Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2467
Views
30
Helpful
4
Replies

Active/standby Deployment licensing query for version 3.0

Go to solution
abdulmoiz2006
Level 1
Level 1

‎02-18-2021 11:07 AM

I have a new project 17 locations office around 1000 nodes, we are installing ISE on Vmware one Active and one Standby device, for premier subscription do we need one set of license or 2 set of licenses one for each device?
- Device administration license is to be purchased seperate 1 for each device?

- Do we require any other license if installing on Vmware?

1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎02-18-2021 02:05 PM

All ISE nodes in a deployment share a single pool of licensing. 

You will need two virtual ISE node licenses (small/medium/large), two tacacs node licenses, and then enough licensing to cover your endpoint authentication requirements (essential/advantage/premier) depending on the feature set. 

The endpoint licensing is measured based on the active endpoints on the network. The number of Switches and WLCs is not important, it's how many things are connecting to these network access devices and authenticated by ISE at any moment in time.

If you're 1000 nodes you mention is referring to 1000 endpoints, then an example BOM may look like this. There is a strong case for ordering only advantage licensing vs a mix of base + advantage, but quite a few desirable features exist in the advantage/premier endpoint license. 
2x R-ISE-VMS-K9=
2x L-ISE-TACACS-ND=
Top Level endpoint SKU: ISE-SEC-SUB
500x ISE-E-LIC
500x ISE-A-LIC

View solution in original post

4 Replies 4

Go to solution
Marcelo Morais
VIP
VIP

‎02-18-2021 11:51 AM

Hi @abdulmoiz2006 ,

 please take a look at: ISE Ordering Guide, search for 3.3 Virtual Machine and Device Administration License behavior.

 

Hope this helps !!!

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎02-18-2021 02:05 PM

All ISE nodes in a deployment share a single pool of licensing. 

You will need two virtual ISE node licenses (small/medium/large), two tacacs node licenses, and then enough licensing to cover your endpoint authentication requirements (essential/advantage/premier) depending on the feature set. 

The endpoint licensing is measured based on the active endpoints on the network. The number of Switches and WLCs is not important, it's how many things are connecting to these network access devices and authenticated by ISE at any moment in time.

If you're 1000 nodes you mention is referring to 1000 endpoints, then an example BOM may look like this. There is a strong case for ordering only advantage licensing vs a mix of base + advantage, but quite a few desirable features exist in the advantage/premier endpoint license. 
2x R-ISE-VMS-K9=
2x L-ISE-TACACS-ND=
Top Level endpoint SKU: ISE-SEC-SUB
500x ISE-E-LIC
500x ISE-A-LIC

Go to solution
abdulmoiz2006
Level 1
Level 1

‎02-19-2021 01:14 AM

Thanks for the replies, what I have understood is 2 VM license, 2 Device Admin license, 500 Essentials +500 Advantage as not all devices would require full features, do I need to buy premier licensing if we do Posturing of devices? 

0 Helpful

Go to solution
Marcelo Morais
VIP
VIP
In response to abdulmoiz2006

‎02-19-2021 02:38 AM - edited ‎02-19-2021 02:39 AM

Hi @abdulmoiz2006 

 for Posture you need an Apex Licensing (Old Model) or Premier Licensing (New Model).

PS. please take a look at ISE Ordering Guide (search for 3. What's New).

Note: for Posture, if you are going to use Cisco AnyConnect as an Agent of Posture, then take a look at Cisco AnyConnect Ordering Guide (search for 3. Licenses) ... AnyConnect Apex license.

 

Hope this helps !!!

Customers Also Viewed These Support Documents