10-21-2018 07:11 PM
Hi All,
Could someone please assist how long does it take to apply patch on Cisco ISE (distributed environment).
We have 1 PAN, 1 SAN, 3 PSNs running 2.1
Thanks.
Solved! Go to Solution.
10-21-2018 08:04 PM
I would plan for about 45 minutes a node. Each node will reload after patch instalation.
10-21-2018 08:04 PM
I would plan for about 45 minutes a node. Each node will reload after patch instalation.
10-22-2018 03:32 PM
For production, I would suggest to apply patches via CLI because this way gives us a better control when and which ISE nodes to start patching and possible to do a few ISE nodes at the same time. Please remember to take an ISE CFG backup beforehand.
10-22-2018 03:39 PM
10-22-2018 03:44 PM
First to the primary ISE node and the rest can be in any given order. Best to schedule a maintenance window and use a load balancer to take patching PSNs offline or online.
10-22-2018 03:53 PM
10-22-2018 03:57 PM - edited 10-22-2018 03:58 PM
Start with the primary admin node, then choose the node order you want after that. 5 hours should be enough for five nodes.
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0100.html#ID202
"If you are installing the patch from the CLI, you can control the order in which the nodes are updated. However, we recommend that you install the patch on the Primary PAN first."
You will use the command "patch install <patch name> <repo name that has patch file>"
The impact to users and services depends on which node is patching and your HA config. If you have redundant radius servers configured on your NAD's then user impact should be relatively minor.
Read this section of the admin guide to see what will be unavailable while the primary admin node is down/patching.
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010.html#ID59
10-22-2018 04:09 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide