07-02-2017 06:24 PM - edited 03-11-2019 12:49 AM
Hi all ,
I am using Cisco ISE 1.3.(876) patch 7 on UCS blades with following set up
1) 1 admin node
2) 3 PSN
3)2 MNT
Currently due to some issue on UCS we need to migrate to DELL/HP blade , please let me know if there are any challenges or any perquisites which needs to be taken care
Current each VM has nearly 20 GB of RAM , 600 TAB of HD . I have heard that ISE VM do not accept HD increment else it needs to be reimaged please let me know if there any challenges in migration or the steps to be followed .
Regards,
Sameer Ahmad
07-03-2017 01:56 AM
If you are migrating with the same VM specififcations then it is no issue. However if you are not then you would be better off just creating new VMs in the target environment and joining them to the existing deployment.
I'm not sure how you have one PAN and two MnT. Do you mean one each primary and backup PAN and MnT? A normal recommended deployment for 5 nodes would be:
a. Node 1 = Primary PAN, Backup MnT
b. Node 2 = Backup Pan, Primary MnT
c. Nodes 3-5 = PSNs.
In that scenario, I would build the five new VMs. Get them up and ready to joing the current deployment (same release and patch level, import/export certificates) Add three of them as PSNs to the current deployment. (You didn't mention how you are doing PSN load balanacing, if you are. That of course is relevant for this bit.) Shutdown node 2. Join the first new VM to the current deployment and give it the Backup PAN and Primary MnT roles previously held by Node 2. Promote it to Primary PAN. Shutdown Node 1. Add final new node to the deployment. Give it Secondary PAN and Primary MnT.
I'd also strongly recommend moving up to ISE 2.2. 1.3 is getting quite old and will not be supported much longer.
07-20-2017 10:31 PM
Hi Marvin ,
Thanks for your reply ,
I will be adding Secondary PAN it got moved out of deployment.
1) 2 PAN ( Primary/Secondary)
2) 2 MNT
3) 5 PSN ( 3PSN in DC , production , 2 in DR)
In case I build the new deployment , I guess I would need additional license or I can transfer the existing license as new VMs will come with Trial license
As I add the VMs in new deployment , I guess replication will happen and post that I can shut the old VMs , is there a way I can verify new VMs are working fine
Since new blades would definitely have new resources ( higher RAM/DISK) , what is the impact in case I migrate via Vmotion direcly ?
If my understanding is correct , I need to build new VMs and then restore configuration , can you provide some details on it as configuraiton backup is on existing PAN
or
I need to build new VM and add it to existing deployment and replicate the same and then shut ?
Based on the set up , I have how many total VMs I need , it should be 10 I guess once I add as other old VMs will not be used and need to be shut ?
Thanks ,
Sameer Ahmad
07-21-2017 12:11 AM
Definitely it would be much easier to simply add new VMs to the existing deployment. That way the license and all configuration is replicated automatically and the users see no impact.
You can do it one at a time and shut down old VMs as new ones join successfully.
Once everything is up then plan (separately) an upgrade. You will really like 2.x much better. It is superior to the 1.x releases.
07-29-2017 11:35 AM
Hi Marvin ,
Thanks , but dont you think in case the objective is to use the same IP Schema it would cause the problem while adding it to the deployment like when shutting the old VM in deployment.
1) In case I build the new set up , and restore the configuration of existing deployment , what is the recommendation
Ultimately my goal is no impact or we can do a cut-over kind of thing ,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide