Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
541
Views
5
Helpful
1
Replies

ISE 2.1 to 2.6 - Best Option to Move forward.. ?

Go to solution
mulatif
Cisco Employee
Cisco Employee

‎07-15-2019 11:23 AM

Hi,

I have a customer planning to move from ISE 2.1 (Older ISE appliance) to ISE 2.6 (New 36xx appliances).

They have an Endpoint DB, which they do "not" want to loose. I understand that in this case they have

 

Option 1: --> DB backup from 2.1 and restore to new ISE 2.6

 

Option 2: --> Just export the Endpoint DB from old implementation and import into 2.6.

 

Is there a benefit of one over the other ? I understand that with Option "2", they would loose other stuff like Auth\Authz rules etc. but at the same time this might give them a relatively clean start ? (Especially if the number of Auth\Authz rules is not high).

 

Any thoughts\opinions are much appreciated.

 

Thanks,

Naman

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎07-15-2019 12:13 PM

If you plan on recreating much of that you are leaving behind, a restore would be an easy time saving process.  

 

One thing I have noticed about the export/import of endpoints from context visibility is that it can be very slow.  You won't be able to take a 2.1 endpoint export and directly import in to 2.6, you will have to manipulate the data in to the import template.  You will also have to recreate any customer identity groups and profiles if that was built previously.  

I would lean to the side of restoring a backup, then cleaning up what I don't want just because of that endpoint requirement.  

If you restore and then later decide you don't want the restored data, you can reset the application configuration from the CLI, easy process and it keeps the ADE OS network config.  

View solution in original post

1 Reply 1

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎07-15-2019 12:13 PM

If you plan on recreating much of that you are leaving behind, a restore would be an easy time saving process.  

 

One thing I have noticed about the export/import of endpoints from context visibility is that it can be very slow.  You won't be able to take a 2.1 endpoint export and directly import in to 2.6, you will have to manipulate the data in to the import template.  You will also have to recreate any customer identity groups and profiles if that was built previously.  

I would lean to the side of restoring a backup, then cleaning up what I don't want just because of that endpoint requirement.  

If you restore and then later decide you don't want the restored data, you can reset the application configuration from the CLI, easy process and it keeps the ADE OS network config.  

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents