Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
975
Views
4
Helpful
3
Replies

Primary administration ISE nodes failed

Go to solution
Rian Rosidiyana
Level 1
Level 1

‎05-15-2013 09:12 PM - edited ‎03-10-2019 08:26 PM

Hi All,

I'm going to implement 3 ISE with destributed deployment, 1 ISE will configured as Administration & Monitoring node, and the others as dedicated Policy Service node.

My questions are :

1. If the Administration & monitoring node failed, are the authentication, authorization and posture still can be running well on the client ?

2. Can we promote the dedicated Policy Service Node as  the new administration & monitoring nodes ? If can, how the procedure for promoting it? it's just as simple as promoting the secondary nodes (in case we have primary and secondary nodes) or there is others effort, such as must restoring the database or etc?

Thanks?

Regards,

Rian

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni

‎05-16-2013 05:57 AM

Hi,

When the primary administration node fails. The psns will still continue to function and enforce policies.

Since you have a single administration node and if the that node has to be rebuilt, all other nodes will also have to be reset to factory then re registered once the primary node is ready again.

In that case you can open a tac case yo have them assist in pulling your database from one of the psn nodes.

As always this is my observations and what I would do if I was in the situation, we can wait for a cisco engineer to respond or you can post this question in a tac case to make sure there isn't an upcoming feature which addresses this scenario.


Sent from Cisco Technical Support Android App

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni

‎05-16-2013 05:57 AM

Hi,

When the primary administration node fails. The psns will still continue to function and enforce policies.

Since you have a single administration node and if the that node has to be rebuilt, all other nodes will also have to be reset to factory then re registered once the primary node is ready again.

In that case you can open a tac case yo have them assist in pulling your database from one of the psn nodes.

As always this is my observations and what I would do if I was in the situation, we can wait for a cisco engineer to respond or you can post this question in a tac case to make sure there isn't an upcoming feature which addresses this scenario.


Sent from Cisco Technical Support Android App

0 Helpful

Go to solution
harvisin
Level 3
Level 3

‎05-21-2013 08:29 PM

Hello,

For your first question which is :-

Q:- If the Administration & monitoring node failed, are the  authentication, authorization and posture still can be running well on  the client ?

Ans:- Yes, the PSN's will still be running to their full functionality and would be doing the work of policy enforcements.

For your second query please find the link below which would help in ssolving your query:-

http://www.cisco.com/en/US/docs/security/ise/1.0/install_guide/ise10_deploy.html

Go to solution
Rian Rosidiyana
Level 1
Level 1
In response to harvisin

‎05-21-2013 09:12 PM

Hi Tarik and harvincer,

Thank you for your response.

After re read again about geployment guide and ISE user guide, for my question no.2 , i found out that if my administration node failed, i have to rebuilt the system (reregister PSN). and don't forget to always backup ISE, because it's very important when we've lost all administration nodes

http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_backup.pdf

0 Helpful
Customers Also Viewed These Support Documents