Solved: Install ISE VM with all Roles in Public cloud

elapaz · ‎07-30-2018

Hello Team,

Customer would like to install their ISE solution core in a Public cloud (2 x vPCs with all roles).

they have a Star topology with each branch (they have 20-30 branches) connected using VPN to their IaaS.

They are aware of Cisco's max 300ms latency between NAD and PSN recommendation - their connections have less then 100ms with the Cloud.

Does Cisco support this type of deployment?

Any issues customer might face if they install the solution this way?

Any input will be highly appreciated.

thank you.

Cory Peterson · ‎07-30-2018

As long as it is a supported Hyper Visor there is no issue. Current Supported Hyper Visors are: VMware, Linux KVM, Microsoft Hyper-V

Also, there is not hard latency requirement between the PSN and NAD. The 300MS is between PAN and PSN.

How many endpoints are at Each Site? With only 2 nodes running all personas, as a guide, the max deployment size is around 20,000 Radius Session (Concurrent Endpoints)

https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/install_guide/b_ise_InstallationGuide23/b_ise_InstallationGuide23_chapter_01.html

View solution in original post

Cory Peterson · ‎07-30-2018

As long as it is a supported Hyper Visor there is no issue. Current Supported Hyper Visors are: VMware, Linux KVM, Microsoft Hyper-V

Also, there is not hard latency requirement between the PSN and NAD. The 300MS is between PAN and PSN.

How many endpoints are at Each Site? With only 2 nodes running all personas, as a guide, the max deployment size is around 20,000 Radius Session (Concurrent Endpoints)

https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/install_guide/b_ise_InstallationGuide23/b_ise_InstallationGuide23_chapter_01.html

elapaz · ‎07-30-2018

thank you for the quick reply & your input.

20K concurrent sessions will do for the customer (many branches not so many devices....) (-: