02-10-2020 01:34 AM - edited 02-10-2020 01:56 AM
Hello,
I'm seeing from the latest BRKSEC-3432 that basic 2-node ISE deployment with appliance 3695 could scale to max 50k sessions. Is this including running Auth + Profile + Posture?
Regards,
Pablo.
02-10-2020 05:34 AM
Have you seen the ISE Performance and Scale page?
https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148
02-10-2020 08:26 AM
I have, and I see under ISE PSN performance the 3695 specifies 50.000 with a * = concurrent sessions for hybrid deployment.
However, it's not clear around sizing when running all 3 services at the same time (auth / profiling / posture).
02-10-2020 01:15 PM
A 2-node deployment with PAN/MnT/PSN personas running on both nodes is still basically a Standalone deployment. As per the Performance & Scaling link shared previously, a Standalone deployment using the SNS-3695 running ISE 2.6 can track a maximum of 50,000 concurrent sessions.
There are no additional scaling numbers for the Posture function, but the guide indicates a number of Posture auths/sec of 83.
As with any ISE scaling discussions, this is 50K sessions, not endpoints. You need to consider that many wireless endpoints may generate multiple concurrent sessions. I would suggest reviewing Clark Gambrel's Cisco Live BRKSEC-2059 'Deploying ISE in a Dynamic Environment' presentation for guidance on planning scale for noisy wireless endpoints.
Cheers,
Greg
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide