Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1399
Views
0
Helpful
2
Replies

Upgrade an ISE and Add Resilience

Go to solution
Jim Blake
Level 1
Level 1

‎09-11-2020 12:58 AM

My customer has a single standalone ISE, running on a VM Host, vers 1.3. They want to increase the use of the ISE, so are proposing that it should be upgraded to the latest revision (2.x) and a second ISE. My question is simply this: Which is the safest change path? Upgrade then add a second unit, or add a second unit and then upgrade?

 

Thanks

 

Jim

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jim Blake
Level 1
Level 1
In response to Marvin Rhoads

‎09-11-2020 04:31 AM - edited ‎09-11-2020 04:33 AM

So build a new stand-alone system on a new VM Host, load certs on it from the CA (hope they have wildcards) and chop the network over to the new system. Test, ensure it all works, then rebuild the original from scratch at 2.x on the old VM host, but leaving the original system available as a "get out of Gaol", then enable the ISE on the old platform as slave, with the new 2.7 as master? Sounds reasonable....as a matter of interest - how many steps are involved to upgrade from 1.3 to 2.7?

 

Thanks

Jim

 

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-11-2020 01:35 AM

ISE 1.3 is very old and will be very laborious to upgrade to the current recommended 2.7. If the deployment is pretty basic I'd recommend just rebuilding the policies and other elements on a brand new server.

Otherwise you are looking at multiple backup and restore operations or inline upgrades.

0 Helpful

Go to solution
Jim Blake
Level 1
Level 1
In response to Marvin Rhoads

‎09-11-2020 04:31 AM - edited ‎09-11-2020 04:33 AM

So build a new stand-alone system on a new VM Host, load certs on it from the CA (hope they have wildcards) and chop the network over to the new system. Test, ensure it all works, then rebuild the original from scratch at 2.x on the old VM host, but leaving the original system available as a "get out of Gaol", then enable the ISE on the old platform as slave, with the new 2.7 as master? Sounds reasonable....as a matter of interest - how many steps are involved to upgrade from 1.3 to 2.7?

 

Thanks

Jim

 

 

0 Helpful
Customers Also Viewed These Support Documents