cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

Cisco ISE 2.2 moving personas Administration and Monitoring to a new node

maissiat
Level 1
Level 1

Hi All, 

The company I work for is growing very fast and our ISE infrastructure is not adapted any more so I d'l like to review totally the design of it and I'd like to know which is the best approach for implementing it. 

 

My current ISE Distributed deployment of nodes  is as follow : 

Note : No PAN active

 

2 Cisco ISE 2.2.0.407 servers running on VM's   

ISE01 : Primary Admin/monitoring and PSN role

ISE02 : Secondary Admin/Monitoring and PSN role

 

Today , I'd like to move the Admin and Monitoring personas to 2 new servers (VM)and keep the PSN on the actual servers , the idea behind is to unload actual servers of Monitoring and admin tasks

 

My ISE deployment will look as follow: 

ISE New 1 : Primary Admin , secondary Monitoring

ISE New 2 : Secondary Admin, Primary Monitoring 

ISE01 : PSN

ISE02 : PSN

 

I already have my two new servers running in standalone with the same ISE version (Hostname and IP are not the same) . 

 

Now I'm not sure what is the best approach to migrate the Admin and Monitoring services to the new servers : 

My first idea is :

1. restore first a backup of the old server 1/2 to the new servers

(make sure I have the Admin certificates of each nodes on all servers)

2. On actual ISE02(Secondary) server remove the Admin/monitoring services 

3. register ISE New 1 as secondary server of ISE01 for Admin/monitoring to the ISE deployment and do a sync between Primary and Secondary

4. Promote ISE New 1 as Primary node for Admin /Monitoring services  sync 

5. remove Admin/monitoring on ISE01 (keep only PSN)

6, register ISE new 2 as secondary server for Admin/Monitoring services , SYNC 

 

Other things : 

What will happen when I will remove the Admin/Monitoring Services of the actual ISE02 servers , will both ISE will restart ? 

 

If someone has a best way to do it  or any suggestions, it will be very appreciated . 

Thank you 

Best regards 

Marc 

 

 

 

 

Who Me Too'd this topic