Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
606
Views
5
Helpful
3
Replies

ISE upgrade from 2.1 (appliance) to 2.6 (vmware)

Go to solution
robertbrink1
Level 1
Level 1

‎09-17-2019 03:26 AM

Hi,

I've read a lot of best practices regarding the upgrade method for ISE and I think the best option is to go with the backup/restore method in my case. 

 

We have an appliance environment of 10 ISE nodes in cluster on version 2.1 that we want to upgrade to a vmware environment on 2.6. 

I am thinking of a fresh install of 2.6 on vmware and running a restore of 2.1 here. Then adding fresh 2.6 nodes to the new cluster and assigning them correct personas. 

Since we also are giving the 2.6 environment new ip-addresses, it can run in parallel with the 2.1 setup. 

 

Sounds this like a plan?

Are there some pitfalls to consider/watch for? 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-17-2019 04:48 AM

Is there a reason why you want to jump to 2.6 even though 2.4 Patch 8 is the current recommended release?

Your certificates must be carefully considered - make sure you have those exported and verified to include the private key(s).

If you don't have a need for retention, it generally makes sense to purge operational data prior to starting.

Usual advice to carefully follow the upgrade guide always applies.

Other than that, the plan outline sounds good.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-17-2019 04:48 AM

Is there a reason why you want to jump to 2.6 even though 2.4 Patch 8 is the current recommended release?

Your certificates must be carefully considered - make sure you have those exported and verified to include the private key(s).

If you don't have a need for retention, it generally makes sense to purge operational data prior to starting.

Usual advice to carefully follow the upgrade guide always applies.

Other than that, the plan outline sounds good.

0 Helpful

Go to solution
robertbrink1
Level 1
Level 1
In response to Marvin Rhoads

‎09-18-2019 12:33 AM

Thanks for the feedback.

I don't think that 2.6 is that far away from becoming the recommended release, they are already on patch 2. That's the reason for skipping 2.4, and only having to do the upgrade process once. :)

 

I've managed to test it in stage, and it seems promising. But I've only used the configuration backup though, not tested with operational. 

 

Funfact: The import/restore took 1 hour and 15 min with around 330.000 endpoints in database. 

 

Go to solution
Dustin Anderson
VIP
VIP

‎09-17-2019 08:31 AM

This is the general rule I follow, and we are looking to go from 2.3 to 2.6 once that becomes the recommended, but testing I'm having issues restoring with it basically bricking 2.6. I may end up opening a TAC as it is supposed to work.

 

I definitely recommend spinning up a 2.6 and testing restoring a backup.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents