07-21-2023 03:01 AM
Dear Community Members,
I'm seeking your valuable input regarding Cisco ISE's recommended design for a Hybrid Cloud environment. The scenario involves approximately 100 users, and the plan is to deploy 2 x Cisco ISE nodes to ensure High Availability (HA) with essential features like 802.1x, profiling, and posture functionalities.
It's feasible to have the Cisco ISE Primary node located on-premise; the secondary node is hosted on Azure. Does this approach make sense, and is it possible to implement? If you have experience or insights related to the Cisco ISE "Hybrid Deployment," I would greatly appreciate it if you could share the prerequisites for hybrid design and the related documentation and best practices for a successful setup. I understood that database sync might have some concern, and I would like to know more about network requirements for on-premise and Azure nodes to sync the ISE database.
I thank you in advance for your assistance.
Solved! Go to Solution.
07-21-2023 08:28 AM - edited 07-21-2023 08:40 AM
These exact topics have been covered by @Charlie Moreton in our recent ISE Webinars which get archived to our ISE YouTube Channel:
▷ Cloud Load Balancing with ISE 2023/06/15, GitHub: ISE_in_MultiCloud_Webinar
▷ ISE in a Hybrid Cloud Environment 2022/12/06, GitHub: Cloud_Based_Load_Balancers
There is also a document for Deploy Cisco ISE Natively on Cloud Platforms which includes Cisco ISE on Azure Cloud Services as you requested.
People regularly ask for an "ISE in the Cloud CVD". 90% of the architecture decisions have nothing to do with ISE and are all about the same old routing, redundancy, high availability, and security practices for any applications or services in any datacenter. The Cloud is just another set of datacenters for ISE nodes. You may mix and match your ISE nodes to be deployed in any on-premise data or cloud provider as long as you use the supported appliances or VM hypervisors or cloud instances.
The official Cisco ISE on AWS Reference Deployment and ISE on AWS QuickStart Deployment Guide give you the template architecture that you should be able to apply with any cloud provider.
All ISE cloud instance have a Bring Your Own License (BYOL) model which is the same for any on-premises deployment. All licensing is done via the ISE PAN nodes whether on-premises or based in a cloud environment.
For the hourly cost of the various VM instances in the cloud environments, you may estimate it based on the suggested instance sizes @ Deploy Cisco ISE Natively on Cloud Platforms > Cisco ISE on Azure Cloud Services. Additional costs may be billed by your cloud provider(s) for data traffic and other related services (VPN, load balancing, DNS, etc.).
07-21-2023 08:28 AM - edited 07-21-2023 08:40 AM
These exact topics have been covered by @Charlie Moreton in our recent ISE Webinars which get archived to our ISE YouTube Channel:
▷ Cloud Load Balancing with ISE 2023/06/15, GitHub: ISE_in_MultiCloud_Webinar
▷ ISE in a Hybrid Cloud Environment 2022/12/06, GitHub: Cloud_Based_Load_Balancers
There is also a document for Deploy Cisco ISE Natively on Cloud Platforms which includes Cisco ISE on Azure Cloud Services as you requested.
People regularly ask for an "ISE in the Cloud CVD". 90% of the architecture decisions have nothing to do with ISE and are all about the same old routing, redundancy, high availability, and security practices for any applications or services in any datacenter. The Cloud is just another set of datacenters for ISE nodes. You may mix and match your ISE nodes to be deployed in any on-premise data or cloud provider as long as you use the supported appliances or VM hypervisors or cloud instances.
The official Cisco ISE on AWS Reference Deployment and ISE on AWS QuickStart Deployment Guide give you the template architecture that you should be able to apply with any cloud provider.
All ISE cloud instance have a Bring Your Own License (BYOL) model which is the same for any on-premises deployment. All licensing is done via the ISE PAN nodes whether on-premises or based in a cloud environment.
For the hourly cost of the various VM instances in the cloud environments, you may estimate it based on the suggested instance sizes @ Deploy Cisco ISE Natively on Cloud Platforms > Cisco ISE on Azure Cloud Services. Additional costs may be billed by your cloud provider(s) for data traffic and other related services (VPN, load balancing, DNS, etc.).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide