Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
634
Views
0
Helpful
3
Replies

ISE sizing

cciesec333
Level 1
Level 1

‎02-19-2015 05:31 AM - edited ‎03-10-2019 10:28 PM

We have a requirement to deploy ISE for about 2500 users and planning to use basic AAA service and advise on how many nodes and license we need to get will be very helpfull

Labels:
0 Helpful
3 Replies 3

Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎02-19-2015 07:18 AM

do you want to go with physical appliance or virtual, are you planning for a central or distributed deployment . If you are looking for physical appliance then you have 4 x SNS 3415 with HA

2x Admin/Mnt (HA)

2x PSN

and for virtual you can get ISE-VM-K9 x 4

0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to Venkatesh Attuluri

‎02-19-2015 05:53 PM

The design proposed by Venkatesh is ideal but not required. With 2 x 3415 appliances (physical or virtual) you can have up to 5,000 concurrent endpoints. You would run all personas (Admin, monitor and policy services) and will have redundancy. If your environment grows beyond 5,000 endpoints then you would either need to move to the 3495 appliances or consider the distributed deployment that was suggested by Venkatesh. 

 

Thank you for rating helpful posts!

0 Helpful

manjeets
Level 3
Level 3

‎02-19-2015 07:51 PM

Deployment sizing guidance in ISE docs here: http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/installation_guide/b_ise_InstallationGuide13/b_ise_InstallationGuide12_chapter_00.html#ID-1413-000000dc

If centralized deployment, then all RADIUS served out of central PSNs, so can more easily control per-PSN load. 

 

Licensing facts:

  • ISE licensing is by deployment, not per node, although each node will have limit (per tables in URL) as to max endpoints it supports. 
  • Licensing is based on concurrent connections, so typically need to determine what typical max active sessions are at any point in time rather than total guests/users that may connect over longer period of time.
  • Licensing is honor based.  This means that customer can guess that they need X number of licenses to cover deployment.  If they get alarms that they are approaching max or exceeded max, they can order more add-on licenses to cover peak loads. 
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents