Solved: ISE Hybrid deployment

sergey.dibrov · ‎03-03-2021

Hello

What is the point of ISE hybrid deployment if max Active Sessions per Deployment the same as standalone and limited by performance of PAN+Mnt Node?
What is the point to have separate PSN from scaling point of view?

Damien Miller · ‎03-03-2021

As you pointed out, the max number of active sessions does not change between a standalone and hybrid deployment. But there are still reasons this is still a deployment methodology companies consider.

A customer may want dedicated guest PSNs they can place in an access restricted location.
There may be a specific ask to have authentication services local to a region.
A customer wants to run load balancers and place two PSNs behind each VIP so easier patching and upgrading without NAD impact.
Less likely, the transactions per second or integration load dictates additional PSNs.

View solution in original post

Damien Miller · ‎03-03-2021

As you pointed out, the max number of active sessions does not change between a standalone and hybrid deployment. But there are still reasons this is still a deployment methodology companies consider.

A customer may want dedicated guest PSNs they can place in an access restricted location.
There may be a specific ask to have authentication services local to a region.
A customer wants to run load balancers and place two PSNs behind each VIP so easier patching and upgrading without NAD impact.
Less likely, the transactions per second or integration load dictates additional PSNs.