Cisco ISE 2.0 patch 1 upgrade

Recently I had to apply the first patch on Cisco ISE 2.0 production installation. I was concerned a bit as it was to restart the services on all nodes and I was not sure if it will do it one at a time and in what order. The following information was available on Cisco ISE Administration Guide 2.0 and it cleared up my first question.

When you install a patch from the PAN that is part of a distributed deployment, Cisco ISE installs the patch on the primary node and then all the secondary nodes in the deployment. If the patch installation is successful on the PAN, Cisco ISE then continues patch installation on the secondary nodes. …. Secondary Cisco ISE nodes are restarted consecutively after the patch is installed on those nodes.

All I had to do is find out the order. This matters because if node is remote then timezone or link bandwidth needs to be considered. Based on the installation process patch was applied in alphabetical order. As you can see on the screenshot taking during upgrade SVA primary admin node was upgraded first then installation started on ORL nodes.

Cisco ISE 2.0 patch installationFor my deployment with 4 nodes local and 2 nodes connected over MPLS link it took a bit over 40 minutes to upgrade the whole environment.

 Takeaways:

  • Cisco ISE applies patch consecutively and in alphabetical order.
  • Timezone and bandwidth need to be taken into consideration based on the node name.

Leave a reply:

Your email address will not be published.

Site Footer

Sliding Sidebar