Solved: Re: ISE Medium and Large Licensing

manasjai · ‎05-13-2019

Hi,

I have 2 Large VMs and 4 Medium VMs on which I got a couple of concerns:

1) can I use the 2 Large VMs with 256GB memory as PAN + MnT with PxGrid?

I see the 256GB VM can be used for MnT only but can I use it in Hybrid Mode? https://community.cisco.com/t5/policy-and-access/differences-for-the-different-ise-vm-license-bundles/td-p/3377503

2) If 1 is possible, How many active endpoints can I have? I see 1,500,000 as per the sheet below

https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148

Thanks,

Manasi Jain

manasjai · ‎05-13-2019

Thanks Jason,

So here is what I understand - if I run Large VM with 256GB, I should be able to use it as PAN+MnT+PxGrid without any issues. Even if I run 2.4p6 in SDA fabric. Further, it will support upto 50k endpoints subject to type of things enabled like BYOD, guest etc.

Thanks,
Manasi

View solution in original post

Aravind Ravichandran · ‎05-13-2019

Hi Manasi,

1. Yes, you can use Large VM as PAN + MNT+ pxGrid.256GB ram configuration is similar to SNS 3695

2. Even though, Large VMs used as PAN & MNT personas is enabled on a single node it is considered as a medium deployment. As per the scaling guide, you can go up to 5 PSNs max with 50k max concurrent session.

As an alternative option, you can get the same 50k concurrent session with 2 Large standalone ISE(v2.6) VMs.

-Aravind

manasjai · ‎05-13-2019

Thanks Aravind
Actually what confuses me is the link below:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/install_guide/b_ise_InstallationGuide24/b_ise_InstallationGuide24_chapter_01.html
which says - "The large node is only for use as a performance-enhanced MnT node. You cannot use the Large VM as a PAN, PSN, or pxGrid node."

As per your comment, I can have the Large VM with 256GB memory as PAN+ MnT + PxGrid. This holds true even if I am on 2.4p6 and in an SDA fabric correct?

-
Manasi Jain

Jason Kunst · ‎05-13-2019

The large MNT was to support better reporting performance only in large deployment. When you combine multiple services on 1 box you’re a small medium distributed deployment with support up to 50k endpoints in 2.6. It doesn’t make sense to utilize that amount of memory unless you’re talking about lots of clients and transactions

manasjai · ‎05-13-2019

Thanks Jason,

So here is what I understand - if I run Large VM with 256GB, I should be able to use it as PAN+MnT+PxGrid without any issues. Even if I run 2.4p6 in SDA fabric. Further, it will support upto 50k endpoints subject to type of things enabled like BYOD, guest etc.

Thanks,
Manasi

Aravind Ravichandran · ‎05-13-2019

50k endpoint support is with respect to v2.6

-Aravind

manasjai · ‎05-13-2019

Hi Jason,

Thanks for taking my call. we discussed and concluded that although a large VM of ISE ( 256GB memory) running 2.4 can very well work as a PAN + MnT, it could be an overkill for a small deployment. But support wise, it should work well.
Also as a best practice, PxGrid should be enabled on PSN.

Thanks,
Manasi Jain

Aravind Ravichandran · ‎05-13-2019

Hi Manasi,

Large VMs which I have mentioned is applicable in the case of ISE 2.6 & not with 2.4. The statement holds true for ISE v2.4 the Large VM is intended to use as a Super MnT node & not for meant for other personas.

-Aravind

Jason Kunst · ‎05-13-2019

Please remember that 1.5 m endpoints is only in the database. Ise supports 500k active endpoints before ise 2.6, 2.6 supports up to 2m active for basic radius AAA mab and dot1x without additional services (mainly mean for service providers that don’t want guest byod profiling etc)