Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1411
Views
0
Helpful
5
Replies

Different ISE SNS Appliance can be used in Standalone HA Deployment?

Go to solution
kyawzinlatt
Level 1
Level 1

‎04-13-2022 03:24 AM

For ISE Standalone HA deployment, primary and secondary node can be different appliance model? License need to be installed on the secondary node?

0 Helpful
4 Accepted Solutions

Accepted Solutions

Go to solution
UdupiKrishna
Cisco Employee
Cisco Employee

‎04-13-2022 05:55 AM

You can deploy ISE cluster/HA with different hardware models, but the general recommendation from Cisco would be to use the same model.

This way, there wouldn't be any performance issues after a possible failover since they would be sized the same way. Do keep in mind that each hardware has different performance numbers.

 

While the license is not mandatory for the secondary admin node, but if you are to promote it in the future, then its required.

During PAK registration, there's a field to fill in the secondary UDI, S/N which will cover both nodes.

View solution in original post

0 Helpful

Go to solution
ammahend
VIP
VIP

‎04-13-2022 06:44 AM - edited ‎04-13-2022 06:46 AM

They can be different appliance, they can also be a combination of appliance or VM, for single deployment (with multiple nodes) you need only 1 set of license except VM license which is needed for each VM and Device administration license which is needed to each node configured for device administration services

just be aware that when primary fails, the secondary should be able to take on all the load, that's why similar device is recommended for secondary.

-hope this helps-

View solution in original post

0 Helpful

Go to solution
thomas
Cisco Employee
Cisco Employee

‎04-13-2022 07:05 AM

They can be mixed appliance, VM or cloud however they *should* be the same size for scaling.

Otherwise you must use the smaller of the two for scaling - you cannot expect to switch over to a smaller secondary and expect it to handle the same maximum deployment scale of endpoints.

See https://cs.co/ise-scale for deployment scaling.

View solution in original post

0 Helpful

Go to solution
UdupiKrishna
Cisco Employee
Cisco Employee
In response to kyawzinlatt

‎04-13-2022 07:23 AM

Yes, the licenses needs to re-hosted with the serial/UDI of the new appliance. Easy way is to work with Cisco licensing team to get this sorted out.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
UdupiKrishna
Cisco Employee
Cisco Employee

‎04-13-2022 05:55 AM

You can deploy ISE cluster/HA with different hardware models, but the general recommendation from Cisco would be to use the same model.

This way, there wouldn't be any performance issues after a possible failover since they would be sized the same way. Do keep in mind that each hardware has different performance numbers.

 

While the license is not mandatory for the secondary admin node, but if you are to promote it in the future, then its required.

During PAK registration, there's a field to fill in the secondary UDI, S/N which will cover both nodes.

0 Helpful

Go to solution
kyawzinlatt
Level 1
Level 1
In response to UdupiKrishna

‎04-13-2022 07:06 AM

PAK registration was already done by other Secondar Node UID/SN. Now I want to replace that node by other appliance. So do I need to transfer the license again if I need to promote the secondary one?

0 Helpful

Go to solution
UdupiKrishna
Cisco Employee
Cisco Employee
In response to kyawzinlatt

‎04-13-2022 07:23 AM

Yes, the licenses needs to re-hosted with the serial/UDI of the new appliance. Easy way is to work with Cisco licensing team to get this sorted out.

0 Helpful

Go to solution
ammahend
VIP
VIP

‎04-13-2022 06:44 AM - edited ‎04-13-2022 06:46 AM

They can be different appliance, they can also be a combination of appliance or VM, for single deployment (with multiple nodes) you need only 1 set of license except VM license which is needed for each VM and Device administration license which is needed to each node configured for device administration services

just be aware that when primary fails, the secondary should be able to take on all the load, that's why similar device is recommended for secondary.

-hope this helps-
0 Helpful

Go to solution
thomas
Cisco Employee
Cisco Employee

‎04-13-2022 07:05 AM

They can be mixed appliance, VM or cloud however they *should* be the same size for scaling.

Otherwise you must use the smaller of the two for scaling - you cannot expect to switch over to a smaller secondary and expect it to handle the same maximum deployment scale of endpoints.

See https://cs.co/ise-scale for deployment scaling.

0 Helpful
Customers Also Viewed These Support Documents