04-13-2022 03:24 AM
For ISE Standalone HA deployment, primary and secondary node can be different appliance model? License need to be installed on the secondary node?
Solved! Go to Solution.
04-13-2022 05:55 AM
You can deploy ISE cluster/HA with different hardware models, but the general recommendation from Cisco would be to use the same model.
This way, there wouldn't be any performance issues after a possible failover since they would be sized the same way. Do keep in mind that each hardware has different performance numbers.
While the license is not mandatory for the secondary admin node, but if you are to promote it in the future, then its required.
During PAK registration, there's a field to fill in the secondary UDI, S/N which will cover both nodes.
04-13-2022 06:44 AM - edited 04-13-2022 06:46 AM
They can be different appliance, they can also be a combination of appliance or VM, for single deployment (with multiple nodes) you need only 1 set of license except VM license which is needed for each VM and Device administration license which is needed to each node configured for device administration services
just be aware that when primary fails, the secondary should be able to take on all the load, that's why similar device is recommended for secondary.
04-13-2022 07:05 AM
They can be mixed appliance, VM or cloud however they *should* be the same size for scaling.
Otherwise you must use the smaller of the two for scaling - you cannot expect to switch over to a smaller secondary and expect it to handle the same maximum deployment scale of endpoints.
See https://cs.co/ise-scale for deployment scaling.
04-13-2022 07:23 AM
Yes, the licenses needs to re-hosted with the serial/UDI of the new appliance. Easy way is to work with Cisco licensing team to get this sorted out.
04-13-2022 05:55 AM
You can deploy ISE cluster/HA with different hardware models, but the general recommendation from Cisco would be to use the same model.
This way, there wouldn't be any performance issues after a possible failover since they would be sized the same way. Do keep in mind that each hardware has different performance numbers.
While the license is not mandatory for the secondary admin node, but if you are to promote it in the future, then its required.
During PAK registration, there's a field to fill in the secondary UDI, S/N which will cover both nodes.
04-13-2022 07:06 AM
PAK registration was already done by other Secondar Node UID/SN. Now I want to replace that node by other appliance. So do I need to transfer the license again if I need to promote the secondary one?
04-13-2022 07:23 AM
Yes, the licenses needs to re-hosted with the serial/UDI of the new appliance. Easy way is to work with Cisco licensing team to get this sorted out.
04-13-2022 06:44 AM - edited 04-13-2022 06:46 AM
They can be different appliance, they can also be a combination of appliance or VM, for single deployment (with multiple nodes) you need only 1 set of license except VM license which is needed for each VM and Device administration license which is needed to each node configured for device administration services
just be aware that when primary fails, the secondary should be able to take on all the load, that's why similar device is recommended for secondary.
04-13-2022 07:05 AM
They can be mixed appliance, VM or cloud however they *should* be the same size for scaling.
Otherwise you must use the smaller of the two for scaling - you cannot expect to switch over to a smaller secondary and expect it to handle the same maximum deployment scale of endpoints.
See https://cs.co/ise-scale for deployment scaling.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide