04-06-2021 03:27 AM
Hi All,
I've the plan to upgrade ISE from 2.3 to 2.7 from my 2 nodes VM (active/standby).
Could you please advise can I do it without the downtime?
Thank you.
Solved! Go to Solution.
04-06-2021 05:00 AM
Hi,
take a look at the following link: ISE Upgrade Journey, Release 2.7. and ISE Compatibility Matrix for 2.7.
Have the following in mind to better understand your downtime:
1. RHEL for 2.3 is 7.0, for 2.7 is 7.6. (more time for the upgrade process)
2. ISE 2.7 supports the following Hardware Platform: 35XX and 36XX (double check the VM Appliance Recommendation, maybe you need to add extra CPU, Memory or HDD)
3. run the URT (Upgrade Readiness Tool) before the upgrade to identity any issue that might cause an upgrade failure.
Hope this helps !!!
04-06-2021 06:25 AM
You could do it with minimal downtime, but I wouldn't say zero downtime.
Assuming you upgrade the secondary and that goes well, it becomes the new 2.7 primary. Then you will upgrade the old 2.3 primary to be the 2.7 secondary, this upgrade process in itself is essentially downtime free from an end user perspective. The downtime will come when you want to swap the primary and secondary PAN rolls back to their original positions, both nodes will reload and you'll have about a 10 minute outage during the PAN swap.
04-06-2021 05:00 AM
Hi,
take a look at the following link: ISE Upgrade Journey, Release 2.7. and ISE Compatibility Matrix for 2.7.
Have the following in mind to better understand your downtime:
1. RHEL for 2.3 is 7.0, for 2.7 is 7.6. (more time for the upgrade process)
2. ISE 2.7 supports the following Hardware Platform: 35XX and 36XX (double check the VM Appliance Recommendation, maybe you need to add extra CPU, Memory or HDD)
3. run the URT (Upgrade Readiness Tool) before the upgrade to identity any issue that might cause an upgrade failure.
Hope this helps !!!
04-07-2021 09:32 PM
Thank you Marcelo for the good information.
04-06-2021 06:25 AM
You could do it with minimal downtime, but I wouldn't say zero downtime.
Assuming you upgrade the secondary and that goes well, it becomes the new 2.7 primary. Then you will upgrade the old 2.3 primary to be the 2.7 secondary, this upgrade process in itself is essentially downtime free from an end user perspective. The downtime will come when you want to swap the primary and secondary PAN rolls back to their original positions, both nodes will reload and you'll have about a 10 minute outage during the PAN swap.
04-07-2021 09:32 PM
Thank you Damien,
So during the upgrade not require the de-register the node right?
Can I say it like this?
1.Backup the config and operation data on the primary node.
2.Run the URT on the secondary node
if it passes then
3.Upgrade to 2.7 from secondary node with CLI
4.Patch the upgrade in the secondary node to the latest patch version.
5.Re-do the step 3 and 4 on the primary node.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide