Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1079
Views
0
Helpful
1
Replies

Recommendations for ISE Backup & Upgrade Method Upgrade Stages

Go to solution
aarav
Level 1
Level 1

‎05-22-2020 10:49 AM

Hi,

Could you all , advise on the best or safe approach for upgrading ISE from 2.2 to 2.7 using Backup and restore method

I have two options and please advise on your views and also suggest any alternate approach.

4 Node Deployment, 2 Nodes per Site, 2 Sites, 1 PAN/MNT & 1 PSN per Site 

 

My options are below

 

OPTION 1 SLOW APPROACH-

 SITE 2 Nodes to be upgraded First

 Rebuild Secondary PAN/MNT First and enable PSN role on this First Node

 Test functionality by modifying a few Network devices to use this First Node for Radius

 If the environment is Successful and then Reimage PSN on this site and then Update to the other SITE

 

OPTION 2 FAST APPROACH-

SITE 2 NODES to be Upgraded First

Rebuild both the Secondary PAN/MNT and PSN Node simultaneously 

Bring this New PSN for production

Test the Functionality on Production

Then Upgrade the First Site.

 

Thanks

Aarav

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Arne Bier
VIP
VIP

‎05-23-2020 06:39 AM

I tried to follow your examples but I am failing to grasp the difference in approach.

 

Do you have hardware appliances or VM?

 

Essentially when you build a new 2.7 Node, the first node will always be a PAN AND MnT - you have no option to build only a PAN. Therefore you will by default get your first node running PAN and MnT. That is the foundation of your new 2.7 deployment. If you have VMs, then kill the old Standby PAN/MnT and spin up a fresh ISE 2.7 node. Make that your new PAN/MnT

Then register your first PSN into the deployment and test with some NAS. Don't touch the old PAN because that is your escape plan in case you want to back out. The old PAN and the old PSN will continue working as normal.

Once your testing is concluded, then nuke the last PSN and build a new 2.7 PSN - register this into the new 2.7 deployment.

Finally - point of no return - nuke the last remaining old PAN/MnT and create a new one - register it as your Secondary PAN/MnT

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Arne Bier
VIP
VIP

‎05-23-2020 06:39 AM

I tried to follow your examples but I am failing to grasp the difference in approach.

 

Do you have hardware appliances or VM?

 

Essentially when you build a new 2.7 Node, the first node will always be a PAN AND MnT - you have no option to build only a PAN. Therefore you will by default get your first node running PAN and MnT. That is the foundation of your new 2.7 deployment. If you have VMs, then kill the old Standby PAN/MnT and spin up a fresh ISE 2.7 node. Make that your new PAN/MnT

Then register your first PSN into the deployment and test with some NAS. Don't touch the old PAN because that is your escape plan in case you want to back out. The old PAN and the old PSN will continue working as normal.

Once your testing is concluded, then nuke the last PSN and build a new 2.7 PSN - register this into the new 2.7 deployment.

Finally - point of no return - nuke the last remaining old PAN/MnT and create a new one - register it as your Secondary PAN/MnT

0 Helpful
Customers Also Viewed These Support Documents