03-07-2024 04:54 AM - edited 03-07-2024 04:55 AM
hi out there. we are going to upgrade our good old Cisco ISE cluster to a new 3.2 cluster. We might be requested to do the installation in Azure for what can be done i Azure - like the PAN and MNT node. Those of you which has made a installation in Azure - are you creating a VM or a Azure instance for it - and - are you using the traditional approch with primary and secondary node or what? and what see people as Pros and Contras to install it in Azure?
03-07-2024 05:15 PM
There is no difference in how ISE operates, when you involve public cloud. You can put all or only some nodes in public cloud, and have some on-prem. Since ISE nodes communicate via L3 IP, your only concern is ensuring that all the nodes can talk IP to one another.
Why people put ISE in the public cloud is not clear to me. There is no feature benefit. The only reason I can see is that these customers have no choice, because they no longer have any on-prem locations to host a physical ISE server, or host an ISE VM. That's a strategic/commercial decision made by any customer. The cost and operational benefits have to be compared.
I don't see there being too much operational benefit, since, unlike elastic services (like web servers) we don't spin up ISE servers every couple of days. ISE servers get built once, stay running and unless there is a need to rebuild them, we only patch them. And patching ISE in public cloud is no different to patching on-prem ISE.
03-07-2024 10:41 PM
well - i can only say - i don't disagree but that is something else
03-07-2024 05:28 PM
Hi Tiwang,
I suggest looking at ISE in Azure Guide. This is the official technical document with design, steps and limitations. Hopefully, you will have your environment up and running in a few days with this.
Regards,
Pulkit
If you find this useful, please mark it helpful and accept the solution.
03-07-2024 07:27 PM
If you search this community space for Azure, you'll find various other discussions around this same topic... including this one:
https://community.cisco.com/t5/network-access-control/azure-deployment-advice/td-p/5019158
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide