Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1193
Views
0
Helpful
1
Replies

3595 ISE sizing - for 500K endpoints

Go to solution
Phanikumar Dharmavarapu
Cisco Employee
Cisco Employee

‎12-06-2016 05:57 PM

As I understand from ISE 2.1 Admin guide, one ISE 3595 server supports 40000 End points in standalone PSN configuration.

So in a distributed deployment (PAN, MNT, PSN running seperately) Can the deployment scale to 500 K endpoints by using 13 PSN nodes? (13 X 40000 = 500000). PAN and MNT will have seperate nodes.

Are there any caveats to be considered here.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gbekmezi-DD
Level 5
Level 5

‎12-06-2016 09:11 PM

I’m sure you’ve already seen this, but just in case: https://communities.cisco.com/docs/DOC-68347

Of course there are lots and lots of caveats :). Is this just straight 802.1x/Radius? Do you have posture? Profiling? Guest? BYOD? This list can go on and on with the number of features ISE offers. That number of 40,000 per node doesn’t tell the whole story. You have to consider the types of authentications and workloads a given PSN will be handling and size it accordingly. I’d pay particular attention to these sections of that Performance & Scale document:

  • ISE PSN Performance<https://communities.cisco.com/docs/DOC-68347#jive_content_id_ISE_PSN_Performance>

  • ISE TACACS+ Performance<https://communities.cisco.com/docs/DOC-68347#jive_content_id_ISE_TACACS_Performance>

  • ISE 2.0 RADIUS Performance<https://communities.cisco.com/docs/DOC-68347#jive_content_id_ISE_20_RADIUS_Performance>

Good luck!

George

View solution in original post

0 Helpful
1 Reply 1

Go to solution
gbekmezi-DD
Level 5
Level 5

‎12-06-2016 09:11 PM

I’m sure you’ve already seen this, but just in case: https://communities.cisco.com/docs/DOC-68347

Of course there are lots and lots of caveats :). Is this just straight 802.1x/Radius? Do you have posture? Profiling? Guest? BYOD? This list can go on and on with the number of features ISE offers. That number of 40,000 per node doesn’t tell the whole story. You have to consider the types of authentications and workloads a given PSN will be handling and size it accordingly. I’d pay particular attention to these sections of that Performance & Scale document:

  • ISE PSN Performance<https://communities.cisco.com/docs/DOC-68347#jive_content_id_ISE_PSN_Performance>

  • ISE TACACS+ Performance<https://communities.cisco.com/docs/DOC-68347#jive_content_id_ISE_TACACS_Performance>

  • ISE 2.0 RADIUS Performance<https://communities.cisco.com/docs/DOC-68347#jive_content_id_ISE_20_RADIUS_Performance>

Good luck!

George

0 Helpful
Customers Also Viewed These Support Documents