Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
724
Views
1
Helpful
3
Replies

ISE 2.3 number of PassiveID PSN nodes

Go to solution
tmlakar11
Level 1
Level 1

‎12-04-2017 02:15 AM

Hi all,

I am setting up ISE in a large distributed environment with several pairs of PSNs at remote locations and one pair at HQ. The customer would like to use PassiveID/EC as a fallback auth mechanism.

I was wondering what is the max number of Passive ID nodes in the environment? Is it limited to 2 as is the case with pxGrid, or can it run on all (up to 50) PSNs in the deployment?

If it is limited to 2, than we can have dedicated PSNs in HQ, however I am afraid the solution will not work well for remote locations, since these use remote AD servers.

If it can run on all PSNs, I would like to run it on all PSNs, remote PSNs collecting logs from remote AD servers and reporting back to MNT at HQ.

Thanks in advance,

Cheers

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎12-04-2017 04:11 AM

From the Admin Guide:

Easy Connect is supported in High Availability mode. Multiple nodes can be defined and enabled with a Passive ID. ISE then automatically activates one PSN, while the other nodes remain in standby.

Cisco Identity Services Engine Administrator Guide, Release 2.3 - Manage Users and External Identity Sources [Cisco Ide…

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎12-04-2017 04:11 AM

From the Admin Guide:

Easy Connect is supported in High Availability mode. Multiple nodes can be defined and enabled with a Passive ID. ISE then automatically activates one PSN, while the other nodes remain in standby.

Cisco Identity Services Engine Administrator Guide, Release 2.3 - Manage Users and External Identity Sources [Cisco Ide…

0 Helpful

Go to solution
tmlakar11
Level 1
Level 1
In response to hslai

‎12-05-2017 01:34 AM

Hi, I am not sure if the link helps. Based on that it seems that up to 50 can be dedicated as PID PSNs, however based on configuration guide only one will be selected as active, while the others will be standby.
Therefore it makes no sense to have more then just 2.

Thanks,

0 Helpful
Customers Also Viewed These Support Documents