Can 3315 (Admin+MnT)H/w can support 9000 endpoints..

paragmahajan40 · ‎08-29-2012

What is hardware specification requirement for deplyoment of 9000 endpoints if Admin+MnT are on the same ISE node. Can 3315 serve as Admin+Mnt. I am aware of H/w specification for policy nodes but not for Admin+Mnt. Can anyone point out the link to support the same.

Nicholas Copeland · ‎08-29-2012

Check out the below design guide. It doesn't have all the specifics you are probably looking for but it is a good start. Note that the monitoring persona is the most resource intensive persona of all ISE personas. If you look at the design guide when you break the 10K endpoint limit they start advising to have a completely separate Monitoring node.

http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/TrustSec_2.0/trustsec_2.0_dig.pdf

Sent from Cisco Technical Support iPad App

Nicholas Copeland · ‎08-29-2012

Platform Hardware Specs

Platform	Cisco Identity Services Engine Appliance 3315 (Small)	Cisco Identity Services Engine Appliance 3355 (Medium)	Cisco Identity Services Engine Appliance 3395 (Large)
Processor	1 x QuadCore Intel Core 2 CPU Q9400 @ 2.66 GHz (4 total cores)	1 x QuadCore Intel Xeon CPU E5504 @ 2.00 GHz (4 total cores)	2 x QuadCore Intel Xeon CPU E5504 @ 2.00 GHz (8 total cores)
Memory	4 GB	4 GB	4 GB
Hard disk	2 x 250-GB SATA HDD (250 GB total disk space)	2 x 300-GB SAS drives (600 GB total disk space)	4 x 300-GB SFF SAS drives (600 GB total disk space)
RAID	No	Yes (RAID 0)	Yes (RAID 0+1)
Ethernet NICs	4x Integrated Gigabit NICs	4 x Integrated Gigabit NICs	4 x Integrated Gigabit NICs

Platform Performance Specs

Platform	Maximum Endpoints	Profiler Events	Posture Authentications
Cisco Identity Services Engine 1121/3315 Appliance	3000	500 per second	70 per second
Cisco Identity Services Engine 3355 Appliance	6000	500 per second	70 per second
Cisco Identity Services Engine 3395 Appliance	10,000	1200 per second	110 per second

System Performance Specs (Per Identity Services Engine deployment)

Maximum number of endpoints with separate Administration, Monitoring, and Policy Service nodes	100,000
Maximum number of endpoints with Administration and Monitoring on a single node	5000 for 3355 10,000 for 3395
Maximum number of endpoints with Administration, Monitoring, and Policy Service all on a single node	2000 for all platforms
Maximum number of Policy Service nodes with separate Administration, Monitoring, and Policy Service nodes	40
Maximum number of Policy Service nodes with Administration and Monitoring on a single node	5
Maximum number of NADs	10,000

Cumulative Bandwidth Requirements

Minimum bandwidth between monitoring and policy service	1 Mbps
Minimum bandwidth between monitoring and admin	256 Kbps
Minimum bandwidth between client and policy service with posture	125 bps per endpoint
Minimum bandwidth between monitoring and monitoring (redundant)	256 Kbps
Minimum bandwidth between admin and policy service (redundant admin)	256 Kbps

Inline Posture Specifications

Number of endpoints per Cisco Identity Services Engine 3355 Appliance	5000-10,000 (gated by policy service)
Number of endpoints per Cisco Identity Services Engine 3315 Appliance	5000-10,000 (gated by policy service)
Inline posture throughput for Cisco Identity Services Engine 3355 Appliance	936 Mbps

paragmahajan40 · ‎09-04-2012

Thanks Nicholas .. Appreciate your input. I have already gone through links/doc you have provided. But as you can see there is no clear guideline for number of endpoints supported vs Hw platform for Admin + Monitoring... I am aware of number of endpoint supported vs Policy service node.

Any more guideline..

Anas Naqvi · ‎09-20-2013

Hi Parag,

If you are to do the deployment for 9000 endpoints, with Admin+MnT on the same ISE node, then its best to go with specs of Cisco ISE 3395 or Cisco SNS 3495 appliances for Administration and Monitoring personas. This can support maximum of 10,000 endpoints.

The Cisco ISE 3315 with Admin+MnT on the same ISE node is not suitable for 9000 endpoints.

harvisin · ‎09-21-2013

Hello,

Please refer to the link below which might help you in solving your query:-

http://www.cisco.com/en/US/docs/security/ise/1.1.1/installation_guide/ise_deploy.html#wp1151366