Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
427
Views
0
Helpful
4
Replies

ISE Cluster in Azure

tiwang
Level 3
Level 3

‎03-07-2024 04:54 AM - edited ‎03-07-2024 04:55 AM

hi out there. we are going to upgrade our good old Cisco ISE cluster to a new 3.2 cluster. We might be requested to do the installation in Azure for what can be done i Azure - like the PAN and MNT node. Those of you which has made a installation in Azure - are you creating a VM or a Azure instance for it - and - are you using the traditional approch with primary and secondary node or what? and what see people as Pros and Contras to install it in Azure?

 

 

0 Helpful
4 Replies 4

Arne Bier
VIP
VIP

‎03-07-2024 05:15 PM

There is no difference in how ISE operates, when you involve public cloud. You can put all or only some nodes in public cloud, and have some on-prem. Since ISE nodes communicate via L3 IP, your only concern is ensuring that all the nodes can talk IP to one another.

Why people put ISE in the public cloud is not clear to me. There is no feature benefit. The only reason I can see is that these customers have no choice, because they no longer have any on-prem locations to host a physical ISE server, or host an ISE VM. That's a strategic/commercial decision made by any customer. The cost and operational benefits have to be compared. 

I don't see there being too much operational benefit, since, unlike elastic services (like web servers) we don't spin up ISE servers every couple of days. ISE servers get built once, stay running and unless there is a need to rebuild them, we only patch them. And patching ISE in public cloud is no different to patching on-prem ISE.

0 Helpful

tiwang
Level 3
Level 3
In response to Arne Bier

‎03-07-2024 10:41 PM

well - i can only say - i don't disagree but that is something else

 

0 Helpful

Pulkit Mittal
Spotlight
Spotlight

‎03-07-2024 05:28 PM

Hi Tiwang,

I suggest looking at ISE in Azure Guide. This is the official technical document with design, steps and limitations. Hopefully, you will have your environment up and running in a few days with this.

Regards,

Pulkit

If you find this useful, please mark it helpful and accept the solution.

0 Helpful

Greg Gibbs
Cisco Employee
Cisco Employee

‎03-07-2024 07:27 PM

If you search this community space for Azure, you'll find various other discussions around this same topic... including this one:
https://community.cisco.com/t5/network-access-control/azure-deployment-advice/td-p/5019158

 

0 Helpful
Customers Also Viewed These Support Documents