This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I have a customer who's wanting to build out a highly scalable, fully distributed ISE deployment and they've asked me if we have any recommendations on when to split out the PSNs into different node groups. All ISE personas are connected across the same high-speed MAN, so latency isn't a concern. The campus is spread into quadrants, so they were wondering if there were scaling / performance benefits to break the PSNs out into multiple node groups based on the user's location and likelihood of hitting certain PSNs. For example, if the user is in the NE quadrant of the campus they could only possibly hit a single HA pair of PSNs (based on the RADIUS definitions in the NADs), so should they create a PSN group for just that pair of PSNs?
Node groups are ideal for PSNs that are in the same load balancing pool or same Radius server group in IOS. Usually those PSNs would also be in the same physical location too. So yes, if you typically will group PSNs together logically in your NAD Radius configurations based on location, then put those PSNs together in a node group.