Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
788
Views
0
Helpful
1
Replies

ISE Node Deployments - "Do it right" from day 1 ..

Go to solution
ggriesse@cisco.com
Cisco Employee
Cisco Employee

‎06-09-2016 12:44 PM

Hi all

I have a customer that ultimately will have a fair size deployment 50K + devices ..

We have proposed a HLD and of course designed around a Multinode distributed Architecture , ( dual Admin , Dual M&T and Multiple PSN's)

They have come back asking if the cant rather just "start small" . like one of two nodes and then change the deployment as they grow

i have recommend against this as the operational effort as a see it is more than just "doing it right" to start with .. if they go with the Initial multi node design its easier to expand by just adding PSN's

Do we have any "official recommendations" in line with this rather than just me "saying so .."  perhaps a deployment best practice guide ..or some addition points i can use to motivate Doing it right from day 1 .. ??

Thx

Greg

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎06-09-2016 09:05 PM

Please refer to the Network Deployments in Cisco ISE section of the ISE Hardware Installation Guide for our official deployment sizing and guidance for Small/Medium/Large deployments and the number of nodes and endpoints in each.

If you've scoped out the phases and timelines in your HLD, they should understand how quickly they will need to go from a Lab deployment of 1-2 nodes to a Production scale of somewhere around maybe 10 nodes from what you describe.

If you have a load balancer for all NAD requests then you can start with only one node and grow incrementally without having to continually update the NAD configurations every time you add additional PSNs. If not, then I would suggest starting with a Medium deployment of 4 nodes so you can keep PAN+MNTs separate from from your PSNs. This way you can grow your PSNs horizontally as needed and peel off the MNTs from the PAN+MNT when you want to go to 6 PSNs.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
thomas
Cisco Employee
Cisco Employee

‎06-09-2016 09:05 PM

Please refer to the Network Deployments in Cisco ISE section of the ISE Hardware Installation Guide for our official deployment sizing and guidance for Small/Medium/Large deployments and the number of nodes and endpoints in each.

If you've scoped out the phases and timelines in your HLD, they should understand how quickly they will need to go from a Lab deployment of 1-2 nodes to a Production scale of somewhere around maybe 10 nodes from what you describe.

If you have a load balancer for all NAD requests then you can start with only one node and grow incrementally without having to continually update the NAD configurations every time you add additional PSNs. If not, then I would suggest starting with a Medium deployment of 4 nodes so you can keep PAN+MNTs separate from from your PSNs. This way you can grow your PSNs horizontally as needed and peel off the MNTs from the PAN+MNT when you want to go to 6 PSNs.

0 Helpful
Customers Also Viewed These Support Documents