collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic: ISE 1.2 distributed deployment with 2 PSN - change https port for portals  (Read 19451 times)

Offline peterb

  • Cisco Newbie
  • *
  • Posts: 2
  • Reputation: 1
  • Certification: N/A
Hi,

We need to change the port numbers for sponsor portal and mydevices portal in a ISE 1.2 distributed deployment.
The documentation states that all ISE nodes will restart when doing so.

My question is if all the nodes will restart simultaneously or if they will restart one at a time, as they do when applying patches to ISE.

Thank you,
Peter

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 401
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Interesting question. Since both sponsor and MyDevices portal tie to PSN, I would think only PSN will reload although I cannot say whether they will all reload at the same time. I would definitely do this after-hour and prepare for the worst (ie. all nodes service reset). Sorry I currently do not have a 2+ node setup that I can test this with but definitely would like to know the result.

Offline peterb

  • Cisco Newbie
  • *
  • Posts: 2
  • Reputation: 1
  • Certification: N/A

We have made the changes now and here is the result.

Our setup is like this:
ISE-1  primary admin node, secondary monitor node
ISE-2  secondary admin node, primary monitor node
ISE-3 and ISE-4  policy services nodes

All 4 nodes restarted the ISE application, but not simultaneously.
This is how it worked out:
1. ISE-1 restarted ISE application
2. ISE-2 + one of the PSN:s restarted ISE application
3. The other PSN restarted ISE application

So all roles (admin, monitor and policy) worked all the time, there was minimal or no impact for the users. All the same, after-hours for this kind of change is a good recommendation!

/Peter



Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 401
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
You are not allowed to view links. Register or Login

We have made the changes now and here is the result.

Our setup is like this:
ISE-1  primary admin node, secondary monitor node
ISE-2  secondary admin node, primary monitor node
ISE-3 and ISE-4  policy services nodes

All 4 nodes restarted the ISE application, but not simultaneously.
This is how it worked out:
1. ISE-1 restarted ISE application
2. ISE-2 + one of the PSN:s restarted ISE application
3. The other PSN restarted ISE application

So all roles (admin, monitor and policy) worked all the time, there was minimal or no impact for the users. All the same, after-hours for this kind of change is a good recommendation!

/Peter

Thank you for sharing your result Peter. I am sure we all can benefit from this. +1

 

Related Topics

  Subject / Started by Replies Last post
1 Replies
20937 Views
Last post November 08, 2014, 09:19:44 PM
by MC
13 Replies
45424 Views
Last post July 06, 2015, 12:51:41 PM
by MC
1 Replies
21588 Views
Last post June 13, 2016, 09:42:09 PM
by MC
1 Replies
53909 Views
Last post December 19, 2016, 09:32:23 PM
by MC
0 Replies
29812 Views
Last post August 18, 2020, 01:52:07 PM
by yagneshchouhan

SimplePortal 2.3.7 © 2008-2024, SimplePortal