Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1351
Views
15
Helpful
4
Replies

ISE Deployment design

Go to solution
atiye.bigdeli
Level 1
Level 1

‎06-02-2019 02:41 AM - edited ‎02-21-2020 11:06 AM

Hi friends.

 

We want to design the Cisco ISE deployment for the network with the 1000 Clients. (only radius not tacacs).

the node are only wire and there is no wireless node.

which VM deployment size should we use? and should use the distributed design for 1000 node or standalone?

 

Best Regards

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
yalbikaw
Cisco Employee
Cisco Employee

‎06-02-2019 02:56 PM

Hello :)

 

please check this link for perfomance and scale.

https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148#toc-hId--1069292324

 

it will show you each sns or equivalent vm and how much they can handle.

 

regarding standalone or distributed, it really depends on the infra.

its nice to have 2 node deployment for redundancy check this document as well 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/install_guide/b_ise_InstallationGuide24/b_ise_InstallationGuide24_chapter_00.pdf

 

Wishes,

 

View solution in original post

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎06-02-2019 03:03 PM

You should plan for two 3515 or 3615 vm templates in a standalone HA cluster. These are good to support 7500 or 10,000 endpoints (3515 vs 3615), more than enough capacity for your endpoint count.

Having two nodes doesn't increase the scale any in a standalone deployment topology, but will allow you to perform maintenance functions with lower impact.

3615's are new for 2.6 and supported with this version, support 10k active endpoints.
3515 which is supported on either 2.4 or 2.6. 7500 or 10k supported active endpoints.

View solution in original post

4 Replies 4

Go to solution
yalbikaw
Cisco Employee
Cisco Employee

‎06-02-2019 02:56 PM

Hello :)

 

please check this link for perfomance and scale.

https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148#toc-hId--1069292324

 

it will show you each sns or equivalent vm and how much they can handle.

 

regarding standalone or distributed, it really depends on the infra.

its nice to have 2 node deployment for redundancy check this document as well 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/install_guide/b_ise_InstallationGuide24/b_ise_InstallationGuide24_chapter_00.pdf

 

Wishes,

 

Go to solution
atiye.bigdeli
Level 1
Level 1
In response to yalbikaw

‎06-07-2019 01:30 AM

Hi

Thank you for your answer.

I have another question. should I buy the license related the vm size?

Regards.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to atiye.bigdeli

‎06-08-2019 08:40 PM

You license the VM(s) based on its size (medium is the most common) and then separately license the deployment based on the number of endpoints and features needed (Base, Plus, Apex, and/or Device Administration).

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎06-02-2019 03:03 PM

You should plan for two 3515 or 3615 vm templates in a standalone HA cluster. These are good to support 7500 or 10,000 endpoints (3515 vs 3615), more than enough capacity for your endpoint count.

Having two nodes doesn't increase the scale any in a standalone deployment topology, but will allow you to perform maintenance functions with lower impact.

3615's are new for 2.6 and supported with this version, support 10k active endpoints.
3515 which is supported on either 2.4 or 2.6. 7500 or 10k supported active endpoints.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents