ISE Deployment Methods

In this lesson we’re going to be taking a look at the different deployment methods available when implementing Cisco ISE.

There are two methods of deploying Cisco ISE within your network;

When ISE is deployed as a single node, It’s called a standalone deployment. The single node will run all required persona’s. This includes;

The following persona’s can then be enabled if required;

To provide some context, the example outlined below details a standalone ISE deployment.

Depending on the scale of your network and the requirements for ISE, numerous nodes can be deployed. This is used to support failover and improve performance of the ISE deployment. When ISE is deployed in this fashion, it’s known as a distributed deployment.

Cisco provides a number of number of validated design examples, these are broken down into the following categories;

A Cisco ISE deployment is classed as small deployment when it contains at least two nodes.

There are two methods of deploying ISE within the small network deployment;

When ISE is deployed in this method, one node will be designated the primary node, and the other the secondary node.

To provide some context, the topology below details the design;

Both ISE nodes will have the following persona’s enabled;

One node will then be designated as the primary administration and monitoring node and the other designated as the secondary. All RADIUS requests will be directed to the primary ISE node and the secondary as failover.

All configuration and content information that is stored on the primary node is then synchronised and replicated to then secondary.

Similar to Primary/Secondary deployment, a small deployment model can be deployed in a split deployment. The difference being is that RADIUS AAA requests are shared between the two nodes. One important factor is that a single node is able to