Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1453
Views
10
Helpful
2
Replies

Getting secondary node from sync pair?

Go to solution
OrkhanRustamli
Level 1
Level 1

‎08-10-2020 05:58 AM

Hi everyone.

I need to clarify one important thing about Cisco ISE 2 node deployment. Our office is preparing for big building migration and process is difficult as we have 24/7 Customer Support. I am planning to take secondary node from current network and move it to new office together with its subnet to prepare AWS Remote VPN connection so that while turning off all main network devices in current building, people will still be able to connect to VPN which authenticates with new ISE. So question: Is everything okay with my plan? Can Secondary node survive for 2 weeks with not communicating with main node?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎08-10-2020 06:43 AM

It will sort of survive that, when a node is powered off that long it will require a manual resync from the GUI.
You would be best off just building a new secondary admin node at the site it will live in, then when you're ready, shut down the current and join this new node to the deployment. Assuming these are virtual.

If it is a physical SNS appliance, move it, readdress it, rejoin it to the deployment. 

 

At the worst here, you will have to think about the limited high availability you have missing a node for a couple weeks. Rejoining/moving the node is the relatively easy part.  

View solution in original post

2 Replies 2

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎08-10-2020 06:43 AM

It will sort of survive that, when a node is powered off that long it will require a manual resync from the GUI.
You would be best off just building a new secondary admin node at the site it will live in, then when you're ready, shut down the current and join this new node to the deployment. Assuming these are virtual.

If it is a physical SNS appliance, move it, readdress it, rejoin it to the deployment. 

 

At the worst here, you will have to think about the limited high availability you have missing a node for a couple weeks. Rejoining/moving the node is the relatively easy part.  

Go to solution
OrkhanRustamli
Level 1
Level 1
In response to Damien Miller

‎08-11-2020 12:28 AM

Hi and thank you very much for response.

The appliances are physical and as I understood there must not bet any problem just for separating secondary node from admin for specific time. Thanks again!

0 Helpful
Customers Also Viewed These Support Documents