Security

Good day,

I am setting up a Clearpass cluster of two virtual servers for one of our customers, and in the end it happened that the publisher had the hard disk LUKS encrypted during deployment but the subscriber did not.

The customer claims that they might have problems with the HA if both machines are set up the same, and they ask me what would be HPE's recommendation for this: both members with encrypted or with unencrypted disks?

And in we need to set up a new virtual machine to replace one of them (because I understand that we cannot alter the encryption after deployment), what should we do to transfer the license from the old to the new machine? Is it as easy of activating again the existing license or should we involve TAC?

I would personally not expect issues running a cluster with some nodes full disk encryption (LUKS) enabled, other disabled, as synchronization happens on the application level and the disk encryption is quite close to the hardware level and transparent for anything running on top of it like ClearPass.

And I don't know a recommendation either, think the default is to encrypt the disks and in general the default is what's recommended.

If you setup a new appliance, you would need your licenses transferred and you would need TAC involvement for that; but you can request the license release upfront, so you can activate immediately.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Jun 16, 2025 04:41 AM
From: JaimeVS
Subject: Clearpass 6.11 cluster - LUKS encrypted and unencrypted disks?

Good day,

I am setting up a Clearpass cluster of two virtual servers for one of our customers, and in the end it happened that the publisher had the hard disk LUKS encrypted during deployment but the subscriber did not.

The customer claims that they might have problems with the HA if both machines are set up the same, and they ask me what would be HPE's recommendation for this: both members with encrypted or with unencrypted disks?

And in we need to set up a new virtual machine to replace one of them (because I understand that we cannot alter the encryption after deployment), what should we do to transfer the license from the old to the new machine? Is it as easy of activating again the existing license or should we involve TAC?