In this session, we'll be spending a few moments looking through the ISE deployment

screens, talking about some of the options and capabilities there. And then we'll
disable the ISE Profiler Service so that it's not updating endpoint info until
we're better prepared to handle MAB or MAC-based authentication.
Ok, going into the Administration menus, we see Administration System and
Deployment. And we can see our single node currently acting in a standalone role,
which means all personas and all services, default services, are activated on this
particular ISE node. And we get a green checkbox indicating that the node status is
healthy.
You get some basic information up top. And we can see that we've got different
options available, as currently the roles and standalone you'll notice all the
boxes are currently grayed out in terms of disabling or enabling particular
functions. And in this case, we'll make it a primary, which specifically it's
making it a primary PAN, or Policy Administration Node.
And by breaking it into our primary, this will allow us to modify the options. And,
of course, would be the first step in a broader deployment where we're applying
primary and secondary PANs, primary and secondary monitoring or MnT nodes. And then
of course, multiple individual PSNs or typical broader distribution.
This particular operation log takes a few moments to run, does not require a
reboot. We see success here. We're currently operating as a primary. Again, it's
not immediately indicative, this is a primary PAN. Notice that we've got options to
be able to modify roles around the monitoring and PSN capabilities of this
individual node. And we can break those out by adding additional nodes to
deployment and modifying their capabilities.
From the perspective of ISE, it's always aware of all nodes that are part of a
particular deployment and the roles that they serve within. In this case, for the
Policy Service Function and Policy Service Persona, that we've got different
functions that we can enable or disable here. Notice device administration for the
TACACS server, SXP, and threat centric NAC capabilities are also additional options
that we can turn on on this particular node.
Here, we'll disable the Profiler Service and Save. And we'll get a particular pop-
up pointing out that we've got a successful update and indicating that services
will be restarted. It should log us out.
What we're seeing here, without clicking the OK button, in a few minutes, it takes
about three or four minutes, that by reviewing the command line that we see that
the application server is currently in the process of reinitializing. This process
to completely reboot or get the application server to a running state takes about
10 to 15 minutes within a typical environment.
OK, there we just took a look at the Deployment screens, talked a little bit about
how a distributed resilient robust deployment can be managed within ISE a very easy
task to accomplish with multiple nodes. And then we disabled the profile or service
so that it's not adding MAC addresses to our internal database until we're prepared
to do MAC-based authentication via MAB.