Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3380
Views
5
Helpful
2
Replies

ISE 2.6 Deployment Design Recommendations

Go to solution
MALi-786
Level 1
Level 1

‎05-13-2020 03:21 PM

Hello experts,

 

I have a plan to deploy ISE 2.6 for Posture, Profiling, Wired & Wireless Access,  Passive ID and we will also use pxgrid services as well.

 

Now I have a following question:

Is it a good idea to keep ISE nodes separate from existing virtual environment or install in a same virtual environment where you are also hosting all your other production servers?

 

I am looking for recommendations for best design options.

 

Many thanks in advance.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MALi-786
Level 1
Level 1
In response to Damien Miller

‎05-13-2020 04:13 PM

Yes, I think you are 100% right. There are pros and cons in both designs. Vmotion is also an issue for ISE machine. I think it's a good idea to have multiple dedicated physical appliances for ISE in different geo locations to maintain redundancy.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎05-13-2020 04:00 PM

It's a question that really has no single solution. From my experience, nearly all of my customers collocate their ISE deployments in with their existing vcenters. Relying on geographical and fault management domains across data centers to maintain resiliency. This is also my preference, which likely influences the placement since these customers often look to those deploying ISE for guidance.

There are pro's and con's on either side of this and no one can answer it for every scenario. Ex. If you host ISE VM's on your own standalone esxi servers you are isolating them from the existing vcenter fault domain, but are those as fault tolerant as an enterprise vcenter, are they monitored and managed as well?

A pro of having your own independent VMware hosting for ISE would certainly be the ability to more easily avoid deployment snapshots and live vmotions. In existing environments it's easy for an engineer to think "i'll just vmotion this VM over to another host so I can do maintenance". VMWare engineers are not usually aware of the intricacies of managing ISE as a VM and there are controls and education needed to put in place.

Some customers choose to avoid this all together and go for SNS appliances. Those have their own pro's and con's too of course.

Go to solution
MALi-786
Level 1
Level 1
In response to Damien Miller

‎05-13-2020 04:13 PM

Yes, I think you are 100% right. There are pros and cons in both designs. Vmotion is also an issue for ISE machine. I think it's a good idea to have multiple dedicated physical appliances for ISE in different geo locations to maintain redundancy.

0 Helpful
Customers Also Viewed These Support Documents