Introduction

Patching and backing up your Identity Services Engine (ISE) deployment are critical practices for maintaining the security, stability, and reliability your ISE cluster.

Patching is essential because it includes updates and enhancements that improve system performance, fix bugs, and introduce new features. This helps keep your ISE deployment running smoothly and securely.

Backing up your ISE configuration and data is equally crucial as it safeguards against data loss or system failure. In the event of hardware failure or corruption, having a recent backup allows you to restore your ISE environment to its previous state quickly, minimizing downtime and disruption to your network operations.

Patching ISE

ISE patches are cumulative. This means that you only need to update to the latest patch, including all fixes from previous versions. You can download ISE patches from software.cisco.com.

Navigate to Administration>System>Maintenance>Patch Management.

Click the Install button.

Click the Choose File button and choose the ISE patch bundle you previously downloaded.

Click the Install button.

It should take approximately 20-70 minutes to install as it will upload the patch, install it on each ISE node, and restart the services on each node as it is patched.

After the patch is installed on all the ISE nodes, you should be able to log back into ISE and navigate to Navigate to Administration>System>Maintenance>Patch Management.

Here, you should see the newly installed patch, node status, and even the option to rollback a patch if an issue arises.

Performing Backups on ISE

To back up ISE, we first need to add a repository. ISE supports FTP, SFTP, TFTP, NFS, CDROM, HTTP, HTTPS, and DISK repositories.

Navigate to Administration>System>Maintenance>Repository.

Click Add.

Configure the repository server in the Add Repository screen.

Once completed, click the Submit button.

You should now see your repository in the repository list.

Navigate to Administration>System>Backup & Restore.

From here, you can choose from two types of backupes:

  • Operational backup – Includes ALL the monitoring and troubleshooting data in the database, including the session information. These backups tend to be much larger and require a lot of disk size depending on the deployment.
  • Configuration backup – Includes system settings, network device configurations, policies, and endpoint identity information.

If you would like to create a schedule for your backup, you can click the Schedule link.

From here, you can schedule a single backup or a scheduled backup.

Each ISE backup needs to be encrypted, so you need to select an encryption key that will be remembered or safely stored in case you need to restore it in the future.

In the below screenshot, I scheduled my backup for every Thursday at 12AM

You may also trigger a one-time manual backup using the Backup Now button on the Backup & Restore screen.