Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1052
Views
0
Helpful
4
Replies

Ise vm upgrade to 1.2

Brian McPhillips
Level 1
Level 1

‎08-18-2013 06:52 AM - edited ‎03-10-2019 08:47 PM

I have been reading the documentation and just seeking some guidance on this upgrade. I have a standalone ISE on a 32 bit VM.

Is the process to perform the upgrade on ISE itself then shut down and change the VM settings? Or change the VM settings and perform the upgrade to 1.2. I'm no VM expert so i have a basic knowledge.  If anyone could provide some screenshots of where to change the settings from 32 bit to 64bit red hat that would be great.

Has anyone has been through the process so far?

https://supportforums.cisco.com/community/netpro/security/aaa/blog/2013/07/19/upgrading-to-identity-services-engine-ise-12

http://www.cisco.com/en/US/docs/security/ise/1.2/upgrade_guide/b_ise_upgrade_guide_chapter_01.html

Labels:
0 Helpful
4 Replies 4

Ravi Singh
Level 7
Level 7

‎08-25-2013 08:42 PM

Right click your ESXi host in the  left pane of the vSphere client and select Edit settings and follow the  configuring virtual machine section describe in the below link.

http://doc.pfsense.org/index.php/PfSense_2_on_VMware_ESXi_5

Also see the attached PDF file.

Preview file
19 KB
0 Helpful

jan.nielsen
Level 7
Level 7

‎08-26-2013 03:04 PM

I just finished upgrading a 8 node distributed ise solution to 1.2, and we just changed the guest os setting after upgrading, and then rebooted again, just to be sure that ise was still working afterwards.

0 Helpful

Ravi Singh
Level 7
Level 7
In response to jan.nielsen

‎08-26-2013 08:16 PM

Great! Please keep posted so that we can come to know that you have done successfully.

0 Helpful

jan.nielsen
Level 7
Level 7
In response to Ravi Singh

‎08-27-2013 12:59 AM

So here are my experiences with the upgrade to 1.2.899 :

Setup : 8 node deployment, with 2 PANs, 2 MnTs and 4 PSNs (around 10.000 concurrent devices)

- We initially where worried about the upgrade time for the MnT nodes, as there is a lot of log on them, ie. long upgrade time according to cisco, so we decided to loose our log, and just re-install the MnTs.

PAN

- We upgraded the secondary PAN first, which went with no problems, even the license seemed to be fine.

MNT

- The primary MnT was then re-installed with 1.2, and joined to the new ISE 1.2 deployment, this took about 1,5 hours, mostly spent waiting for ISE to start all its services after reboots. Only issue we encounterned was that the certificate export in 1.1.1.268 that we are running, exports the wrong certificate, when you choose the local cert (generated with ise local csr function), so we had to get them generated again, fortunately it was a local ca they where from.

- Then we double checked all settings regarding authentication/authorization/ad membership and profiling on the PAN, found no problems there (but still, please follow cisco guidelines, as some default rules will be reset).

PSN

- Then we changed our wireless controllers to only use one of our psns, to minimize disconnections from the wireless, and started upgrading PSNs, one at a time. This didn't go so well, after 2 hours of waiting at the CLI prompt at STEP 2:Deregistering from deployment, and no apparent activity we decided to shut down the ise server and re-install the PSNs instead, as we were running behind on our timeframe for the upgrade. We had a backup of the public certs used on the psns, and we had our ad credentials ready, the re-install took around 1-1,5 hours per PSN, and went fine once reinstalled. We of course had to load all our trusted certs, and the public cert before manually joining the new ISE 1.2 deployment.

Remaining two PAN/MnT

We chose to reinstall the last two servers, instead of migrating them, because of the problems we had encountered, and the PAN/MnT that was left, didn't have any information that we didn't already have on the ISE 1.2, this took the expected 1-1,5 hours per server before it was complete.

We set the redhat 5 64-bit os setting after the upgrades/re-install and rebooted again for good measure.

Notes :

The guest portal looks different in 1.2, make sure you customize it to your liking, the layout is not the same as the 1.1.x version, so your customisations may be migrated, but it's not guaaranteed that it will look the same. I installed a 1.2 in our lab before the upgrade to test the look and feel of the portal, so i knew what to change once we upgraded.

0 Helpful
Customers Also Viewed These Support Documents