ISE distributed model can be deployed in 3 different ways depending on the scale.
* Small Network Deployments
* Medium Network Deployments
* Large Network Deployments
Small Network Deployments : A typical small ISE deployment consists of two Cisco ISE nodes with each node running all 3 services on it. The primary node provides all the configuration, authentication and policy functions and the secondary node functions as a backup.
The secondary supports the primary in the event of a loss of connectivity between the network devices and the primary. In case if the primary ISE node goes down we need to manually promote Secondary to Primary.
Medium Network Deployment : The medium-sized deployment consists of a primary and secondary administration node and a primary and secondary monitoring node, alongside separate policy service nodes. Here in this deployment PAN and SAN will take care of administration and log collection part wherein PSN’s will handle authentication for both radius and Tacacs traffic.
Large Network Deployment : ISE can distribute large individual ISE personas among several ISE nodes with a large network deployment you dedicate each node to a separate persona. So a separate node (secure network server) for administration, monitoring and policy service. You should also consider using load balancers in front of the PSN nodes.
Having a single load-balancer does introduce a potential single point of failure so it is highly recommended to deploy two load balancers. Since it’s a large network deployment we can have multiple logging servers so that logs can be transferred across each server.
