Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2161
Views
0
Helpful
3
Replies

ISE upgrade split over multiple nights

Go to solution
dvan
Cisco Employee
Cisco Employee

‎03-04-2016 03:39 AM

Hi,

I'm looking into upgrading a large ISE distributed deployment over two DCs, and am wanting to know whether it is possible (and recommended) to split the upgrade process over two nights - one DC per night (possibly couple days apart) rather than all in one really long night...

Thanks,

Denis

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mikoconn
Cisco Employee
Cisco Employee

‎03-07-2016 03:44 AM

Hi Denis,

Yes, this can be done as long as you assess the effects on resilience and other operational aspects and are comfortable with the results.

I have done this with a large distributed deployment, although with virtual machines rather than hardware appliances, and it worked well.  The upgraded appliances will not communicate with the appliances still running the old version so there are no interoperability concerns.  Obviously, the two sub-clusters may see an endpoint independently and not share the same data.

I upgraded the secondary PAN and 2 x PSNs on night 1, tested thoroughly the following day, then 6 x PSNs on each subsequent night until they were complete.  One MnT was upgrade on night 2.  The remaining PAN and MNT were upgraded on the last night.  Use your load-balancer to take the PSNs out of service for the duration while they are upgraded.

Regards,

Mike.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎03-04-2016 10:50 AM

Hi Denis,

It is technically possible but not recommended.  Potential issues I see with upgrading the deployment over the course of a few days are HA and data synchronization.  You would essentially have two deployments after the first maintenance window.

Is it possible to have pre-staged nodes that could be added once the Admin and MnT nodes are upgraded?  This method works well especially if you have PSNs behind a load balancer.

Regards,

-Tim

0 Helpful

Go to solution
dvan
Cisco Employee
Cisco Employee
In response to Timothy Abbott

‎03-05-2016 03:59 AM

Hi Tim,

The idea is to run off one DC (no PAN/MNT HA, multiple PSNs) since the first maintenance window to avoid data synchronisation issues... But if this approach is still not recommended then it is enough for me not to pursue further.

Also, in this case pre-staged PSNs is not an available option - no spare appliances available (hardware appliance based deployment).

Thanks,

Denis

0 Helpful

Go to solution
mikoconn
Cisco Employee
Cisco Employee

‎03-07-2016 03:44 AM

Hi Denis,

Yes, this can be done as long as you assess the effects on resilience and other operational aspects and are comfortable with the results.

I have done this with a large distributed deployment, although with virtual machines rather than hardware appliances, and it worked well.  The upgraded appliances will not communicate with the appliances still running the old version so there are no interoperability concerns.  Obviously, the two sub-clusters may see an endpoint independently and not share the same data.

I upgraded the secondary PAN and 2 x PSNs on night 1, tested thoroughly the following day, then 6 x PSNs on each subsequent night until they were complete.  One MnT was upgrade on night 2.  The remaining PAN and MNT were upgraded on the last night.  Use your load-balancer to take the PSNs out of service for the duration while they are upgraded.

Regards,

Mike.

0 Helpful
Customers Also Viewed These Support Documents