Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1155
Views
1
Helpful
3
Replies

Manually upgrading ISE 2.1 to 2.2

Go to solution
bricrock
Cisco Employee
Cisco Employee

‎07-11-2017 11:29 AM

Customer is currently running ISE 2.1, fully-distributed, and needs to upgrade to 2.2 in order to gain Hyper-V support due to the server team changing hypervisor strategy.  Customer wants to control the upgrade process, site by site, as opposed to letting the GUI-based "wizard" roll out the upgrade across the deployment.

I understand the upgrade sequence to be:

1. Secondary Admin Node

2. Primary Monitoring Node

3. Policy Service Nodes

4. Secondary Monitoring Node

5. Primary Admin Node

Questions:

1. Is the CLI the best method to achieve the fine-grained control the customer is looking for?

2. If it is, and let's say steps 1 and 2 (above) are completed successfully, how long can the customer take to complete the rest of the nodes?

2a. For example, can they upgrade the PSN's at the first site one weekend, then wait to perform the upgrade of the next site's PSN's the following weekend, etc., until finally upgrading the Primary Admin Node a month or so after the start of the overall upgrade process?

2b. If so, what risks or caveats are there to running in this split-version capacity for multiple weeks?

Thank you,

Brian

1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎07-12-2017 08:21 AM

Both Nidhi and Tim provided very valuable inputs.

Since the customer moving to Hyper-V, I would suggest to build a new deployment with ISE 2.2. If needed, restore configuration and/or operation backup from ISE 2.1 to the new deployment.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Nidhi
Cisco Employee
Cisco Employee

‎07-11-2017 09:14 PM

Hi Brian ,

CLI is one of the methods to upgrade .

the step by step procedure is mentioned in the link below -

Cisco Identity Services Engine Upgrade Guide, Release 2.1 - Upgrade a Cisco ISE Deployment from the CLI [Cisco Identit…

end of the document also talks about some commonly found issues during upgrade process and their resolution .

Thanks,

Nidhi

0 Helpful

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee
In response to Nidhi

‎07-12-2017 07:02 AM

Brian,

It is not recommended to partially upgrade the deployment because during that time you will essentially have two different deployments.  It is best to upgrade the entire deployment during the same maintenance window.

Regards,

-Tim

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee

‎07-12-2017 08:21 AM

Both Nidhi and Tim provided very valuable inputs.

Since the customer moving to Hyper-V, I would suggest to build a new deployment with ISE 2.2. If needed, restore configuration and/or operation backup from ISE 2.1 to the new deployment.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents