cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
449
Views
5
Helpful
2
Replies

ISE 2.4: A few questions regarding deployment sizing in distributed installations

Nadav
Level 7
Level 7

Hi everyone,

 

I was hoping some of you can chime in regarding some deployment questions. 

 

I looked over the latest ISE 2.4 installation documentation:

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/install_guide/b_ise_InstallationGuide24/b_ise_InstallationGuide24_chapter_00.html

 

1) Under the "PAN and MnT on same node-Dedicated PSNs" deployment model, it states that the maximum number of PSN's is 5. What would happen if you were to try to install a 6th PSN? Would the PAN not allow it? 

 

2) Assuming that you can install more than 5, does that mean there is no hard number of PSN installs but rather it's a function of the "Max RADIUS Sessions Per Deployment", so that if you have many small dispersed sites with only a few computers then you can just as easily install 10 PSN's for a "PAN and MnT on same node-Dedicated PSNs" deployment model?

 

3) Under the "Dedicated (PAN, MnT, PXG, and PSN Nodes)" deployment mode, the Virtual Large SNS-3595 is provided as both PAN and MnT. This sounds counter-intuitive since the Virtual Large SNS-3595 was introduced solely as a dedicated MnT persona for extremely large deployments that required the added performance.  

 

This is according to https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/install_guide/b_ise_InstallationGuide24/b_ise_InstallationGuide24_chapter_01.html 

 

If that's the case, why would you need such a VM to match the scalability of the SNS-3595 hardware?

 

4) I read the following post:

https://communities.cisco.com/thread/78678?start=0&tstart=0

 

It states that the sizing is according to the PAN. I would just like to confirm this is still the case for pure virtual and hybrid deployments (physical and virtual nodes). 

 

 

Thanks in advance for your time, I know this might have been a bit long :)

2 Replies 2

Arne Bier
VIP
VIP

Good questions. If you don't get a lot of response here then you might want to re-post on the communities.cisco.com forum - Cisco TME's moderate and generally provide very good answers

I'll do that, thanks!
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: