ISE Distributed Deployment

aniketalashe · ‎01-19-2017

Hi,

We are planning an ISE installation in our organization and wanted to check if we can have a three node ISE setup running various personas as listed.

Location - DC

Node 1 - Admin Primary/Monitoring Primary

Node 2 - PSN

Location - DR

Node 3 - Admin Secondary/Monitoring Secondary/PSN

Regards

Rahul Govindan · ‎01-19-2017

When you have a combined PAN, PSN and MNT node, it does not support a separate PSN. Look at the reference here:

http://www.cisco.com/c/en/us/td/docs/security/ise/2-1/install_guide/b_ise_InstallationGuide21/b_ise_InstallationGuide21_chapter_00.pdf

The deployment you mentioned is somewhere between Small and Medium deployment. I would recommend adding another PSN (you can have upto 5), so that you have separate PSN and remaining functionality. If price is a criterion, you can have 2 nodes doing all personas - which gives you the same supported user count as Medium deployment.

ISE Distributed Deployment

Patch Upgrade in Cisco ISE Distributed deployment ?

2. Introducing Cisco ISE Deployment - 2.1 & 2.2

ISE distribution deployment

ISE Secure Wired Access Prescriptive Deployment Guide

ISE Posture Prescriptive Deployment Guide