03-19-2023 09:57 AM
Running version 2.7.0.356 ISE Basic 2-node redundant deployment
Is there a guide or procedure to scale out the deployment and run up to 6 PSN in a distributed environment, keeping the PAN and MnT on the existing nodes? Admin + MnT on Same Appliance; Policy Service on Dedicated Appliance (VMs)
Thank you
03-19-2023 10:52 AM
ISE 2.7 going to soon end of life, if you looking to upgrade or migrate ...Look for ISE 3.X (for Long term support)
Look at the distributed deployment guide :
03-19-2023 12:05 PM
Hello balaji.bandi,
thank you for replying but I my question is related to the migration and not related to an upgrade to different version.
I mentioned 2.7 because this is the version we are running and once I successfully scale out the deployment, have PSNs running, I can move to higher version of ISE.
In the link that you shared - we are running a Split deployment and would like to move to a Medium-Sized ISE deployment
03-19-2023 12:27 PM - edited 03-19-2023 12:30 PM
but I my question is related to the migration
Migration to what ? - the document provide how you can deploy hybrid with different roles ? - is that missing ?
we are running a Split deployment and would like to move to a Medium-Sized ISE deployment
is this what your requirement?
03-19-2023 01:25 PM
*migration from split deployment to medium-sized deployment with PSNs
I am deploying PSNs now and would like to know the next step in associating them with the PANs and the procedure for that in a live production environment.
Thank you.
03-19-2023 02:01 PM
hi @georgip , once configured the new psn nodes within your environment, these ones needs to be configured as standalone , then you need to associate them through a registration process that you need to do in the GUI PAN, please refer to the following documentation https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/b_ise_27_admin_guide/b_ISE_admin_27_deployment.html#ID177 , when registering from the PAN dashboard in the menu Administration>System>deployment , you need to add the fqdn of the newest nodes ( this does not impact the previous nodes operation unless the new node that you are associating replaces some of the functionalities MNT or Admin that your older nodes have ) . kindly review also this other documentation that may serve your purposes https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2020/pdf/DGTL-BRKSEC-3432-reference.pdf
Rate and comment if that helped you.
03-20-2023 11:36 AM
This is not a detailed, step by step guide but it covers an overview of the process:
▷ ISE Deployment Architectures: Nodes, Services and Scale 20220113
04:19 ISE Nodes: Appliances, VMs, Cloud
07:50 Free, 90-day ISE Evaluation Licenses with every installation
08:56 ISE Personas: PAN, MNT, PSN, PXG
14:06 ISE Personas Example Flow
16:44 ISE Deployment: Standalone ISE Node
17:59 ISE Deployment: Small
19:01 ISE Deployment: Small 3 Node
20:33 ISE Deployment: Medium and Multiple Regions
22:43 ISE Deployment: Medium to Large
03-21-2023 12:59 AM
Thank you Thomas. Your basic video series are great and really helpful for beginners .
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide