Skip to main content
How Can We Help?
IT Services
Back
IT Consulting
Back
IT Strategy
Assessments
Audit Readiness
IT Governance & Security
Professional Services
Back
Project Implementation
IT Staff Augmentation
Development
Managed IT Services
Back
OnDemand Access
OnDemand Assurance
Technology Solutions
Back
Collaboration
Back
Unified Communications
Contact Center
Conferencing
Networking
Back
Enterprise Networking
Mobility & WiFi
IoT Network
Software Defined Networking
Data Center
Back
Data Center Networking
Compute
Converged Hyperconverged
Data Storage
Data Protection
Cloud Solutions
Cybersecurity
Back
Network Access Control
Endpoint Protection
Cloud Security
Identity Management
Threat Intelligence
Industries
Back
Healthcare
State & Local Government
Education
Manufacturing
Service Provider
Retail
Financial Services
Learning Center
Back
Blogs
Videos
eBooks
Tools
Pricing
About
Back
Our Company
Our Process
Why IE
Customer Experience
Corporate Social Responsibility
Partners
Events
Careers
Contact
MyIE Login
OnDemand Login
How Can We Help?

«  View All Posts

Cisco ISE Licensing: Navigating the Upgrade from 2.X to 3.X Blog Feature
Internetwork Engineering

By: Internetwork Engineering on April 30th, 2024

Print/Save as PDF

Cisco ISE Licensing: Navigating the Upgrade from 2.X to 3.X

Networking | Network Access Control | Cybersecurity | Identity Management

In the ever-evolving landscape of network security, staying up to date with the latest technologies and features is paramount. For users of Cisco Identity Services Engine (ISE), upgrading from version 2.X to 3.X presents an opportunity to leverage new functionalities while maintaining robust security measures. However, this transition requires careful planning and execution to guarantee a seamless upgrade process.  

In this guide, we'll outline the essential steps to navigate the upgrade effectively for a smooth transition and maximized benefits of Cisco ISE 3.X. 

Pre-Upgrade Preparation: Before embarking on the upgrade journey, thorough preparation is crucial. Here's what you need to do: 

  • Review Release Notes: Familiarize yourself with the release notes for Cisco ISE 3.X. Understand the new features, enhancements, and any changes in behavior or prerequisites. 
  • Backup: Safeguard your existing Cisco ISE 2.X deployment by backing up configurations, certificates, and critical data. This establishes a reliable restore point in case of any issues during the upgrade. You don’t want to start over with your configurations! Double check that you have backed up all certificates to the box. Note that this is a manual process.  
  • Compatibility Check: Verify that your current hardware and software components meet the requirements for Cisco ISE 3.X. Check hardware specifications, virtualization platforms, and supported operating systems. 

  • License Review: Confirm that your existing licenses are valid for Cisco ISE 3.X and that you have the appropriate licenses for any new features you plan to utilize. 
  • Upgrade Process: Once you've completed the pre-upgrade preparation, it's time to proceed with the upgrade. 
  • Download the Upgrade Package: Obtain the Cisco ISE 3.X upgrade package from the Cisco Software Download Center, ensuring you have the correct version for your deployment. 

Upgrade Process: Follow the recommended upgrade path provided by Cisco. This typically involves installing the new version alongside the existing one, migrating configuration settings, and confirming that your data has transferred. 

Another option you have for the upgrade process— worth considering especially if you are a smaller team — is to start your upgrade fresh. Look at this upgrade as an opportunity to clean out unnecessary data that you may be storing and review your environment. Think about the impact that old, outdated patches or endpoint data can have on your new, upgraded system. If you have the capacity, we recommend doing your backup and then rebuilding every single time you want to upgrade. Upgrades can bring in corruption. Not only is this a better method, but in many cases, it is the faster method.  

  • CISCO DU Preferred Upgrade 

Consider spinning up the new image for the 3.X upgrade as a new box or VM or rebuild one of the existing ISE nodes you have with the new image.  

Keep in mind that if you upgrade your box, newer versions will require more disk space as some of the more current ISE nodes require significantly more resources. Not all physical boxes can be upgraded which means that not all nodes will carry over. Upgrading alone will not fix this problem for you.  

RESTORE the image that you have at that point 

  • Restore Backup  
  • Restore certificates 
  • Restore configuration 
  • Rejoin the ISE node to the domain 
  • Any additional nodes don't have to be restored just added to the deployment 

The admin node pushes the intelligence out to every node in your environment. At IE, we consider this a much more efficient way to upgrade your ISE environment. If you want to learn more, contact us.  

Configuration Migration: Migrate your existing configuration from ISE 2.X to 3.X. Export configurations, policies, and settings from the old version and import them into the new one. 

Testing and Validation: After completing the upgrade and configuration migration, thorough testing is essential to verify that everything works as intended: 

  • Testing: Validate that your policies, authentication methods, and configurations function correctly in the new version of Cisco ISE. Test integrations with other systems to confirm seamless operation. Once you’ve restored your environment, all your assets should be present. You'll have 90 days to re-up your licensing or risk being locked out of your system (though it will keep running, still an inconvenience). 
  • Certificate Renewal: Review and renew any certificates that might have expired or are due to expire. Also, verify the proper installation and configuration of certificates in the new version. 
  • Register your Licensing: Since you are upgrading to 3.X (or x) you will need a smart account for your device. If you are making the jump from any 2.x licenses to 3.x, the smart account registration will be required. 

Post-Upgrade Tasks: Once the upgrade is successful, there are several post-upgrade tasks to complete: 

  • User Communication: Inform users and stakeholders about the upgrade, providing necessary information and instructions to minimize disruption during the transition. 
  • Rollback Plan: Prepare a rollback plan in case of critical issues during the upgrade. Outline steps to revert to the previous version while preserving data and configurations. 
  • Security Updates: Stay current with security updates and patches released for Cisco ISE 3.X. Regularly apply these updates to maintain a secure deployment. 

Ongoing Maintenance: After completing the upgrade, ongoing monitoring and maintenance are essential to ensure the continued security and performance of your Cisco ISE deployment: 

  • Training and Knowledge Sharing: Train your team on the new features and changes introduced in Cisco ISE 3.X. Foster knowledge sharing to encourage efficient utilization of the upgraded environment. 
  • Ongoing Monitoring: Continuously monitor the performance and stability of your Cisco ISE deployment. Address any issues promptly and stay engaged with the Cisco community for best practices and troubleshooting. 

Need Assistance with Your Upgrade? 

IE offers an expert team of engineers specializing in Cisco ISE deployments, upgrades, and optimal utilization for customers. We’re here to help you upgrade efficiently and utilize the most cost-effective Cisco ISE license for your needs. You can request assistance from our ISE engineers or learn how to maximize the ISE deployment in your environment here. Additionally, Cisco provides some helpful resources and walkthroughs on the process. Regardless of how you’d like to proceed with this upgrade, we’re here to help! 

Watch the Cisco ISE Upgrade Demo

Sources: 

https://software.cisco.com/download/home/283801620/type/283802505/release/3.2.0 

https://community.cisco.com/t5/network-access-control/cisco-identity-service-engine-ise-in-aws-cloud/td-p/4750442 

https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/upgrade_guide/HTML/b_upgrade_method_3_1.html