Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
527
Views
4
Helpful
2
Replies

ISE Distributed Deployment

Go to solution
isabela
Level 1
Level 1

‎07-11-2023 07:39 AM

How can i best structure a large deployment with three Data Centers?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎07-12-2023 08:18 AM

If it was my choice I would lay it out like this for a deployment that needs to support 25k+ active endpoints. You can increase the number of PSN nodes as the scale requires but the key component for me is that I would recommend putting the PSN nodes behind load balancers. This is not a hard requirement but this greatly simplifies the network device configuration since you can deploy all three load balancer virtual IP's to each network device in the order that makes sense. You can scale the deployment by adding PSN nodes without having to do much rework, and the maintanance/patching becomes much more transparent since network devices can have a VIP remain up with nodes being down. 

Primary DC 

  • 1x Primary Admin Node
  • 1x Primary Monitoring Node
  • At least 2x Policy Service Node (behind a load balancer)
  • 1x PxGrid Node if required

Secondary DC

  • 1x Secondary Admin Node
  • 1x Secondary Monitoring Node
  • At least 2x Policy Service Node (behind a load balancer)
  • 1x PxGrid node if required

Tertiary DC

  • At least 2x Policy Service Node (behind a load balancer)

 

View solution in original post

2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-11-2023 10:06 AM

There are many options Which is best for you depends a lot on your particular requirements.

You should start by reviewing this guide: https://cs.co/ise-scale

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎07-12-2023 08:18 AM

If it was my choice I would lay it out like this for a deployment that needs to support 25k+ active endpoints. You can increase the number of PSN nodes as the scale requires but the key component for me is that I would recommend putting the PSN nodes behind load balancers. This is not a hard requirement but this greatly simplifies the network device configuration since you can deploy all three load balancer virtual IP's to each network device in the order that makes sense. You can scale the deployment by adding PSN nodes without having to do much rework, and the maintanance/patching becomes much more transparent since network devices can have a VIP remain up with nodes being down. 

Primary DC 

  • 1x Primary Admin Node
  • 1x Primary Monitoring Node
  • At least 2x Policy Service Node (behind a load balancer)
  • 1x PxGrid Node if required

Secondary DC

  • 1x Secondary Admin Node
  • 1x Secondary Monitoring Node
  • At least 2x Policy Service Node (behind a load balancer)
  • 1x PxGrid node if required

Tertiary DC

  • At least 2x Policy Service Node (behind a load balancer)

 

Customers Also Viewed These Support Documents