Cisco Identity Service Engine Upgrade Overview
This document describes how to upgrade your Cisco Identity Services Engine (ISE) software on Cisco ISE appliances and virtual machines to Release 2.2.
Upgrading a Cisco ISE deployment is a multistep process and must be performed in the order that is specified in this document. Use the time estimates provided in this document to plan for an upgrade with minimum downtime. For a deployment with multiple Policy Service Nodes (PSNs) that are part of a PSN group, there is no downtime. If there are endpoints that are authenticated through a PSN that is being upgraded, the request is processed by another PSN in the node group. The endpoint is reauthenticated and granted network access after the authentication is successful.
Note |
If you have a standalone deployment or a deployment with a single PSN, you might experience a downtime for all authentications when the PSN is being upgraded. |
You can directly upgrade to Release 2.2, from any of the following releases:
-
Cisco ISE, Release 1.4
-
Cisco ISE, Release 2.0
-
Cisco ISE, Release 2.0.1
-
Cisco ISE, Release 2.1
Note |
Due to the following known issues, we recommend that you apply the latest patch to your current Cisco ISE version before upgrade: |
If you are on a version earlier than Cisco ISE, Release 1.4, you must first upgrade to one of the releases that are listed above and then upgrade to Release 2.2.
You can download the upgrade bundle from Cisco.com. The following upgrade bundles are available for Release 2.2:
-
ise-upgradebundle-1.4.x-to-2.2.0.x.x86_64.tar.gz: Use this bundle to upgrade from Release 1.4 to 2.2
-
ise-upgradebundle-2.0.x-to-2.2.0.x.x86_64.tar.gz: Use this bundle to upgrade from Release 2.0 or Release 2.0.1 to 2.2
-
ise-upgradebundle-2.2.0.x.x86_64.tar.gz: Use this bundle to upgrade from Release 2.1 to 2.2
This release of Cisco ISE supports both GUI-based and CLI-based upgrade.
Note |
The GUI-based upgrade from the Admin portal is supported only if you are currently on Release 2.0 or later and want to upgrade to Release 2.2. See Upgrade a Cisco ISE Deployment from the GUI for more information. |
From the Cisco ISE CLI, you can upgrade from Release 1.4, 2.0, 2.0.1, or 2.1 directly to Release 2.2. See Upgrade a Cisco ISE Deployment from the CLI for more information.
Whether you choose GUI or CLI for your upgrade, in order to upgrade your deployment with minimum downtime while providing maximum resiliency and ability to roll back, we recommend that you perform the upgrade in the following order:
-
All configuration and monitoring data. This task should be done before initiating upgrade in order to ensure that you can easily roll back manually, if necessary.
-
Secondary Administration Node
Note
At this point, the Primary Administration Node remains at the previous version and can be used for rollback if the upgrade fails.
-
Primary Monitoring Node
-
Policy Service nodes
After you upgrade a set of Policy Service nodes, verify whether the upgrade is successful (see Verify the Upgrade Process) and run the necessary network tests to ensure that the new deployment is functioning as expected. If the upgrade is successful, you can upgrade the next set of Policy Service nodes.
-
Secondary Monitoring Node
-
Primary Administration Node
Note
Rerun the upgrade verification and network tests after you upgrade the Primary Administration Node.
After the upgrade, the Secondary Administration Node becomes the Primary Administration Node, and the original Primary Administration Node becomes the Secondary Administration Node. In the Edit Node window, click Promote to Primary to promote the Secondary Administration Node as the Primary Administration Node (as in your old deployment), if necessary.