Re: How to Migrate Cisco ISE from on premise to Azure cloud?

CleitonNetwork · ‎03-29-2024

Today I have 2 ISE on premise nodes. I want to migrate 1 node from ISE to Azure cloud
The idea is to have 1 ISE node in the on primese (Primary) and 1 ISE node in the Azure cloud (Secondary).
I have some doubts:
1- Can I use the same onprimeses license in the Azure cloud?
2- Can you configure a primary-secondary pair for automatic failover?
3- What are the best practices for migrating to the Azure cloud?

thanks

Cleiton

Marvin Rhoads · ‎03-29-2024

An ISE VM in Azure uses the same license model as one in your own data center. The VM(s) each require a license for the VM itself. The deployment needs licenses for the respective tier (Essentials / Advantage / Premier) and features (TACACS / Device Admin and IPsec) that you require.

ISE failover can be setup but requires at least 3 VMs. If you are asking about having PSN high availability then yes that is setup from the network device side by pointing to both of your nodes as AAA servers.

For ISE in Azure, please see this document for more details: https://www.cisco.com/c/en/us/td/docs/security/ise/ISE_on_Cloud/b_ISEonCloud/m_ISEonCloudOverview.html

Rahul NIrmalkar · ‎03-07-2025

1.Licensing.
2.Primary-Secondary Pair for Automatic Failover.
3.Best Practices for Migrating to the Azure Cloud:
*Assessment and Planning.
*Data Migration.
*Application Migration.
*Governance and Compliance.
*Training and Change Management.

Sdiana · ‎03-07-2025

Hi,

Our client is migrating from On-Prem ISE to AWS ISE. What's the best practice? Should we configure policies and everything in the new ISE in AWS so we can backup the config from on prem ISE and restore in AWS ISE?

Thank you.