cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
1879
Views
0
Helpful
3
Replies

Transactions per Second Measurement for ACS to ISE Migration

dngore
Cisco Employee
Cisco Employee

Hi team,

As per post in "ACS 5.3 TACACS+ Transactions per Second Measurement for ISE Migration"

formula for calculating TPS is 

"Essentially you need to combine all the three reports ( authentication, authorization and accounting) for the ACS server and aggregate it for say 8hrs(working time) to get the TACACS+ TPS."

 

Just to verify my understanding, if below data is for one day (24 hrs) from existing ACS:

Total Authentication messages (Pass+Fail) = 250000, Total Authorization messages = 370000 and accounting messages = 118000 then TPS would be:

(250000+370000+118000) / (24X60X60) = 8.54 TPS

 

Is this correct way to find out TPS?

 

Customer currently has 12 ACS instances. But using above calculation and ISE TPS handling capacity, it comes out to be only 2 ISE PSNs (considering HA). 

 

Just want to double sure.

2 Accepted Solutions

Accepted Solutions

Damien Miller
VIP Alumni
VIP Alumni
Yes, the way you are looking to calculate that is correct. I would keep in mind the potential for these numbers to be misleading though since they are are an average over 24 hours. If the activity is more focused on an 8 hour period, it would be best to use 8*60*60 to better account for peak loading. As you indicated, authentication, authorization and accounting reports must be combined in order to get the TPS. It's much easier to get in
ISE but doesn't help you pre migration.

Like you, I've found that the scale of ISE often requires fewer nodes compared to ACS. Most customers do not want to modify device configurations, reusing ACS IP's. In these cases it can be beneficial overbuilding the ISE deployment merely to keep NAD configuration the same.

View solution in original post

Thx a lot Damien for confirming my understanding.

View solution in original post

3 Replies 3

Damien Miller
VIP Alumni
VIP Alumni
Yes, the way you are looking to calculate that is correct. I would keep in mind the potential for these numbers to be misleading though since they are are an average over 24 hours. If the activity is more focused on an 8 hour period, it would be best to use 8*60*60 to better account for peak loading. As you indicated, authentication, authorization and accounting reports must be combined in order to get the TPS. It's much easier to get in
ISE but doesn't help you pre migration.

Like you, I've found that the scale of ISE often requires fewer nodes compared to ACS. Most customers do not want to modify device configurations, reusing ACS IP's. In these cases it can be beneficial overbuilding the ISE deployment merely to keep NAD configuration the same.

Thx a lot Damien for confirming my understanding.

Hi everyone, where do you get the Authorization and Accounting total numbers for the TPS calculation formula? I can easily find out the Authentication ones from Operations -- > Reports --- > Endpoints and Users --- > Authentication Summary