08-25-2023 07:04 AM
Hi All,
I'll soon be needing to move away from our two-node small ISE VM deployment (currently running 3.1) in favour of a medium deployment (Still on 3.1 for now). I believe I have an understanding of the actual migration process once the new VMs have been built (thanks to the very helpful information from @Milos_Jovanovic found here https://community.cisco.com/t5/network-access-control/move-from-small-2-node-ise-deployment-to-medium-large-deployment/td-p/4486348 ), but have listed steps here for verification in case my understanding is incorrect:
Solved! Go to Solution.
08-26-2023 06:51 AM
It helps to have a picture of your final state noting which nodes were the originals.
If you had a load balancer(s), you could simply add 2 PSNs to your existing deployment, redirect the RADIUS requests to the new PSNs and turn off PSN services on your original 2 nodes. But it doesn't sound like you have load balancer(s) and you want to preserve the existing PSN IPs because you do not want to update the AAA server IPs on all of your network devices. That is the real issue making this more complicated because you need to move the roles around.
You do not need to perform a backup+restore although you should definitely make a backup just in case! When you elect your new node as the secondary (step 3) ISE will synchronize the configuration with it so no restore should be necessary. Just wait for the sync to complete before continuing.
The Small/Medium OVA is fine for either. The issue is not disk space (600GB) but CPU & RAM. After moving to your Medium deployment, your PSNs will be Smalls. That may be fine depending on your scale because you have not provided any details about Why you are moving to a Medium-sized deployment with respect to your Scale needs. See https://cs.co/ise-scale for Small vs Medium PSN performance/scale. If you do want to update from Small to Medium you should be able to shutdown each PSN, adjust the VM sizing in VMware and power on and you will have the increased CPU and RAM for your ISE node.
08-26-2023 06:51 AM
It helps to have a picture of your final state noting which nodes were the originals.
If you had a load balancer(s), you could simply add 2 PSNs to your existing deployment, redirect the RADIUS requests to the new PSNs and turn off PSN services on your original 2 nodes. But it doesn't sound like you have load balancer(s) and you want to preserve the existing PSN IPs because you do not want to update the AAA server IPs on all of your network devices. That is the real issue making this more complicated because you need to move the roles around.
You do not need to perform a backup+restore although you should definitely make a backup just in case! When you elect your new node as the secondary (step 3) ISE will synchronize the configuration with it so no restore should be necessary. Just wait for the sync to complete before continuing.
The Small/Medium OVA is fine for either. The issue is not disk space (600GB) but CPU & RAM. After moving to your Medium deployment, your PSNs will be Smalls. That may be fine depending on your scale because you have not provided any details about Why you are moving to a Medium-sized deployment with respect to your Scale needs. See https://cs.co/ise-scale for Small vs Medium PSN performance/scale. If you do want to update from Small to Medium you should be able to shutdown each PSN, adjust the VM sizing in VMware and power on and you will have the increased CPU and RAM for your ISE node.
08-29-2023 01:10 AM
Thomas, thanks for the reply.
Unfortunately no load balancer in the environment currently, we only have the two nodes which are both running all roles. By the end of the migration these two original nodes will be the PSNs. As you have mentioned, wanted to take this approach as all our NAD's are currently pointing at these nodes
The reason for the the move to a medium deployment is to accommodate an office in another country, which will get its own local PSN. So the actual amount of requests, or load on the current PSNs in the UK will remain the same as it is currently. I had no idea you could just change the VM size by shutting it down and amending, that's a helpful tip
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide