cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2125
Views
0
Helpful
5
Comments
Etlicher
Level 1
Level 1

Hello, I am implementing the Cisco ISE solution (two virtual applications). I wonder if the best practices were to deploy the OVAs on the normal cluster with the other virtual machines or dedicate two servers (cluster) to the appliance in order to have maximum performance? I think that depends on the number of clients to manage as well as the current workload of the cluster, right?

 

Thx !!

Comments
balaji.bandi
Hall of Fame
Hall of Fame

As per i know they do not give high availability unlike FW as per my understanding, deploy them as separate nodes.

 

Look up deployment guide and sizing :

 

https://www.cisco.com/c/en/us/td/docs/security/ise/1-2/installation_guide/ise_ig/ise_deploy.html

 

here good to start all documents are here for your reference :

 

https://community.cisco.com/t5/security-documents/ise-community-resources/ta-p/3621621#Implement

Etlicher
Level 1
Level 1

Hello,

I have already created a deployment node with my two ISE servers, the solution is functional.

I just want to see if the best and to dedicate two servers to the ISE appliance or if I can leave them with other
VM on a classic cluster.

Marvin Rhoads
Hall of Fame
Hall of Fame

Coexisting within clusters with other VMs is by far the most prevalent way ISE VMs are deployed.

As long as you have adequate resources for your VMs allocated they should be fine. ISE will periodically check disk IOPS and alert you if that parameter is becoming troublesome.

Etlicher
Level 1
Level 1

Once fully operational, the ISE will be used as a RADIUS network access control, to make dynamic VLAN
and the TrestSec function will also be used.
A total of 3000 connections will be checked.

The CPU, disk and network loads of ISE servers will not be significant? I want to be sure to guarantee maximum performance
at the ISE node.

balaji.bandi
Hall of Fame
Hall of Fame

what version of ISE you have in place:

 

here is ISE 2.4 VM requirement -

 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/install_guide/b_ise_InstallationGuide24/b_ise_InstallationGuide24_chapter_01.html

 

3000 end devices you mean, you need to look and design multiple PSN and MGMT, so you have high availability.

 

Did you get a chance to read the documents i have posted before?   VM Performance varies depends on your IOPS - what kind of disk you have.

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: