Hello Saurav,

Thanks for your assistance (opened SAC case 191758).  I read the post to which you referred.  It was marginally helpful.  Have you ever completed a failover test in production?  My questions surrounding an ISE test plan remain unanswered.

What is a good way to verify/test all three ISE persona for HA?  Reload the primary admin, MnT, PSN node?  Shut the switch interface to which the primary node is connected?

Will I see a performance spike when I promote the secondary Admin persona to primary?  If so, what's the expectation - 100% CPU utilization?

Will any alarms be generated when I halt the primary node to test HA?  If so, which ones?

Documentation is completely silent about the ISE pop-up advisory you will get after you click the box to promote the secondary admin to primary, stating the admin function may be unavailable for 10 minutes.  How do I monitor anything when the admin persona is not available while switching from primary to admin?

What logs/support bundle do I need to download and review to confirm monitoring is occurring normally after the secondary admin is promoted to primary and becomes active?

Will I see a performance hit when I revert back to the primary admin node?  What other post HA test actions should I take?  Documentation says after reverting back to primary admin node, backup operational data off the secondary admin node (now active) and restore to primary to fill in the monitoring gaps.  What logs should be backed up?  Details, please!

Thanks much,

David D.

Steps for Administration persona failover testing

1. Stop ISE services on Primary Admin

Primary Admin# application stop ise

2. Log in to the Secondary Admin GUI and manually promote to Primary

3. Wait 10-15 minutes before process is complete

4. Verify ISE services are up on promoted Secondary Admin

Secondary Admin# sh application status ise

5. Promoted Primary Admin checks

Deployment pages shows all nodes are green and in synch

6. User testing to verify successful authentications and logging

Note:

After you promote your secondary Administration node to become the primary Administration

node, you must reconfigure your scheduled Cisco ISE backups in the newly promoted primary

Administration node

because scheduled backups are not replicated from the primary to secondary Administration

node.

7. After step 6 testing is complete restore original Primary Admin

8. Start ISE services on original Primary Admin

Primary Admin# application start ise

9. Verify ISE services are up on original Primary Admin

Primary Admin# sh application status ise

10. Promoted Primary Admin checks

Deployment pages shows original Primary Admin green and in synch

11. Stop ISE services on Promoted Primary Admin

Secondary Admin# application stop ise

12. Log in to the original Primary Admin GUI and manually promote to Primary

13. Wait 10-15 minutes before process is complete

14. Verify ISE services are up on original Primary Admin

Primary Admin# sh application status ise

15. Promoted Primary Admin checks

Deployment pages shows all nodes are green and in synch

16. User testing to verify successful authentications and logging

Note:

After you promote your secondary Administration node to become the primary Administration

node, you

must reconfigure your scheduled Cisco ISE backups in the newly promoted primary

Administration node

because scheduled backups are not replicated from the primary to secondary Administration

node.

17. Start ISE services on original Secondary Admin

Secondary Admin# application start ise

18. Verify ISE services are up on original Secondary Admin

Secondary Admin# sh application status ise

19. Primary Admin checks

Deployment pages shows original Secondary Admin green and in synch

20. User testing to verify successful authentications and logging