Solved: Re: decide between Cisco ISE 3.1 or ISE 3.2

adamscottmaster2013 · ‎04-19-2023

I am currently running a 4 nodes ISE 3.0 patch-4 cluster 1 Primary Admin/MNT, 1 Secondary Admin/MNT and 2xPSN nodes. I am using this cluster for wired, wireless 802.1x, and Guest portal. Cisco ISE 3.0 support is about to be ended in July '23. The hardware appliance is SNS-3655

I am debating whether I should go with ISE 3.1 or ISE 3.2. If I go with ISE 3.2 patch-1, I will not have to worry about upgrading for another three years. However, ISE 3.1 is the current gold standard at the moment and there is only patch-1 in ISE 3.2. That tells me that ISE 3.2 is not widely adopted yet and that I should not go with ISE 3.2. I plan on upgrading these nodes in July/August time frame so I think patch-2 for ISE 3.2 will be released around May.

Thoughts?

Marcelo Morais · ‎04-20-2023

Hi @adamscottmaster2013 ,

"cons" of ISE 3.2 (in my opinion) - I'm using quotes on purpose : )

Number of Customers ... since ISE 3.2 is a newer version, there are (probably) more Customers using ISE 3.1 than ISE 3.2, and therefore there are (probably) more "known solutions" for ISE 3.1 than ISE 3.2.

Note: you can also check the Bug Search Tool - ISE 3.2 Open Cases.

Hope this helps !!!

View solution in original post

ahollifield · ‎04-19-2023

Would 3.2 have features that would benefit your ISE deployment? If so, then go with that. Otherwise, my advise would be to stick with the latest gold-star.

Marcelo Morais · ‎04-19-2023

Hi @adamscottmaster2013 ,

Pros in ISE 3.2:

End of Life ... ISE Software releases will typically be supported by Cisco for a period of 4 years: (please take a look at Software Lifecycle Support Statement - ISE)

ISE 3.1 released on Aug 2021 ... 4 years period of support till Aug 2025.
ISE 3.2 released on Sep 2022 ... 4 years period of support till Sep 2026.

Cloud:

Amazon Web Services ... ISE 3.1+
Azure Cloud Services ... ISE 3.2+
Oracle Cloud Infrastructure ... ISE 3.2+

Reports

Data Connect (The Data Connect feature provides database access to Cisco ISE using an Open Database Connectivity (ODBC) or Java Database Connectivity (JDBC) driver, so that you can directly query the database server to generate reports of your choice. Only read-only access to the data is provided.)
System 360 (integrated with Grafana and Prometheus)

Posture Script Condition (Powershell and Shell scripts can be written to perform any arbitrary Compliance Check on Endpoints for Posture)

Please take a look at Cisco ISE 3.2 Release Notes, search for What is New in Cisco ISE, Release 3.2?

Hope this helps !!!

adamscottmaster2013 · ‎04-20-2023

@Marcelo Morais : What about the "cons" of running version 3.2?

ahollifield · ‎04-20-2023

Like what?

adamscottmaster2013 · ‎04-24-2023

3.3 was released in September 2022 and as of April 2023, there is only patch-1 available. That tells me not many customers are onboard with ISE 3.2 so there are so many "unknown". If there were a lot of customers using ISE 3.2, I would have seen at least patch-4 by now. Therefore, I would 3.2 until Jan 2024, IMHO

Marcelo Morais · ‎04-24-2023

Hi @adamscottmaster2013 ,

if you want to compare ISE Releases & Patches Timeline, please have a look at:

Hope this helps !!!

Marcelo Morais · ‎04-20-2023

Hi @adamscottmaster2013 ,

"cons" of ISE 3.2 (in my opinion) - I'm using quotes on purpose : )

Number of Customers ... since ISE 3.2 is a newer version, there are (probably) more Customers using ISE 3.1 than ISE 3.2, and therefore there are (probably) more "known solutions" for ISE 3.1 than ISE 3.2.

Note: you can also check the Bug Search Tool - ISE 3.2 Open Cases.

Hope this helps !!!