ISE 3.4 Migration: Decisions & Risks

Decision Log

Date	Decision	Rationale	Decided By
2026-03-16	Upgrade to 3.3 first, then evaluate 3.4	Stepping-stone approach minimizes risk. 3.3 is proven stable. Direct 3.2-to-3.4 jump has less community validation.	Evan
2026-03-16	Hardware stays as-is (SNS-3755-K9)	Hardware refresh assessment confirmed appliance supports newer ISE versions. No hardware constraint.	Evan
2026-03-25	Weekend maintenance window preferred	Hospital operations require minimal disruption. Weekend gives longest recovery window if issues arise.	Evan
2026-03-25	Lab testing mandatory before production	Home lab ISE 3.5 available for upgrade path validation. Test policies, integrations, and rollback procedure.	Evan

Date

Decision

Rationale

Decided By

2026-03-16

Upgrade to 3.3 first, then evaluate 3.4

Stepping-stone approach minimizes risk. 3.3 is proven stable. Direct 3.2-to-3.4 jump has less community validation.

Evan

2026-03-16

Hardware stays as-is (SNS-3755-K9)

Hardware refresh assessment confirmed appliance supports newer ISE versions. No hardware constraint.

Evan

2026-03-25

Weekend maintenance window preferred

Hospital operations require minimal disruption. Weekend gives longest recovery window if issues arise.

Evan

2026-03-25

Lab testing mandatory before production

Home lab ISE 3.5 available for upgrade path validation. Test policies, integrations, and rollback procedure.

Evan

Risk Assessment

Risk	Likelihood	Impact	Mitigation	Contingency
Upgrade breaks existing authentication policies	Medium	Critical	Full backup before upgrade. Test all policy sets in lab. Document every policy rule.	Restore from backup. Rollback to 3.2 using saved ISOs.
Maintenance window too short for 6+ nodes	Medium	High	Rolling upgrade strategy (one node at a time). Pre-stage packages on all nodes.	Split into multiple windows. Upgrade PAN/MNT first, PSNs in separate window.
AD/LDAP integration breaks after version change	Low	Critical	Test AD join, LDAP queries, identity source sequence in lab before production.	Rejoin AD. Reconfigure LDAP source. Documented recovery steps.
pxGrid subscribers disconnect during upgrade	Medium	Medium	Notify pxGrid consumers (FMC, Splunk, etc.) before window. Test reconnection in lab.	Manually restart pxGrid services post-upgrade. Reconfigure subscriptions if needed.
CAB delays push upgrade past acceptable risk window	High	Medium	Submit CR early with full justification. Include EOS dates and security risk in business case.	Escalate to CISO with risk acceptance documentation if CAB timeline slips.

Risk

Likelihood

Impact

Mitigation

Contingency

Upgrade breaks existing authentication policies

Medium

Critical

Full backup before upgrade. Test all policy sets in lab. Document every policy rule.

Restore from backup. Rollback to 3.2 using saved ISOs.

Maintenance window too short for 6+ nodes

Medium

High

Rolling upgrade strategy (one node at a time). Pre-stage packages on all nodes.

Split into multiple windows. Upgrade PAN/MNT first, PSNs in separate window.

AD/LDAP integration breaks after version change

Low

Critical

Test AD join, LDAP queries, identity source sequence in lab before production.

Rejoin AD. Reconfigure LDAP source. Documented recovery steps.

pxGrid subscribers disconnect during upgrade

Medium

Notify pxGrid consumers (FMC, Splunk, etc.) before window. Test reconnection in lab.

Manually restart pxGrid services post-upgrade. Reconfigure subscriptions if needed.

CAB delays push upgrade past acceptable risk window

High

Medium

Submit CR early with full justification. Include EOS dates and security risk in business case.

Escalate to CISO with risk acceptance documentation if CAB timeline slips.

Stakeholders

Evan - Technical lead
Network Team - Coordination
CAB - Change approval
InfoSec - Security sign-off