ā07-26-2017 03:27 PM - edited ā03-11-2019 12:53 AM
This is a small deployment with 100 managed devices through TACACS and 900 radius authentications.
I have a central site and a DR site, whats the best way to deploy this, I am writing 2 options, please let me know your opinion.
option 1
======
At central Site - 4 nodes
node 1 - primary admin and Mnt
node 2 - secondary admin and MnT
node 3 - PSN 1
node 4 - PSN 2
At DR site - 1 node
node 5 - PSN 3
(All 5 nodes in same deployment, latency and other dependencies is already taken care)
option 2
======
At central site - 2 nodes
node 1 - primary admin, MnT and PSN1
node 2 - secondary admin MnT and PSN2
At DR site - 1 node
node 3 - PSN 3
(all 3 nodes in same deployment, but I am not sure if this will work or is best practices)
I always rate good comments !
ā07-26-2017 07:19 PM
Hi
I would do something like option 1 as per best practice as you guarantee that latency isn't an issue:
option 1 bis
======
At central Site - 3 nodes
node 1 - primary admin and secondary Mnt
node 2 - PSN 1
node 3 - PSN 2
At DR site - 2 nodes
node 4 - secondary admin and primary Mnt
node 5 - PSN 3
This will allow to always have an admin and monitoring node in case 1 DC goes down.
Thanks
PS: Please don't forget to rate and mark as correct answer if this answered your question
ā07-27-2017 04:34 AM
Thanks for your inputs.
ā07-27-2017 04:39 AM
You're welcome. This is what I used quite all of the time for small and medium design.
You can also use Cisco ISE HLD document on how to build the design and all the design documentation around it:
https://communities.cisco.com/docs/DOC-63812
Thanks
PS: Please don't forget to rate and mark as correct answer if this answered your question
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide