05-04-2015 08:08 AM - edited 03-10-2019 10:42 PM
For those of you who may not have heard, Cisco has released ISE 1.4. The code was posted on 30 April 2015 and release notes are out today (4 May 2015).
A fair number of enhancements are included. The biggest one that stood out for me is automatic failover for the Administration persona.
05-05-2015 01:09 PM
I upgraded my lab deployment today.
The actual ISE upgrade goes pretty quickly - about 20-25 minutes for a 1.3 installation to complete the application upgrade and restart the services. There are only 12 configuration data upgrade steps - not the 60-70 that were indicated in the Upgrade Guide (that number does apply if you are migrating from pre-1.3 in which case you'd be looking at more like 2 hours per upgrade).
I did discover when drilling down into the newly upgraded deployment that automatic PAN failover requires at least 3 nodes (4 recommended). The reason is that at least one non-admin node needs to be a "health check" node. So...I'm deploying a 3rd node now to check it out.
05-05-2015 04:10 PM
Thanks for the update Marvin. I also got my lab to 1.4 but haven't had the time to stand up another node to test the automagic failover :)
On a side note, I would not recommend automatic switchover on a NON-distributed deployment. The process initiates a node restart, thus it can actually affect AAA services. So this should only be enabled on deployment with dedicated M&T nodes.
05-06-2015 05:44 AM
You're welcome, Neno.
I quite agree about the use cases for PAN failover. I'd only advocate this in a deployment with the Primary and Secondary PANs not running the PSN persona.
I was able to test it successfully and it worked as described in the Admin guide. As expected, a node changing from secondary to primary PAN does require an application restart - 4-5 minutes on my lab VM. When you bring the former primary back online (I did it by reconnecting the VM NIC in vCenter), It detects the mate has taken over as active and demotes itself to secondary. Reverting it to primary requires manual intervention via the GUI.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide