Migrate ClearPass to a new Server

Reading Time: 3 minutes

A question, I hear very often. How to migrate ClearPass to a new server? The reason can be, you have reached the end of the evaluation phase and want to use the evaluation installation for production, but you need to change the specs. Or you need to upgrade the specs of your appliance to meet the new needs. If you are running a cluster environment, this is quite easy, simply start a new subscriber. But if you have only one ClearPass server or you need to replace the running server, this post will guide you.

I assume, you have ClearPass up and running and you need to migrate ClearPass to a new server with the same IP on a new hardware platform or within a new VM.

Migrate ClearPass: Backup the Existing Server

The first step is to backup any data on the existing server.Make also sure, that you have license key handy or save the key from the old server as well. Start with the backup. Login to ClearPass and go to “Administration–>Server Manager–>Server Configuration” and click the “Backup” button:

Migrate ClearPass - Create Backup of old Server
Migrate ClearPass – Create Backup of old Server

Press the “Start” button and wait until the backup process is complete. Now, download the backup file:

Migrate ClearPass - Download Backup of old Server
Migrate ClearPass – Download Backup of old Server

Save the certificates for ClearPass server as well. Go to “Administration–>Certificates–>Server Certificate” and export both, the “Radius Server Certificate” and the “HTTPS Server Certificate”:

Migrate ClearPass - Export Server Certificates
Migrate ClearPass – Export Server Certificates

Keep all the files save.

Migrate ClearPass: Prepare the new Server

Install the new server and follow the normal installation process. When it comes to the IP configuration, make sure, the old server is down. Configure the old server IP to the new server.

After the server configuration, use the web interface to install the license key:

Migrate ClearPass - Install Policy Manager License
Migrate ClearPass – Install Policy Manager License

Afterward, enter the “Subscription ID”. Go to “Administration–>Agents and Software Updates–>Software Updates”:

Migrate ClearPass - Enter Subscription ID
Migrate ClearPass – Enter Subscription ID

Install all updates to the same version as the old ClearPass server. This could take some time, depending on the internet connection. While the server downloads the update, you can install the licenses to your server. Go to “Administration–>Server Manager–>Licensing” and click the “Add License” button:

Migrate ClearPass - Add Licenses
Migrate ClearPass – Add Licenses

After the update is done and the new server has the same version as the old one, restore the backup to the new server. Go to “Administration–>Server Manager–>Server Configuration” and click the “Restore” button:

Migrate ClearPass - Restore Backup
Migrate ClearPass – Restore Backup

Restore the server certificates as well. Go to “Administration–>Certificates–>Server Certificate” and “Import Server Certificate”:

Migrate ClearPass - Restore Server Certificates
Migrate ClearPass – Restore Server Certificates

The “Private Key Password” is the one, you create during initial creation of the certificate.

The last step is to join the domain if ClearPass was joined to a domain. Go to  “Administration–>Server Manager–>Server Configuration” and click on the server to open the server configuration. On the bottom of the page, there is the “Join AD” button:

Migrate ClearPass - Join AD
Migrate ClearPass – Join AD

Afterward, all steps are done and your ClearPass server runs on the new server.

If have any questions about this topic or if you would like to give feedback, please use the comment function below.

10 thoughts on “Migrate ClearPass to a new Server”

    • Hi ljregib,
      Sure, that’s not a problem. Just make sure that the new ip is in your certificates, if you use ip addresses in the certificate. And make sure that your devices are aware of the new ip.
      BR
      Florian

      Reply
  1. Can I not Restore Backup Clearpass 6.6.X TO
    Clearpass 6.8 it alet

    INFO : backup is from a different version. Try with migration option enable
    ERROR – Restore failed .

    Reply
  2. Can i not Restore Backup Clearpass 6.6.x > Clearpass 6.8.x It alert

    INFO : Backup is from a different version. Try with migration option enabled.

    Error : Restore failed.

    Reply
    • Hi kris,

      I would not try to restore a backup from a different version. I would always use the same version to backup and restore. You either update the old one to the version you like and do the backup (my preferred way), or you install the older version first to restore the backup and upgrade afterward.

      Restoring through minor versions should work but from 6.6.x to 6.8.x? I would not expect this to work.

      BR
      Florian

      Reply
  3. nice guide

    can you offline active the new node whilst the current cluster is up and running? we arte trying to migrate to a new VM whilst the current cluster is running. were in the process of making a cluster in the backgroung (Offline) but we dont know if we can offline activate the nodes.

    any insight would be helpful mate, cheers

    Reply
  4. nice guide

    do you know if you can active via offline when the current cluster is running? we are in the midst of migrating our Clearpass prod environment to a new VM. We are trying to create the new cluster in the backgroung (offline) but we are not sure if we can activate via offline mode when the current cluster is up and running.

    any insight will be more than appreicated mate, cheers

    Reply
    • Hi tuna,

      I’m not sure if this is possible. My recommendation would be to contact your local SE from Aruba or partner and work with them. They might be able to provide an EVAL license to use during migration.
      You can also contact Support, as they might be able to help with EVAL as well, or can even activate the license while the old cluster is still running.

      BR
      Florian

      Reply
  5. Hi, can i use this procedure to copy the configurations from one client and apply this to another environment to save some time and not going through the configuration from scratch. They have similar configuration requirements.
    I’m worried about licensing conflict and affecting the live environment. Are licences exported and imported or just the config files?
    What about guest configuration?

    Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: