Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
887
Views
0
Helpful
5
Replies

3615 ISE

ibrahimbadr4669
Level 1
Level 1

‎08-10-2023 02:46 AM

Dears,

if i want to do basic 2 redundant implementation, 2 nodes at HQ (carrying all personas) and 2 nodes at DR (carrying all personas). What's the max active sessions? do I need double license count (one for HQ and one for DR) as the Admin persona at HQ and DR will be separated

Thanks and BR;

0 Helpful
5 Replies 5

Milos_Jovanovic
VIP Alumni
VIP Alumni

‎08-10-2023 02:57 AM

Hi @ibrahimbadr4669,

When it comes to scaling an capacity, you can check Performance and Scalability Guide. What you've described correlates to Small deployment, in general. However, it is unclear to me if you want entire deployment to be a single deployment or you are looking int having independent deployments in HQ and DR.

In case of a single deployment, then no, you can't have all roles on each device, as deployment can have maximum of 2 PAN and 2 MnT nodes, so you would need to rebalance them. Also, in this case, you deployment scale is 12.5k.

In case of split deployment, then yes, you could have all roles on each pair of nodes. In this case, your cpaacity would be 2x 12.5k sessions.

License-wise, it depends on what are your needs and use cases. If you expect to have maximum of e.g. 5k users in a given moment, then you need a license for 5k users, regardless if those users are connected to one or another deployment (also, regardless of single or split deployment).

Kind regards,

Milos

0 Helpful

ibrahimbadr4669
Level 1
Level 1
In response to Milos_Jovanovic

‎08-10-2023 03:30 AM

we plan to have the following two nodes at HQ, and have the same setup at DR and the two deployment will be independent, and when configure the radius on the NAD, DR PSN order will be after the HQ PSN.

1- in the case the max session per site will be 12.5 or 2x12.5 ?

2-in case, 5k users license, do i need to purchase 10k count or just 5k count can work both site

 

ibrahimbadr4669_0-1691663161686.png

BR;

0 Helpful

Charlie Moreton
Cisco Employee
Cisco Employee
In response to ibrahimbadr4669

‎08-10-2023 05:58 AM

Place one node at HQ, one node at DR site.  Configuration will sync.  

The way you're planning it will require manual configuration at the DR site to keep the configuration in sync.  With Smart Licensing, they can share the same license pool.

0 Helpful

ibrahimbadr4669
Level 1
Level 1
In response to Charlie Moreton

‎08-10-2023 06:46 AM

I read that the license is attached with the UDI of the primary and backup PAN, so if I do the independent deployment, I will have 4 independent primary/secondary PAN, if I have 5k users, is it mean that I will need 10k license (5k for HQ and 5k for the DR) ? 

0 Helpful

Milos_Jovanovic
VIP Alumni
VIP Alumni
In response to ibrahimbadr4669

‎08-11-2023 01:14 AM

It falls down to what I mentioned - what do you want to achieve, single or split deployment.

In a single deployment, you can have bot redundancy and flexibility. Here is an example on what you can configure:

  • Site 1, node 1 - PAN and PSN
  • Site 1, node 2 - MnT and PSN
  • Site 2, node 1 - sPAN and PSN
  • Site 2, node 2 - sMnT and PSN

This way, you are splitting mgmt roles, so you have redundancy and you also have capacity. Operations-wise, you have a single deployment to configure.

Second deployment is split deployment or better said two deployments. Example could be:

  • Site 1, node 1 - PAN, sMnT and PSN
  • Site 1, node 2 - sPAN, MnT and PSN
  • Site 2, node 1 - PAN, sMnT and PSN
  • Site 2, node 2 - sPAN, MnT and PSN

This way, you have two independent deployments, with double capacity (should you need it), but you'll have to configure everything twice, logs will be at two places, and similar.

In both cases, if you expet max of 5k simultaneous sessions (if user is connected to site 1, he/she won't be connected to site 2 at same time), then you need 5k licenses, regardless of deployment type. Licenses are smart, so either way, they'll be on SA.

Kind regards,

Milos

0 Helpful
Customers Also Viewed These Support Documents