Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
929
Views
0
Helpful
3
Replies

ISE PX-Grid

Go to solution
DAVID
Level 3
Level 3

‎03-22-2020 05:03 PM

It is a best practice to configure an ISE PX-GRID as a stand-alone on an existing deployment or as another secondary?  This also applies to an ISE 2.6 that I wish to dedicate as PSN for device administration (TACACS).  I currently have two 3615's running ISE 2.6 patch 5 running as primary/secondary. I have 2 3515's running ISE 2.6 patch 5 that I would like to incorporate PX-GRID and DEVICE Admin

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎03-22-2020 05:26 PM - edited ‎03-22-2020 05:27 PM

In a standalone deployment (one or two nodes hosting everything) such as you have where all services are hosted in HA across each other, you are fine to run pxgrid and device admin on them as well.  This is a supported and tested deployment model.

With that in mind, the scaling numbers are much lower when shared with the PAN/MNT/PSN.  In this case, 3600 series appliances don't have published pxgrid scaling numbers, but as of 2.4 and 3500's we had the following guidance. 

3515's - 20 pxgv2 subscribers, but only 2 pxgv1

3595's - 30 pxgv2 subscribers, again only 2 pxgv1

Published here for the 3500's and 2.4, and the BU is aware that they need some updates on this guide.  In the mean time we can safely assume you can support 20 version 2 subscribers.
https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148#toc-hId--2097652494

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎03-22-2020 05:26 PM - edited ‎03-22-2020 05:27 PM

In a standalone deployment (one or two nodes hosting everything) such as you have where all services are hosted in HA across each other, you are fine to run pxgrid and device admin on them as well.  This is a supported and tested deployment model.

With that in mind, the scaling numbers are much lower when shared with the PAN/MNT/PSN.  In this case, 3600 series appliances don't have published pxgrid scaling numbers, but as of 2.4 and 3500's we had the following guidance. 

3515's - 20 pxgv2 subscribers, but only 2 pxgv1

3595's - 30 pxgv2 subscribers, again only 2 pxgv1

Published here for the 3500's and 2.4, and the BU is aware that they need some updates on this guide.  In the mean time we can safely assume you can support 20 version 2 subscribers.
https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148#toc-hId--2097652494

0 Helpful

Go to solution
DAVID
Level 3
Level 3
In response to Damien Miller

‎03-22-2020 05:45 PM - edited ‎03-22-2020 06:21 PM

 
0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to DAVID

‎03-22-2020 06:01 PM

The images you attempted to share did not appear, I would also recommend editing out your contact info since this is a public and google indexed forum.
0 Helpful
Customers Also Viewed These Support Documents