06-27-2014 01:45 PM - edited 03-10-2019 09:50 PM
As part of an ISE implementation, I want to test ISE failover for Admin, MnT, and PSN personas. Does anyone have an ISE failover test plan or ISE failover test best practices documentation to share?
Thanks much,
David Daverso
07-01-2014 03:00 AM
Refer the below discussion
https://supportforums.cisco.com/discussion/11951356/ise-fail-over
07-02-2014 04:00 PM
Hello Saurav,
Thanks for your assistance (opened SAC case 191758). I read the post to which you referred. It was marginally helpful. Have you ever completed a failover test in production? My questions surrounding an ISE test plan remain unanswered.
What is a good way to verify/test all three ISE persona for HA? Reload the primary admin, MnT, PSN node? Shut the switch interface to which the primary node is connected?
Will I see a performance spike when I promote the secondary Admin persona to primary? If so, what's the expectation - 100% CPU utilization?
Will any alarms be generated when I halt the primary node to test HA? If so, which ones?
Documentation is completely silent about the ISE pop-up advisory you will get after you click the box to promote the secondary admin to primary, stating the admin function may be unavailable for 10 minutes. How do I monitor anything when the admin persona is not available while switching from primary to admin?
What logs/support bundle do I need to download and review to confirm monitoring is occurring normally after the secondary admin is promoted to primary and becomes active?
Will I see a performance hit when I revert back to the primary admin node? What other post HA test actions should I take? Documentation says after reverting back to primary admin node, backup operational data off the secondary admin node (now active) and restore to primary to fill in the monitoring gaps. What logs should be backed up? Details, please!
Thanks much,
David D.
07-03-2014 12:56 AM
Steps for Administration persona failover testing
1. Stop ISE services on Primary Admin
Primary Admin# application stop ise
2. Log in to the Secondary Admin GUI and manually promote to Primary
3. Wait 10-15 minutes before process is complete
4. Verify ISE services are up on promoted Secondary Admin
Secondary Admin# sh application status ise
5. Promoted Primary Admin checks
Deployment pages shows all nodes are green and in synch
6. User testing to verify successful authentications and logging
Note:
After you promote your secondary Administration node to become the primary Administration
node, you must reconfigure your scheduled Cisco ISE backups in the newly promoted primary
Administration node
because scheduled backups are not replicated from the primary to secondary Administration
node.
7. After step 6 testing is complete restore original Primary Admin
8. Start ISE services on original Primary Admin
Primary Admin# application start ise
9. Verify ISE services are up on original Primary Admin
Primary Admin# sh application status ise
10. Promoted Primary Admin checks
Deployment pages shows original Primary Admin green and in synch
11. Stop ISE services on Promoted Primary Admin
Secondary Admin# application stop ise
12. Log in to the original Primary Admin GUI and manually promote to Primary
13. Wait 10-15 minutes before process is complete
14. Verify ISE services are up on original Primary Admin
Primary Admin# sh application status ise
15. Promoted Primary Admin checks
Deployment pages shows all nodes are green and in synch
16. User testing to verify successful authentications and logging
Note:
After you promote your secondary Administration node to become the primary Administration
node, you
must reconfigure your scheduled Cisco ISE backups in the newly promoted primary
Administration node
because scheduled backups are not replicated from the primary to secondary Administration
node.
17. Start ISE services on original Secondary Admin
Secondary Admin# application start ise
18. Verify ISE services are up on original Secondary Admin
Secondary Admin# sh application status ise
19. Primary Admin checks
Deployment pages shows original Secondary Admin green and in synch
20. User testing to verify successful authentications and logging
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide