upgrading cisco ise

Kashish_Patel · ‎12-10-2012

Hello,

We are planning to upgrade our ise boxes to 1.1.1.2xx version. I want to know which repository I should use for transferring the image? Which will be faster? sftp, ftp, tftp, http etc?

Tarik Admani · ‎12-10-2012

Ftp requires much less headache than sftp and is faster than tftp.

Sent from Cisco Technical Support Android App

Kashish_Patel · ‎12-10-2012

Thanks Tarik.

We are going from 1.1.0.665 to v1.1.1.268 patch 5

Here are the steps I am going to take:

First install 1.1 patch 3 (per release notes)

then install version 1.1.1 upgrade bundle

finally install patch 1.1.1 patch 5

Are there any gotchas I need to be aware of well in advance?

We have a distributed deployment and will be following

http://www.cisco.com/en/US/docs/security/ise/1.1.1/upgrade_guide/upg_dis_dep.html for upgrade.

Thanks,

Kashish

Tarik Admani · ‎12-11-2012

Why not go straight to 1.1.2 instead? Are you upgrading a distributed deployment? If so how many nodes are in your deployment?

I know the administration node took me over 5 hours to fully upgrade, so when you upgrade the PSN nodes you may want to reset the database so it doesnt take as long. Can you please elaborate more on your setup?

Thanks,

Tarik Admani
*Please rate helpful posts*

Kashish_Patel · ‎12-11-2012

Because of RNs (http://www.cisco.com/en/US/docs/security/ise/1.1.1/release_notes/ise111_rn.html#wp376240)

Before you can upgrade to Cisco ISE, Release 1.1.1 from Release 1.1, you must first be sure you have applied Cisco Identity Services Engine Cumulative Patch 3 to your Release 1.1 machine(s)

Yes we have a distributed deployment.

2 admin/monitor nodes ( one primary , other secondary, both VMs)

4 PSNs (appliances)

I did not understand this: "

the administration node took me over 5 hours to fully upgrade, so when you upgrade the PSN nodes you may want to reset the database so it doesnt take as long."

Leo Laohoo · ‎12-11-2012

I would recommend you wait until mid-January 2013.

Tarik Admani · ‎12-11-2012

Kashish,

Keep in mind that PSN nodes when detached retain the application database, this causes more time during the upgrade since the database does go through some changes. My solution with one of my customers was to reset the application database, so that the data in this database is minimal when the upgrade is performed. When you rejoin this node to the new 1.1.2 administration node, it will pull the application database from this admin node.

So you want to follow the distributed deployment instructions on the upgrade which can be found in the install and upgrade guides in the ISE documentation.

Thanks,

Tarik Admani
*Please rate helpful posts*

JHILL2 · ‎09-05-2013

fyi, the standalone upgrade to 1.2 took 3 hours on yesterday on a 3395 appliance. From what I could see, the monitoring database and database upgrade from 32-bit to 64-bit is what chewed up the most time.

aqjaved · ‎10-02-2013

Cisco Identity Services Engine (ISE) supports application upgrades only from the command-line Interface (CLI). You can upgrade Cisco ISE from any previous release to the next release. A previous release can have patches installed on it, or it can be any maintenance release.

Please check the below link this may can be helpful for you:

Link-1:

http://www.cisco.com/en/US/docs/security/ise/1.2/upgrade_guide/b_ise_upgrade_guide_chapter_01.html#topic_CC8056D0D3724780BDF7579D69363CF3

David Pease · ‎10-02-2013

Just to let you know, you guys are replying to a topic that is almost a year old. The question referenced 1.1.2 not 1.2.

FYI.