cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1049
Views
10
Helpful
6
Replies

Removing last PSN from cluster

dgaikwad
Level 5
Level 5

Hi Experts,

In my lab I had setup and entire dsitributed cluter with one each of the nodes (Primary and secondary PAN, primary and secondary Motioning, and a PSN)
Now when I tried to remove the primary monitoring node (after removing the secondary monitoring), an error was thrown, stating that there needs to be at least one monitoring node in the cluster.
But, when I removed the the only PSN from the cluster, there was no such error or warning given?!
Is this something by design? Or am I doing something wrong?
It all stems to the lab that I have setup and noticed this, not sure if this by design or if missing out on something?

1 Accepted Solution

Accepted Solutions

Surendra
Cisco Employee
Cisco Employee
This is by design. Since PAN/PSNs do not have a logging capability of their own, there needs to be a Monitoring node in the deployment as it is completely off loaded to the MnT Persona and that there can be only 2 monitoring nodes in a deployment. Even if you do not have a PSN, you can use PxGrid services of a node just subscribing and publishing data. I know that this is not a perfect answer but partially explains the need not do so.

View solution in original post

6 Replies 6

Surendra
Cisco Employee
Cisco Employee
This is by design. Since PAN/PSNs do not have a logging capability of their own, there needs to be a Monitoring node in the deployment as it is completely off loaded to the MnT Persona and that there can be only 2 monitoring nodes in a deployment. Even if you do not have a PSN, you can use PxGrid services of a node just subscribing and publishing data. I know that this is not a perfect answer but partially explains the need not do so.

Damien Miller
VIP Alumni
VIP Alumni
Keep in mind that you can run all ISE roles/personas on a single node if you want to do so. I wouldn't recommend a single node deployment in production, but I regularly use a single node for lab purposes.

RaffyLindogan
Spotlight
Spotlight

Hi mate,

 

The reason for this is that ISE doesn't have a concept of Primary or Secondary PSN.

It is the NAD that dictates which ISE to go to first as primary or secondary.

If you check on the ISE Deployment, The "Roles" of PRI - primary or SEC - secondary is for (A) - admin or (M) - monitoring.
You will never see that on PSN Role.

 

 

Cheers,

 

Raffy

 

If there are no other PSN in the cluster, then in that scenario, it is possible for the PAN to process the authentication requests?

If the NAD is pointed to the PAN in the cluster?

Yes, if the admin node(s) enabled with session services.

Thank you guys! I think this has resolved my query...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: