09-23-2017 01:41 AM - edited 02-21-2020 10:34 AM
Hi All,
The company I work for is growing very fast and our ISE infrastructure is not adapted any more so I d'l like to review totally the design of it and I'd like to know which is the best approach for implementing it.
My current ISE Distributed deployment of nodes is as follow :
Note : No PAN active
2 Cisco ISE 2.2.0.407 servers running on VM's
ISE01 : Primary Admin/monitoring and PSN role
ISE02 : Secondary Admin/Monitoring and PSN role
Today , I'd like to move the Admin and Monitoring personas to 2 new servers (VM)and keep the PSN on the actual servers , the idea behind is to unload actual servers of Monitoring and admin tasks
My ISE deployment will look as follow:
ISE New 1 : Primary Admin , secondary Monitoring
ISE New 2 : Secondary Admin, Primary Monitoring
ISE01 : PSN
ISE02 : PSN
I already have my two new servers running in standalone with the same ISE version (Hostname and IP are not the same) .
Now I'm not sure what is the best approach to migrate the Admin and Monitoring services to the new servers :
My first idea is :
1. restore first a backup of the old server 1/2 to the new servers
(make sure I have the Admin certificates of each nodes on all servers)
2. On actual ISE02(Secondary) server remove the Admin/monitoring services
3. register ISE New 1 as secondary server of ISE01 for Admin/monitoring to the ISE deployment and do a sync between Primary and Secondary
4. Promote ISE New 1 as Primary node for Admin /Monitoring services sync
5. remove Admin/monitoring on ISE01 (keep only PSN)
6, register ISE new 2 as secondary server for Admin/Monitoring services , SYNC
Other things :
What will happen when I will remove the Admin/Monitoring Services of the actual ISE02 servers , will both ISE will restart ?
If someone has a best way to do it or any suggestions, it will be very appreciated .
Thank you
Best regards
Marc