We have a bare metal ISE Server on premises. We have migrated many of our services over Azure cloud and since there is only one ISE node, we want to have a cluster with a node in the cloud. Is it possible and what are the limitations for this cluster?
Solved! Go to Solution.
Most use case Cisco suggest below :
- The location of AAA clients is important. You should locate the Cisco ISE nodes as close as possible to the AAA clients to reduce network latency effects and the potential for loss of access that is caused by WAN failures.
- Latency guidance is not a “fall off the cliff” number, but a guard rail based on what QA has tested.
- Not all customers have issues with > 300ms while others may have issues with <100ms latency due to overall ISE design and deployment.
- Profiler config is primary determinant in replication requirements between PSNs and PAN which translates to latency.
- When providing guidance, max 300ms roundtrip latency is the correct response from SEs for their customers to design against.
Look at Azure deployment considerations :
Other factors you need to check : LDAP, DNS other stuff.