cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1107
Views
0
Helpful
2
Replies
Highlighted
Beginner

ISE Sizing and Utilization

Hi,

I have a large implementation of ISE in a distributed model with 2 ISEs for PAN and 2 for MnT and centralized PSNs in multiple regions which will cover a lot of branches.


unfortunately we can't afford a load balancers behind PSNs and we have to configure each NAD for a specific PSN.

when I made the sizing I found that each node will be utilized by 90-95 % , is it Ok or not ?

what is the best utilization percentage for better performance ?


also I'm planning to do N+1 for redundancy , is it a good idea to let 1 node without utilization for only a failover or there is a better way ?


Thanks in advance.

Everyone's tags (4)
2 REPLIES 2
Highlighted
Cisco Employee

Re: ISE Sizing and Utilization

Please start with Craig's CiscoLive BRKSEC-3699.

This is not really right or wrong or good/bad ideas but it all depends on your strategy when a PSN overloads or fails.

Highlighted
VIP Advisor

Re: ISE Sizing and Utilization

I personally wouldn't be comfortable with it.  If you lose a PSN at 90-95% I would expect to over run the nodes where the load moves to.

I think scaling numbers should be taken with a grain of salt.  With a stable well tuned environment you might be able to approach 90% of the rating but there are always outliers.  You can't always control every endpoint or aspect of the network, designing to 90-95% might make for a temperamental deployment if something acts funny.