Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1313
Views
0
Helpful
2
Replies

ISE 2.x capacity with mixed 3495 & 3595

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎02-21-2017 01:00 PM

I have a question on the mix of 3495/3595 that the sizing guide does not seem to address.

If the PAN/MNT nodes are 3495, but the PSNs are 3595, do we still get the max concurrent endpoints of 40K/PSN (with ISE 2.2), or does that require the PAN/MNT nodes to also be 3595?

Example - Separate (4) PAN/MNT nodes on 3495, separate PSNs on 3595:

Max number of endpoints = 250K (limit of PAN/MNT hardware)

Max number of PSNs = 40 (limit of PAN hardware)

Max concurrent endpoints per PSN (all PSNs are 3595) = 40,000 (limit of PSN hardware?)

Can you please confirm if these are the limits for a mixed distributed deployment?

I would assume if the PSNs are also mixed 3495/3595, the supported limit would be 20,000 endpoints. Is that correct?

I suspect this will become a more common question from customers with existing ISE deployments now that the 3495 is end of sale.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎02-21-2017 01:10 PM

The sizing guidance is based on the PAN.  If the PAN is a 3495, then those are the numbers to use throughout the deployment.

Example - Separate (4) PAN/MNT nodes on 3495, separate PSNs on 3595:

Max number of endpoints = 250K (limit of PAN/MNT hardware)

Max number of PSNs = 40 (limit of PAN hardware)

Max concurrent endpoints per PSN (all PSNs are 3595) = 40,000 (limit of PSN hardware?)

The PSNs would be scaled at 20,000 per and a max of 250,000 for the deployment

I would assume if the PSNs are also mixed 3495/3595, the supported limit would be 20,000 endpoints. Is that correct?

The fact that the Admin Node is a 3495 dictates the sizing.

Replace the Secondary Admin Node with a 3595, then the MNT Nodes.  Finally, promote the Secondary Admin Node to Primary and replace the original PAN with a 3595.  Once that comes up, promote it to Primary.  Use the 3495s as PSNs.  In this case the PSNs would dictate the sizing up to 40,000 per PSN (20,000 on the 3495, 40,000 on the 3595).  This would expand the Max Number of Endpoints (Active, concurrent) to 500,000 and the Max Number of PSNs to 50.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎02-21-2017 01:10 PM

The sizing guidance is based on the PAN.  If the PAN is a 3495, then those are the numbers to use throughout the deployment.

Example - Separate (4) PAN/MNT nodes on 3495, separate PSNs on 3595:

Max number of endpoints = 250K (limit of PAN/MNT hardware)

Max number of PSNs = 40 (limit of PAN hardware)

Max concurrent endpoints per PSN (all PSNs are 3595) = 40,000 (limit of PSN hardware?)

The PSNs would be scaled at 20,000 per and a max of 250,000 for the deployment

I would assume if the PSNs are also mixed 3495/3595, the supported limit would be 20,000 endpoints. Is that correct?

The fact that the Admin Node is a 3495 dictates the sizing.

Replace the Secondary Admin Node with a 3595, then the MNT Nodes.  Finally, promote the Secondary Admin Node to Primary and replace the original PAN with a 3595.  Once that comes up, promote it to Primary.  Use the 3495s as PSNs.  In this case the PSNs would dictate the sizing up to 40,000 per PSN (20,000 on the 3495, 40,000 on the 3595).  This would expand the Max Number of Endpoints (Active, concurrent) to 500,000 and the Max Number of PSNs to 50.

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to Charlie Moreton

‎02-21-2017 01:30 PM

Thanks for the quick response and confirmation Charles!

0 Helpful
Customers Also Viewed These Support Documents