Cisco ISE hybrid environment

drr · ‎03-29-2025

Hi team,

We have a hybrid on-prem/Azure environment but currently running ISE on-prem as a small deployment (2 nodes) as well as two load balancers.

We are thinking about moving one of the ISE nodes to Azure and would like your advise on what approach would be most optimal.

Im thinking of using one load balancer in the cloud, as well as one ISE node, but no load balancer on prem but only an ISE node. The LB in Azure will handle the traffic to the Azure and on-prem node. The downside is of course that traffic from NAD to the on-prem ISE node will need to go to Azure LB and then back on-prem, but i dont know how to configure a LB on-prem and the other in Azure as we are using a VIP address in the same network.

Maybe DNS LB is the way to go for this setup instead? Any advice from you guys?

Thanks

balaji.bandi · ‎03-29-2025

Yes, ISE supports the Hybrid setup and looks for some latency or other requirements in the deployment guide.

You can use the same load balancer (LB) as long as ISE can reach it; that should work as expected.

If all NADs are on-premises, then you can move the LB to on-premises and route LB traffic between on-premises ISE and Azure ISE.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Marcelo Morais · ‎03-29-2025

Hi @drr ,

in addition to what @balaji.bandi already said ... since you are thinking about moving ISE to the Cloud, please take a look at:

ISE - What we need to know about SNS / VM

special attention to the Cloud topic and Charlie Moreton - ISE in a Hybrid Cloud Environment - YouTube reference link.

Hope this helps !!!