Solved: Re: is the restore of backups is needed on next S-AN|S-MNT before joining it to new deployment alrea...

andy!doesnt!like!uucp · ‎11-08-2019

Hello Everyone

Q may seems silly but it's efforts reduction only subject :0)

Let's assume that i've migrated almost all nodes (PAN&MnT + NxPSN) from 1.4 to 2.2 successfully with backup&restore approach. At this point i have single node running both PAN&MnT role. Now i have to join to new deployment last node & promote it with primary Mnt&S-AN role. Q is do i need to restore this node from the conf&op backups made from previous 1.4 deployment before i'll promote it like mentioned?

My assumption is the node will be synchronized with conf&op data from ex-PAN&MnT node, & backup restore is not needed, m i right?

believing in power of community mind :0)

Damien Miller · ‎11-08-2019

The secondary admin node will have a copy of everything it needs synchronized to it when you join it to the deployment. You do not need to restore any configuration to the secondary admin node.

The MNT operational data is a bit different. If you want to restore historical radius/tacacs logs to the deployment then each node is treated separately. I don't recommend restoring operational MNT logs, the historical reporting will rebuild itself. By default ISE only keeps 30 days of these logs. So if you do want to restore RADIUS logs, you can do it for just the primary MNT, or you can do both, but it is two independent restores.

View solution in original post

andy!doesnt!like!uucp · ‎11-09-2019

Thanks Damien

that's was i expected to hear. In fact i need to balance between customer's requirement to keep op-DB for as long time as possible (90 days :0) & optimal time for migration (i assume restoring op-DB will take considerable time per MnT - may be u have any ETAs for those?). & obviously it would be silly to repeat already made steps. As i understand now, if my only MnT on old deployment became these before migration started, i can have deltas op-DB deltas from backup&restore it from old MnT, but still no idea how to restore it on the primary MnT of new deployment w/o overriding previously restored data.

View solution in original post

Damien Miller · ‎11-08-2019

The secondary admin node will have a copy of everything it needs synchronized to it when you join it to the deployment. You do not need to restore any configuration to the secondary admin node.

The MNT operational data is a bit different. If you want to restore historical radius/tacacs logs to the deployment then each node is treated separately. I don't recommend restoring operational MNT logs, the historical reporting will rebuild itself. By default ISE only keeps 30 days of these logs. So if you do want to restore RADIUS logs, you can do it for just the primary MNT, or you can do both, but it is two independent restores.

andy!doesnt!like!uucp · ‎11-09-2019

Thanks Damien

that's was i expected to hear. In fact i need to balance between customer's requirement to keep op-DB for as long time as possible (90 days :0) & optimal time for migration (i assume restoring op-DB will take considerable time per MnT - may be u have any ETAs for those?). & obviously it would be silly to repeat already made steps. As i understand now, if my only MnT on old deployment became these before migration started, i can have deltas op-DB deltas from backup&restore it from old MnT, but still no idea how to restore it on the primary MnT of new deployment w/o overriding previously restored data.

hslai · ‎11-09-2019

The restore will overwrite the existing data.

Please explore other means to keep data for longer terms; e.g. using an external syslog target to export the events to a reporting system.

andy!doesnt!like!uucp · ‎11-09-2019

hello Cisco TAC Engineer :0)

have u any idea about time to restore op-DB with 6GB size?

is the restore of backups is needed on next S-AN|S-MNT before joining it to new deployment already passed restoring