https://community.cisco.com/t5/network-access-control/upgrade-options-in-large-critical-deployments/m-p/3531464#M519858 <HTML><HEAD></HEAD><BODY><P>Hi Krishnan,</P><P>This could be a number of versions, but we'll assume that it's a 1.4 or 2.2 deployment for long lived support.&nbsp; Typically most of the financials I work with have 24 PSN's and are upgrading minor versions to remain within support, or are upgrading due to PSIRTs or bug fixes.&nbsp; Without splitting the deployment, we would need to factor in about 24-28 straight hours of upgrades to upgrade all of the PAN's, MNT's and PSN's, but splitting can at least lead to a burn in type test capability.&nbsp; Features would vary across customers, but for the sake of argument, my main customer has Auth, a large number of custom profiles, Guest, and would be looking to add Posture capabilities at some time in the future if this hangup was addressed.</P></BODY></HTML> Mon, 27 Nov 2017 17:10:30 GMT Patrick Lloyd 2017-11-27T17:10:30Z https://community.cisco.com/t5/network-access-control/upgrade-options-in-large-critical-deployments/m-p/3531462#M519847 <HTML><HEAD></HEAD><BODY><P>I work with large financials and one of the largest questions one of them has is the concern around upgrades and ensuring that major disasters don't occur.&nbsp; As a result, they split their deployment when doing upgrades and rejoin the deployments back together post upgrade when both deployments have been successful.&nbsp; An additional option of upgrading through CLI and having nodes subsequently upgraded but a manual rolling upgrade or individual nodes being on either the pre or post upgrade version has also been asked about.</P><P></P><P>Is there a preferred way that the ISE BU recommends when dealing with &gt;20 PSN's in critical financial environments?</P></BODY></HTML> Wed, 15 Nov 2017 17:15:01 GMT https://community.cisco.com/t5/network-access-control/upgrade-options-in-large-critical-deployments/m-p/3531462#M519847 Patrick Lloyd 2017-11-15T17:15:01Z https://community.cisco.com/t5/network-access-control/upgrade-options-in-large-critical-deployments/m-p/3531463#M519852 <HTML><HEAD></HEAD><BODY><P>Hi Patrick,</P><P></P><P>It would be good to know the following</P><P></P><P>What is the ISE version the customer is on, size of deployment(locations)?</P><P>Are there any critical reasons for upgrade?</P><P>What are the services/features turned on in ISE?</P><P></P><P>Yes we have seen a split upgrade in large customers having number of PSN’s, so that they upgrade part of the deployment first and test it then upgrade the rest.</P><P>It would be good to know further information before any recommendation.</P><P></P><P>Thanks</P><P>Krishnan</P></BODY></HTML> Wed, 15 Nov 2017 17:40:54 GMT https://community.cisco.com/t5/network-access-control/upgrade-options-in-large-critical-deployments/m-p/3531463#M519852 kthiruve 2017-11-15T17:40:54Z https://community.cisco.com/t5/network-access-control/upgrade-options-in-large-critical-deployments/m-p/3531464#M519858 <HTML><HEAD></HEAD><BODY><P>Hi Krishnan,</P><P>This could be a number of versions, but we'll assume that it's a 1.4 or 2.2 deployment for long lived support.&nbsp; Typically most of the financials I work with have 24 PSN's and are upgrading minor versions to remain within support, or are upgrading due to PSIRTs or bug fixes.&nbsp; Without splitting the deployment, we would need to factor in about 24-28 straight hours of upgrades to upgrade all of the PAN's, MNT's and PSN's, but splitting can at least lead to a burn in type test capability.&nbsp; Features would vary across customers, but for the sake of argument, my main customer has Auth, a large number of custom profiles, Guest, and would be looking to add Posture capabilities at some time in the future if this hangup was addressed.</P></BODY></HTML> Mon, 27 Nov 2017 17:10:30 GMT https://community.cisco.com/t5/network-access-control/upgrade-options-in-large-critical-deployments/m-p/3531464#M519858 Patrick Lloyd 2017-11-27T17:10:30Z