cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

386
Views
6
Helpful
7
Replies
Highlighted
Participant

ISE distributed deployment upgrade - 1.3 to 2.1

My customer has an ISE deployment with 5 nodes: Admin/Monitor Primary and Secondary plus 3 Policy Server. The Admin Nodes and 2 Policty Nodes are VMs. The last Policy node is 3415 appliance.


I checked the release notes, it says that we can directly upgrade from 1.3 to 2.1.


Could someone share their experience or a step-by-step document to upgrade this distributed environment ISE deployment?


Thanks.

Everyone's tags (6)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Engager

Re: ISE distributed deployment upgrade - 1.3 to 2.1

As I have posted previously, I would recommend not using any of the Cisco documented GUI/CLI methods for upgrading.  The method I have found to work the best over the years is:

  1. Kick out secondary admin node from the old deployment.
  2. Fresh build it to the desired version
  3. Restore data from old version
  4. Verify restored data.  This node now becomes the anchor point of the new version deployment.
  5. One at a time rebuild each PSN by installing a fresh build of the new version
  6. Join the PSNs to the new deployment
  7. Finally rebuild what was the primary admin node of the old deployment and join it to the new deployment
  8. Move personas around as needed
7 REPLIES 7
Cisco Employee

Re: ISE distributed deployment upgrade - 1.3 to 2.1

VIP Engager

Re: ISE distributed deployment upgrade - 1.3 to 2.1

As I have posted previously, I would recommend not using any of the Cisco documented GUI/CLI methods for upgrading.  The method I have found to work the best over the years is:

  1. Kick out secondary admin node from the old deployment.
  2. Fresh build it to the desired version
  3. Restore data from old version
  4. Verify restored data.  This node now becomes the anchor point of the new version deployment.
  5. One at a time rebuild each PSN by installing a fresh build of the new version
  6. Join the PSNs to the new deployment
  7. Finally rebuild what was the primary admin node of the old deployment and join it to the new deployment
  8. Move personas around as needed
Cisco Employee

Re: ISE distributed deployment upgrade - 1.3 to 2.1

Agree with paul!

Participant

Re: ISE distributed deployment upgrade - 1.3 to 2.1

Thanks Paul.

What happens to the license when we use this approach?

Would it retain the licenses?

VIP Engager

Re: ISE distributed deployment upgrade - 1.3 to 2.1

It won’t retain the license. You just need to rehost the licenses. I usually must email licensing@cisco.com<mailto:licensing@cisco.com>. They are very responsive.

Contributor

Re: ISE distributed deployment upgrade - 1.3 to 2.1

My experience is the device ID doesn’t change if you are using the same VM so you should be able to reuse the same license files if you still have them. Otherwise, rehosting certainly works.

George

Participant

Re: ISE distributed deployment upgrade - 1.3 to 2.1

I'm fairly new to this, could you pelase have a look and advise if my understanding is correct?

Kick out secondary admin node from the old deployment.

Manually de-register Secondary Admin Node and take back up of this secondary admin node?

Fresh build it to the desired version

Using this?

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/install_guide/b_ise_InstallationGuide21/b_ise_InstallationGuide21_chapter_010.html#task_C60EBD3F53714C7BA83DC2E691E4FC1B

Restore data from old version

Restoring the back up taken in Step 1 for Secondary Admin Node?

Verify restored data.  This node now becomes the anchor point of the new version deployment.

One at a time rebuild each PSN by installing a fresh build of the new version

At this point of time, do I de-register old PSNs one by one?

Join the PSNs to the new deployment

Finally rebuild what was the primary admin node of the old deployment and join it to the new deployment

Should I take backup of Primary Admin node and then restore to new deployment? At this point of time, this will become secondary admin node in new deployment?

Move personas around as needed