01-01-2024 10:33 PM
Hi team,
I'm trying to figure out what sizing we should establish as well as if we should go for a small or medium deployment.
Currently, there are around 15.000 active endpoint in the environment, but as the company is growing very fast, it could be around 25.000-30.000 active endpoint in the next year.
As per below guide, a small deployment can handle up to 50.000 endpoint, so a small deployment should be fine for now.
https://www.cisco.com/c/en/us/td/docs/security/ise/performance_and_scalability/b_ise_perf_and_scale.html
So, to my questions:
1. Is it possible to start with a small deployment with the VM specifications of, lets say, Cisco SNS 3715 for start that can handle 25.000 endpoint, and if we reach that size, we can scale/buff the VM resources to match the requirements for Cisco SNS 3755 so the deployment can handle 50.000 endpoint instead. Does it work that way?
2. Should we go for a small or medium deployment? After reading above link i can't really figure out what advantages dedicated PSN's would bring to the deployment in this case where we only have one datacenter. As far as I understand, the PAN/MnT node is limiting the deployment size. If we go for a small deployment, we could install 2x VM as PAN/MnT/PSN that can handle up to 50.000 endpoints. If we would go for a medium deployment, we would have 4x VM that can handle 50.000 endpoints as well, but will cost nearly double the computing resources.
3. If we initiate a small deployment to begin with, is it possible to later configure/transition the deployment to a medium deployment, i.e. add/move PSN to dedicated nodes and "remove" them from the original PAN/MnT node? I know in a small deployment, it's possible to add one more PSN. But if we would need even more PSN's to handle above 50.000 endpoint, is it possible to convert the deployment from small to medium? The reason for the question is that the wired network is only in scope now, but if we would like to add the wireless network to the deployment later, the total endpoints being handled would double.
Hope the questions are clear, otherwise please get back to me if clarification is needed.
Thanks!
Solved! Go to Solution.
01-02-2024 06:19 AM
01-02-2024 08:24 AM
If for Capex reasons you going for a small deployment for now, later on you can expand to Medium increasing the number of PSN nodes and reconfiguring the NAD to add new nodes while you pull the PAN/MNT from the current nodes to dedicated.
01-02-2024 06:19 AM
01-03-2024 11:30 PM
Thank you for your reply!
01-02-2024 08:24 AM
If for Capex reasons you going for a small deployment for now, later on you can expand to Medium increasing the number of PSN nodes and reconfiguring the NAD to add new nodes while you pull the PAN/MNT from the current nodes to dedicated.
01-03-2024 11:33 PM
Thank you for your reply!
We have resources to go for a medium as well, the problem is that I didn't see the cost/benefit of going for a medium deployment right now (except for the administrative benefits that ahollifield mentioned above).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide