Few scalability questions from a customer

martucci · ‎02-05-2019

Hell,

I am working with a partner o a quite large project for ISE.

The customer has a quite large network, and is asking if we have some of the following numbers (I could not find them). If not, could we help them with some testing?

1) how many values can we have for software version attribute in ISE? (Ideally they would look for 50K different value, one for each office).

2) We have numbers for authentications via LDAP, but do we have some numbers on authorization request to LDAP to retrieve attributes?

3) Can we retrieve via ODBC attributes and use the in Authorization policies?

Thanks a lot in advance for the reply.

howon · ‎02-05-2019

1) ISE already contains Windows hotfix compound conditions with 50 atomic conditions, and can support more within reason, but 50k would be extreme. I suggest re-evaluating the requirement to consolidate to smaller number for manageability

2) We don't have scalability # based on how many # of AuthZ attribute being looked up. However, in general posted AuthC/sec # is never reached as the bottleneck will be # of concurrent endpoints per ISE node which will be reached before impacting the AuthC/sec #. Unless the attribute is large set or non-indexed value should not have issues with # of endpoints per node

3) Yes if using ODBC as ID source. I have not tried to use other ID store for AuthC and ODBC for AuthZ though so can't comment on that combination.