This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Is there a way to apply a patch while you're upgrading an ISE environment? My use case is, if a customer is upgrading from ISE 2.2 to 2.4, they start with their Secondary Admin, Primary Monitoring, then they start upgrading their PSNs. However, during this process the newly upgraded PSNs will be vulnerable to any bugs in the base 2.4 code, and users being migrated to the upgraded PSNs will be exposed to those bugs. Is there a way to apply a patch to each node as they're being upgraded to avoid unnecessary issues?
Solved! Go to Solution.
I see that you can apply patches prior to registering PSNs to the upgraded deployment per this document: https://community.cisco.com/t5/security-documents/ise-upgrades-best-practices/ta-p/3656934#toc-hId--718381845
To recap our discussion offline on this, Surendra and Mohammed al Baqari are both correct in case of using the guided upgrade in ISE admin web UI. Whereas ISE Upgrades - Best Practices describes additional options, besides the UI guided upgrade. The other options could be preferable, for sizable ISE deployments, for those ISE Releases unable to upgrade directly to ISE 2.4 or 2.6, or other considerations.