Solved: Re: Can deploy 7 Policy Node or greater for Distribute Deployment

jewfcb001 · ‎11-24-2021

HI All,

I see the document about Deployment Guide of Cisco ISE . I found number of PSN of medium deployment and large deployment .I would like to make sure . Cisco ISE Can deploy 2 Primary/Monitor and Policy Node more than 7 Node or 8 ++ Nodes or not . I see Maximum of each Deployment make me confuse.

Or Can only deploy following below.

Medium/Hybrid Deployment === > 2 Primary / 2 Monitor and Max 5 PSN for ISE 2.6/2.7 and 6 for ISE 3.0

Large Deployment === > 2 Primary / 2 Monitor and Max 50 PSN

Greg Gibbs · ‎11-24-2021

See the information at https://cs.co/ise-scale

A Medium/Hybrid deployment has PAN + MnT + PXG (Optional) personas running on the same node. This model can support a max of 6 PSNs (in 3.0). If you need to support more PSNs, you would need to move to a Large deployment model where PAN and MnT personas run on dedicated nodes.

View solution in original post

Greg Gibbs · ‎11-24-2021

No. A Large deployment (in which all personas are on dedicated nodes) can support up to a max of 50 dedicated PSN nodes. You can deploy any number of dedicated PSNs up to that max depending on the scale and/or local site presence required.

View solution in original post

Greg Gibbs · ‎11-24-2021

See the information at https://cs.co/ise-scale

A Medium/Hybrid deployment has PAN + MnT + PXG (Optional) personas running on the same node. This model can support a max of 6 PSNs (in 3.0). If you need to support more PSNs, you would need to move to a Large deployment model where PAN and MnT personas run on dedicated nodes.

jewfcb001 · ‎11-24-2021

@Greg Gibbs

Thank you for answer . You mean cannot deployment PSNs 8 or 9 Node If need to more deployment must deployment only 50 PSNs for Large deployment . My understand correct ?

Greg Gibbs · ‎11-24-2021

No. A Large deployment (in which all personas are on dedicated nodes) can support up to a max of 50 dedicated PSN nodes. You can deploy any number of dedicated PSNs up to that max depending on the scale and/or local site presence required.

Milos_Jovanovic · ‎08-02-2023

Hi @Greg Gibbs,

Does this mean ISE will have some hard limits on adding 7th or 8th PSN into deployment? Or having more than 6 PSNs is just not Cisco validated design? In that case, we could potentially add more PSNs, but still falling into scale and sizing for medium deployment?

One reason for asking is that I have a customer which have around 20k employees, so from that standpoint they are perfectly fine with medium deployment. However, they currently have 5 independent hub locations where each location have 2 PSNs (for redundancy, not capacity), that we would like to convert to single ISE deployment, which is pushing us towards large deployment, simply because of PSN numbers, not scale limitation.

Another reason for asking is, even before Cisco officially approved current small deployment with mor PSNs than two, I've deployed such scenarios for several of my customers (2 nodes on primary location and one on secondary location), without any ISE limitations, but with expected scale of small deployment. I've never faced any issues with it, nor had problems with TAC support.

Thanks,

Kind regards,

Milos

Greg Gibbs · ‎08-02-2023

Max 8 nodes in a Medium deployment (PAN and MnT persona on the same node) is not a hard limit in the software, but what is validated and supported by Cisco. The more nodes in the cluster, the more processing related to replication, therefore the need for dedicated PAN/MnT nodes.

While it may work, if you run into issues due to replication or performance, TAC may push back because it's not a validated/supported deployment model. If TAC had to escalate an issue to the BU, they would most likely push back as well.

Milos_Jovanovic · ‎08-03-2023

This is what I wanted to know, got it now.

Thanks Greg.

Kind regards,

Milos

jewfcb001 · ‎11-24-2021

@Greg Gibbs

Hi Greg

I'm clear . Thank you so much for the information.