Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
428
Views
0
Helpful
2
Replies

ISE migration - Backup/Restore

Go to solution
Josh Morris
Level 3
Level 3

‎07-10-2019 01:15 PM

I have a current 2.2 deployment in a mixed physical/virtual environment. I am migrating to an all physical 2.4 environment. The new 2.4 environment is currently greenfield. My current migration strategy is to take a backup of the 2.2 environment, and perform a restore in the 2.4 environment. And since my PSNs are behind an f5 load balancer, I will flip the pool when I'm ready for the 2.4 environment to handle production traffic. 

 

My concern is that I named the 2.4 nodes differently. What will happen when I try to restore a backup from an environment with one naming convention into an environment with a different naming convention? Are there any other gotchas I should consider?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎07-10-2019 01:55 PM - edited ‎07-10-2019 02:44 PM

As long as you have A and PTR DNS records created for the new names, and don't restore the ADE OS, it will not be an issue. I restore ISE backups from production on to differently named lab VM's quite frequently. So the key here is not to leverage the "include-adeos" option.

Also keep in mind that if you have anything leveraging the names of old ISE nodes, those would have to change.

If the restore fails for any reason, running the URT on the existing 2.2 secondary PAN would be your next step, submitting any log package that it generates. When you restore 2.2 to 2.4, it will effectly upgrade the data during restore.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎07-10-2019 01:55 PM - edited ‎07-10-2019 02:44 PM

As long as you have A and PTR DNS records created for the new names, and don't restore the ADE OS, it will not be an issue. I restore ISE backups from production on to differently named lab VM's quite frequently. So the key here is not to leverage the "include-adeos" option.

Also keep in mind that if you have anything leveraging the names of old ISE nodes, those would have to change.

If the restore fails for any reason, running the URT on the existing 2.2 secondary PAN would be your next step, submitting any log package that it generates. When you restore 2.2 to 2.4, it will effectly upgrade the data during restore.

0 Helpful

Go to solution
Josh Morris
Level 3
Level 3
In response to Damien Miller

‎07-11-2019 05:11 AM

Thanks. I just thought of a follow-up question. Should I even configure anything on the new 2.4 deployment? Mainly something like Active Directory integration? Or will the backup/restore just wipe everything out and reconfigure it anyway?

0 Helpful
Customers Also Viewed These Support Documents