cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1506
Views
0
Helpful
5
Replies
paragmahajan40
Beginner

Can 3315 (Admin+MnT)H/w can support 9000 endpoints..

What is hardware specification requirement for deplyoment of 9000 endpoints if Admin+MnT are on the same ISE node. Can 3315 serve as Admin+Mnt. I am aware of H/w specification for policy nodes but not for Admin+Mnt.  Can anyone point out the link to support the same.

5 REPLIES 5
Nicholas Copeland
Enthusiast

Check out the below design guide. It doesn't have all the specifics you are probably looking for but it is a good start. Note that the monitoring persona is the most resource intensive persona of all ISE personas. If you look at the design guide when you break the 10K endpoint limit they start advising to have a completely separate Monitoring node.

http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/TrustSec_2.0/trustsec_2.0_dig.pdf

Sent from Cisco Technical Support iPad App

Nicholas Copeland
Enthusiast

Platform Hardware Specs

Platform

Cisco Identity Services Engine Appliance 3315 (Small)

Cisco Identity Services Engine Appliance 3355 (Medium)

Cisco Identity Services Engine Appliance 3395 (Large)

Processor

1 x QuadCore
Intel Core 2 CPU Q9400
@ 2.66 GHz (4 total cores)

1 x QuadCore
Intel Xeon CPU E5504
@ 2.00 GHz (4 total cores)

2 x QuadCore
Intel Xeon CPU E5504
@ 2.00 GHz (8 total cores)

Memory

4 GB

4 GB

4 GB

Hard disk

2 x 250-GB SATA HDD
(250 GB total disk space)

2 x 300-GB SAS drives
(600 GB total disk space)

4 x 300-GB SFF SAS drives
(600 GB total disk space)

RAID

No

Yes (RAID 0)

Yes (RAID 0+1)

Ethernet NICs

4x Integrated Gigabit NICs

4 x Integrated Gigabit NICs

4 x Integrated Gigabit NICs

Platform Performance Specs

Platform

Maximum Endpoints

Profiler Events

Posture Authentications

Cisco Identity Services Engine 1121/3315 Appliance

3000

500 per second

70 per second

Cisco Identity Services Engine 3355 Appliance

6000

500 per second

70 per second

Cisco Identity Services Engine 3395 Appliance

10,000

1200 per second

110 per second

System Performance Specs (Per Identity Services Engine deployment)

Maximum number of endpoints with separate Administration, Monitoring, and Policy Service nodes

100,000

Maximum number of endpoints with Administration and Monitoring on a single node

5000 for 3355

10,000 for 3395

Maximum number of endpoints with Administration, Monitoring, and Policy Service all on a single node

2000 for all platforms

Maximum number of Policy Service nodes with separate Administration, Monitoring, and Policy Service nodes

40

Maximum number of Policy Service nodes with Administration and Monitoring on a single node

5

Maximum number of NADs

10,000

Cumulative Bandwidth Requirements

Minimum bandwidth between monitoring and policy service

1 Mbps

Minimum bandwidth between monitoring and admin

256 Kbps

Minimum bandwidth between client and policy service with posture

125 bps per endpoint

Minimum bandwidth between monitoring and monitoring (redundant)

256 Kbps

Minimum bandwidth between admin and policy service (redundant admin)

256 Kbps

Inline Posture Specifications

Number of endpoints per Cisco Identity Services Engine 3355 Appliance

5000-10,000
(gated by policy service)

Number of endpoints per Cisco Identity Services Engine 3315 Appliance

5000-10,000
(gated by policy service)

Inline posture throughput for Cisco Identity Services Engine 3355 Appliance

936 Mbps

Thanks Nicholas .. Appreciate your input. I have already gone through links/doc you have provided. But as you can see there is no clear guideline for number of endpoints supported vs Hw platform for Admin + Monitoring... I am aware of number of endpoint supported vs Policy service node. 

Any more guideline..

Anas Naqvi
Beginner

Hi Parag,

If you are to do the deployment for 9000 endpoints, with Admin+MnT on the same ISE node, then its best to go with specs of Cisco ISE 3395 or Cisco SNS 3495 appliances for Administration and Monitoring personas. This can support maximum of 10,000 endpoints.

The Cisco ISE 3315 with Admin+MnT on the same ISE node is not suitable for 9000 endpoints.

harvisin
Participant

Hello,

Please refer to the link below which might help you in solving your query:-

http://www.cisco.com/en/US/docs/security/ise/1.1.1/installation_guide/ise_deploy.html#wp1151366

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube