cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1446
Views
3
Helpful
6
Replies

ISE HA DB Sync

angelito_mas
Level 1
Level 1

Hello there!

I have 2 ISE nodes (release version 3.1) currently running both in standalone mode.

If I choose to deploy the HA mode, I'd like to know if the database will be only one.

For example: let's suppose that the primary node goes down, will I be able to see the logs (e.g. client authentication) of the last 30 days on the new active node (the former standby)? 

Thanks!

 

1 Accepted Solution

Accepted Solutions

@angelito_mas if you deploy both ISE nodes into a cluster, the database, logs, configuration etc is synchronised between the nodes. If the Primary PAN fails, you can promote the Secondary PAN to become the new Primary and you will be able to see the logs for the last 24 hours. You'd generate reports to view old authentications.

View solution in original post

6 Replies 6

@angelito_mas if you deploy both ISE nodes into a cluster, the database, logs, configuration etc is synchronised between the nodes. If the Primary PAN fails, you can promote the Secondary PAN to become the new Primary and you will be able to see the logs for the last 24 hours. You'd generate reports to view old authentications.

angelito_mas
Level 1
Level 1

Sorry, what do you mean with "promote the secondary PAN"? It does not automatically become the active node?

@angelito_mas if there are only 2 nodes in the cluster then you have to manually promte the secondary node to become the primary. If you had a larger deployment, you define a "health check node" to monitor the PAN.

https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/admin_guide/b_ise_admin_3_1/b_ISE_admin_31_deployment.html#task_4B14550A96BF40A0906843411C8A96A6

 

hi @Rob Ingram, I have only 2 ISEs.. could I create an eem or something similar to automatically promote the secondary to become the primary?

@angelito_mas I've never seen an EEM script proposed to promote the secondary to become primary, I am not sure EEM script is even supported on ISE. I think the only solution in a 2 node cluster is to manually promote.

Most services will still be active when the P-PAN is down, is a huge concern?

 

angelito_mas
Level 1
Level 1

no it's not a huge concern, i was wondering how to do it.. thanks again!