ISE 3.x Backup options for storage which is best?

wrichardson99 · ‎07-22-2022

I have taken over an ISE deployment in mid stream, while setting up all the proper configuration for the job (ACS to ISE for TACACS) I needed to have them stop VM Snapshots and setup the backup options. I haven't set this up before so not sure if DISK or something like SFTP would be better. I don't think storing it on the local disk is too swift. Anyone share how they setup theirs?

Thanks

ahollifield · ‎07-22-2022

Yes, snapshots must be disabled for ISE nodes. DISK is stored locally on the ISE node and offers (almost) zero advantage if something catastrophic happens to the VM. It is always a must to store the ISE configuration back to an external server via FTP, SFTP, etc. Whatever you have available in your organization.

wrichardson99 · ‎07-22-2022

Thanks that was what I was thinking but wanted to be sure. The Cisco Admin guide goes into lots of detail over creating encryption keys but being this is internal to the client network don't see the need. I'm hoping FTP or SFTP can be setup without encryption?

ahollifield · ‎07-22-2022

FTP is an unencrypted protocol. SFTP is encrypted.

wrichardson99 · ‎07-22-2022

ya I guess using the Windows version you don't have to generate keys, I don't use Linux much. I'll match what the client is using for backing up their linux servers probably. Just had to stop them doing Snapshots, they corrupted the install 2 times already.

and gee DOH! Secure ftp