Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
486
Views
0
Helpful
3
Replies

ISE to AD integration

pwakefor
Cisco Employee
Cisco Employee

‎07-03-2018 07:13 AM

I know there are the key design constraints for inter-ISE node communication:

·        Starting in ISE 2.1: 300ms Max round-trip (RT) latency between any two ISE nodes

·        BW most critical between:

o   PSNs and PriPAN (DB Replication)

o   PSNs and MnT (Audit Logging)

·        Latency most critical between PSNs and Pri PAN.

Are there an similar recommendations for PSN to AD integrations i.e. BW, latency etc.?

Thanks Phil

0 Helpful
3 Replies 3

hslai
Cisco Employee
Cisco Employee

‎07-03-2018 10:36 AM

We do not have such for AD. Instead, we recommend to make use of Microsoft Active Directory site so that PSNs query local DC and GC. Please take a look at CiscoLive BRKSEC-2132.

0 Helpful

rovargas
Cisco Employee
Cisco Employee
In response to hslai

‎02-27-2019 04:06 AM

What would be our approach when customer moves their AD to the cloud? I guess that a latency guidance would be needed...

0 Helpful

rovargas
Cisco Employee
Cisco Employee
In response to hslai

‎02-27-2019 04:07 AM

What would be our approach when customer moves their AD to the cloud? I guess that a latency guidance would be needed...

0 Helpful
Customers Also Viewed These Support Documents