A question, I hear very often. How to migrate ClearPass to a new server? The reason can be, you have reached the end of the evaluation phase and want to use the evaluation installation for production, but you need to change the specs. Or you need to upgrade the specs of your appliance to meet the new needs. If you are running a cluster environment, this is quite easy, simply start a new subscriber. But if you have only one ClearPass server or you need to replace the running server, this post will guide you.
I assume, you have ClearPass up and running and you need to migrate ClearPass to a new server with the same IP on a new hardware platform or within a new VM.
Migrate ClearPass: Backup the Existing Server
The first step is to backup any data on the existing server.Make also sure, that you have license key handy or save the key from the old server as well. Start with the backup. Login to ClearPass and go to “Administration–>Server Manager–>Server Configuration” and click the “Backup” button:
Press the “Start” button and wait until the backup process is complete. Now, download the backup file:
Save the certificates for ClearPass server as well. Go to “Administration–>Certificates–>Server Certificate” and export both, the “Radius Server Certificate” and the “HTTPS Server Certificate”:
Keep all the files save.
Migrate ClearPass: Prepare the new Server
Install the new server and follow the normal installation process. When it comes to the IP configuration, make sure, the old server is down. Configure the old server IP to the new server.
After the server configuration, use the web interface to install the license key:
Afterward, enter the “Subscription ID”. Go to “Administration–>Agents and Software Updates–>Software Updates”:
Install all updates to the same version as the old ClearPass server. This could take some time, depending on the internet connection. While the server downloads the update, you can install the licenses to your server. Go to “Administration–>Server Manager–>Licensing” and click the “Add License” button:
After the update is done and the new server has the same version as the old one, restore the backup to the new server. Go to “Administration–>Server Manager–>Server Configuration” and click the “Restore” button:
Restore the server certificates as well. Go to “Administration–>Certificates–>Server Certificate” and “Import Server Certificate”:
The “Private Key Password” is the one, you create during initial creation of the certificate.
The last step is to join the domain if ClearPass was joined to a domain. Go to “Administration–>Server Manager–>Server Configuration” and click on the server to open the server configuration. On the bottom of the page, there is the “Join AD” button:
Afterward, all steps are done and your ClearPass server runs on the new server.
If have any questions about this topic or if you would like to give feedback, please use the comment function below.
19 thoughts on “Migrate ClearPass to a new Server”
Can I install clearpass with one provisional IP and do all the restores, and then change the IP?
Sure, that’s not a problem. Just make sure that the new ip is in your certificates, if you use ip addresses in the certificate. And make sure that your devices are aware of the new ip.
Can I not Restore Backup Clearpass 6.6.X TO
Clearpass 6.8 it alet
INFO : backup is from a different version. Try with migration option enable
ERROR – Restore failed .
Can i not Restore Backup Clearpass 6.6.x > Clearpass 6.8.x It alert
INFO : Backup is from a different version. Try with migration option enabled.
Error : Restore failed.
I would not try to restore a backup from a different version. I would always use the same version to backup and restore. You either update the old one to the version you like and do the backup (my preferred way), or you install the older version first to restore the backup and upgrade afterward.
Restoring through minor versions should work but from 6.6.x to 6.8.x? I would not expect this to work.
can you offline active the new node whilst the current cluster is up and running? we arte trying to migrate to a new VM whilst the current cluster is running. were in the process of making a cluster in the backgroung (Offline) but we dont know if we can offline activate the nodes.
any insight would be helpful mate, cheers
do you know if you can active via offline when the current cluster is running? we are in the midst of migrating our Clearpass prod environment to a new VM. We are trying to create the new cluster in the backgroung (offline) but we are not sure if we can activate via offline mode when the current cluster is up and running.
any insight will be more than appreicated mate, cheers
I’m not sure if this is possible. My recommendation would be to contact your local SE from Aruba or partner and work with them. They might be able to provide an EVAL license to use during migration.
You can also contact Support, as they might be able to help with EVAL as well, or can even activate the license while the old cluster is still running.
hi, when i restore the configuration, you know if it makes a merge or simply rewrite everything?
From my point of view, it completely restores the configuration and ignores changes you already made to the new system, except the settings you set during the initial setup of the new system.
Hi, can i use this procedure to copy the configurations from one client and apply this to another environment to save some time and not going through the configuration from scratch. They have similar configuration requirements.
I’m worried about licensing conflict and affecting the live environment. Are licences exported and imported or just the config files?
What about guest configuration?
I would not recommend using the backup/restore function between clients. I haven’t seen any two clients which are equal in their configuration and searching for the little differences and find them all could be very time consuming as well.
But If you really want to go down this road, make sure to replace the licenses with the ones of the customer.
Guest is a different beast. You need to go to the guest part and go to “Administration–>Import Configuration–>Import Configuration” and click the “Create a customized backup” link to create the backup. On the same screen, you can also restore it from that backup.
I did exactly the steps but when restore backup i get error in migration for policy manager
What is the error message? I would also create a ticket with Aruba TAC so they can have a look.
I’m facing an upgrade to 6.8 from 6.7. Our idea is to create a new Server with a provisional IP, install the 6.8 and restore the backup previously done in the 6.7, and finally, once it’s done, change the provisional IP to the old server’s IP (obviously shutting down the old server beforehand).
Would it be possible to do this backup from the 6.7 to the 6.8 without problems?
Officially, it is not supported to restore a backup from a different version. From my personal experience, it might work but is not guaranteed. From my point of view, I would do as below:
1. do the backup with 6.7
2. install a new server with 6.8
3. restore the backup from 1. to the new server
4. Check if everything is working
If number 4 fails, go back to 2. and install 6.7 instead and upgrade to 6.8 after you restored the backup.
hope this helps.
I’m trying to perform an upgrade from 6.7 to 6.8 in a new server, can i restore a backup done in the 6.7 to this new server with the 6.8 version installed?
Thanks for the post,
Great article. The licensing seemed a quick wash over. Suppose you have an existing deployment on EoL hardware and you want to migrate to VM, what do you do with the licensing? If you try the existing license key that will fail.
As far as I know, You can get in touch with Aruba Support and they will convert your old licenses to the new ones.