Would it be possible to have 1 admin, 1 monitor, and then 1 admin/monitor backup? I am getting ready for a large deployment and I can deploy 6 servers between 2 DCs. I have 25,000 base licenses and a TACACs license, and I was going to deploy:
This does not fall under Cisco's recommended deployment model. For 25000 users, you would have to have dedicated Admin and Monitoring node, even for backups. I believe your proposed model may even work, but wont be supported by Cisco.
If you can increase the node to 7 as below, this would be ideal:
1 admin backup
1 monitoring backup
3 policy nodes (upto 40)
If you go with shared Admin/MnT nodes, the max scale you can get is 20000 Radius sessions.
Based on my own experience with a very large deployment (+12 ISE devices / +60K concurrent sessions / 300K+ devices profiled).
1.-DO NOT combine secondary PAN & MTN on the same Node
2.-DO NOT use 3495 for PAN or MNT. I would strongly suggest to go with 3595 so you would not have to invest again in the short term when you realize the 3495 is not enough for the amount of data.
3.-USE version 2.3 which has significant bugs already fixed.
4.-USE individual Nodes for each persona including secondary roles
5.-3 POLICY Nodes should be good enough for 25K endusers because 3495 PSN's can handle 20K x node.
6.-CONSIDER an F5 or similar solution for loadbalancing the traffic AND smooth failover. Round Robin DNS when using CWA or Webauth does not work properly. WLC does not have an actual load balancing mechanism.
ProblemTaking a snapshot of ISE virtual machines is not supported but it still happens occasionally due to administrators taking a snapshot manually or an integrated technology that automatically takes snapshots to back up VMs. When taking a snapsho...
Hi all, Is it available on Stealthwatch 7 Client or web interface the ability to import the Netflow Exporters names? I found only the possibility to configure manually the name of each Netflow Exporter, but not a bulk configuration.
User Experience Enhancements
As part of Cisco Customer Experience program, we are working towards a more uniform user experience and terminology harmonization. This program runs across all Cisco security products.
We are ali...
Join us on Thursday, October 10 at 10 am PT to meet the CEO and Founder of Cisco's most recent security investment.
In today’s cybersecurity arms race, how does Cisco stay one step ahead in the battle against attackers? One key strategy is keeping tabs on...