ISE 2.2 Install Using A ISE 1.4 Backup

Henry Sumner · ‎03-30-2017

Running a 1.4 VM Distributed Deployment with a PAN/Mon, SAN/Mon and two PSNs. I've created new 2.2 Nodes and want to restore from the 1.4 backups. Need to know if this can be done without causing my current PAN/Mon Node to deregister.

Marvin Rhoads · ‎03-30-2017

While restore from 1.4 onto 2.2 is supported (reference below), it would seem to me that you would then have two hosts with the same persona, certificates etc. on your network. That would Not Be Good and would likely lead to unintended consequences.

Why not follow the recommended inline upgrade path? That tends to work quite well. If you don't want to do that, then I'd take a node offline before restoring its backup to another separate VM.

Reference:

http://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_01011.html#reference_4F69987D3294499E95C1B652C4D1E73D

Henry Sumner · ‎03-31-2017

Marvin,

Thank you for the reply. I should have mentioned that because of a network redesign we had to build out the new VMs on different ESX host than the ones in production today that is why we can't do the inline upgrade. I've got two options here that I think will work.

Option 1: Build out the new nodes from scratch. That way I can do some testing before moving them into production. On the day that I'm ready to move into production I'll just shutdown the old nodes. I'll have to change all of my NADs to point to the new IPs but I only have 4 NADs using ISE at this time so that won't be a big deal.

Option 2: During a maintenance window, restore the 1.4 backup to the 2.2 nodes. Then shutdown the old nodes.

Marvin Rhoads · ‎03-31-2017

Those would work. If you build from scratch, you will have to rehost your licenses as the VUDI will change.

You just don't want to have two VMs with the exact same configuration trying to run at the same time.