Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1194
Views
25
Helpful
7
Replies

ISE Deployment for TAC

kerai08
Cisco Employee
Cisco Employee

‎01-17-2019 08:37 AM

Hi team,

 

The deployment scale and limits e.g. small, medium, large - are these hard and fast rules to ensure TAC support?

 

My customer wants 2 x admin/mnt and 6 x PSN. This falls just outside of a 'medium' deployment. 

 

If the deployment scale is right, they need to move to a 'large deployment', but then they can't use the SNS 3515 according to the rules (their deployment will only authc/authz 6000 endpoints, splitting PSN for geographical reasons). 

 

If they run 2 x admin/mnt and 6 x PSN on 3515's, will they be supported by TAC? 

 

Thanks,

Arron

0 Helpful
7 Replies 7

anthonylofreso
Level 4
Level 4

‎01-17-2019 08:42 AM

In my experience, yes. these requirements are hard and fast. I have multiple cases documented where minimum/recommended requirements were used as a 'potential' reason for my issue. To the point where I completely re-installed my deployment because of the headache, and also ISE VMs don't play well with hardware expansion.

paul
Level 10
Level 10

‎01-17-2019 11:37 AM

I don't even think you will be able to join the 6th PSN to the deployment.  I am pretty sure last time of customer of mine tried that it wouldn't let them.  I would also challenge the need for so many PSNs assuming their network is properly build with correct redundancy, but that is another discussion.

Damien Miller
VIP Alumni
VIP Alumni

‎01-17-2019 09:55 PM

I gave it a try because I have long wondered if ISE has any internal check for this. So I'm now able to bring some reliable information on this subject.  The disclaimer obviously still stands, it's not tested, TAC will probably tell you that you have to change it, but you can certainly register six psn's in a hybrid 2.4 deployment.

 

hybrid.JPG

kerai08
Cisco Employee
Cisco Employee
In response to Damien Miller

‎01-18-2019 03:16 AM

Thank you - this is helpful. 

 

Looks like the BU need to be made aware of this - there is a gap between medium and large deployment which quite a few customers actually fit into. 

0 Helpful

anthonylofreso
Level 4
Level 4
In response to kerai08

‎01-18-2019 03:51 AM

Agree. the requirements should be made more granular. What got us was disk space. We built it to spec based on some math surrounding endpoints, connections, log retention etc... but in the end could not get reliable support since our admin/mnt nodes did not have the recommended 600GB disk. Since these disks must be thick-provisioned, this had to be a re-deploy.

0 Helpful

Jason Kunst
Cisco Employee
Cisco Employee
In response to kerai08

‎01-18-2019 03:58 AM

Sorry what is the gap? We don’t have lots of different combinations to choose from. You have small (standalone) mediums and large deployment buckets. To spend more resources for other configuration might not make good business sense.

If you have lots of customers that may benefit from a certain configuration then I would reach out to the product managers at http://cs.co/ise-feedback with that Input
0 Helpful

kerai08
Cisco Employee
Cisco Employee
In response to Jason Kunst

‎01-18-2019 05:35 AM

It's exactly that, the gap is that there is not enough clarity in the combinations and absolutely, doesn't make any sense to purchase large appliances for such a small endpoint count because the our deployment documents say so.

I would understand resource limitations, but having a 'large' deployment which excludes 3515 when scalability for multiple sites beyond 5 x PSN is something that may have been overlooked? I'll share with ISE feedback - thanks for that.

0 Helpful
Customers Also Viewed These Support Documents