Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
626
Views
10
Helpful
5
Replies

Upgade from 1.2 to 2.4 (PAP and PDP)

Go to solution
jcardana
Cisco Employee
Cisco Employee

‎11-29-2018 09:47 AM

Hi,

customer is using ISE 1.2 with 4 servers,  2 per site for redundancy purposes.

Per Site it is configured one server with PAP and the other one with PDP.

 

According to BoM tool the migration to 2.4 with 6,000 users only needs two servers, one per site.

 

Question: the current instalation is using 2 servers one with PAP functions  and and other one with PDP functions, with the 2.4 version is it necessary to maintain the same distribution or it can be aggregate in only single one server per site?

 

Question: Which kind of redundancy can be used is it Active&Standby or other one?

 

Question: In terms of database where will be the database in the active or in both servers?

 

Thanks,

Joao CArdana

 

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to ognyan.totev

‎11-30-2018 04:39 AM

To keep things easy I would recommend 2.2 boxes (appliances or VMs) in a small HA deployment.

Install as new deployment as lots has changed and upgrading from 1.2 to 2.2 will take multiple upgrades

Primary site box runs primary admin and monitoring functional with policy services for radius

Second site runs secondary (standby)

Policy services is always active

Site 1 points to site 1 as primary for radius
Site 2 points to site 2

Both sides point to each other as backup

https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/install_guide/b_ise_InstallationGuide22/b_ise_InstallationGuide22_chapter_00.html#ID-1413-0000009d

View solution in original post

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to jcardana

‎12-03-2018 08:51 AM

You can run a stand-alone deployment with HA
1box will run primary admin and monitoring. Plus the policy services.
The other box will have secondary for admin and monitoring

Policy services are always active

You can point your devices to both for redundancy

Explained here
https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/install_guide/b_ise_InstallationGuide22/b_ise_InstallationGuide22_chapter_00.html#ID-1413-0000009d

Under
Deployment Size and Scaling Recommendations
Table 1

It shows 3515 appliance specs supporting 7500 active endpoints

View solution in original post

0 Helpful
5 Replies 5

Go to solution
ognyan.totev
Level 5
Level 5

‎11-29-2018 09:33 PM

You can decide what you want . You can have 1 primary and 1 secondary . And if you upgrade from 1xxx version first you must go to 2.0 or 2.1 and after you can go to 2.4 . In my deployment i have 2nodes in 2 data centers . 1 is primary other is secondary. If you want hi failover you must have at least 3rd node .

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to ognyan.totev

‎11-30-2018 04:39 AM

To keep things easy I would recommend 2.2 boxes (appliances or VMs) in a small HA deployment.

Install as new deployment as lots has changed and upgrading from 1.2 to 2.2 will take multiple upgrades

Primary site box runs primary admin and monitoring functional with policy services for radius

Second site runs secondary (standby)

Policy services is always active

Site 1 points to site 1 as primary for radius
Site 2 points to site 2

Both sides point to each other as backup

https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/install_guide/b_ise_InstallationGuide22/b_ise_InstallationGuide22_chapter_00.html#ID-1413-0000009d
0 Helpful

Go to solution
jcardana
Cisco Employee
Cisco Employee
In response to Jason Kunst

‎12-03-2018 08:32 AM

Hi,

the current deployement is based in 2 sites, with 2 nodes per site, each site as 1xServer for PDP and another one for PAP.

 

Please, correct me if I'm wrong but in your answer we can join the both functions of PDP and PAP in a single node, correct?

In this case, the customer to support 6,000 users, only needs two servers, one per site, correct?

Which is the maximum number of users supported in small deployement?

 

 

 

Primary site box runs primary admin and monitoring functional with policy services for radius
Second site runs secondary (standby)
Policy services is always active, also in second site?

Site 1 points to site 1 as primary for radius and Site 2 points to site 2, is it possible to have the site 2 only in standby mode?
Both sides point to each other as backup

 

Which is your recommendation active/standby or active/active?

In terms of Database, both servers are sync in active/standby mode? And in case of Active/Active how it works?

 

Thanks,

Joao Cardana

 

 

 

Thanks,

Joao Cardana

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to jcardana

‎12-03-2018 08:51 AM

You can run a stand-alone deployment with HA
1box will run primary admin and monitoring. Plus the policy services.
The other box will have secondary for admin and monitoring

Policy services are always active

You can point your devices to both for redundancy

Explained here
https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/install_guide/b_ise_InstallationGuide22/b_ise_InstallationGuide22_chapter_00.html#ID-1413-0000009d

Under
Deployment Size and Scaling Recommendations
Table 1

It shows 3515 appliance specs supporting 7500 active endpoints

0 Helpful
Customers Also Viewed These Support Documents