Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
545
Views
1
Helpful
1
Replies

ISE upgrade scenario

Go to solution
kareali@cisco.com
Cisco Employee
Cisco Employee

‎09-21-2017 03:17 AM

Hi,

  we have a scenario for the upgrade and i have a customer requirement. we have 10 ISE nodes in the deployment includes 2 Admin nodes (PRI & SEC) and 2 MNT nodes (PRI & SEC) and 6 PSN. the nodes are deployed in 2 branches in riyadh and dammam.

currently we upgraded dammam nodes which is the Secondary admin node and Primary MNT node and one PSN node. so now we have 2 separate deployment one in riyadh (ISE 2.0) and one in dammam (2.2).

the problem is that the customer made a lot of configuration changes in the old deployment and of course it is not reflected in the new deployment. as i know once we proceed with the upgrade for the rest of riyadh nodes it will automatically joins dammam nodes so we will lose the latest changes.

so is there a way to upgrade the rest of nodes in separate deployment and not to join dammamm deployment ?

i'm thinking about taking a backup from riyadh node and use it after finishing the upgrade. or i'm thinking about de-register the primary admin node and upgrade it then we will join all nodes to it manually ??ISE

1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎09-28-2017 07:43 PM

Ensure to have a good backup of the latest configurations, that of the key and certificate pairs of the system certificates, and, if using internal CA, a good export of internal CA store.

Any ISE nodes in the old deployment should have the same configurations. Thus, you may de-register any of them, upgrade it, and use it as the primary. Or, refresh install the new ISE release and restore the configuration backup from the old deployment.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
hslai
Cisco Employee
Cisco Employee

‎09-28-2017 07:43 PM

Ensure to have a good backup of the latest configurations, that of the key and certificate pairs of the system certificates, and, if using internal CA, a good export of internal CA store.

Any ISE nodes in the old deployment should have the same configurations. Thus, you may de-register any of them, upgrade it, and use it as the primary. Or, refresh install the new ISE release and restore the configuration backup from the old deployment.

0 Helpful
Customers Also Viewed These Support Documents