How to add an additional Cisco Identity Services Node in an existing environment
Cisco provides an OVA file for the VMWare ESX server which can be deployed using ESX. OVA is configured with all the settings and preconfigured disk space.
Use the link to download Cisco ISE
https://software.cisco.com/download/home
Once you have deployed the OVA file, Power it on and go to the console, in order to configure it, you will need to type “SETUP” to start configuring the appliance.
Below is what you will need to do the initial setup.
- IP address
- Domain name
- Time zone settings
- DNS servers
- NTP servers info
- You can enable or disable SSH
- Username and Password setup
Once these are entered, ISE will then reboot and start the installation process.
This can take up to 30 minutes complete. Once the ISE node is up it is installed as a stand-alone node and does not see any other nodes in the network, if this is the first node then you have the option to promote to primary and assign the roles you need.
There are two things that you will need to do.
- Export the certificate from the new Cisco ISE node to the Existing Cisco ISE primary node.
- Export the certificate from the primary node to the new standalone node
With the certificates, they now can trust each other.
Below are the steps to join the new node as an HA node to the existing environment
Procedure
Step 1 | Log in to the primary PAN. |
Step 2 | Choose Administration > System > Deployment. |
Step 3 | Click Register to initiate registration of a secondary node. |
Step 4 | Enter the DNS-resolvable fully qualified domain name (FQDN) of the standalone node that you are going to register (in the format hostname.domain-name, for example, abc.xyz.com). The FQDN of the primary PAN and the node being registered must be resolvable from each other. |
Step 5 | Enter the GUI-based administrator credentials for the secondary node in the Username and Password fields. |
Step 6 | Click Next.
The primary PAN tries to establish TLS communication (for the first time) with the node being registered.
|
Step 7 | Select the personas and services to be enabled on the node, and then click Save. |
The Primary Admin Node will start replicating the configuration to the new node. After the registered node is synchronized and restarted, you can log in to the secondary node GUI using the same credentials used on the primary PAN.