Cisco ISE Deployment Options:

o Implementing Cisco ISE, you should be aware of the Deployment Modes.

o Implementing Cisco ISE, you should be aware of architectural functionality.
o Cisco ISE is a highly flexible and scalable security platform.
o Cisco ISE is platform designed for fault tolerance and redundancy.
o There are mainly two deployment options Standalone and Distributed.
o Node is Individual instance – Physical Appliance or Virtual Appliance.
o Node refer to a physical or virtual instance of the Cisco ISE appliance.
o Persona is often used interchangeable and determines the service.
o Persona or personas of a node determine the services provided by a node.
o Example of Personas are Administration, Policy Service and Monitoring etc.
o ISE node can assume the Administration, Policy Service, or Monitoring personas.
o Role is applies to Administration and Monitoring nodes.
o Standalone Node is not aware of each other and acts alone.

Standalone Deployment:
o Standalone Deployment is built on one ISE Node.
o Standalone mode is also called as Single Node Deployment.
o In this deployment, all ISE personas reside on a single appliance.
o All the personas are available in Single Physical or Virtual ISE device.
o Single ISE device is responsible for performing all the functions.
o Standalone Deployment method is no redundancy available.
o If ISE loses network connectivity authentication/authorization will not work.
o If ISE device loses power connectivity authentication/authorization will not work.
o Maximum number of device supported around 10000 depends upon the device.
o This method is not used commonly as it does not have redundancy.
o This deployment is recommended only when testing a solution in a lab.

1 | P a g e Prepared By Ahmad Ali, Email: [email protected] , Mobile# 0564303717

Distributed Deployment:
o Distributed Deployment is built with more than one ISE nodes.
o This Method is also called as Two Node Deployment Mode.
o This method, all the personas are divided and assigned into two persona.
o This method provides redundancy as using two ISE devices.
o The first appliance, ISE-1, acts as the primary PAN and secondary MNT.
o The second appliance, ISE-2, acts as the secondary PAN and primary MNT.
o Both the first and second appliances, ISE-1 and ISE-2, simultaneously act as PSNs.
o Maximum number of device supported around 10000 depends upon the device.
o This method is commonly used to implemented and deployed.
Example of two-node deployment.

Four Node Deployment:

o Four Node Method is also same as Two Node Method.
o However, Four Node Method using four ISE devices in the deployment.
o The first appliance, ISE-1, acts as the primary PAN and secondary MNT.
o The second appliance, ISE-2, acts as the secondary PAN and primary MNT.
o ISE-3 and ISE-4 in four-node deployment are used strictly for the PSN persona.
o Maximum number of device supported around 10000 depends upon the device.
Example of four-node deployment.

2 | P a g e Prepared By Ahmad Ali, Email: [email protected] , Mobile# 0564303717

Fully Distributed Deployment:
o Each & every persona will be allocated to two or more separate ISE devices.
o Fully distributed deployment of Cisco ISE separates each persona.
o Fully distributed deployment places each on a separate appliance.
o Place the primary PAN on ISE-1 and the primary MNT on ISE-2.
o Secondary PANs and MNTs would be deployed on ISE-3 and ISE-4.
o Fully distributed deployment model has greater scalability.

3 | P a g e Prepared By Ahmad Ali, Email: [email protected] , Mobile# 0564303717