I don't think it's needed to morph the old C1000V to a C2000V. I would leave that machine untouched to have a quick fallback and save time.
There are no difference in the configuration of any of the sizes of the ClearPass machines and backups from one size of machine can be restored on any other size, as long as we are talking just configuration and not exceptional large Endpoint databases. Do not try to restore large Insight or session databases from a C3010 on a C1000 server as this may cause the a server crash.
With ClearPass 6.11 TLS 1.3 is default and with TLS 1.3 also a new algorithm called PSS RSA, and some older TPM chip have a bug related to this algorithm. Please see my blog post for more information:
https://aranya.se/en/windows-clients-affected-by-problems-with-tpm-chip-after-clearpass-6-11/
------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: Mar 27, 2024 07:04 PM
From: mkk
Subject: upgrade 6.9 to 6.11
Agree with Carson, some extra tips here:
- In ClearPass 6.11.x HTTPS certificate is default HTTPS ECC, when using a HTTPS RSA certificate you need to disable the ECC certificate.
- Authentication Sources LDAP over TLS (aka secure LDAP) require now to specify the Root-CA certificate that validate the server certificate the AD is send to ClearPass.
------------------------------
Marcel Koedijk | MVP Expert 2023 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
Original Message:
Sent: Mar 27, 2024 04:10 PM
From: chulcher
Subject: upgrade 6.9 to 6.11
I would:
- Create a backup of the publisher
- Add required resources to the Publisher VM
morph-vm
the Publisher to C2000V- Create a backup of the publisher
- Deploy a new ClearPass VM with the C2000V resources and 6.11.1
- Restore backup
- Move forward with subscribers.
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Mar 27, 2024 02:23 PM
From: cdelarosa
Subject: upgrade 6.9 to 6.11
Hello i have this scenario in which i know how to do it if it was a c1000 to a c1000
But in the new 6.11 they will include more things a lot of more things and it will require a c2000
They are vms
This is my question
Can i backup my cleqrpass in 6.9.13 in c1000 and upload that backup in a 6.11 which is c2000? Or thats nkt compatible?
Do i need to transform the machine from a c1000 to c2000 first in 6.9.13 for the proceed and create my machine in c2000 in 6.11 and upload my 6.9.13 bavkup?
Please let mw know
Thanks