04-09-2019 05:09 AM
Hi
can we achieve ISE redundancy with 2 Virtual ISE installing on VMware. even if one goes down then other should become active ?
Thanks
Solved! Go to Solution.
04-09-2019 06:22 AM
Yes, you can certainly do this and it's probably the most common way to deploy ISE. The same HA is done if you are using SNS hardware appliances or virtual machines. If you deploy two nodes, those two nodes will both host the admin, monitoring, and policy service personas. Both VM's will service radius requests in an active/active fashion where if the NADs are configured for both IP's as radius servers then even if one is down they will process requests.
I recommend reading these two sections of the ISE admin guide.
Introduction:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24.html
Set up ISE in a Distributed Environment:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_011.html
04-09-2019 06:22 AM
Yes, you can certainly do this and it's probably the most common way to deploy ISE. The same HA is done if you are using SNS hardware appliances or virtual machines. If you deploy two nodes, those two nodes will both host the admin, monitoring, and policy service personas. Both VM's will service radius requests in an active/active fashion where if the NADs are configured for both IP's as radius servers then even if one is down they will process requests.
I recommend reading these two sections of the ISE admin guide.
Introduction:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24.html
Set up ISE in a Distributed Environment:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_011.html
04-09-2019 08:58 AM
Just to be clear, redundancy can exist:
1) Between two admin personas (either cold standy, or hot standby via automatic PAN failover)
2) Two MNT personas (hot standby, if the primary one fails after a few minutes the PAN works directly with the secondary MNT)
3) Multiple PSNs are always active-active
04-09-2019 10:11 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide