Skip to main content

Tutorial: How to Migrate an Access Server Cluster

Abstract

Migrate an existing Access Server cluster deployment to a new server environment.

Overview

Use this tutorial to migrate an existing Access Server cluster deployment to a new server environment. This process is helpful when you need to:

  • Move your cluster to a new infrastructure.

  • Migrate to a new MySQL backend.

  • Upgrade Access Server as part of the transition.

  • Decommission existing cluster nodes.

Cluster migrations require careful handling of your database and node configurations. This guide walks you through backing up the existing MySQL cluster data, creating a new cluster, restoring the configuration, and joining additional nodes to complete the migration.

Prerequisites

  • A new Access Server installation using the same version as your existing cluster.

    Important

    Using the same version avoids schema mismatches during database restore.

  • A new MySQL database to serve as the cluster backend.

  • Access to your existing MySQL deployment to perform a database backup.

  • Administrative access to both the Admin Web UI and the server CLI.

Step 1: Make a database configuration backup

  1. Take a backup of the following MySQL tables:

    as_certs
as_config
as_notification
as_userprop

  2. Use mysqldump (or your preferred MySQL backup method) to export these tables.

    Tip

    Backing up only these tables ensures you migrate the cluster configuration without carrying over transient log or session data.

Step 2: Create a new cluster

Use the new Access Server installation to initiate a fresh cluster and connect it to the new MySQL database.

Start the cluster setup

  1. Sign in to the Admin Web UI.

  2. Click Configuration > Cluster.

  3. Click the toggle to Setup a New Cluster.

  4. Enter the required information to create the new cluster using your new MySQL backend.

  6. Confirm that the new cluster initializes successfully.

Restore your configuration data

  1. Connect to the Access Server console and get root privileges.

  2. Stop services:

    service openvpnas stop

  3. Restore your MySQL backup to the new database.

  4. Start services:

    service openvpnas start

    • After the restart, the new cluster should reflect the same configuration as the original.

(Optional) Step 3: Upgrade the new Access Server cluster

If your migration includes upgrading Access Server to a newer version, perform the upgrade before adding additional nodes.

Refer to this tutorial: Tutorial: Update Your Access Server Version.Tutorial: Update Your Access Server Version

Once the upgrade is complete and the primary node is running the desired version, you can continue with adding new nodes.

Step 4: Add more nodes to the cluster

Add additional nodes to complete the migration.

Important

All nodes must run the same Access Server version as the primary cluster node to avoid configuration and schema mismatches.

  1. Sign in to the Admin Web UI on each new node.

  2. Click Configuration > Cluster.

  3. Click the toggle to Join Existing Cluster.

  4. Enter the required information to join the existing cluster.

Step 5: Update DNS round-robin records (if applicable)

If you access your cluster through a DNS round-robin hostname, update the DNS records so clients resolve to the new cluster nodes instead of the old ones.

  1. Identify the DNS A records used for VPN client connections (for example, vpn.example.com).

  2. Remove the IP addresses of the old cluster nodes from the DNS record set.

  3. Add the new IP addresses of the new cluster nodes.

  4. Lower the DNS TTL temporarily (for example, to 60-300 seconds) to speed propagation during the transition.

  5. Verify resolution from multiple locations using:

    nslookup vpn.example.com

    • An example output:

      Server:         203.0.113.254
Address:        203.0.113.254#53

Non-authoritative answer:
Name:   vpn.example.com
Address: 198.51.100.10
Name:   vpn.example.com
Address: 192.0.2.159

  6. Confirm that VPN clients can resolve and connect to the new cluster nodes successfully.

    Important

    Some clients may cache DNS results. Allow a short window for DNS expiration before entirely shutting down old nodes.

Step 6: Decommission the old cluster

After your new cluster is fully operational, upgraded (if applicable), and all desired nodes have joined:

Tip

If your process allows, keep the old nodes powered off but available for a short rollback window before deleting them permanently.

  1. Shut down Access Server services on each old cluster node:

    service openvpnas stop

  2. Remove or archive old server instances according to your organization's process.

  3. Update firewall rules, monitoring systems, or infrastructure automation to remove references to the old nodes.

  4. Verify that no client traffic reaches the old cluster and that the new environment now handles all sessions.

In this section: