Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
977
Views
10
Helpful
5
Replies

Cluster ISE on premises node with a second node in Azure

Go to solution
Yacine BS
Level 1
Level 1

‎12-07-2022 11:55 PM

Hello,

We have a bare metal ISE Server on premises. We have migrated many of our services over Azure cloud and since there is only one ISE node, we want to have a cluster with a node in the cloud. Is it possible and what are the limitations for this cluster?

Thanks,

1 person had this problem
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
ahollifield
VIP
VIP
In response to Yacine BS

‎12-08-2022 05:38 AM

Sure, this is certainly possible.  This is the same as combining traditional on-premise hypervisors (VM-Ware ESXi) with SNS appliances.  

View solution in original post

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Yacine BS

‎12-08-2022 05:42 AM

I mean - yes possible with above consideration

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

5 Replies 5

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-08-2022 12:21 AM

Most use case Cisco suggest below :

- The location of AAA clients is important. You should locate the Cisco ISE nodes as close as possible to the AAA clients to reduce network latency effects and the potential for loss of access that is caused by WAN failures.

- Latency guidance is not a “fall off the cliff” number, but a guard rail based on what QA has tested.
- Not all customers have issues with > 300ms while others may have issues with <100ms latency due to overall ISE design and deployment.
- Profiler config is primary determinant in replication requirements between PSNs and PAN which translates to latency.
- When providing guidance, max 300ms roundtrip latency is the correct response from SEs for their customers to design against.

Look at Azure deployment considerations :

https://www.cisco.com/c/en/us/td/docs/security/ise/ISE_on_Cloud/b_ISEonCloud/m_ISEonAzureServices.html

Other factors you need to check :  LDAP, DNS other stuff.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Yacine BS
Level 1
Level 1
In response to balaji.bandi

‎12-08-2022 01:09 AM

Thank you for your response,

However, since the points to consider are not a priority for this deployment, is it possible to have an ISE cluster between a bare metal and Azure VM.

Thanks

0 Helpful

Go to solution
ahollifield
VIP
VIP
In response to Yacine BS

‎12-08-2022 05:38 AM

Sure, this is certainly possible.  This is the same as combining traditional on-premise hypervisors (VM-Ware ESXi) with SNS appliances.  

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Yacine BS

‎12-08-2022 05:42 AM

I mean - yes possible with above consideration

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Yacine BS
Level 1
Level 1

‎12-08-2022 02:11 PM

Thank you for your help!

0 Helpful
Customers Also Viewed These Support Documents