 

For Licensing - do you have your licensing registered in ASP/LMS with a support contract?

Hi,

I'm getting ready to install and migrate to 6.11 from 6.10.8 C2000V on ESXi

1. I downloaded the 6.11.1 version of the OVA.  I was planing on also installing hotfix and patches to get it to 6.11.7 BEFORE I restore my configuration and certificates.  Is this correct?
2. I was also planning on using the same hostname and IP address for the new server.  So in a maintenance window, I'll shutdown and deactivate the license of the old server before I start the Clearpass setup in the ESXI console.  Is that what other people are doing?

Thanks

How did you handle the update activation delay? I have condfigured several 6.11.x servers and needed to wait close to 24 hours before being able to patch.

From past experiences working with RMA replacements I would not attempt to change an ip address after configuring the server wither.

Hi

Regarding the license you do not need to ask Aruba to enable it for activation again, as the 6.11 activation will work also if the license have been activated in 6.10. If you need to reactivate the license in the future, you have to contact Aruba TAC to enable the license for activation again, as we are used to do.

In most of the cases where I have migrated customers to 6.11 I have opted for new IP addresses on the 6.11 servers. This way I can complete all the updates, restore procedures, clustering etc before the active 6.10 nodes are taken offline.

Ofcourse this will lead to some additional work related to port openings, som new DNS records etc. But from my point it's almost always worth this extra tasks.

In addition most of the environments I work with we have VIP addresses for the authentication traffic. This way when it's time to change from 6.10 to 6.11 the only work is to remove the VIP addresses from the 6.10 cluster to the 6.11 cluster. If the old cluster doesn't have a VIP I usually take the old servers IP addresses as VIP addresses in the 6.11 cluster. By this I do not need to update any of the network equipment with new IP addresses or DNS namnes for Radius and TACACS+.

Another benefit with separate IP and server names is if you have a Active Directory domain join, you will join the 6.11 server under a new name. Thius way the 6.10 server will not lose it's domain join.

If you keep your initial plan to shut down the 6.10 host and start to work on the 6.11 I recommend to practice the restore process in a lab before hand. I have done the restore process with a customer under 4 hours but it's not optimal.

Thanks.  We just have a standalone Clearpass.  It was just recommended to me to make a backup or cluster.  I haven't looked at licensing for that yet.

I was planning on having all the backups ready from the 6.10 server, I'll have the new server installed and configured in ESXi, then I'll power on the new server for the first time and start working. We're a school so I can do this weekend and I'll start early.  Plan for 4 hours maybe.

Yes I already contacted Aruba and verified our license is attached to our support contract.

So you think it's more common to use a new IP address on the new server?

Sounds like you will have a complete Maintenace window, which is not as common of a scenario. 

If that's the case the series of events is less critical:

I would get all nodes installed and updated before restoring the configuration or setting up publisher/subscriber relationship. This will ensure a stable OS and will be faster than a cluster update. 

For Licensing - do you have your licensing registered in ASP/LMS with a support contract?

Hi,

I'm getting ready to install and migrate to 6.11 from 6.10.8 C2000V on ESXi

1. I downloaded the 6.11.1 version of the OVA.  I was planing on also installing hotfix and patches to get it to 6.11.7 BEFORE I restore my configuration and certificates.  Is this correct?
2. I was also planning on using the same hostname and IP address for the new server.  So in a maintenance window, I'll shutdown and deactivate the license of the old server before I start the Clearpass setup in the ESXI console.  Is that what other people are doing?

Thanks

I think that support check delay was resolved in the 6.11.1image, which is why there is an updated image. This should no longer be an issue.

How did you handle the update activation delay? I have condfigured several 6.11.x servers and needed to wait close to 24 hours before being able to patch.

From past experiences working with RMA replacements I would not attempt to change an ip address after configuring the server wither.

Hi

Regarding the license you do not need to ask Aruba to enable it for activation again, as the 6.11 activation will work also if the license have been activated in 6.10. If you need to reactivate the license in the future, you have to contact Aruba TAC to enable the license for activation again, as we are used to do.

In most of the cases where I have migrated customers to 6.11 I have opted for new IP addresses on the 6.11 servers. This way I can complete all the updates, restore procedures, clustering etc before the active 6.10 nodes are taken offline.

Ofcourse this will lead to some additional work related to port openings, som new DNS records etc. But from my point it's almost always worth this extra tasks.

In addition most of the environments I work with we have VIP addresses for the authentication traffic. This way when it's time to change from 6.10 to 6.11 the only work is to remove the VIP addresses from the 6.10 cluster to the 6.11 cluster. If the old cluster doesn't have a VIP I usually take the old servers IP addresses as VIP addresses in the 6.11 cluster. By this I do not need to update any of the network equipment with new IP addresses or DNS namnes for Radius and TACACS+.

Another benefit with separate IP and server names is if you have a Active Directory domain join, you will join the 6.11 server under a new name. Thius way the 6.10 server will not lose it's domain join.

If you keep your initial plan to shut down the 6.10 host and start to work on the 6.11 I recommend to practice the restore process in a lab before hand. I have done the restore process with a customer under 4 hours but it's not optimal.

Thanks.  We just have a standalone Clearpass.  It was just recommended to me to make a backup or cluster.  I haven't looked at licensing for that yet.

I was planning on having all the backups ready from the 6.10 server, I'll have the new server installed and configured in ESXi, then I'll power on the new server for the first time and start working. We're a school so I can do this weekend and I'll start early.  Plan for 4 hours maybe.

Yes I already contacted Aruba and verified our license is attached to our support contract.

So you think it's more common to use a new IP address on the new server?

Sounds like you will have a complete Maintenace window, which is not as common of a scenario. 

If that's the case the series of events is less critical:

I would get all nodes installed and updated before restoring the configuration or setting up publisher/subscriber relationship. This will ensure a stable OS and will be faster than a cluster update. 

For Licensing - do you have your licensing registered in ASP/LMS with a support contract?

Hi,

I'm getting ready to install and migrate to 6.11 from 6.10.8 C2000V on ESXi

1. I downloaded the 6.11.1 version of the OVA.  I was planing on also installing hotfix and patches to get it to 6.11.7 BEFORE I restore my configuration and certificates.  Is this correct?
2. I was also planning on using the same hostname and IP address for the new server.  So in a maintenance window, I'll shutdown and deactivate the license of the old server before I start the Clearpass setup in the ESXI console.  Is that what other people are doing?

Thanks

i have been using the 6.11.1VMWare  VM image for quite a while, most recently, last month. the delay was still there at that time. My SE even saw it.

I think that support check delay was resolved in the 6.11.1image, which is why there is an updated image. This should no longer be an issue.

How did you handle the update activation delay? I have condfigured several 6.11.x servers and needed to wait close to 24 hours before being able to patch.

From past experiences working with RMA replacements I would not attempt to change an ip address after configuring the server wither.

Hi

Regarding the license you do not need to ask Aruba to enable it for activation again, as the 6.11 activation will work also if the license have been activated in 6.10. If you need to reactivate the license in the future, you have to contact Aruba TAC to enable the license for activation again, as we are used to do.

In most of the cases where I have migrated customers to 6.11 I have opted for new IP addresses on the 6.11 servers. This way I can complete all the updates, restore procedures, clustering etc before the active 6.10 nodes are taken offline.

Ofcourse this will lead to some additional work related to port openings, som new DNS records etc. But from my point it's almost always worth this extra tasks.

In addition most of the environments I work with we have VIP addresses for the authentication traffic. This way when it's time to change from 6.10 to 6.11 the only work is to remove the VIP addresses from the 6.10 cluster to the 6.11 cluster. If the old cluster doesn't have a VIP I usually take the old servers IP addresses as VIP addresses in the 6.11 cluster. By this I do not need to update any of the network equipment with new IP addresses or DNS namnes for Radius and TACACS+.

Another benefit with separate IP and server names is if you have a Active Directory domain join, you will join the 6.11 server under a new name. Thius way the 6.10 server will not lose it's domain join.

If you keep your initial plan to shut down the 6.10 host and start to work on the 6.11 I recommend to practice the restore process in a lab before hand. I have done the restore process with a customer under 4 hours but it's not optimal.

Thanks.  We just have a standalone Clearpass.  It was just recommended to me to make a backup or cluster.  I haven't looked at licensing for that yet.

I was planning on having all the backups ready from the 6.10 server, I'll have the new server installed and configured in ESXi, then I'll power on the new server for the first time and start working. We're a school so I can do this weekend and I'll start early.  Plan for 4 hours maybe.

Yes I already contacted Aruba and verified our license is attached to our support contract.

So you think it's more common to use a new IP address on the new server?

Sounds like you will have a complete Maintenace window, which is not as common of a scenario. 

If that's the case the series of events is less critical:

I would get all nodes installed and updated before restoring the configuration or setting up publisher/subscriber relationship. This will ensure a stable OS and will be faster than a cluster update. 

For Licensing - do you have your licensing registered in ASP/LMS with a support contract?

Hi,

I'm getting ready to install and migrate to 6.11 from 6.10.8 C2000V on ESXi

1. I downloaded the 6.11.1 version of the OVA.  I was planing on also installing hotfix and patches to get it to 6.11.7 BEFORE I restore my configuration and certificates.  Is this correct?
2. I was also planning on using the same hostname and IP address for the new server.  So in a maintenance window, I'll shutdown and deactivate the license of the old server before I start the Clearpass setup in the ESXI console.  Is that what other people are doing?

Thanks

This is the information that I got. There is a warning in 6.11.1 but if you ignore that you can upgrade.

i have been using the 6.11.1VMWare  VM image for quite a while, most recently, last month. the delay was still there at that time. My SE even saw it.

I think that support check delay was resolved in the 6.11.1image, which is why there is an updated image. This should no longer be an issue.

How did you handle the update activation delay? I have condfigured several 6.11.x servers and needed to wait close to 24 hours before being able to patch.

From past experiences working with RMA replacements I would not attempt to change an ip address after configuring the server wither.

Hi

Regarding the license you do not need to ask Aruba to enable it for activation again, as the 6.11 activation will work also if the license have been activated in 6.10. If you need to reactivate the license in the future, you have to contact Aruba TAC to enable the license for activation again, as we are used to do.

In most of the cases where I have migrated customers to 6.11 I have opted for new IP addresses on the 6.11 servers. This way I can complete all the updates, restore procedures, clustering etc before the active 6.10 nodes are taken offline.

Ofcourse this will lead to some additional work related to port openings, som new DNS records etc. But from my point it's almost always worth this extra tasks.

In addition most of the environments I work with we have VIP addresses for the authentication traffic. This way when it's time to change from 6.10 to 6.11 the only work is to remove the VIP addresses from the 6.10 cluster to the 6.11 cluster. If the old cluster doesn't have a VIP I usually take the old servers IP addresses as VIP addresses in the 6.11 cluster. By this I do not need to update any of the network equipment with new IP addresses or DNS namnes for Radius and TACACS+.

Another benefit with separate IP and server names is if you have a Active Directory domain join, you will join the 6.11 server under a new name. Thius way the 6.10 server will not lose it's domain join.

If you keep your initial plan to shut down the 6.10 host and start to work on the 6.11 I recommend to practice the restore process in a lab before hand. I have done the restore process with a customer under 4 hours but it's not optimal.

Thanks.  We just have a standalone Clearpass.  It was just recommended to me to make a backup or cluster.  I haven't looked at licensing for that yet.

I was planning on having all the backups ready from the 6.10 server, I'll have the new server installed and configured in ESXi, then I'll power on the new server for the first time and start working. We're a school so I can do this weekend and I'll start early.  Plan for 4 hours maybe.

Yes I already contacted Aruba and verified our license is attached to our support contract.

So you think it's more common to use a new IP address on the new server?

Sounds like you will have a complete Maintenace window, which is not as common of a scenario. 

If that's the case the series of events is less critical:

I would get all nodes installed and updated before restoring the configuration or setting up publisher/subscriber relationship. This will ensure a stable OS and will be faster than a cluster update. 

For Licensing - do you have your licensing registered in ASP/LMS with a support contract?

Hi,

I'm getting ready to install and migrate to 6.11 from 6.10.8 C2000V on ESXi

1. I downloaded the 6.11.1 version of the OVA.  I was planing on also installing hotfix and patches to get it to 6.11.7 BEFORE I restore my configuration and certificates.  Is this correct?
2. I was also planning on using the same hostname and IP address for the new server.  So in a maintenance window, I'll shutdown and deactivate the license of the old server before I start the Clearpass setup in the ESXI console.  Is that what other people are doing?

Thanks

Hi

Regarding the license you do not need to ask Aruba to enable it for activation again, as the 6.11 activation will work also if the license have been activated in 6.10. If you need to reactivate the license in the future, you have to contact Aruba TAC to enable the license for activation again, as we are used to do.

In most of the cases where I have migrated customers to 6.11 I have opted for new IP addresses on the 6.11 servers. This way I can complete all the updates, restore procedures, clustering etc before the active 6.10 nodes are taken offline.

Ofcourse this will lead to some additional work related to port openings, som new DNS records etc. But from my point it's almost always worth this extra tasks.

In addition most of the environments I work with we have VIP addresses for the authentication traffic. This way when it's time to change from 6.10 to 6.11 the only work is to remove the VIP addresses from the 6.10 cluster to the 6.11 cluster. If the old cluster doesn't have a VIP I usually take the old servers IP addresses as VIP addresses in the 6.11 cluster. By this I do not need to update any of the network equipment with new IP addresses or DNS namnes for Radius and TACACS+.

Another benefit with separate IP and server names is if you have a Active Directory domain join, you will join the 6.11 server under a new name. Thius way the 6.10 server will not lose it's domain join.

If you keep your initial plan to shut down the 6.10 host and start to work on the 6.11 I recommend to practice the restore process in a lab before hand. I have done the restore process with a customer under 4 hours but it's not optimal.

Thanks.  We just have a standalone Clearpass.  It was just recommended to me to make a backup or cluster.  I haven't looked at licensing for that yet.

I was planning on having all the backups ready from the 6.10 server, I'll have the new server installed and configured in ESXi, then I'll power on the new server for the first time and start working. We're a school so I can do this weekend and I'll start early.  Plan for 4 hours maybe.

Yes I already contacted Aruba and verified our license is attached to our support contract.

So you think it's more common to use a new IP address on the new server?

Sounds like you will have a complete Maintenace window, which is not as common of a scenario. 

If that's the case the series of events is less critical:

I would get all nodes installed and updated before restoring the configuration or setting up publisher/subscriber relationship. This will ensure a stable OS and will be faster than a cluster update. 

For Licensing - do you have your licensing registered in ASP/LMS with a support contract?

Hi,

I'm getting ready to install and migrate to 6.11 from 6.10.8 C2000V on ESXi

1. I downloaded the 6.11.1 version of the OVA.  I was planing on also installing hotfix and patches to get it to 6.11.7 BEFORE I restore my configuration and certificates.  Is this correct?
2. I was also planning on using the same hostname and IP address for the new server.  So in a maintenance window, I'll shutdown and deactivate the license of the old server before I start the Clearpass setup in the ESXI console.  Is that what other people are doing?

Thanks

Hi Jonas.  That's a good idea.  Couldn't I setup my 6.11 standalone server with a new IP address then when I'm ready to switch, make a VIP of the old server IP address? 

Hi

Regarding the license you do not need to ask Aruba to enable it for activation again, as the 6.11 activation will work also if the license have been activated in 6.10. If you need to reactivate the license in the future, you have to contact Aruba TAC to enable the license for activation again, as we are used to do.

In most of the cases where I have migrated customers to 6.11 I have opted for new IP addresses on the 6.11 servers. This way I can complete all the updates, restore procedures, clustering etc before the active 6.10 nodes are taken offline.

Ofcourse this will lead to some additional work related to port openings, som new DNS records etc. But from my point it's almost always worth this extra tasks.

In addition most of the environments I work with we have VIP addresses for the authentication traffic. This way when it's time to change from 6.10 to 6.11 the only work is to remove the VIP addresses from the 6.10 cluster to the 6.11 cluster. If the old cluster doesn't have a VIP I usually take the old servers IP addresses as VIP addresses in the 6.11 cluster. By this I do not need to update any of the network equipment with new IP addresses or DNS namnes for Radius and TACACS+.

Another benefit with separate IP and server names is if you have a Active Directory domain join, you will join the 6.11 server under a new name. Thius way the 6.10 server will not lose it's domain join.

If you keep your initial plan to shut down the 6.10 host and start to work on the 6.11 I recommend to practice the restore process in a lab before hand. I have done the restore process with a customer under 4 hours but it's not optimal.

Thanks.  We just have a standalone Clearpass.  It was just recommended to me to make a backup or cluster.  I haven't looked at licensing for that yet.

I was planning on having all the backups ready from the 6.10 server, I'll have the new server installed and configured in ESXi, then I'll power on the new server for the first time and start working. We're a school so I can do this weekend and I'll start early.  Plan for 4 hours maybe.

Yes I already contacted Aruba and verified our license is attached to our support contract.

So you think it's more common to use a new IP address on the new server?

Sounds like you will have a complete Maintenace window, which is not as common of a scenario. 

If that's the case the series of events is less critical:

I would get all nodes installed and updated before restoring the configuration or setting up publisher/subscriber relationship. This will ensure a stable OS and will be faster than a cluster update. 

For Licensing - do you have your licensing registered in ASP/LMS with a support contract?

Hi,

I'm getting ready to install and migrate to 6.11 from 6.10.8 C2000V on ESXi

1. I downloaded the 6.11.1 version of the OVA.  I was planing on also installing hotfix and patches to get it to 6.11.7 BEFORE I restore my configuration and certificates.  Is this correct?
2. I was also planning on using the same hostname and IP address for the new server.  So in a maintenance window, I'll shutdown and deactivate the license of the old server before I start the Clearpass setup in the ESXI console.  Is that what other people are doing?

Thanks

Hi Jonas.  That's a good idea.  Couldn't I setup my 6.11 standalone server with a new IP address then when I'm ready to switch, make a VIP of the old server IP address? 

Hi

Regarding the license you do not need to ask Aruba to enable it for activation again, as the 6.11 activation will work also if the license have been activated in 6.10. If you need to reactivate the license in the future, you have to contact Aruba TAC to enable the license for activation again, as we are used to do.

In most of the cases where I have migrated customers to 6.11 I have opted for new IP addresses on the 6.11 servers. This way I can complete all the updates, restore procedures, clustering etc before the active 6.10 nodes are taken offline.

Ofcourse this will lead to some additional work related to port openings, som new DNS records etc. But from my point it's almost always worth this extra tasks.

In addition most of the environments I work with we have VIP addresses for the authentication traffic. This way when it's time to change from 6.10 to 6.11 the only work is to remove the VIP addresses from the 6.10 cluster to the 6.11 cluster. If the old cluster doesn't have a VIP I usually take the old servers IP addresses as VIP addresses in the 6.11 cluster. By this I do not need to update any of the network equipment with new IP addresses or DNS namnes for Radius and TACACS+.

Another benefit with separate IP and server names is if you have a Active Directory domain join, you will join the 6.11 server under a new name. Thius way the 6.10 server will not lose it's domain join.

If you keep your initial plan to shut down the 6.10 host and start to work on the 6.11 I recommend to practice the restore process in a lab before hand. I have done the restore process with a customer under 4 hours but it's not optimal.

Thanks.  We just have a standalone Clearpass.  It was just recommended to me to make a backup or cluster.  I haven't looked at licensing for that yet.

I was planning on having all the backups ready from the 6.10 server, I'll have the new server installed and configured in ESXi, then I'll power on the new server for the first time and start working. We're a school so I can do this weekend and I'll start early.  Plan for 4 hours maybe.

Yes I already contacted Aruba and verified our license is attached to our support contract.

So you think it's more common to use a new IP address on the new server?

Sounds like you will have a complete Maintenace window, which is not as common of a scenario. 

If that's the case the series of events is less critical:

I would get all nodes installed and updated before restoring the configuration or setting up publisher/subscriber relationship. This will ensure a stable OS and will be faster than a cluster update. 

For Licensing - do you have your licensing registered in ASP/LMS with a support contract?

Hi,

I'm getting ready to install and migrate to 6.11 from 6.10.8 C2000V on ESXi

1. I downloaded the 6.11.1 version of the OVA.  I was planing on also installing hotfix and patches to get it to 6.11.7 BEFORE I restore my configuration and certificates.  Is this correct?
2. I was also planning on using the same hostname and IP address for the new server.  So in a maintenance window, I'll shutdown and deactivate the license of the old server before I start the Clearpass setup in the ESXI console.  Is that what other people are doing?

Thanks

Hi

Regarding the license you do not need to ask Aruba to enable it for activation again, as the 6.11 activation will work also if the license have been activated in 6.10. If you need to reactivate the license in the future, you have to contact Aruba TAC to enable the license for activation again, as we are used to do.

In most of the cases where I have migrated customers to 6.11 I have opted for new IP addresses on the 6.11 servers. This way I can complete all the updates, restore procedures, clustering etc before the active 6.10 nodes are taken offline.

Ofcourse this will lead to some additional work related to port openings, som new DNS records etc. But from my point it's almost always worth this extra tasks.

In addition most of the environments I work with we have VIP addresses for the authentication traffic. This way when it's time to change from 6.10 to 6.11 the only work is to remove the VIP addresses from the 6.10 cluster to the 6.11 cluster. If the old cluster doesn't have a VIP I usually take the old servers IP addresses as VIP addresses in the 6.11 cluster. By this I do not need to update any of the network equipment with new IP addresses or DNS namnes for Radius and TACACS+.

Another benefit with separate IP and server names is if you have a Active Directory domain join, you will join the 6.11 server under a new name. Thius way the 6.10 server will not lose it's domain join.

If you keep your initial plan to shut down the 6.10 host and start to work on the 6.11 I recommend to practice the restore process in a lab before hand. I have done the restore process with a customer under 4 hours but it's not optimal.

Thanks.  We just have a standalone Clearpass.  It was just recommended to me to make a backup or cluster.  I haven't looked at licensing for that yet.

I was planning on having all the backups ready from the 6.10 server, I'll have the new server installed and configured in ESXi, then I'll power on the new server for the first time and start working. We're a school so I can do this weekend and I'll start early.  Plan for 4 hours maybe.

Yes I already contacted Aruba and verified our license is attached to our support contract.

So you think it's more common to use a new IP address on the new server?

Sounds like you will have a complete Maintenace window, which is not as common of a scenario. 

If that's the case the series of events is less critical:

I would get all nodes installed and updated before restoring the configuration or setting up publisher/subscriber relationship. This will ensure a stable OS and will be faster than a cluster update. 

For Licensing - do you have your licensing registered in ASP/LMS with a support contract?

Hi,

I'm getting ready to install and migrate to 6.11 from 6.10.8 C2000V on ESXi

1. I downloaded the 6.11.1 version of the OVA.  I was planing on also installing hotfix and patches to get it to 6.11.7 BEFORE I restore my configuration and certificates.  Is this correct?
2. I was also planning on using the same hostname and IP address for the new server.  So in a maintenance window, I'll shutdown and deactivate the license of the old server before I start the Clearpass setup in the ESXI console.  Is that what other people are doing?

Thanks

Thanks.  We just have a standalone Clearpass.  It was just recommended to me to make a backup or cluster.  I haven't looked at licensing for that yet.

I was planning on having all the backups ready from the 6.10 server, I'll have the new server installed and configured in ESXi, then I'll power on the new server for the first time and start working. We're a school so I can do this weekend and I'll start early.  Plan for 4 hours maybe.

Yes I already contacted Aruba and verified our license is attached to our support contract.

So you think it's more common to use a new IP address on the new server?

Sounds like you will have a complete Maintenace window, which is not as common of a scenario. 

If that's the case the series of events is less critical:

I would get all nodes installed and updated before restoring the configuration or setting up publisher/subscriber relationship. This will ensure a stable OS and will be faster than a cluster update. 

For Licensing - do you have your licensing registered in ASP/LMS with a support contract?

Hi,

I'm getting ready to install and migrate to 6.11 from 6.10.8 C2000V on ESXi

1. I downloaded the 6.11.1 version of the OVA.  I was planing on also installing hotfix and patches to get it to 6.11.7 BEFORE I restore my configuration and certificates.  Is this correct?
2. I was also planning on using the same hostname and IP address for the new server.  So in a maintenance window, I'll shutdown and deactivate the license of the old server before I start the Clearpass setup in the ESXI console.  Is that what other people are doing?

Thanks