6
Upgrade a Cisco ISE Deployment from the GUI Upgrade a Cisco ISE Deployment from the GUI, page 1 Upgrade a Cisco ISE Deployment from the GUI Cisco ISE offers a GUI-based centralized upgrade from the Admin portal. The upgrade process is much simplified and the progress of the upgrade and the status of the nodes are displayed on screen. The Upgrade Overview page lists all the nodes in your deployment, the personas that are enabled on them, the version of ISE installed, and the status (indicates whether a node is active or inactive) of the node. You can begin upgrade only if the nodes are in the Active state. The GUI-based upgrade from the Admin portal is supported only if you are currently on Release 2.0 or later and want to upgrade to Release 2.0.1 or later. Note Different Types of Deployment Standalone NodeA single Cisco ISE node assuming the Administration, Policy Service, and Monitoring persona. Multi-Node DeploymentA distributed deployment with several ISE nodes. The procedure to upgrade a distributed deployment is discussed in detail below. Upgrade From Release 2.0 to Release 2.1 You can upgrade all the nodes in a Cisco ISE deployment from the Admin portal. Cisco Identity Services Engine Upgrade Guide, Release 2.1 1

Upgrade a Cisco ISE Deployment from the GUI

  • Upload
    doannhi

  • View
    238

  • Download
    2

Embed Size (px)

Citation preview

Page 1: Upgrade a Cisco ISE Deployment from the GUI

Upgrade a Cisco ISE Deployment from the GUI

• Upgrade a Cisco ISE Deployment from the GUI, page 1

Upgrade a Cisco ISE Deployment from the GUICisco ISE offers a GUI-based centralized upgrade from the Admin portal. The upgrade process is muchsimplified and the progress of the upgrade and the status of the nodes are displayed on screen.

The Upgrade Overview page lists all the nodes in your deployment, the personas that are enabled on them,the version of ISE installed, and the status (indicates whether a node is active or inactive) of the node. Youcan begin upgrade only if the nodes are in the Active state.

The GUI-based upgrade from the Admin portal is supported only if you are currently on Release 2.0 orlater and want to upgrade to Release 2.0.1 or later.

Note

Different Types of Deployment• StandaloneNode—A single Cisco ISE node assuming the Administration, Policy Service, andMonitoringpersona.

• Multi-Node Deployment—A distributed deployment with several ISE nodes. The procedure to upgradea distributed deployment is discussed in detail below.

Upgrade From Release 2.0 to Release 2.1You can upgrade all the nodes in a Cisco ISE deployment from the Admin portal.

Cisco Identity Services Engine Upgrade Guide, Release 2.1 1

Page 2: Upgrade a Cisco ISE Deployment from the GUI

The GUI-based upgrade is applicable only if you are upgrading from Release 2.0 or later to a higher releaseor if you are upgrading a Limited Availability Release of Cisco ISE 2.0 or later to the General AvailabilityRelease.

Note

Before You Begin

Ensure that you have performed the following tasks before you upgrade:

• Obtain a backup of the ISE configuration and operational data.

• Obtain a backup of the system logs.

• Export certificates and private keys.

• Configure a repository. Download the upgrade bundle and place it in this repository.

• Make a note of Active Directory join credentials and RSA SecurID node secret, if applicable. You needthis information to be able to connect to Active Directory or RSA SecurID server after upgrade.

• Purge operational data to improve upgrade performance.

Step 1 Click the Upgrade tab.Step 2 Click Proceed. The Review Checklist page appears. Read the given instructions carefully.Step 3 Check the I have reviewed the checklist check box, and click Continue. The Download Bundle to Node(s) page appears.Step 4 Download the upgrade bundle from the repository to the nodes.

a) Check the check box next to the node(s) to which you want to download the upgrade bundle.b) Click Download. The Select Repository and Bundle page appears.c) Select the repository.

You can select the same repository or different repositories on different nodes, but you must select the same upgradebundle on all the nodes.

d) Check the check box next to the bundle that you want to use for the upgrade.e) Click Confirm.

Once the bundle is downloaded to the node(s), the node status changes to “Ready for upgrade.”

Step 5 Click Continue.The Upgrade Node(s) page appears. A table for the current deployment and new deployment appears. The nodes in thedeployment and their personas are displayed.

Step 6 Choose the upgrade sequence.When you move a node to the new deployment, a time estimate for upgrade appears on the screen. You can use thisinformation to plan for upgrade andminimize downtime. Use the sequence given below if you have a pair of Administrationand Monitoring Nodes, and several Policy Service Nodes. In this example, each node assumes a single persona (PrimaryPAN, Secondary PAN, Primary Monitoring, Secondary Monitoring, etc.)

a) By default, the Secondary PAN is listed first in the upgrade sequence. After upgrade, this node will become thePrimary PAN in the new deployment.

b) The Primary Monitoring Node is the next one in sequence to be upgraded to the new deployment.

Cisco Identity Services Engine Upgrade Guide, Release 2.12

Upgrade a Cisco ISE Deployment from the GUIUpgrade From Release 2.0 to Release 2.1

Page 3: Upgrade a Cisco ISE Deployment from the GUI

c) Select the Policy Service Nodes and move them to the new deployment. You can alter the sequence in which thePSNs are upgraded.You can upgrade PSNs in sequence or in parallel. You can group together a few PSNs (in to a set) and upgrade themin parallel.

d) Select the Secondary Monitoring Node after the PSNs and move it to the new deployment.e) Finally, select the Primary PAN and move it to the new deployment.If the Administration Nodes also assume the Monitoring persona, then follow the sequence given in the table below:

Sequence of UpgradeNode Personas In The Deployment

1 Secondary Administration/Primary Monitoring2 Policy Service Nodes3 Primary Administration/Secondary Monitoring

Secondary Administration/Primary Monitoring, PSNs,Primary Administration/Secondary Monitoring

1 Secondary Administration/Secondary Monitoring2 Policy Service Nodes3 Primary Administration/Primary Monitoring

Secondary Administration/Secondary Monitoring, PSNs,Primary Administration/Primary Monitoring

1 Secondary Administration2 Primary Monitoring3 PSNs4 Primary Administration/Secondary Monitoring

Secondary Administration, Primary Monitoring, PSNs,Primary Administration/Secondary Monitoring

1 Secondary Administration2 Secondary Monitoring3 PSNs4 Primary Administration/Primary Monitoring

Secondary Administration, Secondary Monitoring, PSNs,Primary Administration/Primary Monitoring

1 Secondary Administration/Primary Monitoring2 PSNs3 Secondary Monitoring4 Primary Administration

Secondary Administration/Primary Monitoring, PSNs,Secondary Monitoring, Primary Administration

1 Secondary Administration/Secondary Monitoring2 PSNs3 Primary Monitoring4 Primary Administration

Secondary Administration/Secondary Monitoring, PSNs,Primary Monitoring, Primary Administration

Step 7 Check the Continue with upgrade on failure check box to continue with upgrade even if upgrade fails on any of thePSNs in the upgrade sequence.

Cisco Identity Services Engine Upgrade Guide, Release 2.1 3

Upgrade a Cisco ISE Deployment from the GUIUpgrade From Release 2.0 to Release 2.1

Page 4: Upgrade a Cisco ISE Deployment from the GUI

This option is not applicable for the Secondary PAN or Primary Monitoring Node. If any one of these nodes fail, theupgrade process is rolled back. If any of the PSNs fail, the SecondaryMonitoring Node and Primary PAN are not upgradedand remain in the old deployment.

Step 8 Click Upgrade to begin the deployment upgrade.The upgrade progress is displayed on screen. On successful completion, the node status changes to “Upgrade complete.”

When you upgrade a node from the Admin portal, if the status has not changed for a long time (and remains at80%), you can check the upgrade logs from the CLI or the status of the upgrade from the console. Log in to theCLI or view the console of the Cisco ISE node to view the progress of upgrade. You can use the show loggingapplication command from the Cisco ISE CLI to view the upgrade-uibackend-cliconsole.log andupgrade-postosupgrade-yyyymmdd-xxxxxx.log.

Note

Troubleshoot Upgrade Failures

Upgrade Bundle Download Via the GUI Times Out

Before upgrade, when you download the upgrade bundle from the repository to the node, the download timesout if it takes more than 35 minutes to complete. This issue occurs because of poor bandwidth connection.

Workaround: Ensure that you have a good bandwidth connection with the repository.

Generic Upgrade Error

The following generic upgrade error appears:error: % Warning: The node has been reverted back to its pre-upgrade

state.

Workaround: Click the Details link. Address the issues that are listed in the Upgrade Failure Details. Afteryou fix all the issues, click Upgrade to reinitiate the upgrade.

Upgrade is in Blocked State

When the node status says that “Upgrade cannot begin…,” the upgrade is in a blocked state. This issue mightoccur when all the nodes in the deployment are not on the same version and/or patch version.

Workaround:Bring all the nodes in the deployment to same version and patch version (upgrade or downgrade,or install or roll back a patch) before you begin upgrade.

No Secondary Administration Node in the Deployment

Cisco ISE upgrade requires a Secondary Administration Node in the deployment. You cannot proceed withupgrade unless you have a Secondary Administration persona enabled on any of the nodes in your deployment.This error occurs when:

• There is no Secondary Administration Node in the deployment.

• The Secondary Administration Node is down.

• The Secondary Administration Node is upgraded and moved to the upgraded deployment. You mightencounter this issue when you click the Refresh Deployment Details button after the SecondaryAdministration Node is upgraded.

Cisco Identity Services Engine Upgrade Guide, Release 2.14

Upgrade a Cisco ISE Deployment from the GUITroubleshoot Upgrade Failures

Page 5: Upgrade a Cisco ISE Deployment from the GUI

Workaround:

• If the deployment does not have a Secondary Administration Node, enable the Secondary Administrationpersona on one of nodes in the deployment and retry upgrade.

• If the Secondary Administration Node is down, bring up the node and retry upgrade.

• If the Secondary Administration Node is upgraded andmoved to the upgraded deployment, thenmanuallyupgrade the other nodes in the deployment from the Command-Line Interface (CLI).

Upgrade Times Out

The ISE node upgrade times out with the following message:Upgrade timed out after minutes: x

Workaround:If you see this error message in the GUI, log in to the CLI of the Cisco ISE node and verifythe status of the upgrade. This error message could either indicate a real issue with the upgrade process orcould be a false alarm.

• If the upgrade was successful and:

◦The node on which you see this error message is the Secondary Administration Node from the olddeployment, then you must upgrade the rest of the nodes from the CLI.

If you remove the Secondary Administration Node from the Upgrade page in the Adminportal, you cannot continue with upgrade from the GUI. Hence, we recommend thatyou continue the upgrade from the CLI for the rest of the nodes.

Note

◦The node on which you see this error message is a non-Secondary Administration Node, removethat node from the Upgrade page in the Admin portal and continue to upgrade the rest of the nodesfrom the GUI.

• If the upgrade process fails, follow the instructions on screen to proceed with upgrade.

Upgrade Fails During Registration on the Primary Administration Node in the Old Deployment

If upgrade fails during registration on the Primary Administration Node (the last node from the old deploymentto be upgraded), the upgrade is rolled back and the node becomes a standalone node.

Workaround: From the CLI, upgrade the node as a standalone node to Release 2.1. Register the node to thenew deployment as a Secondary Administration Node.

Cisco Identity Services Engine Upgrade Guide, Release 2.1 5

Upgrade a Cisco ISE Deployment from the GUITroubleshoot Upgrade Failures

Page 6: Upgrade a Cisco ISE Deployment from the GUI

Cisco Identity Services Engine Upgrade Guide, Release 2.16

Upgrade a Cisco ISE Deployment from the GUITroubleshoot Upgrade Failures


Cisco ISE-PIC Install and Upgrade Overview · Term Definition TheISE-PICbackendcomponentthatreceivessyslog messagesandbreaksthatinputupintopartsthatcan thenbemanaged,mappedandpublishedtoISE-PIC

Cisco ISE-PIC Install and Upgrade Overview · Term Definition TheISE-PICbackendcomponentthatreceivessyslog messagesandbreaksthatinputupintopartsthatcan thenbemanaged,mappedandpublishedtoISE-PIC

Documents
Team Members Stefan Enjem – ISE Joe Van Hofwegen - ISE Young Lee - ISE Joe Pecht - ME

Team Members Stefan Enjem – ISE Joe Van Hofwegen - ISE Young Lee - ISE Joe Pecht - ME

Documents
ISE 422/ME 478/ISE 522 Robotic Systems

ISE 422/ME 478/ISE 522 Robotic Systems

Documents
Upgrade to MODFLOW-GUI: Addition of MODPATH ZONEBDGT, …

Upgrade to MODFLOW-GUI: Addition of MODPATH ZONEBDGT, …

Documents
Tools for Reconfigurable Supercomputing · Spectrum, Xilinx XST-MAP, PAR Xilinx ISE Xilinx ISE Xilinx ISE Xilinx ISE µp compilation Intel - Matlab - Schematic capture-VIVASimulink

Tools for Reconfigurable Supercomputing · Spectrum, Xilinx XST-MAP, PAR Xilinx ISE Xilinx ISE Xilinx ISE Xilinx ISE µp compilation Intel - Matlab - Schematic capture-VIVASimulink

Documents
The chaotic behavior among the oil prices, expectation of ...Shares Index, ISE New Economy Market Index, ISE Investment Trusts Index, ISE Second National Market Index, ISE-30, ISE-50

The chaotic behavior among the oil prices, expectation of ...Shares Index, ISE New Economy Market Index, ISE Investment Trusts Index, ISE Second National Market Index, ISE-30, ISE-50

Documents
ISE Guidance – IdAM Framework for the ISE - ISE.gov

ISE Guidance – IdAM Framework for the ISE - ISE.gov

Documents
Cisco ISE Licenses...Cisco ISE Licenses ThischapterdescribesthelicensingmechanismandschemesthatareavailableforCiscoISEandhowto addandupgradelicenses. • CiscoISELicenses,page1

Cisco ISE Licenses...Cisco ISE Licenses ThischapterdescribesthelicensingmechanismandschemesthatareavailableforCiscoISEandhowto addandupgradelicenses. • CiscoISELicenses,page1

Documents
ISE webinar - Eratostenov eksperiment i ISE ljetna škola u Grčkoj

ISE webinar - Eratostenov eksperiment i ISE ljetna škola u Grčkoj

Education
Ise fs-200 ise-sar-functional_standard_v1_5_issued_2009

Ise fs-200 ise-sar-functional_standard_v1_5_issued_2009

Documents
ACTING AND SPEAKING QUALIFICATION SPECIFICATIONS FROM … (UKI... · 2020. 11. 12. · ISE Assessment Summary: Reading and Writing Module ISE Foundation (A2) ISE I (B1) ISE II B2)

ACTING AND SPEAKING QUALIFICATION SPECIFICATIONS FROM … (UKI... · 2020. 11. 12. · ISE Assessment Summary: Reading and Writing Module ISE Foundation (A2) ISE I (B1) ISE II B2)

Documents
ISE Brochure

ISE Brochure

Documents
Integrated Skills in English (ISE) Classroom Activities – ISE I

Integrated Skills in English (ISE) Classroom Activities – ISE I

Documents
User's Manual · 2018. 1. 11. · StickWriter User's Manual TESSERA TECHNOLOGY INC. 8/124 2.4 Upgrade Version If you connect the StickWriter with old version of GUI before, the upgrade

User's Manual · 2018. 1. 11. · StickWriter User's Manual TESSERA TECHNOLOGY INC. 8/124 2.4 Upgrade Version If you connect the StickWriter with old version of GUI before, the upgrade

Documents
The DL POLY Java Graphical User Interface II · The DL_POLY Java GUI II is an upgrade of the original (Mark I) version of the GUI and incorporates several new features. First among

The DL POLY Java Graphical User Interface II · The DL_POLY Java GUI II is an upgrade of the original (Mark I) version of the GUI and incorporates several new features. First among

Documents
ZyPer Management Platform Release Notes...source for the Multiview config. MP Upgrade ZUHD GUI When you first upgrade from 1.7.4 or 1.8 the ZyPerUHD shows the Join config for Fast

ZyPer Management Platform Release Notes...source for the Multiview config. MP Upgrade ZUHD GUI When you first upgrade from 1.7.4 or 1.8 the ZyPerUHD shows the Join config for Fast

Documents
Wireless Upgrade and Cisco Identity Services Engine (ISE) Implementation for … · 2020. 6. 9. · Wireless Upgrade and Cisco Identity Services Engine (ISE) Implementation for an

Wireless Upgrade and Cisco Identity Services Engine (ISE) Implementation for … · 2020. 6. 9. · Wireless Upgrade and Cisco Identity Services Engine (ISE) Implementation for an

Documents
Heads Up Mass Notify Users guidemassnotify.slingshottechnology.com/Upgrade/Mass Notify Users gui… · Mass Notify personalizes the message, accesses the re cipient’s communication

Heads Up Mass Notify Users guidemassnotify.slingshottechnology.com/Upgrade/Mass Notify Users gui… · Mass Notify personalizes the message, accesses the re cipient’s communication

Documents
Configure RADIUS and TACACS+ for GUI and CLI Authentication … · Configure Tacacs+ WLC Tacacs+ ISE configuration Troubleshooting Introduction This document describes how to configure

Configure RADIUS and TACACS+ for GUI and CLI Authentication … · Configure Tacacs+ WLC Tacacs+ ISE configuration Troubleshooting Introduction This document describes how to configure

Documents
Zhone 6742 CPE Firmware Upgrade via GUI Rev 1-0

Zhone 6742 CPE Firmware Upgrade via GUI Rev 1-0

Documents
Instructor: Lichuan Gui lichuan-gui@uiowa

Instructor: Lichuan Gui lichuan-gui@uiowa

Documents
ISE Troubleshoot

ISE Troubleshoot

Documents
A4 Brochure Course Implementing and Configuring …...• Migrating Cisco ACS to ISE | Module 10 | Cisco ISE Design (Self-Study) • ISE planning and Pre-deployment • ISE sizing

A4 Brochure Course Implementing and Configuring …...• Migrating Cisco ACS to ISE | Module 10 | Cisco ISE Design (Self-Study) • ISE planning and Pre-deployment • ISE sizing

Documents
Languages for.NET: Eiffel Raphael Simon (ISE) Emmanuel Stapf (ISE)

Languages for.NET: Eiffel Raphael Simon (ISE) Emmanuel Stapf (ISE)

Documents
ISE Project

ISE Project

Documents
Cargill Sugar uses newlook to give 2E interfaces a GUI · PDF fileCargill Sugar uses newlook to give 2E interfaces a GUI upgrade ... has used Advantage 2E (formerly COOL:2E and Synon)

Cargill Sugar uses newlook to give 2E interfaces a GUI · PDF fileCargill Sugar uses newlook to give 2E interfaces a GUI upgrade ... has used Advantage 2E (formerly COOL:2E and Synon)

Documents
CD Upgrade Installation Instructions - Cisco · DNCS 4.3.1.6p2 DNCS WUI/GUI 4.3.1.6 DNCS Online Help 4.3.1.0 Report Writer 1.0.0.3 How Long to Complete the Upgrade? The upgrade to

CD Upgrade Installation Instructions - Cisco · DNCS 4.3.1.6p2 DNCS WUI/GUI 4.3.1.6 DNCS Online Help 4.3.1.0 Report Writer 1.0.0.3 How Long to Complete the Upgrade? The upgrade to

Documents
GUI Fugui 2005/04/26. 2 Outline I. GUI overview II. GUI description III. Use GUI IV. GUI principle

GUI Fugui 2005/04/26. 2 Outline I. GUI overview II. GUI description III. Use GUI IV. GUI principle

Documents
ISE Primer

ISE Primer

Documents
Cisco Identity Services Engine Upgrade Guide, Release 2...CONTENTS Short Description? CHAPTER 1 Cisco ISE Upgrade Overview 1 UpgradePath 2 SupportedOperatingSystemforVirtualMachines

Cisco Identity Services Engine Upgrade Guide, Release 2...CONTENTS Short Description? CHAPTER 1 Cisco ISE Upgrade Overview 1 UpgradePath 2 SupportedOperatingSystemforVirtualMachines

Documents