Lab Minutes Forum

Technical Discussion => Security => Topic started by: czekon26 on July 25, 2016, 02:34:24 AM

Title: ISE upgrade
Post by: czekon26 on July 25, 2016, 02:34:24 AM
Hello,

In close future i will have to upgrade 4 node deployment of ISE 1.3 patch to ISE 2.0. Does anyone have some experience in performing this kind of upgrade. The process on it own its not complicated. Im looking for some information about potential treats and unwanted behavior. On what to pay special attention, what can go wrong etc. There is some documents on the internet but you know yourself there is notting better then live experience tips.

Thanks in advance.
Title: Re: ISE upgrade
Post by: MC on July 25, 2016, 09:02:38 PM
Sometime it's hard to say if you will run into issue during upgrade or not as each ISE deployment is different. Having upgrades multiple times, I normally follow Cisco procedure until the last node, which is the PAM, where I would just wipe the server and join a fresh node to the upgraded deployment, as I once ran into problem where the final node cause the entire upgrade to fail. Technically, you only need to upgrade the first node (ie. Secondary AM), do fresh install on every other nodes, and register them from scratch. I have also heard from Cisco TAC this is a recommended way. If you can, try to upgrade in the lab and don't forget to take a good config backup or VM snapshot.
Title: Re: ISE upgrade
Post by: czekon26 on July 26, 2016, 01:25:34 AM
Hi,

Thanks a lot for detiled answer. I will take your suggestion and will test it in the lab first but as you said it is hard to predict on production network. I know that taking the VM snapshot can sometimes save the day :)
SimplePortal 2.3.7 © 2008-2024, SimplePortal