https://community.cisco.com/t5/network-access-control/scripted-ise-install/m-p/3591793#M526349 <HTML><HEAD></HEAD><BODY><P>This is an excellent question.&nbsp; I have written my own guides for rebuilding an ISE "cluster" from scratch (as part of my customer's requirement to have this disaster recovery process documented).&nbsp; It's a very lengthy document and after many iterations I have honed the process down to the correct sequence. </P><P>It would be nice to be able to build such a system using some automation tools (chef/puppet/Ansible etc).&nbsp; I don't think an ISE node should be immutable like your typical web server running in a Docker container that gets spun up for 10 seconds and then killed again.&nbsp; But if you're building a lot of these nodes, then it gets a bit long in the tooth.&nbsp; I am not a fan of cloning and exporting/importing configs to "speed up" the process because that brings too much baggage with it.&nbsp; Clean, quick build from scratch and with automation - that's what we're hearing all the time from the SDN folks.&nbsp; Maybe something like a kickstart install for ISE would be nice.&nbsp; One can create a file offline with all the settings you want, and then during install (.iso) one feeds that file (via tftp or whatever).&nbsp; Sit back and watch your ISE node be built.</P><P>I'll get off my cloud now ... <IMG src="https://community.cisco.com/legacyfs/online/emoticons/mischief.png" /></P></BODY></HTML> Wed, 11 Oct 2017 23:21:37 GMT Arne Bier 2017-10-11T23:21:37Z https://community.cisco.com/t5/network-access-control/scripted-ise-install/m-p/3591791#M526347 <HTML><HEAD></HEAD><BODY><P><SPAN style="color: #000000; font-family: Times New Roman; font-size: 12pt;">&nbsp; </SPAN></P><P><SPAN style="color: #000000; font-family: Calibri; font-size: 12pt;">Is there is a way to script the rebuild of the ISE environment so that they do not have to manually rebuild everything when doing a fresh install to get a clean database.</SPAN></P><P><SPAN style="color: #000000; font-family: Times New Roman; font-size: 12pt;">&nbsp; </SPAN></P></BODY></HTML> Wed, 11 Oct 2017 17:51:09 GMT https://community.cisco.com/t5/network-access-control/scripted-ise-install/m-p/3591791#M526347 kkem07 2017-10-11T17:51:09Z https://community.cisco.com/t5/network-access-control/scripted-ise-install/m-p/3591792#M526348 <HTML><HEAD></HEAD><BODY><P>There is some stuff that can be exported, and re-imported, but not a lot.</P><P></P><P>What do you mean by a clean database? everything recreated in that version? Or, to remove the old logs?</P><P></P><P>If you are not sure about old entrys, you could purge the current data and do a backup, then rebuild and restore the backup. This should keep everything except the logs.</P></BODY></HTML> Wed, 11 Oct 2017 18:22:34 GMT https://community.cisco.com/t5/network-access-control/scripted-ise-install/m-p/3591792#M526348 Dustin Anderson 2017-10-11T18:22:34Z https://community.cisco.com/t5/network-access-control/scripted-ise-install/m-p/3591793#M526349 <HTML><HEAD></HEAD><BODY><P>This is an excellent question.&nbsp; I have written my own guides for rebuilding an ISE "cluster" from scratch (as part of my customer's requirement to have this disaster recovery process documented).&nbsp; It's a very lengthy document and after many iterations I have honed the process down to the correct sequence. </P><P>It would be nice to be able to build such a system using some automation tools (chef/puppet/Ansible etc).&nbsp; I don't think an ISE node should be immutable like your typical web server running in a Docker container that gets spun up for 10 seconds and then killed again.&nbsp; But if you're building a lot of these nodes, then it gets a bit long in the tooth.&nbsp; I am not a fan of cloning and exporting/importing configs to "speed up" the process because that brings too much baggage with it.&nbsp; Clean, quick build from scratch and with automation - that's what we're hearing all the time from the SDN folks.&nbsp; Maybe something like a kickstart install for ISE would be nice.&nbsp; One can create a file offline with all the settings you want, and then during install (.iso) one feeds that file (via tftp or whatever).&nbsp; Sit back and watch your ISE node be built.</P><P>I'll get off my cloud now ... <IMG src="https://community.cisco.com/legacyfs/online/emoticons/mischief.png" /></P></BODY></HTML> Wed, 11 Oct 2017 23:21:37 GMT https://community.cisco.com/t5/network-access-control/scripted-ise-install/m-p/3591793#M526349 Arne Bier 2017-10-11T23:21:37Z https://community.cisco.com/t5/network-access-control/scripted-ise-install/m-p/3591794#M526350 <HTML><HEAD></HEAD><BODY><P>This thread can take many turns (positive ones, actually), but this is not the proper forum to discuss what could be or coming.&nbsp; I would suggest reaching out to account team for roadmap discussions and enhancement requests.&nbsp; Short of it is that on this date in Oct 2017, there is no "sysprep" for ISE.&nbsp;&nbsp; It is possible to have dormant ISE nodes that have fresh install up to setup phase, or even fully configured at ADE-OS level and ready to be registered into deployment.&nbsp; This could be used to augment existing VM or even hardware-based deployment.</P><P></P><P>Craig</P></BODY></HTML> Thu, 12 Oct 2017 11:26:15 GMT https://community.cisco.com/t5/network-access-control/scripted-ise-install/m-p/3591794#M526350 Craig Hyps 2017-10-12T11:26:15Z