Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
848
Views
4
Helpful
1
Replies

Which option is better for 2.0 to 2.2 upgrade

Go to solution
shabeeribm1
Level 1
Level 1

‎06-20-2017 03:02 AM

Hello ,

Hope all are doing good.This is my first post in communities

I am planning to upgrade ISE in our production environment which is running on ISE 2.0 with patch 5 to ISE 2.2

I get mixed opinion from different engineers about GUI and CLI upgrade and am bit confused to proceed with ..

Option 1 (Via GUI)

install ISE 2.2 and install Patch 1 at the same time

Option 2 (Via CLI)

- De register Secondary node from a deployment and Upgrade it via the CLI and check that it is perfectly fine and works.

- De-register 1 PSN from deployment and ideally re-install a 2.2 fresh install on it

- Add the fresh installed 2.2 node to an upgraded 2.2 secondary admin to a new deployment.

- Proceed with other nodes and added to the deployment with ISE 2.2

So This way you will have a 1 node upgraded and it will retain all the configuration and then when you add a new nodes to this one they will replicate a configuration from it.

Both option 1 and option 2 are heard from TAC engineers

Our system team is upgrading to Active Directory 2016 and ISE 2.2 only support AD2016. So its mandatory for me to upgrade the ISE to 2.2 version

I am having 4 nodes in our environment

- Primary admin / Primary Monitoring

- Secondary admin / Secondary Monitoring

- PSN 1

- PSN 2

If anyone  successfully upgraded to ISE  2.2 please let me know the procedure followed for that and also mention if there is any major issues after the upgrade

Thanks a lot in advance

-

Shabeer

1 Accepted Solution

Accepted Solutions

Go to solution
Oliver Laue
Level 4
Level 4

‎06-20-2017 09:31 AM

Hi Shabeer,

i wouldn't suggest to use the GUI Upgrade function. A couple of colleagues tried in the past and it didn't worked very well.

I'm always using the good old cli upgrade method. Login to the vSphere Console of the VM's and start to upgrade like it's described in the cco documentation. Cisco Identity Services Engine Upgrade Guide, Release 2.2 - Upgrade a Cisco ISE Deployment from the CLI [Cisco Identit…

But do a Backup of your configuration and if you need it your Operational Data before. Depending of the Performance of you Hypervisors it's maybe an Option to do a clean install of the PSN's and calculate with a decent amount of time for the Upgrade. I saw upgrade times of 2 to 4h for pan/mnt nodes.

After the Upgrade check the Post-Upgrade Tasks

Cisco Identity Services Engine Upgrade Guide, Release 2.2 - Post-Upgrade Tasks [Cisco Identity Services Engine] - Cisc…

View solution in original post

1 Reply 1

Go to solution
Oliver Laue
Level 4
Level 4

‎06-20-2017 09:31 AM

Hi Shabeer,

i wouldn't suggest to use the GUI Upgrade function. A couple of colleagues tried in the past and it didn't worked very well.

I'm always using the good old cli upgrade method. Login to the vSphere Console of the VM's and start to upgrade like it's described in the cco documentation. Cisco Identity Services Engine Upgrade Guide, Release 2.2 - Upgrade a Cisco ISE Deployment from the CLI [Cisco Identit…

But do a Backup of your configuration and if you need it your Operational Data before. Depending of the Performance of you Hypervisors it's maybe an Option to do a clean install of the PSN's and calculate with a decent amount of time for the Upgrade. I saw upgrade times of 2 to 4h for pan/mnt nodes.

After the Upgrade check the Post-Upgrade Tasks

Cisco Identity Services Engine Upgrade Guide, Release 2.2 - Post-Upgrade Tasks [Cisco Identity Services Engine] - Cisc…

Customers Also Viewed These Support Documents