As we know Cisco ISE does not support increasing the disk space, so if we run out of disk space, then the only option in theory would be to re-image the ISE node allocating more disk space. I said in theory because in reality you would be able to increase ISE disk space at the Linux level.
To do that you would need to use a Linux machine and mounting ISE VMs partitions and copying over the files from the old to the new VM. However, this approach of course is not supported by Cisco and you might lose Cisco support if you should go for it.
What I am going to show you in this post instead is a workaround to increase ISE nodes disk space with no interaction at the Linux level minimizing all the admin tasks.
This approach is applicable to ISE virtual appliances and it will still require spinning up new virtual machines. Let’s assume we have a cube of only two ISE nodes and we want to increase the disk space on both nodes.
The summary of the below steps is that you need to spin up new VMs with same software version and same patch, and then adding them to the cube as PSNs. After that, you will promote the PSNs to be the PANs.
During the installation of the new PSNs you will use different IP addresses and FQDNs. However, before you promote them to become the PANs you will change the IP addresses and the FQDNs to be the same as the ones you had on the PANs, and finally installing the new licenses.
Topology
As I mentioned before this approach will still require you to spin up new VMs in the same way you would do to re-image ISE nodes. The difference with this approach is that you will have minimum administrative work comparing to what you would do if you were re-imaging and restoring from backups etc.
Step 1: Deploy a New VM
In this step you will spin up a new VM and allocate the new disk size along with memory and CPU. The software version needs to be the same as the one that is running on the current ISE nodes.
Step 2: Bootstrap
In this step you will go through all the bootstrap configuration as normal. Use a different IP address and a different FQDN.
Step 3: Apply Software Patch
In this step you will apply the software patch to be the exact one that is running on the current ISE nodes.
Step 4: Add New VM to the Cube
Now that you have completed the preparation of the new VM, you need to add it to the deployment. Add the new VM as a PSN.
Step 5: De-register and Shutdown the Secondary PAN
Now you need to remove the secondary PAN from the deployment and preparing the new PSN you have just added to be the new secondary PAN.
Step 6: Change IP Address and FQDN
At this stage, you need to change the IP address and the FQDN on the new PSN to be the same as the ones you had on the secondary PAN.
Step 7: Add Persona
Now you need to add the Administration and Monitoring Persona to this new PSN and to make it the secondary PAN. Wait for the synchronization to be completed between this new secondary PAN and the primary PAN.
Step 8: Promote the New PSN
Now that the new secondary PAN is synch’ed up with the primary, you can go ahead and promote the secondary PAN to the primary. Now the next steps to re-image the other node that is now the secondary PAN are going to be very similar to what you have done previously.
Step 9: Install Licenses
Because re-imaging ISE nodes implies regenerating a new UID on the PANs you need to install the new licenses that you should have asked Cisco to provide you with. Typically it would be enough just to drop an email to licensing@cisco.com with the SO and the new UIDs asking them to regenerate the new licenses. They will then send you the new licenses which would typically be within a couple of hours.
Step 10: Deploy Another New VM
Similar to step 1, you will spin up a new VM and allocate the new disk size along with memory and CPU. The software version needs to be the same as the one that is running on the current ISE nodes.
Step 11: Bootstrap
Go through all the bootstrap configuration as normal. Also here use a different IP address and a different FQDN.
Step 12: Apply Software Patch
Apply the software patch to be the exact one that is running on the current ISE nodes.
Step 13: Add New VM to the Cube
Similar to before, add the new VM to the deployment as a PSN.
Step 14: De-register and Shutdown the Secondary PAN
Now you need to remove the secondary PAN which was the old primary in the deployment, and preparing the new PSN to be the new secondary PAN.
Step 15: Change IP Address and FQDN
Once the secondary PAN is shutdown go ahead and change the IP address and the FQDN of the new PSN to be the same as the ones you had on the secondary PAN.
Step 16: Add Persona
Add the Administration and Monitoring Persona to this new PSN, and make it the secondary PAN. Wait for the synchronization to be completed between this new secondary PAN and the primary PAN.
Step 17: Promote the New PSN
Finally, once this new secondary PAN is synch’ed up with the primary, go ahead and promote it to become the new primary. With this step you’ve completed all the tasks, and seen how to increase ISE nodes disk space.
Note: If you have enough resources at VMware level then you could spin up two VMs at the same time, and adding them as PSNs to the deployment and then following the rest of the steps. The only advantage that you would get by doing that would be to complete quicker the whole deployment.
This wraps up this post about how to increase ISE nodes disk space. I hope you enjoyed reading this post, and as always, I would love to hear your feedback. Thanks for reading!
