cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
563
Views
0
Helpful
3
Replies

Upgrade ISE Distributed deployment

Maurice Ball
Level 3
Level 3

I am in the process of upgrading my Cisco ISE distributed deployment. I have 2 PAN and 3 PSN in the deployment.

I was reviewing the upgrade guide. I noticed that the upgrade guide states if your PSN is part of a group cluster, you must deregister the PSN from the PAN and upgrade the node in standalone mode.

 

Is that the correct process?

 

My concern is once that PSN node is back up and running in standalone mode the devices that are pointed to that PSN node will not be able to authenticate their clients. 

 

Step 3 of the upgrade guide

Upgrade the Policy Service Nodes (nodes C, D, E, and F) next. You can upgrade several PSNs in parallel, but if you upgrade all the PSNs concurrently, your network will experience a downtime. If your PSN is part of a node group cluster, you must deregister the PSN from the PAN, upgrade it as a standalone node, and register it with the PAN in the new deployment. After the upgrade, the PSNs are registered with the primary node of the new deployment (node B), and the data from the primary node (node B) is replicated to all the PSNs. The PSNs retain their personas, node group information, and profiling probe configurations.

1 Accepted Solution

Accepted Solutions

marce1000
VIP
VIP

 

 - Yes , it is a cumbersome process , many people prefer building a new environment, besides the  'old ise' ; let alone that the buikl-in upgrade process may fail too. Check the thread below and reflect on it :

  https://community.cisco.com/t5/identity-services-engine-ise/ise-2-2-patch-10-upgrade/m-p/3788144

M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

3 Replies 3

marce1000
VIP
VIP

 

 - Yes , it is a cumbersome process , many people prefer building a new environment, besides the  'old ise' ; let alone that the buikl-in upgrade process may fail too. Check the thread below and reflect on it :

  https://community.cisco.com/t5/identity-services-engine-ise/ise-2-2-patch-10-upgrade/m-p/3788144

M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Ok, and thanks for the quick reply.

Ok, and thanks for the quick reply.