ISE Scale 36xx appliances

PabMar · ‎02-10-2020

Hello,

I'm seeing from the latest BRKSEC-3432 that basic 2-node ISE deployment with appliance 3695 could scale to max 50k sessions. Is this including running Auth + Profile + Posture?

Regards,

Pablo.

Charlie Moreton · ‎02-10-2020

Have you seen the ISE Performance and Scale page?

https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148

PabMar · ‎02-10-2020

I have, and I see under ISE PSN performance the 3695 specifies 50.000 with a * = concurrent sessions for hybrid deployment.

However, it's not clear around sizing when running all 3 services at the same time (auth / profiling / posture).

Greg Gibbs · ‎02-10-2020

A 2-node deployment with PAN/MnT/PSN personas running on both nodes is still basically a Standalone deployment. As per the Performance & Scaling link shared previously, a Standalone deployment using the SNS-3695 running ISE 2.6 can track a maximum of 50,000 concurrent sessions.

There are no additional scaling numbers for the Posture function, but the guide indicates a number of Posture auths/sec of 83.

As with any ISE scaling discussions, this is 50K sessions, not endpoints. You need to consider that many wireless endpoints may generate multiple concurrent sessions. I would suggest reviewing Clark Gambrel's Cisco Live BRKSEC-2059 'Deploying ISE in a Dynamic Environment' presentation for guidance on planning scale for noisy wireless endpoints.

Cheers,

Greg