https://community.cisco.com/t5/network-access-control/ise-restore-questions/m-p/5007442#M586809 <P>Hello <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1588027">@ryanbess</a>&nbsp;</P> <P>1. While the ISE restore process includes certificates, it's recommended to separately backup and store certificates. This is mainly for situations where you might need to restore ISE in a new environment or if you are not using the built-in CA for your certificates. Keeping a separate backup of certificates provides an extra layer of assurance and flexibility, especially in scenarios where you might need to migrate ISE to a different infrastructure.</P> <P>2. It's somewhat unexpected that you needed to rebind ISE to Active Directory after a restore. The restore process should ideally bring back all configurations, including AD bindings. If you find that AD bindings are not consistently restored, it's advisable to document the AD binding configurations separately and verify the restoration process in a controlled environment.</P> <P>3. The individual config backup for policies is indeed for a more granular restore process. This allows you to selectively restore policy configurations without affecting the entire ISE deployment. It can be beneficial in scenarios where a specific policy or set of policies needs to be rolled back or restored independently of other configurations.</P> <P>&nbsp;</P> Sun, 28 Jan 2024 18:06:29 GMT M02@rt37 2024-01-28T18:06:29Z https://community.cisco.com/t5/network-access-control/ise-restore-questions/m-p/5007415#M586808 <P>Just did my first ISE retore based upon config backups.&nbsp; Two things i noticed.</P><P>1. ISE restored all certs i added and properly assigned them appropriately which is good.&nbsp; Given this behavior, why do they recommend to backup all ISE certs manually and store them some place safe given the restore via the config backups adds them back?</P><P>2. When ISE came back up, it had the AD binding configs, yet I needed to rebind ISE?&nbsp; Is this expected?</P><P>3. All policies were also restored.&nbsp; Again, which is good.&nbsp; Why do they have an individual config to auto backup ISE policies outside of the ISE config backups?&nbsp; I suspect this is so you can quickly restore just the policy configs without having to do a complete ISE restore.&nbsp; Am i correct here?</P><P>&nbsp;</P> Sun, 28 Jan 2024 15:47:10 GMT https://community.cisco.com/t5/network-access-control/ise-restore-questions/m-p/5007415#M586808 ryanbess 2024-01-28T15:47:10Z https://community.cisco.com/t5/network-access-control/ise-restore-questions/m-p/5007442#M586809 <P>Hello <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1588027">@ryanbess</a>&nbsp;</P> <P>1. While the ISE restore process includes certificates, it's recommended to separately backup and store certificates. This is mainly for situations where you might need to restore ISE in a new environment or if you are not using the built-in CA for your certificates. Keeping a separate backup of certificates provides an extra layer of assurance and flexibility, especially in scenarios where you might need to migrate ISE to a different infrastructure.</P> <P>2. It's somewhat unexpected that you needed to rebind ISE to Active Directory after a restore. The restore process should ideally bring back all configurations, including AD bindings. If you find that AD bindings are not consistently restored, it's advisable to document the AD binding configurations separately and verify the restoration process in a controlled environment.</P> <P>3. The individual config backup for policies is indeed for a more granular restore process. This allows you to selectively restore policy configurations without affecting the entire ISE deployment. It can be beneficial in scenarios where a specific policy or set of policies needs to be rolled back or restored independently of other configurations.</P> <P>&nbsp;</P> Sun, 28 Jan 2024 18:06:29 GMT https://community.cisco.com/t5/network-access-control/ise-restore-questions/m-p/5007442#M586809 M02@rt37 2024-01-28T18:06:29Z https://community.cisco.com/t5/network-access-control/ise-restore-questions/m-p/5007446#M586810 <P>Thanks.&nbsp; When you do the restore, it also had an ADE-OS restore checkbox.&nbsp; What kinds of data would be in the ISE conifg backup that would be part of the ADE-OS?</P> Sun, 28 Jan 2024 18:28:25 GMT https://community.cisco.com/t5/network-access-control/ise-restore-questions/m-p/5007446#M586810 ryanbess 2024-01-28T18:28:25Z https://community.cisco.com/t5/network-access-control/ise-restore-questions/m-p/5007503#M586815 <P>The ADE-OS is all the stuff you see in the CLI of the admin node (show running-config)</P> Mon, 29 Jan 2024 00:56:08 GMT https://community.cisco.com/t5/network-access-control/ise-restore-questions/m-p/5007503#M586815 Arne Bier 2024-01-29T00:56:08Z https://community.cisco.com/t5/network-access-control/ise-restore-questions/m-p/5007505#M586816 <P>Thanks for confirming my suspicions. &nbsp;I can not think of any time when you would not want to check that box but I guess it’s good to have options.</P> Mon, 29 Jan 2024 01:07:12 GMT https://community.cisco.com/t5/network-access-control/ise-restore-questions/m-p/5007505#M586816 ryanbess 2024-01-29T01:07:12Z