Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
798
Views
0
Helpful
6
Replies

ISE VM on KVM hypervisor. HA mode deployment.

Go to solution
nbalani
Cisco Employee
Cisco Employee

‎11-08-2019 12:50 AM

Hello, 

 

Planning to deploy ISE Small as a VM on KVM hypervisor. Deployment needs to be in HA mode.

 

Will it work ? how to configure the two VMs as HA pair ?

 

Latency limitations ? any other limitation/dependency on network ?

 

any deployment reference ?

 

thanks,

Neelesh

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Arne Bier
VIP
VIP

‎11-08-2019 01:21 AM

Have you looked at the ISE Installation Guide? It’s an excellent read. 

yes it works. 

HA has nothing to do with hypervisor choice. It’s a deployment choice and built into ISE product. Look at the install guide. All will be revealed. 

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Arne Bier
VIP
VIP

‎11-08-2019 01:21 AM

Have you looked at the ISE Installation Guide? It’s an excellent read. 

yes it works. 

HA has nothing to do with hypervisor choice. It’s a deployment choice and built into ISE product. Look at the install guide. All will be revealed. 

0 Helpful

Go to solution
nbalani
Cisco Employee
Cisco Employee
In response to Arne Bier

‎11-08-2019 01:29 AM

Hi Arne,

I have read the install guide. appreciate the details in the guide. Still I am a little lost.

How do I configure the VMs as primary-secondary (hot-standby) ? 

If I deploy ISE in standalone mode, all 3 personas (admin, PSN, monitoring) will run on primary VM. In case of primary VM fails, will all 3 personas failover to secondary VM deployed in different Geo location ?

 

0 Helpful

Go to solution
Arne Bier
VIP
VIP
In response to nbalani

‎11-08-2019 03:01 AM

The Admin nodes contain the config database and those are Deployed on separate nodes in active standby mode. The standby is always in sync and can be failed over to if needed. PSN is not redundant. If it dies then you need to fix or replace it. NAS needs to be configured to point to a secondary or tertiary PSN. Deploy as many PSNs as you need to keep your NASs happy. 

 

0 Helpful

Go to solution
nbalani
Cisco Employee
Cisco Employee
In response to Arne Bier

‎11-08-2019 03:31 AM

So I create 2 VMs (primary and secondary) and procure 2 licenses of ISE VM and TACACS.

Admin and monitoring persona will work on active-standby mode on primary-secondary VM respectively and failover will work.

PSN-1 will work on primary VM and PSN-2 will work on secondary VM. Both PSN IPs will be configured in Network devices as primary / secondary. Some devices will use PSN1 as primary and others can be configured for PSN2 as primary.

Please confirm or correct my understanding.

Thanks,
Neelesh
0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to nbalani

‎11-08-2019 08:24 AM

Your understanding is correct. PSN's are active/active regardless of the PAN/MNT persona layout. You can always send authentication requests to either PSN.
0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Arne Bier

‎11-08-2019 03:05 PM

@Arne Bier wrote:

Have you looked at the ISE Installation Guide? It’s an excellent read. 

yes it works. 

HA has nothing to do with hypervisor choice. It’s a deployment choice and built into ISE product. Look at the install guide. All will be revealed. 

there are also http://cs.co/ise-guides http://cs.co/ise-help and we have a youtube channel - http://cs.co/ise-videos

0 Helpful
Customers Also Viewed These Support Documents