Cisco Identity Services Engine Upgrade Guide, Release 1.1.x
Preface
Downloads: This chapterpdf (PDF - 132.0KB) The complete bookPDF (PDF - 890.0KB) | Feedback

Preface

Table Of Contents

Preface

Overview of Cisco Identity Services Engine

Purpose

Audience

Document Organization

Document Conventions

Related Documentation

Release-Specific Documents

Platform-Specific Documents

Documentation Updates

Obtaining Documentation and Submitting a Service Request


Preface


Revised: June 2013, OL-27087-01

This preface provides the following information about the Cisco Identity Services Engine (ISE) 3300 Series appliance:

Overview of Cisco Identity Services Engine

Purpose

Audience

Document Organization

Document Conventions

Related Documentation

Documentation Updates

Obtaining Documentation and Submitting a Service Request

Overview of Cisco Identity Services Engine

Cisco Identity Services Engine (ISE), as a next-generation identity and access control policy platform enables enterprises to enforce compliance, enhance infrastructure security, and streamline their service operations. Cisco ISE's unique architecture allows enterprises to gather real-time contextual information from networks, users, and devices in order to make proactive governance decisions by tying identity to various network elements including access switches, wireless LAN controllers (WLCs), virtual private network (VPN) gateways, and data center switches.

Cisco ISE is a key component of the Cisco Security Group Access Solution. Cisco ISE is a consolidated policy-based access control solution that:

Combines authentication, authorization, accounting (AAA), posture, profiler, and guest management services into one appliance

Enforces endpoint compliance by checking the device posture of all endpoints accessing the network, including 802.1X environments

Provides support for discovery, profiling, policy-based placement, and monitoring of endpoint devices on the network

Enables consistent policy in centralized and distributed deployments allowing services to be delivered where they are needed

Employs advanced enforcement capabilities including Security Group Access (SGA) through the use of Security Group Tags (SGTs) and Security Group (SG) Access Control Lists (ACLs)

Supports scalability to support a number of deployment scenarios from small office to large enterprise environments

The Cisco ISE software comes preinstalled on a range of physical appliances with various performance characterizations. The inherent scalability of Cisco ISE allows you to add appliances to a deployment and increase performance and resiliency, as needed. The Cisco ISE architecture supports standalone and distributed deployments, along with high-availability options. Cisco ISE allows you to configure and manage your network from a centralized portal for efficiency and ease of use.

Cisco ISE also incorporates distinct configurable roles and services, so that you can create and apply Cisco ISE services where they are needed in the network. The result being a comprehensive Cisco ISE deployment that operates as an fully functional and integrated system.

This current maintanence release, Cisco ISE Release 1.1.4, provides support for Cisco SNS-3400 Series appliances. In addition to the Cisco SNS appliances, Cisco ISE 1.1.4 also supports all the platforms and features that are supported in the ISE Release 1.1.3.

Purpose

This document describes how to upgrade a Cisco Identity Services Engine software image on Cisco ISE Series appliances and VMware virtual machines.

You can upgrade the Cisco Identity Services Engine (ISE) from a previous major release or maintenance release to the latest Cisco ISE Maintenance Release 1.1.x. You can also migrate from the Cisco Secure Access Control System (ACS) Releases 5.1 and 5.2 to the latest Cisco ISE Maintenance Release 1.1.x.

You cannot migrate to the latest Cisco ISE release from Cisco Secure ACS 4.x or lower versions, or from a Cisco Network Admission Control (NAC) Appliance.

For information on migrating from Cisco Secure ACS, Releases 5.1 and 5.2 to the latest Cisco ISE release, see the Cisco Identity Services Engine Migration Guide for Cisco Secure ACS 5.1 and 5.2, Release 1.0.4.


Note You can migrate to the latest Cisco ISE release only from Cisco Secure ACS 5.1 and 5.2 releases. You must upgrade to Cisco Secure ACS 5.1 or 5.2 release before you plan to migrate to the latest Cisco ISE release.


Audience

This guide is designed for network administrators, system integrators, and network deployment personnel who upgrade and configure the Cisco ISE software on Cisco ISE 3300 Series appliances, Cisco SNS-3400 Series appliances, or on the VMware servers. As a prerequisite to using this upgrade guide, you should be familiar with networking equipment and cabling and have a basic knowledge of electronic circuitry, wiring practices, and equipment rack installations.


Warning Only trained and qualified personnel should be allowed to install, replace, or service this equipment. Statement 1030

Document Organization

lists the organization of the Cisco ISE Upgrade Guide, Release 1.1.x.

Table 1 Cisco ISE Upgrade Guide Organization 

Chapter/Appendix and Title
Description

Chapter 1 "Upgrading Cisco ISE"

Describes how to upgrade Cisco ISE from any previous release.

Chapter 2 "Upgrading a Standalone Node"

Describes how to upgrade a Cisco ISE standalone node.

Chapter 3 "Upgrading a Two-Admin Node Deployment"

Describes how to upgrade a Cisco ISE Two-node deployment.

Chapter 4 "Upgrading Distributed Deployment"

Describes how to upgrade Cisco ISE in a distributed deployment.

Chapter 5 "Recovering from Upgrade Failures"

Describes the procedures of how to recover from upgrade failures.


Document Conventions

This guide uses the following conventions to convey instructions and information.

Item
Convention

Commands, keywords, special terminology, and options that should be chosen during procedures

boldface font

Variables for which you supply values and new or important terminology

italic font

Displayed session and system information, paths, and file names

screen font

Information you enter

boldface screen font

Variables you enter

italic screen font

Menu items and button names

boldface font

Indicates menu items to choose, in the order in which you choose them.

Option > Network Preferences



Note Means reader take note. Notes contain helpful suggestions or references to material that is not covered in this guide



Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.

Related Documentation

Release-Specific Documents

lists the product documentation available for the Cisco ISE Release. General product information for Cisco ISE is available at http://www.cisco.com/go/ise. End-user documentation is available on Cisco.com at http://www.cisco.com/en/US/products/ps11640/tsd_products_support_series_home.html.

Table 2 Product Documentation for Cisco Identity Services Engine 

Document Title
Location

Release Notes for the Cisco Identity Services Engine, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/prod_release_notes_list.html

Cisco Identity Services Engine Network Component Compatibility, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/products_device_support_tables_list.html

Cisco Identity Services Engine User Guide, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/products_user_guide_list.html

Cisco Identity Services Engine Hardware Installation Guide, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/prod_installation_guides_list.html

Cisco Identity Services Engine Upgrade Guide, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/prod_installation_guides_list.html

Cisco Identity Services Engine Migration Guide for Cisco Secure ACS 5.1 and 5.2, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/prod_installation_guides_list.html

Cisco Identity Services Engine Sponsor Portal User Guide, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/products_user_guide_list.html

Cisco Identity Services Engine CLI Reference Guide, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/prod_command_reference_list.html

Cisco Identity Services Engine API Reference Guide, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/prod_command_reference_list.html

Cisco Identity Services Engine Troubleshooting Guide, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/prod_troubleshooting_guides_list.html

Regulatory Compliance and Safety Information for Cisco Identity Services Engine, Cisco 1121 Secure Access Control System, Cisco NAC Appliance, Cisco NAC Guest Server, and Cisco NAC Profiler

http://www.cisco.com/en/US/products/ps11640/prod_installation_guides_list.html

Cisco Identity Services Engine In-Box Documentation and China RoHS Pointer Card

http://www.cisco.com/en/US/products/ps11640/products_documentation_roadmaps_list.html


Platform-Specific Documents

Links to other platform-specific documentation are available at the following locations:

Cisco ISE
http://www.cisco.com/en/US/products/ps11640/prod_installation_guides_list.html

Cisco Secure ACS
http://www.cisco.com/en/US/products/ps9911/tsd_products_support_series_home.html

Cisco NAC Appliance
http://www.cisco.com/en/US/products/ps6128/tsd_products_support_series_home.html

Cisco NAC Profiler
http://www.cisco.com/en/US/products/ps8464/tsd_products_support_series_home.html

Cisco NAC Guest Server
http://www.cisco.com/en/US/products/ps10160/tsd_products_support_series_home.html

Documentation Updates

lists the documentation updates for this Cisco ISE product release.

Table 3 Updates for Cisco Identity Services Engine Upgrade Guide, Release 1.1.x

Date
Description

4/25/13

Cisco Identity Services Engine, Release 1.1.4

4/24/13

Cisco Identity Services Engine, Release 1.1.3

10/31/12

Cisco Identity Services Engine, Release 1.1.2

7/10/12

Cisco Identity Services Engine, Release 1.1.1

9/20/12

Updated the upgrade procedure for two-node and distributed deployments based on CSCub56366.


Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop by using a reader application. The RSS feeds are a free service, and Cisco currently supports RSS Version 2.0.