Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
254
Views
2
Helpful
2
Replies

migration of appliances to VM + upgrade

nkeuparl
Level 1
Level 1

‎07-23-2024 06:01 AM

Hi there, i am planning to migrate PAN/SAN and 2 PSN running ISE 2.4 on old 3315 appliances to PAN/SAN 2PSN 2MNT running ISE 3.2 on virtual machines

is there a guide/ or many / that i could rely on ? ( migrate appliance to vm / maybe running vm+on prem at same time if possible / implementing MNT / migration path from 2.4 to 3.2 )

is it possible to integrate the new vm components in the old infra and disengage the appliances slowly then? 

is it possible to run at the same time diffrent versions ?

how does it work for the certificates and for the licenses ? 

any recommendations?

Thank you!

0 Helpful
2 Replies 2

marce1000
VIP
VIP

‎07-23-2024 09:22 AM

 

    - In my opinion this will be difficult because of the huge leap in versions  ; what I would do is start building the ISE VM based environment manually from scratch (including entering the policies and final testing). 
     Lots of trouble could be avoided   and or 'sudden showstoppers' on the way.  And you have 'free time' for testing
     on the new environment without hurting business (e.g.)
    What I  used to do is  simply switch radius servers  on the NAD's when a new ISE deployment was ready for use.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Marcelo Morais
VIP
VIP

‎07-23-2024 03:19 PM

Hi @nkeuparl ,

remember that:

1st ISE 3.2 supports restore from backups obtained from ISE 2.7+

2nd ISE 2.7 supports restore from backups obtained from ISE 2.2+

3rd a VM Common License (VMC) is a MUST when you use VMs

4th if you own Traditional Cisco ISE Licenses, you MUST convert them to Smart Licenses

5th for TACACS+, you MUST have Device Administration License for each of the PSN that you enable TACACS+ Service.

6th take a look at the new license model at Cisco ISE Licensing Guide, check for Figure 8: EA Conversion of 2.x licenses to 3.x subscription licenses.

My recommendation:

1st generate a backup from ISE 2.4

2nd create an ISE 2.7 from scratch on a new VM

3rd restore the ISE 2.4 backup on the new ISE 2.7

4th create a backup from the new ISE 2.7

5th reinstall the new ISE 2.7 from scratch with a the ISE 3.2 P6 version

6th restore the new ISE 2.7 backup on the ISE 3.2 P6

7th test your ISE 3.2 P6

at this point, you have an ISE 2.4 Cluster and a ISE 3.2 P6 Standalone and you can choose the best time to create the others VMs for your ISE 3.2 P6.

 

Hope this helps !!!

Customers Also Viewed These Support Documents