cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1393
Views
4
Helpful
6
Replies

Patching ISE in multi-node deployment, Cisco official recommendation

rezaalikhani
Level 3
Level 3

Hi all;

I searched google and several documents and resources from Cisco and other experts regarding to find best practices for patching ISE in multi-node deployment. None of them had exact same procedures. Can anyone in Cisco officially state the supported scenario with minimal disruption in mind?

Thanks

1 Accepted Solution

Accepted Solutions

I found this:

"If you are installing the patch from the GUI, the patch is automatically installed on the Primary PAN first. The system then installs the patch on the other nodes in the deployment in the order listed in the GUI. You cannot control the order in which the nodes are updated.".

Cisco ISE 3.1 Upgrade Guide: Install Latest Patch - Cisco

 

View solution in original post

6 Replies 6

There are two options, option one is via ISE GUI, this will apply the patch on all nodes one at a time. Option two is via CLI which I personally prefer because it gives more control as you can decide which node you want to patch first. Unlike upgrading ISE which has to be done in a specific order, applying the patch can be in any order.

Thanks for your reply. You mentioned that when we use the GUI method, the patching operation takes place one server at a time. This is my confusing situation! In which order? 

It will start with the primary PAN and then if that is successful it will carry on installing the patch on the nodes in the order you see in the deployment page in the GUI. If any of the other nodes should fail installing the patch, it will still carry on with the next one. So essentially it will only stop if the installation on the primary PAN should fail.

So, after the patch is successfully installed on the PAN, it is applied to all nodes in the cube one at a time, in alphabetical order. Right?

Searching on Google, we can find documents that believe applying ISE patches have orders beyond alphabetical order. For example:

patch.png

What to you think?

Thanks

 

I found this:

"If you are installing the patch from the GUI, the patch is automatically installed on the Primary PAN first. The system then installs the patch on the other nodes in the deployment in the order listed in the GUI. You cannot control the order in which the nodes are updated.".

Cisco ISE 3.1 Upgrade Guide: Install Latest Patch - Cisco

 

rezaalikhani
Level 3
Level 3

Thanks for your following up...