With the scenario to replace the current server with a new server with the same IP and name, you can take a config backup of your current server and restore on the new server. This will include "everything", except some parts and settings. Make sure to include extensions if you have any extensions installed.
The normal config backup includes all cluster wide parameters, everything under under Configuration such as services policies, profiles, Authentication sources etc. The backup does not include any service specific parameters changed under Server Manager and the specific server. Such as hardening, domain join, service parameters. This must be entered again.
Server certificate and licenses can be restored under some circumstances, but I always export the certificates to p12 files and make sure I have the licenses in the Networking Support Portal, or exported to file from the CLI with the command 'show license'
A ticket may be required to TAC to enable the licenses for activation again.
Logs, and Insight data will not be restored as part of the configuration backup. If you need this data you have to take separate backups and restore this to the server after the config restore.
To minimize disruptions I would opt to set up the new server with new name and IP. Make the new server a subscriber to the current server, this will replicate almost all data. Except the mentioned above. Certificates must be installed on the new server, and if you have any extension this must also be configured.
This way you can verify everything before the cut over.
One extra step that is needed with this is to reconfigure all network equipment to use the new server. Hopefully you have DNS record and just need to update the DNS with the new IP address.
If you opt for the replacement strategy and have never done this, I would estimate the downtime to a full day.
------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: May 21, 2026 11:28 PM
From: hellowordl123
Subject: Clearpass Migration from C2000V to C3000V
We are currently planning an upgrade from ClearPass C2000V to C3000V in our Azure environment.
Due to constraints, we are unable to perform an in-place upgrade/morph. Instead, our approach is to:
Deploy a new ClearPass instance (C3000V) in Azure
Validate that everything is working as expected
Replace the existing C2000V instance by assigning the same IP address to the new node
Before proceeding, we would like to ensure we have covered all necessary considerations for a smooth migration.
Backup Scope
Is taking a Full Backup via
Administration → Server Manager → Server Configuration
sufficient to capture everything, including:
Certificates (including server/EAP certs)
Or is it recommended to individually back up certain components (e.g., certificates, guest data, policies) separately as an extra precaution?
Migration Considerations
For those who have performed a similar migration (new VM + restore), are there any key items we should pay special attention to, such as:
Licensing changes (C3000V)
Network/IP reassignment in Azure
Cluster reconfiguration (if applicable)
We want to make sure we avoid any gaps and ensure minimal disruption during the cutover.
Any guidance, best practices, or lessons learned would be greatly appreciated.
-------------------------------------------