https://community.cisco.com/t5/network-access-control/ise-sizing-and-scalability-question/m-p/5127026#M589896 No, dedicated pxGrid node is required in a large deployment.<BR /> Fri, 07 Jun 2024 09:54:30 GMT ahollifield 2024-06-07T09:54:30Z https://community.cisco.com/t5/network-access-control/ise-sizing-and-scalability-question/m-p/5123374#M589795 <P>Hi All,</P><P>I'm currently working on an ISE 3.2 Medium Deployment design that will comprise of 2 x SNS 3795 appliances operating as combind PAN + MnT + pxGrid nodes and 4 x SNS 3755 appliances operating as PSN nodes.</P><P>I want to confirm the maxium scalability of this design against the following ISE Performance and Scalbility document, however I'm not sure if I'm interpretting the info correctly.</P><P><A href="https://www.cisco.com/c/en/us/td/docs/security/ise/performance_and_scalability/b_ise_perf_and_scale.html" target="_blank" rel="noopener">https://www.cisco.com/c/en/us/td/docs/security/ise/performance_and_scalability/b_ise_perf_and_scale.html</A></P><P>Based on this guide, the maxium concurrent sessions that a Medium deployment can support using the SNS 3795 as cominbed PAN + MnT + pxGrid node is 150,000. Although the 4 x SNS 3755 PSNs each support 100,000 concurrent active sessions, the maximum possible conncurrent sessions is dictated by the PAN/MnT/PxGrid deployment which is 150k in this example, is that correct?</P><P>Also for the PSNs, what is meant by "Shared PSN (Cisco ISE node has multiple Personas)"? Is this only applicable if pxGrid is also running on the PSN or does it included services such as Device Admin and SXP?</P><P>&nbsp;</P> Mon, 03 Jun 2024 12:10:23 GMT https://community.cisco.com/t5/network-access-control/ise-sizing-and-scalability-question/m-p/5123374#M589795 packet2020 2024-06-03T12:10:23Z https://community.cisco.com/t5/network-access-control/ise-sizing-and-scalability-question/m-p/5123383#M589797 <P>You are correct.&nbsp; ISE scale is limited based on the type of deployment, size of PAN/MnT, and size of the PSNs.&nbsp; If you need more than 150,000 you need to break out the PAN and MnT into their own nodes.&nbsp; Shared PSN mean combined with other roles at the "top level" checkboxes on the deployment screen.&nbsp; So PAN, MnT, or pxGrid; it does not apply to the various services within the PSN section.</P> Mon, 03 Jun 2024 12:25:16 GMT https://community.cisco.com/t5/network-access-control/ise-sizing-and-scalability-question/m-p/5123383#M589797 ahollifield 2024-06-03T12:25:16Z https://community.cisco.com/t5/network-access-control/ise-sizing-and-scalability-question/m-p/5126904#M589893 <P>Actually another question on this</P><P>If we need more than 150,000 concurrent sessions and break out the PAN and MnT into their own nodes as you stated, so adding two additional nodes to the deployment, what do we do with the pxGrid persona? Can pxGrid be colocated on the dedicated PAN, MnT, or PSN nodes and still be a valid deployment to still support above 150k scale, or will dedicated pxGrid nodes be required as well?</P><P>For example, will this be a valid deployment if we split out the PAN and MnT nodes and enable pxGrid on the PSNs?</P><P>PAN Primary<BR />PAN Secondary<BR />MnT Primary<BR />MnT Secondary<BR />PSN1 + pxGrid<BR />PSN2 + pxGrid<BR />PSN3<BR />PSN4</P> Fri, 07 Jun 2024 09:10:04 GMT https://community.cisco.com/t5/network-access-control/ise-sizing-and-scalability-question/m-p/5126904#M589893 packet2020 2024-06-07T09:10:04Z https://community.cisco.com/t5/network-access-control/ise-sizing-and-scalability-question/m-p/5127026#M589896 No, dedicated pxGrid node is required in a large deployment.<BR /> Fri, 07 Jun 2024 09:54:30 GMT https://community.cisco.com/t5/network-access-control/ise-sizing-and-scalability-question/m-p/5127026#M589896 ahollifield 2024-06-07T09:54:30Z