cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
770
Views
2
Helpful
7
Replies

Cisco ISE Patch Process Question

ryanbess
Level 1
Level 1

We have a 4 node environment.  My question is when you upload a patch to the Primary PAN and after then Primary PAN is finished Patching, how does the patch get then moved to the Secondary PAN and then the PSN?  Does the Primary PAN push the file into the Secondary PAN's local repo, does the secondary PAN pull it, and in either scenario, what credentials are used?

1 Accepted Solution

Accepted Solutions

No it’s pulled through the existing command/replication channel between the PAN and the other nodes.

View solution in original post

7 Replies 7

Yes, the Primary Admin node manages the install process on all of the other nodes.  However, I highly recommend using the CLI to patch instead as it gives you much more detailed output as the patch is progressing.  You can also control the exact order and exactly when you want to patch each node.  Start with the Primary Admin Node, after that the order doesn't matter.

Hi @ryanbess when you install the patch from the GUI, the patch is automatically installed on the Primary PAN first. The patch is then installed on the other nodes in the deployment in the order listed in the GUI, no credentials are required for the other nodes, ISE takes care of this.

How would a secondary PAN get the file off the Primary PANs local repository...there has to be some level of credential

@ryanbess if you use the GUI method you don't use the repo, you upload the file to the PAN and this is distributed amongst the other nodes.

right my question is around how it gets distributed amongst the other nodes.  Are there any credentials involved, is it over SSH or the ERS API etc.  

No it’s pulled through the existing command/replication channel between the PAN and the other nodes.

ryanbess
Level 1
Level 1

https://youtu.be/vUIlS8ko3CI?si=lbSw8I7ieTs53b2f  this was also helpful thanks everyone

This video covers the replication procedure that occurs in an ISE distributed environment as well as some points to troubleshoot. For further reference see https://www.cisco.com/c/en/us/td/docs/security/ise/3-3/admin_guide/b_ise_admin_3_3/b_ISE_admin_33_deployment.html