03-18-2018 05:17 AM - edited 02-21-2020 10:49 AM
We have 3 ISE nodes license, Want to use 2 in Primary DC, with HA. and then use the 3rd one in the DR.
IN Primary DC, 1 is Primary for Admin, Policy and Monitor.
2 is Secondary for Admin, Policy and Monitor
Then how to do with the 3rd one in DR?
thanks
03-18-2018 09:53 AM
03-18-2018 10:19 AM
- By not using such a model , use standard deploymens; 2 admin + monitor , +2 PSN = 4!
M.
03-19-2018 01:32 PM
My 2 cents.
-The ISE radius or tacacs servers for authentication are the ones running PSN persona not PAN/MNT (admin nodes).
-You should NOT combine multiple personas into the same appliance or VM. But if you have resources constrains then, you should ONLY have 1 primary PAN/MNT, 1 Secondary PAN/MNT and 1 PSN. But still, 1 PSN is not enough because you need redundancy for authentication.
-Running 3495 servers + 2 personas is NOT a good combination, I have seen performance issues so it is much better to run at least 3595.
-At the end, you need minimum 4 appliances or VM's.
03-22-2018 12:14 AM
03-25-2018 05:18 PM
Primary PAN+MnT and Secondary PAN+MnT with 3 x PSNs looks good
I would put all three PSNs in a nodegroup to provide redudancy
happy to receive feedback on my thoughts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide