Solved: CIsco ISE upgrade decrease in node size

bernards · ‎05-10-2021

Has anyone upgraded from a 4 node ISE cluster with Primary and secondary Admin/Mnt nodes and two PSN nodes to the following

2 node cluster with primary/secondary Admin/Mnt/PSN persona

Is the best way to do a fresh build and config or will backup and restore work from a 4 node cluster to a new 2 node cluster

thanks

Damien Miller · ‎05-10-2021

From an ISE perspective this can actually be quite easy. You can just enable the PSN persona on the current Admin/Monitoring nodes. Once that's done, you can migrate a few NADs to test, and if all goes well, migrate all the rest.

Once all of the NADs are using the new PAN/MNT/PSN combo nodes, you can decommission the two PSNs you no longer want.

Officially speaking, a four node/four psn deployment is not supported, but it works and migration activities such as this are the only time I would recommend it since you won't be keeping it that way.

The other option is to resize your PSN disk space with a fresh install of those two nodes, then inline upgrade everything as is, ending off by enabling the admin/MNT on the existing PSNs. This would mean you don't have to migrate the NADs to use new radius server IPs. Since you need 600+ gb disk space, your PSNs might need more, hence the reinstall that might be required.

View solution in original post

Marcelo Morais · ‎05-10-2021

Hi @bernards ,

a Backup & Restore is the recommended method.

Please take a look at: Cisco ISE 2.7 Upgrade Guide - Upgrade Method, search for Upgrade Cisco ISE Deployment Using Backup and Restore Method (Recommended).

Hope this helps !!!

bernards · ‎05-10-2021

Hi @Marcelo Morais

thanks for the reply. The only slight concern is with backup and restore from a 4 node cluster into a 2 node cluster. Not to sure if this can be done as its not like for like

thanks

craiglebutt · ‎05-10-2021

Hi

I see what you are getting at.

Surely it will say there are 2 missing nodes, which you should be able to delete.

I've got to do this in few weeks time from 6 psn to 4 psn

cheers

Damien Miller · ‎05-10-2021

From an ISE perspective this can actually be quite easy. You can just enable the PSN persona on the current Admin/Monitoring nodes. Once that's done, you can migrate a few NADs to test, and if all goes well, migrate all the rest.

Once all of the NADs are using the new PAN/MNT/PSN combo nodes, you can decommission the two PSNs you no longer want.

Officially speaking, a four node/four psn deployment is not supported, but it works and migration activities such as this are the only time I would recommend it since you won't be keeping it that way.

The other option is to resize your PSN disk space with a fresh install of those two nodes, then inline upgrade everything as is, ending off by enabling the admin/MNT on the existing PSNs. This would mean you don't have to migrate the NADs to use new radius server IPs. Since you need 600+ gb disk space, your PSNs might need more, hence the reinstall that might be required.

bernards · ‎05-10-2021

@Damien Miller

Thanks for the reply

I did think that this could be the only way forward. Once done I suppose a few network changes then will point to the different addresses for the new 2 node PSN cluster.

I will post the outcome of the migration for reference once complete