Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1400
Views
2
Helpful
4
Replies

ISE Restore Questions

Go to solution
ryanbess
Level 1
Level 1

‎01-28-2024 07:47 AM

Just did my first ISE retore based upon config backups.  Two things i noticed.

1. ISE restored all certs i added and properly assigned them appropriately which is good.  Given this behavior, why do they recommend to backup all ISE certs manually and store them some place safe given the restore via the config backups adds them back?

2. When ISE came back up, it had the AD binding configs, yet I needed to rebind ISE?  Is this expected?

3. All policies were also restored.  Again, which is good.  Why do they have an individual config to auto backup ISE policies outside of the ISE config backups?  I suspect this is so you can quickly restore just the policy configs without having to do a complete ISE restore.  Am i correct here?

 

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
M02@rt37
VIP
VIP

‎01-28-2024 10:06 AM

Hello @ryanbess 

1. While the ISE restore process includes certificates, it's recommended to separately backup and store certificates. This is mainly for situations where you might need to restore ISE in a new environment or if you are not using the built-in CA for your certificates. Keeping a separate backup of certificates provides an extra layer of assurance and flexibility, especially in scenarios where you might need to migrate ISE to a different infrastructure.

2. It's somewhat unexpected that you needed to rebind ISE to Active Directory after a restore. The restore process should ideally bring back all configurations, including AD bindings. If you find that AD bindings are not consistently restored, it's advisable to document the AD binding configurations separately and verify the restoration process in a controlled environment.

3. The individual config backup for policies is indeed for a more granular restore process. This allows you to selectively restore policy configurations without affecting the entire ISE deployment. It can be beneficial in scenarios where a specific policy or set of policies needs to be rolled back or restored independently of other configurations.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

Go to solution
Arne Bier
VIP
VIP
In response to ryanbess

‎01-28-2024 04:56 PM

The ADE-OS is all the stuff you see in the CLI of the admin node (show running-config)

View solution in original post

4 Replies 4

Go to solution
M02@rt37
VIP
VIP

‎01-28-2024 10:06 AM

Hello @ryanbess 

1. While the ISE restore process includes certificates, it's recommended to separately backup and store certificates. This is mainly for situations where you might need to restore ISE in a new environment or if you are not using the built-in CA for your certificates. Keeping a separate backup of certificates provides an extra layer of assurance and flexibility, especially in scenarios where you might need to migrate ISE to a different infrastructure.

2. It's somewhat unexpected that you needed to rebind ISE to Active Directory after a restore. The restore process should ideally bring back all configurations, including AD bindings. If you find that AD bindings are not consistently restored, it's advisable to document the AD binding configurations separately and verify the restoration process in a controlled environment.

3. The individual config backup for policies is indeed for a more granular restore process. This allows you to selectively restore policy configurations without affecting the entire ISE deployment. It can be beneficial in scenarios where a specific policy or set of policies needs to be rolled back or restored independently of other configurations.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Go to solution
ryanbess
Level 1
Level 1

‎01-28-2024 10:28 AM

Thanks.  When you do the restore, it also had an ADE-OS restore checkbox.  What kinds of data would be in the ISE conifg backup that would be part of the ADE-OS?

0 Helpful

Go to solution
Arne Bier
VIP
VIP
In response to ryanbess

‎01-28-2024 04:56 PM

The ADE-OS is all the stuff you see in the CLI of the admin node (show running-config)

Go to solution
ryanbess
Level 1
Level 1
In response to Arne Bier

‎01-28-2024 05:07 PM

Thanks for confirming my suspicions.  I can not think of any time when you would not want to check that box but I guess it’s good to have options.

0 Helpful
Customers Also Viewed These Support Documents
Top