A question, I hear very often. How to migrate ClearPass to a new server? The reason can be, you have reached the end of the evaluation phase and want to use the evaluation installation for production, but you need to change the specs. Or you need to upgrade the specs of your appliance to meet the new needs. If you are running a cluster environment, this is quite easy, simply start a new subscriber. But if you have only one ClearPass server or you need to replace the running server, this post will guide you.

I assume, you have ClearPass up and running and you need to migrate ClearPass to a new server with the same IP on a new hardware platform or within a new VM.

Migrate ClearPass: Backup the Existing Server

The first step is to backup any data on the existing server.Make also sure, that you have license key handy or save the key from the old server as well. Start with the backup. Login to ClearPass and go to “Administration–>Server Manager–>Server Configuration” and click the “Backup” button:

Migrate ClearPass - Create Backup of old Server

Migrate ClearPass – Create Backup of old Server

Press the “Start” button and wait until the backup process is complete. Now, download the backup file:

Migrate ClearPass - Download Backup of old Server

Migrate ClearPass – Download Backup of old Server

Save the certificates for ClearPass server as well. Go to “Administration–>Certificates–>Server Certificate” and export both, the “Radius Server Certificate” and the “HTTPS Server Certificate”:

Migrate ClearPass - Export Server Certificates

Migrate ClearPass – Export Server Certificates

Keep all the files save.

Migrate ClearPass: Prepare the new Server

Install the new server and follow the normal installation process. When it comes to the IP configuration, make sure, the old server is down. Configure the old server IP to the new server.

After the server configuration, use the web interface to install the license key:

Migrate ClearPass - Install Policy Manager License

Migrate ClearPass – Install Policy Manager License

Afterward, enter the “Subscription ID”. Go to “Administration–>Agents and Software Updates–>Software Updates”:

Migrate ClearPass - Enter Subscription ID

Migrate ClearPass – Enter Subscription ID

Install all updates to the same version as the old ClearPass server. This could take some time, depending on the internet connection. While the server downloads the update, you can install the licenses to your server. Go to “Administration–>Server Manager–>Licensing” and click the “Add License” button:

Migrate ClearPass - Add Licenses

Migrate ClearPass – Add Licenses

After the update is done and the new server has the same version as the old one, restore the backup to the new server. Go to “Administration–>Server Manager–>Server Configuration” and click the “Restore” button:

Migrate ClearPass - Restore Backup

Migrate ClearPass – Restore Backup

Restore the server certificates as well. Go to “Administration–>Certificates–>Server Certificate” and “Import Server Certificate”:

Migrate ClearPass - Restore Server Certificates

Migrate ClearPass – Restore Server Certificates

The “Private Key Password” is the one, you create during initial creation of the certificate.

The last step is to join the domain if ClearPass was joined to a domain. Go to  “Administration–>Server Manager–>Server Configuration” and click on the server to open the server configuration. On the bottom of the page, there is the “Join AD” button:

Migrate ClearPass - Join AD

Migrate ClearPass – Join AD

Afterward, all steps are done and your ClearPass server runs on the new server.

If have any questions about this topic or if you would like to give feedback, please use the comment function below.