cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

131
Views
15
Helpful
4
Replies

is the restore of backups is needed on next S-AN|S-MNT before joining it to new deployment already passed restoring

Hello Everyone

Q may seems silly but it's efforts reduction only subject :0)

Let's assume that i've migrated almost all nodes (PAN&MnT + NxPSN) from 1.4 to 2.2 successfully with backup&restore approach. At this point i have single node running both PAN&MnT role. Now i have to join to new deployment last node & promote it with primary Mnt&S-AN role. Q is do i need to restore this node from the conf&op backups made from previous 1.4 deployment before i'll promote it like mentioned? 

My assumption is the node will be synchronized with conf&op data from ex-PAN&MnT node, & backup restore is not needed, m i right?

believing in power of community mind :0)

 

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Advocate

Re: is the restore of backups is needed on next S-AN|S-MNT before joining it to new deployment already passed restoring

The secondary admin node will have a copy of everything it needs synchronized to it when you join it to the deployment. You do not need to restore any configuration to the secondary admin node.

The MNT operational data is a bit different. If you want to restore historical radius/tacacs logs to the deployment then each node is treated separately. I don't recommend restoring operational MNT logs, the historical reporting will rebuild itself. By default ISE only keeps 30 days of these logs. So if you do want to restore RADIUS logs, you can do it for just the primary MNT, or you can do both, but it is two independent restores.

View solution in original post

4 REPLIES 4
VIP Advocate

Re: is the restore of backups is needed on next S-AN|S-MNT before joining it to new deployment already passed restoring

The secondary admin node will have a copy of everything it needs synchronized to it when you join it to the deployment. You do not need to restore any configuration to the secondary admin node.

The MNT operational data is a bit different. If you want to restore historical radius/tacacs logs to the deployment then each node is treated separately. I don't recommend restoring operational MNT logs, the historical reporting will rebuild itself. By default ISE only keeps 30 days of these logs. So if you do want to restore RADIUS logs, you can do it for just the primary MNT, or you can do both, but it is two independent restores.

View solution in original post

Re: is the restore of backups is needed on next S-AN|S-MNT before joining it to new deployment already passed restoring

Thanks Damien

that's was i expected to hear. In fact i need to balance between customer's requirement to keep op-DB for as long time as possible (90 days :0) & optimal time for migration (i assume restoring op-DB will take considerable time per MnT - may be u have any ETAs for those?). & obviously it would be silly to repeat already made steps. As i understand now, if my only MnT on old deployment became these before migration started, i can have deltas  op-DB deltas from backup&restore it from old MnT, but still no idea how to restore it on the primary MnT of new deployment w/o overriding previously restored data.

Cisco Employee

Re: is the restore of backups is needed on next S-AN|S-MNT before joining it to new deployment already passed restoring

The restore will overwrite the existing data.

Please explore other means to keep data for longer terms; e.g. using an external syslog target to export the events to a reporting system.

Re: is the restore of backups is needed on next S-AN|S-MNT before joining it to new deployment already passed restoring

hello Cisco TAC Engineer :0)

have u any idea about time to restore op-DB with 6GB size?