cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

356
Views
15
Helpful
4
Replies
Highlighted
Beginner

ISE Deployment design

Hi friends.

 

We want to design the Cisco ISE deployment for the network with the 1000 Clients. (only radius not tacacs).

the node are only wire and there is no wireless node.

which VM deployment size should we use? and should use the distributed design for 1000 node or standalone?

 

Best Regards

Everyone's tags (1)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: ISE Deployment design

Hello :)

 

please check this link for perfomance and scale.

https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148#toc-hId--1069292324

 

it will show you each sns or equivalent vm and how much they can handle.

 

regarding standalone or distributed, it really depends on the infra.

its nice to have 2 node deployment for redundancy check this document as well 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/install_guide/b_ise_InstallationGuide24/b_ise_InstallationGuide24_chapter_00.pdf

 

Wishes,

 

View solution in original post

VIP Advocate

Re: ISE Deployment design

You should plan for two 3515 or 3615 vm templates in a standalone HA cluster. These are good to support 7500 or 10,000 endpoints (3515 vs 3615), more than enough capacity for your endpoint count.

Having two nodes doesn't increase the scale any in a standalone deployment topology, but will allow you to perform maintenance functions with lower impact.

3615's are new for 2.6 and supported with this version, support 10k active endpoints.
3515 which is supported on either 2.4 or 2.6. 7500 or 10k supported active endpoints.

View solution in original post

4 REPLIES 4
Cisco Employee

Re: ISE Deployment design

Hello :)

 

please check this link for perfomance and scale.

https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148#toc-hId--1069292324

 

it will show you each sns or equivalent vm and how much they can handle.

 

regarding standalone or distributed, it really depends on the infra.

its nice to have 2 node deployment for redundancy check this document as well 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/install_guide/b_ise_InstallationGuide24/b_ise_InstallationGuide24_chapter_00.pdf

 

Wishes,

 

View solution in original post

Beginner

Re: ISE Deployment design

Hi

Thank you for your answer.

I have another question. should I buy the license related the vm size?

Regards.

Hall of Fame Guru

Re: ISE Deployment design

You license the VM(s) based on its size (medium is the most common) and then separately license the deployment based on the number of endpoints and features needed (Base, Plus, Apex, and/or Device Administration).

VIP Advocate

Re: ISE Deployment design

You should plan for two 3515 or 3615 vm templates in a standalone HA cluster. These are good to support 7500 or 10,000 endpoints (3515 vs 3615), more than enough capacity for your endpoint count.

Having two nodes doesn't increase the scale any in a standalone deployment topology, but will allow you to perform maintenance functions with lower impact.

3615's are new for 2.6 and supported with this version, support 10k active endpoints.
3515 which is supported on either 2.4 or 2.6. 7500 or 10k supported active endpoints.

View solution in original post