07-12-2017 05:42 AM
Hi please can someone help me with the below question.
I have a splatted deployment.
DC1 -> ISE1(2.2): Primary (Administration, Monitoring, Policy Service)
DC2 ->ISE2(2.2): Secondary (Administration, Monitoring, Policy Service)
DC3 -> ISE3(old deployment, 1.X)
My questions are:
I've done the two new ise2.2 node deployment as per above setup. I know above model does not going to support the automatic failover between the nodes. AS both nodes are used as PSN as well can i use each node (primary and secondary) IPs for each DC endpoints and NAD devices.
not able to understand the PSN behavior of the Secondary node.
can we use both PSNs nodes at a time for policy configuration?
what will happen in case of manual failover?
Any suggestion would be really appreciated.
Solved! Go to Solution.
07-12-2017 06:19 AM
Policy config is done on the PAN not the PSN. The PSN is the policy engine that does all the work
PSNs are always active so in a standalone environment both node1 and 2 have PSN running on them.
Yes you can manually failover PAN and MNT in this environment
07-12-2017 06:19 AM
Policy config is done on the PAN not the PSN. The PSN is the policy engine that does all the work
PSNs are always active so in a standalone environment both node1 and 2 have PSN running on them.
Yes you can manually failover PAN and MNT in this environment
07-12-2017 06:32 AM
PSNs are always active all the time and it is up to the network device (NAD) to utilize the PSNs in a fault tolerant manner.
M&Ts nodes are always active all the time and all nodes in the deployment log to the M&Ts. If one the primary M&Ts fails the admin node will automatically pull logs from other M&T.
The only part you won't have failover for is Admin persona. You will just need to manually failover so you can administer the system.
07-12-2017 07:24 AM
Thanks for a wonderful explanation. just one question.
In regards to my above setup. I'v already a PSN configured and running if i need to include that in the new clustering with the existing config what will happen. does it going to add the existing config to my new PSN config or going to overright it?
can i configure policies on secondary M&T which is also a PSN persona?
Many Thanks
07-12-2017 01:10 PM
When you join the PSN to the new deployment everything it had from the old deployment should be overwritten and the data will be sync'd from the new deployment.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide