Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1077
Views
5
Helpful
3
Replies

ISE distribute deploy questions, 10 nodes, can deploy mix PAN and Mnt ?

Go to solution
BAOHUA
Cisco Employee
Cisco Employee

‎05-28-2019 07:35 PM - edited ‎05-28-2019 08:35 PM

Hi team 

   Just want to know about ISE distribute deploy questions. 

    Environments:

  1. Almost 150k endpoints 
  2. Ten 3595 ISE appliances 

   The question is that we plan to distribute deploy ISE ,2 for PAN&MnT ,2 for PxGrid, 6 for PSN , no profiling so far . Is this deployment validated? What is the best practices in this requirement? If will enable profiling in the future, whether the MnT should be dedicate deploy ? 

 

I only saw this 

ise-deploy screenshot.png

 

as I marked in yellow . Does it means when PAN and Mnt on same node that the dedicate PSN will only maximum 5 PSNs ?  as I marked in blue , Does it means we should deploy role node by dedicate when we want to deploy PSN exceed 5 nodes ? as i asked , whether we can't mix PAN and MnT  when  want to deploy 6 PSNs ?

 

Any feedback will be appreciate . 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎05-28-2019 08:07 PM - edited ‎05-29-2019 08:14 AM

Your picture won't load for me, but what you proposed is not a supported deployment model. A hybrid design with the PAN/MNT personas collocated on the same two nodes has a max of 5 PSNs.

So as you were already suspecting, if you want 6 PSN's and 2 PXG nodes, then you have to have your PAN and MNT personas on different nodes, a dedicated deployment.
You would have a total of 12 nodes;
2x PAN (HA)
2x MNT (HA)
6x PSN
2x PXG

View solution in original post

3 Replies 3

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎05-28-2019 08:07 PM - edited ‎05-29-2019 08:14 AM

Your picture won't load for me, but what you proposed is not a supported deployment model. A hybrid design with the PAN/MNT personas collocated on the same two nodes has a max of 5 PSNs.

So as you were already suspecting, if you want 6 PSN's and 2 PXG nodes, then you have to have your PAN and MNT personas on different nodes, a dedicated deployment.
You would have a total of 12 nodes;
2x PAN (HA)
2x MNT (HA)
6x PSN
2x PXG

Go to solution
BAOHUA
Cisco Employee
Cisco Employee
In response to Damien Miller

‎05-30-2019 10:46 PM

Many thanks

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎05-28-2019 08:18 PM

Hi

I don't see your picture.
You can check the following link: https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148#toc-hId--1312516075

You'll see your design isn't supported.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents