Upgrade Cisco ISE 3.0 patch-3 to ISE 3.2 patch-2

adamscottmaster2013 · ‎05-11-2023

I am trying to upgrade my ISE 3.0 environment to ISE 3.2 patch-2 with ZERO downtime and I can rollback with zero downtime should I run into any issues. I have a nodes SNS-3655 clusters:

ISE1: Primary Admin/Primary MNT
ISE2: Secondary Admin/Secondary MNT
ISE3: PSN
ISE4: PSN

My plan:
Step #0: backup the configuration on ISE1
Step #1: deregister ISE2 and ISE4,
Step #2: rebuild ISE2 and ISE4 with ISE3.2,
Step #3: patch ISE2 and ISE4 with patch-2,
Step #4: restore the configuration in step #0 to ISE2,
Step #5: make ISE2 the primary Admin/primary MNT,
Step #6: Add ISE4 into the cluster of ISE2

At this point, I will have both 3.0 and 3.2 clusters function independently but because the database is the same, it should work. I will let this run for two weeks. If I need to make any configuration changes, I will make to both clusters,

Step#7: rebuild ISE1 and ISE3 with ISE 3.2,
Step #8: patch ISE1 and ISE3 with patch-2,
Step #9: Add ISE1 and ISE3 into the cluster; make ISE1 the Secondary Admin/Secondary MNT; make ISE3 PSN
Step #10: Make ISE1 Primary Admin/MNT and ISE2 Secondary Admin/MNT,

I did this three years ago when I had to upgrade from 2.7 to 3.0 and it works out well for me. Question is can I restore a 3.0 configuration into a 3.2 patch-2 appliance without any issues?

Thoughts?

Arne Bier · ‎05-11-2023

Sounds like a plan - I guess this is a valid consideration for SNS deployments. With a VM deployment we can approach upgrades differently (more flexible).

Yes you can restore a 3.0 config backup onto a 3.2 STANDALONE node.