09-13-2019 02:41 AM
Hello Experts,
We have a requirement, below is the detail:
1. There are a total of 2500 endpoints
2. Total number of sites are 16 across the globe (7 sites in US, 3 in UK, 1 in Japan, 1 in Singapore, 2 in India, rest in other APJC locations). Each sites having on-prem Active Directory (active/standby)
3. ISE will be licensed for Base, Plus, Apex and device administration
Considering just 2500 endpoints and customer's budget, we are suggesting 2-node deployment, one node in US and other node in India. So US_ISE_node has to be integrated with ADs in US and UK and India_ISE_node with ADs in APJC. Please suggest if there are any challenges for ISE redundant node deployment and ISE-AD integrations.
Thanks,
Rakesh Kumar
09-13-2019 03:00 AM
if i were you. i would deploy each 2xPSN at each country (2xUK,2xJP,2xSingapoor) and so on. two because if the one PNS goes down the other will pick it up.
on the PAN side you can keep in the one main location and add your ADs to PAN.
09-13-2019 03:07 AM
09-13-2019 03:12 AM
As long as the ADs are integrated in ISE this should not be a problem. however, NTP needs to keep in syn all the time. if you using hardware NTP that would be ideal. apart from that would be ideal if customer could spend more monies on the ISE. however, if that that case with limit budget.
09-13-2019 03:24 AM
09-13-2019 06:02 AM
Here are my thoughts/questions without knowing all the details:
IMO when customer requirements come out I always bump the number of endpoints up for future growth. So 2500 endpoints could potentially be 3000. What are the desired needs to have base, plus, & apex licenses? Could you save money here to deploy additional PSN/s?
My recommendation would be 2 PANs, 2 PSNs if you cannot do what @Sheraz.Salim suggested.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide