cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3773
Views
20
Helpful
7
Replies

ISE 2.7 replace PSN node

densto
Level 1
Level 1

Hello,

We are running 6 node ISE 2.7 cluster with 2 Admin nodes and 4 PSN's.  I am preparing for 3.0 upgrade and our PSN nodes failed Health check with not enough space.  Our PSN nodes were built from 2.4 OVA and at that time disk size requirement were lower at 200 Gb.  ISE 3.0 requires 300Gb.  My plan is to rebuild all PSN nodes with new 2.7 OVA.  Just want to make sure that my steps are correct.

I downloaded new 300 Gb OVA ISE-2.7.0.356-virtual-SNS3615-SNS3655-300.ova

My plan to remove one PSN at a time and rebuild VM fom new OVA and then add it back in to the cluster.

 

  1. Export all certificates.
  2. Deregister PSN node from ise cluster.
  3. Delete VM
  4. Build new VM from OVA.
  5. Patch it.
  6. Import all certificates in to new PSN.
  7. Add PSN to a ISE cluster and assign appropriate roles.

 

Thank you,

Denis

 

1 Accepted Solution

Accepted Solutions

Hi @densto ,

 yes, it is correct.

Note: please double check if you need to rejoin AD.

 

Hope this helps !!!

View solution in original post

7 Replies 7

JohnMaida05753
Level 1
Level 1

I am about to embark on this as well, but replacing both my nodes due to only a 200gig drive. Those steps are what I had in mind as well. But for deleting the VM. I wondering if I can just create a fresh VHDX and install fresh from the iso.

Hi John,

I think it would work.  you removing existing disk and creating a new one and then reinstalling ISE on it.  I have 4 psn nodes so i can sacrifice one at a time.

Thank you

Hi @densto ,

 yes, it is correct.

Note: please double check if you need to rejoin AD.

 

Hope this helps !!!

Would it need to be joined to the domain before I add it to the cluster? or will it join when it gets added?

HI @JohnMaida05753 ,

 1st register the Node to the Cluster

 2nd check at Administration > Identity Management > Extenal Identity Sources > Active Directory > select you AD > and check the Node Status.

 

Hope this helps !!!

densto
Level 1
Level 1

some observations .

Medium size deployment VM hardware requirements changed.  vCPU is up from 16 to 24 RAM from 64Gb to 96Gb.

To provision OVA took 40 minutes and then another 30 min to Install ISE and reboot the VM and 15 min for all services to start.

densto
Level 1
Level 1

I changed and added PSN node replacement steps:

  1. Export all certificates.
  2. Deregister PSN node from ise cluster.
  3. Delete VM
  4. Build new VM from OVA.
  5. Patch it.
  6. Add PSN to a ISE cluster and assign appropriate roles.
  7. Import all certificates in to new PSN.
  8. Rejoin AD and test Authentication from new node.
  9. Check Radius Authentication report to validate that devices are able to authenticate with new PSN.