Solved: 2-Node ISE Deployment VM License

iagyte · ‎07-31-2018

Marvin Rhoads · ‎07-31-2018

2 nodes = 2 VMs and that requires 2 VM licenses.

View solution in original post

Marvin Rhoads · ‎07-31-2018

2 nodes = 2 VMs and that requires 2 VM licenses.

iagyte · ‎07-31-2018

In a 2-node deployment - for the PSN, does this work as ACT/ACT or ACT/PASSIVE?

Marvin Rhoads · ‎07-31-2018

Active/active.

Any active ISE node that has the the PSN persona enabled will actively service incoming endpoint requests.

Damien Miller · ‎07-31-2018

With ISE 2.4,

You will require 1 VM license per node, so in this case 2, they will be either R-ISE-VMS-K9= or R-ISE-VMM-K9 depending on if they require 3515 or 3595 capacity.

You will also require 1 TACACS node license for every VM you want processing TACACS requests. So I would recommend 2 x L-ISE-TACACS-ND=.

And then like in the past, you need 100 base licenses to enable TACACS. Here is a link to the ordering guide if you want the source.
https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf

2-Node ISE Deployment VM License

Customer is migrating ACS functionality only. ISE requires Device Admin and Base licenses. From a VM perspective using a 2-Node ISE Deployment, how many VM's are required?