All administration and monitoring activities should be performed through the administrative user interface of the primary Administration ISE node.
The menu options that are available for Cisco ISE nodes that are part of a distributed deployment depend on the personas that are enabled on them. A pair of Inline Posture nodes for high availability.One or more Policy Service ISE nodes for session failover.A pair of Monitoring ISE nodes for automatic failover.Primary and secondary Administration ISE nodes for high availability.In a distributed deployment, you can have the following combination of nodes on your network: The Inline Posture node must be a dedicated node. For example, it cannot act as an Administration ISE node (that offers administration service), or a Policy Service ISE node (that offers network access, posture, profile, and guest services), or a Monitoring ISE node (that offers monitoring and troubleshooting services) for an ISE network.Įach node in a deployment, with the exception of the Inline Posture node, can assume the Administration, Policy Service, and Monitoring personas. Likewise, due to the specialized nature of its service, an Inline Posture node cannot assume any persona. Note An Inline Posture node is dedicated solely to that service, and cannot operate concurrently with other ISE services. There is no automatic failover for the Administration persona. If the primary Administration ISE node goes down, you have to manually promote the secondary Administration ISE node. The administration persona can take on any one of the following roles: Standalone, Primary, or Secondary. In a distributed environment, you can have only one or a maximum of two nodes running the administration persona. It handles all system-related configuration and configurations that are related to functionality such as authentication, authorization, auditing, and so on. – Administration-Allows you to perform all administrative operations on Cisco ISE.
CISCO ISE 2.4 HIGH AVAILABILITY SOFTWARE
Each instance (appliance or VMware) that runs the Cisco ISE software is called a node.Ī node can be of two types: ISE node and Inline Posture node. Cisco ISE is available as an appliance and also as a software that can be run on VMware.
CISCO ISE 2.4 HIGH AVAILABILITY HOW TO
This chapter describes the type of nodes, personas, roles, and services that constitute Cisco ISE, and how to configure Cisco ISE nodes and create a Cisco ISE distributed environment.įor information about the Cisco ISE deployment scenarios, refer to the Cisco Identity Services Engine Hardware Installation Guide, Release 1.0. Multiple nodes can be deployed together in a distributed fashion to support failover. The Cisco Identity Services Engine (ISE) provides distributed deployment of runtime services with centralized configuration and management. Replacing the Cisco ISE Appliance Hardware Registering and Configuring a Secondary NodeĬonfiguring Administration Cisco ISE Nodes for High AvailabilityĬreating, Editing, and Deleting Node GroupsĬonfiguring Monitoring ISE Nodes for Automatic Failover Guidelines for Setting Up a Distributed DeploymentĬonfiguring a Primary Administration Cisco ISE Node Understanding Node Types, Personas, Roles, and ServicesĬisco ISE Nodes and Available Menu Options Setting Up Cisco ISE in a Distributed Environment
0 kommentar(er)
