05-15-2013 09:12 PM - edited 03-10-2019 08:26 PM
Hi All,
I'm going to implement 3 ISE with destributed deployment, 1 ISE will configured as Administration & Monitoring node, and the others as dedicated Policy Service node.
My questions are :
1. If the Administration & monitoring node failed, are the authentication, authorization and posture still can be running well on the client ?
2. Can we promote the dedicated Policy Service Node as the new administration & monitoring nodes ? If can, how the procedure for promoting it? it's just as simple as promoting the secondary nodes (in case we have primary and secondary nodes) or there is others effort, such as must restoring the database or etc?
Thanks?
Regards,
Rian
Solved! Go to Solution.
05-16-2013 05:57 AM
Hi,
When the primary administration node fails. The psns will still continue to function and enforce policies.
Since you have a single administration node and if the that node has to be rebuilt, all other nodes will also have to be reset to factory then re registered once the primary node is ready again.
In that case you can open a tac case yo have them assist in pulling your database from one of the psn nodes.
As always this is my observations and what I would do if I was in the situation, we can wait for a cisco engineer to respond or you can post this question in a tac case to make sure there isn't an upcoming feature which addresses this scenario.
Sent from Cisco Technical Support Android App
05-16-2013 05:57 AM
Hi,
When the primary administration node fails. The psns will still continue to function and enforce policies.
Since you have a single administration node and if the that node has to be rebuilt, all other nodes will also have to be reset to factory then re registered once the primary node is ready again.
In that case you can open a tac case yo have them assist in pulling your database from one of the psn nodes.
As always this is my observations and what I would do if I was in the situation, we can wait for a cisco engineer to respond or you can post this question in a tac case to make sure there isn't an upcoming feature which addresses this scenario.
Sent from Cisco Technical Support Android App
05-21-2013 08:29 PM
Hello,
For your first question which is :-
Q:- If the Administration & monitoring node failed, are the authentication, authorization and posture still can be running well on the client ?
Ans:- Yes, the PSN's will still be running to their full functionality and would be doing the work of policy enforcements.
For your second query please find the link below which would help in ssolving your query:-
http://www.cisco.com/en/US/docs/security/ise/1.0/install_guide/ise10_deploy.html
05-21-2013 09:12 PM
Hi Tarik and harvincer,
Thank you for your response.
After re read again about geployment guide and ISE user guide, for my question no.2 , i found out that if my administration node failed, i have to rebuilt the system (reregister PSN). and don't forget to always backup ISE, because it's very important when we've lost all administration nodes
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_backup.pdf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide