cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

200
Views
0
Helpful
1
Replies
Highlighted
Cisco Employee

ISE Node Deployments - "Do it right" from day 1 ..

Hi all

I have a customer that ultimately will have a fair size deployment 50K + devices ..

We have proposed a HLD and of course designed around a Multinode distributed Architecture , ( dual Admin , Dual M&T and Multiple PSN's)

They have come back asking if the cant rather just "start small" . like one of two nodes and then change the deployment as they grow

i have recommend against this as the operational effort as a see it is more than just "doing it right" to start with .. if they go with the Initial multi node design its easier to expand by just adding PSN's

Do we have any "official recommendations" in line with this rather than just me "saying so .."  perhaps a deployment best practice guide ..or some addition points i can use to motivate Doing it right from day 1 .. ??

Thx

Greg

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ISE Node Deployments - "Do it right" from day 1 ..

Please refer to the Network Deployments in Cisco ISE section of the ISE Hardware Installation Guide for our official deployment sizing and guidance for Small/Medium/Large deployments and the number of nodes and endpoints in each.

If you've scoped out the phases and timelines in your HLD, they should understand how quickly they will need to go from a Lab deployment of 1-2 nodes to a Production scale of somewhere around maybe 10 nodes from what you describe.

If you have a load balancer for all NAD requests then you can start with only one node and grow incrementally without having to continually update the NAD configurations every time you add additional PSNs. If not, then I would suggest starting with a Medium deployment of 4 nodes so you can keep PAN+MNTs separate from from your PSNs. This way you can grow your PSNs horizontally as needed and peel off the MNTs from the PAN+MNT when you want to go to 6 PSNs.

View solution in original post

1 REPLY 1
Cisco Employee

Re: ISE Node Deployments - "Do it right" from day 1 ..

Please refer to the Network Deployments in Cisco ISE section of the ISE Hardware Installation Guide for our official deployment sizing and guidance for Small/Medium/Large deployments and the number of nodes and endpoints in each.

If you've scoped out the phases and timelines in your HLD, they should understand how quickly they will need to go from a Lab deployment of 1-2 nodes to a Production scale of somewhere around maybe 10 nodes from what you describe.

If you have a load balancer for all NAD requests then you can start with only one node and grow incrementally without having to continually update the NAD configurations every time you add additional PSNs. If not, then I would suggest starting with a Medium deployment of 4 nodes so you can keep PAN+MNTs separate from from your PSNs. This way you can grow your PSNs horizontally as needed and peel off the MNTs from the PAN+MNT when you want to go to 6 PSNs.

View solution in original post