With a standalone deployment ISE handles functions like Administration, Monitoring and Policy Services. For redundancy purpose you can add another ISE node to your deployment to let it take over in case the primary node fails. We have ISE01 in standalone mode and we’ve installed ISE02 as an empty node in standalone mode as wel. Let’s refer to ISE01 as the Primary and ISE02 as the Secondary.
What do you need to do?
In order to add a secondary node the current standalone ISE deployment you will need to change the current deployment type in ISE01. In order to add nodes to your deployment ISE uses login credentials and server certificates to authenticate itself to that node. That certificate needs to be installed on the Primary node ISE01 first.
Make ISE01 Primary
Go to Administrator / System / Deployment, edit ISE01 node. Click on “Make Primary” and “Save”
Upload server certificate
Go to Administrator / System / Certificates. Check the certificate with the name “Default self-signed certificate” and choose Export. Two files will be downloaded.
- Server certificate in .pem format
- Private key in .pvk format
Installed the self-signed certificate and private key on ISE02 via Administration / System / Certificates / System Certificates / Import
Add node to your deployment
Now we can register ISE02 as an additional node.
“When they tell you it can take minutes, grab a coffee or two and have a chat with your colleagues!”