10-09-2017 01:46 AM
Hi guys, I have two ISE nodes that serve the guest portal (CWA using Cisco WLCs). I have policy rules that says 'if request comes from ISE node x, redirect to guest URL https://nodex' which in turn resolves to the IP of ISE node x. I then have similar rules for ISE node y.
I am NOT using load balancers. Is it advisable to have these two ISE nodes in an ISE Node Group? The information on ISE node groups, and I'm being kind here, is sketchy. I would like to know if ISE Node Groups is something Cisco normally advise for such a deployment, and what exactly it brings to the table.
Thoughts?
DJ
Solved! Go to Solution.
10-09-2017 05:52 AM
If the PSNs are in the same location I always set them up in the node group, load balancer or not. Here is a nice description from the admin guide:
"When two or more Policy Service nodes (PSNs) are connected to the same high-speed Local Area Network (LAN), we recommend that you place them in the same node group. This design optimizes the replication of endpoint profiling data by retaining less significant attributes local to the group and reducing the information that is replicated to the remote nodes in the network. Node group members also check on the availability of peer group members. If the group detects that a member has failed, it attempts to reset and recover all URL-redirected sessions on the failed node."
In 2.3, MAR cache sync was also added to node group members.
10-09-2017 05:52 AM
If the PSNs are in the same location I always set them up in the node group, load balancer or not. Here is a nice description from the admin guide:
"When two or more Policy Service nodes (PSNs) are connected to the same high-speed Local Area Network (LAN), we recommend that you place them in the same node group. This design optimizes the replication of endpoint profiling data by retaining less significant attributes local to the group and reducing the information that is replicated to the remote nodes in the network. Node group members also check on the availability of peer group members. If the group detects that a member has failed, it attempts to reset and recover all URL-redirected sessions on the failed node."
In 2.3, MAR cache sync was also added to node group members.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide