hi Balaji,

Why you have ACS 3 nodes?

The ACS deployment was configured too many years ago, I don't have an answer for that.

what is the role of ACS for now?

Node 1 Primary, 2 and 3 nodes are for Tacacs 

ISE only device administration or dot1.X authentication

So we are only interested in TACACS management, dot1.x is not required.

We cannot change the numbers of nodes with the role for TACACS as we have thousand of devices pointing to the ACS nodes, we must match the number of ACS nodes receiving TACACS traffic for PSN in the ISE deployment. So using 1 PSN , 1 Primary and 1 Secondary wont have HA in ISE or wont match the network devices sending the traffic for to nodes. 

I would like to have the best recommendation in this scenario. 

Thanks in advance.

I was just advising since you refreshing the to new technology take best of it make high availability.

I am sure all the devices required for TACACS may have configured primary and secondary.  So in this case building 2 node primary secondary have high availability and consolidating the exiting environment with correct design - so look tidy job nice - this is my suggestion.

If the thousands of device point to only 1 ACS  - not to group, then it time for correct it - i am sure you configured fall back to local account in case ACS fails,

you can make a small script to change the device entries to use Group - if you like to make a good job  - this pure decision how the business wants it or one wants to do it in the right way.

So using 1 PSN , 1 Primary and 1 Secondary wont have HA in ISE or wont match the network devices sending the traffic for to nodes. 

this also works - if you like to move forward with this approach.

I have seen places, all Cisco CVD can not be used and deployed,  due to business other decision,