Solved: Re: ISE - operational backup content

Y C · ‎11-16-2020

What exactly is inside an operational backup? Docs just mention "monitor and troubleshooting data".

I am upgrading from 2.1 to 2.7. A new set of vm's will be built. Production will be kept on the old 2.1 until the new set is up and running and proven on a test environment. The upgrade will have to be stepped... I started at 2.4. Restored the 2.1 configuration backup to it. So far so good. Next step is to either restore the operational backup from 2.1 or start the inline upgrade to 2.7.

It may be a few weeks, a month, or more until production is moved over to the new environment. If the only thing I'll be loosing are say radius logs then I can avoid the operational backup because in a month those will be outdated anyway. Ideally I'd restore an operational backup at time of cutover but the new machines would be at 2.7 then and that wouldn't be possible.

Damien Miller · ‎11-16-2020

By default, ISE will maintain up to 30 days of RADIUS and TACACS logs depending on available storage, and these are considered the operation logs in an ISE deployment. If you do not restore them, which to be fair, most do not, then your reports will not have the historical data to pull from. So as you said, the only thing you will lose from the new/restored deployment is the RADIUS/TACACS historical logs.

I wouldn't bother with the operational restore unless you have a critical need to maintain these logs in ISE.

If you do choose to restore operational logs, then just keep in mind that you can restore the operational backup twice, once to each monitor node. They are not synced during restore nor during standard operation of the deployment. They are two independent databases, if you built a new MNT, then switched it to primary the next day, you would only have one day of logs to pull reports from.

Technically speaking, the makeup of the operational backup is just a GPG encrypted tarball of binary database dump files. Won't be any good unless restored to an ISE node.

View solution in original post

Damien Miller · ‎11-16-2020

By default, ISE will maintain up to 30 days of RADIUS and TACACS logs depending on available storage, and these are considered the operation logs in an ISE deployment. If you do not restore them, which to be fair, most do not, then your reports will not have the historical data to pull from. So as you said, the only thing you will lose from the new/restored deployment is the RADIUS/TACACS historical logs.

I wouldn't bother with the operational restore unless you have a critical need to maintain these logs in ISE.

If you do choose to restore operational logs, then just keep in mind that you can restore the operational backup twice, once to each monitor node. They are not synced during restore nor during standard operation of the deployment. They are two independent databases, if you built a new MNT, then switched it to primary the next day, you would only have one day of logs to pull reports from.

Technically speaking, the makeup of the operational backup is just a GPG encrypted tarball of binary database dump files. Won't be any good unless restored to an ISE node.

Y C · ‎11-18-2020

Thanks Damien. That’s what I figured but wanted to make sure before going further. The install was going smooth but just got interesting... that’s a topic for another thread though.