https://community.cisco.com/t5/network-access-control/ise-distributed-deployment/m-p/4872603#M582833 <P>If it was my choice I would lay it out like this for a deployment that needs to support 25k+ active endpoints. You can increase the number of PSN nodes as the scale requires but the key component for me is that I would recommend putting the PSN nodes behind load balancers. This is not a hard requirement but this greatly simplifies the network device configuration since you can deploy all three load balancer virtual IP's to each network device in the order that makes sense. You can scale the deployment by adding PSN nodes without having to do much rework, and the maintanance/patching becomes much more transparent since network devices can have a VIP remain up with nodes being down.&nbsp;</P> <P><STRONG>Primary DC&nbsp;<BR /></STRONG></P> <UL> <LI>1x Primary Admin Node</LI> <LI>1x Primary Monitoring Node</LI> <LI>At least 2x Policy Service Node (behind a load balancer)</LI> <LI>1x PxGrid Node if required</LI> </UL> <P><STRONG>Secondary DC</STRONG></P> <UL> <LI>1x Secondary Admin Node</LI> <LI>1x Secondary Monitoring Node</LI> <LI>At least 2x Policy Service Node (behind a load balancer)</LI> <LI>1x PxGrid node if required</LI> </UL> <P><STRONG>Tertiary DC</STRONG></P> <UL> <LI>At least 2x Policy Service Node (behind a load balancer)</LI> </UL> <P>&nbsp;</P> Wed, 12 Jul 2023 15:18:18 GMT Damien Miller 2023-07-12T15:18:18Z https://community.cisco.com/t5/network-access-control/ise-distributed-deployment/m-p/4871808#M582794 <P>How can i best structure a large deployment with three Data Centers?</P> Tue, 11 Jul 2023 14:39:03 GMT https://community.cisco.com/t5/network-access-control/ise-distributed-deployment/m-p/4871808#M582794 isabela 2023-07-11T14:39:03Z https://community.cisco.com/t5/network-access-control/ise-distributed-deployment/m-p/4871901#M582801 <P>There are many options Which is best for you depends a lot on your particular requirements.</P> <P>You should start by reviewing this guide: <A href="https://cs.co/ise-scale" target="_blank">https://cs.co/ise-scale</A></P> Tue, 11 Jul 2023 17:06:56 GMT https://community.cisco.com/t5/network-access-control/ise-distributed-deployment/m-p/4871901#M582801 Marvin Rhoads 2023-07-11T17:06:56Z https://community.cisco.com/t5/network-access-control/ise-distributed-deployment/m-p/4872603#M582833 <P>If it was my choice I would lay it out like this for a deployment that needs to support 25k+ active endpoints. You can increase the number of PSN nodes as the scale requires but the key component for me is that I would recommend putting the PSN nodes behind load balancers. This is not a hard requirement but this greatly simplifies the network device configuration since you can deploy all three load balancer virtual IP's to each network device in the order that makes sense. You can scale the deployment by adding PSN nodes without having to do much rework, and the maintanance/patching becomes much more transparent since network devices can have a VIP remain up with nodes being down.&nbsp;</P> <P><STRONG>Primary DC&nbsp;<BR /></STRONG></P> <UL> <LI>1x Primary Admin Node</LI> <LI>1x Primary Monitoring Node</LI> <LI>At least 2x Policy Service Node (behind a load balancer)</LI> <LI>1x PxGrid Node if required</LI> </UL> <P><STRONG>Secondary DC</STRONG></P> <UL> <LI>1x Secondary Admin Node</LI> <LI>1x Secondary Monitoring Node</LI> <LI>At least 2x Policy Service Node (behind a load balancer)</LI> <LI>1x PxGrid node if required</LI> </UL> <P><STRONG>Tertiary DC</STRONG></P> <UL> <LI>At least 2x Policy Service Node (behind a load balancer)</LI> </UL> <P>&nbsp;</P> Wed, 12 Jul 2023 15:18:18 GMT https://community.cisco.com/t5/network-access-control/ise-distributed-deployment/m-p/4872603#M582833 Damien Miller 2023-07-12T15:18:18Z