09-11-2020 12:58 AM
My customer has a single standalone ISE, running on a VM Host, vers 1.3. They want to increase the use of the ISE, so are proposing that it should be upgraded to the latest revision (2.x) and a second ISE. My question is simply this: Which is the safest change path? Upgrade then add a second unit, or add a second unit and then upgrade?
Thanks
Jim
Solved! Go to Solution.
09-11-2020 04:31 AM - edited 09-11-2020 04:33 AM
So build a new stand-alone system on a new VM Host, load certs on it from the CA (hope they have wildcards) and chop the network over to the new system. Test, ensure it all works, then rebuild the original from scratch at 2.x on the old VM host, but leaving the original system available as a "get out of Gaol", then enable the ISE on the old platform as slave, with the new 2.7 as master? Sounds reasonable....as a matter of interest - how many steps are involved to upgrade from 1.3 to 2.7?
Thanks
Jim
09-11-2020 01:35 AM
ISE 1.3 is very old and will be very laborious to upgrade to the current recommended 2.7. If the deployment is pretty basic I'd recommend just rebuilding the policies and other elements on a brand new server.
Otherwise you are looking at multiple backup and restore operations or inline upgrades.
09-11-2020 04:31 AM - edited 09-11-2020 04:33 AM
So build a new stand-alone system on a new VM Host, load certs on it from the CA (hope they have wildcards) and chop the network over to the new system. Test, ensure it all works, then rebuild the original from scratch at 2.x on the old VM host, but leaving the original system available as a "get out of Gaol", then enable the ISE on the old platform as slave, with the new 2.7 as master? Sounds reasonable....as a matter of interest - how many steps are involved to upgrade from 1.3 to 2.7?
Thanks
Jim
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide