ISE 2.2 :: A Tale of Two Nodes

With a standalone deployment ISE handles functions like Administration, Monitoring and Policy Services. For redundancy purpose you can add another ISE node to your deployment to let it take over in case the primary node fails. We have ISE01 in standalone mode and we’ve installed ISE02 as an empty node in standalone mode as wel. Let’s refer to ISE01 as the Primary and ISE02 as the Secondary.

What do you need to do?

Prepare deployment

In order to add a secondary node the current standalone ISE deployment you will need to change the current deployment type in ISE01. In order to add nodes to your deployment ISE uses login credentials and server certificates to authenticate itself to that node. That certificate needs to be installed on the Primary node ISE01 first.

Make ISE01 Primary

Go to Administrator / System / Deployment, edit ISE01 node. Click on “Make Primary” and “Save”

Upload server certificate

Go to Administrator / System / Certificates. Check the certificate with the name “Default self-signed certificate” and choose Export. Two files will be downloaded.

  • Server certificate in .pem format
  • Private key in .pvk format

Installed the self-signed certificate and private key on ISE02 via Administration / System / Certificates / System Certificates / Import

Click Submit to import both certificate and private key in the System Certificate store under Certificate Management. No need to check boxes under Usage.
Go to Administration / System / Deployment and choose Register

Add node to your deployment

Now we can register ISE02 as an additional node.

Fill in the required details and click Next
Configure node as SECONDARY and check the required services you want to run on this node. Click Submit.
A status message appears stating that the ISE02 node will sync up and restart it’s processes.

“When they tell you it can take minutes, grab a coffee or two and have a chat with your colleagues!”

The yellow marker indicates that sync is in progress. The Webgui on ISE02 will be unavailable as processes are restarted.
High Availability at its end state.
ISE02 looks exactly like a secondary node should look like.

Leave a Reply