Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1243
Views
0
Helpful
2
Replies

ISE Capacity planning

Go to solution
kmittal
Cisco Employee
Cisco Employee

‎05-29-2017 01:27 AM

What are the parameters other than CPU, Memory and Storage that should be monitored on Cisco ISE in order to do capacity planning effectively. Currently ISe 3395 with version 1.4 is active in the production environment in distributed deployment mode.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎05-30-2017 06:56 AM

In addition to those metrics, you will also want to monitor the number of active endpoints for the deployment.  Going beyond the endpoint capacity design for your deployment will have negative effects.

Regards,

-Tim

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎05-30-2017 06:56 AM

In addition to those metrics, you will also want to monitor the number of active endpoints for the deployment.  Going beyond the endpoint capacity design for your deployment will have negative effects.

Regards,

-Tim

0 Helpful

Go to solution
Craig Hyps
Level 10
Level 10

‎05-30-2017 11:00 AM

Kumar,

You need to distinguish between Capacity Planning and System/Server Health and Resource Utilization.  Tim is correct and that the number of concurrent sessions is the primary guidance used for capacity planning of the ISE deployment or given node.  However, there is no guarantee that customer will achieve max potential capacity based on various factors in real environment including network health, auth load and excessive errors, features implemented, and adherence to best practices.

For planning, there should always be a buffer in capacity to accommodate failover, sub-optimal distribution of sessions, activity bursts, anomalous conditions, and individual feature scale.  For server health, the metrics cited are typical ones to watch.  Certainly endpoint distribution (charts added in ISE 2.2), auth activity, alarms, and latency are also key metrics.

Starting in ISE 2.2, we have exposed the Key Performance Metrics (KPM) into Admin UI reports (previously requires export from CLI) as well as ISE Counters and Thresholds which expose the Profiler statics (previously requires display from CLI) which provide more details on RADIUS load and Profiling activity--two of the more impactful indicators of system load.  Process usage has also been broken out into greater detail and exposed to Admin UI reports.

Unfortunately, many application level metrics are not exposed via SNMP, but you can set various alarm thresholds for triggering a log or email.  These can then be further processed by loggers to trigger SNMP Traps.  Some basic SNMP system MIBs and traps are available today.  For SNS appliances, monitoring via the CIMC is an option.  For virtual appliances, monitoring via the hypervisor tools is available.

Hope that helps.

Craig

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents