Currently, I'm managing a small ISE deployment. There is x1 PAN running M&T and Policy Services personas. The other two PSN's are deployed at two other sites. We're planning on adding five additional PSN nodes to the deployment.

After adding the new PSN's to the deployment, I would have a total of x7 PSN's and x1 PAN. Since the Cisco deployment guidelines state that you can have up to x6 PSN's for a medium-sized deployment and still be able to maintain an environment where the PAN has the M&T and Policy roles in one node if I have the 7th PSN node, would I then be required to move to a large deployment by breaking out the Administration, Policy, and M&T roles into separate nodes?

And how exactly is the enforcement of the medium and large deployments done? I saw that the ISE deployment documentation says that you cannot enable the policy service persona with a node running the Administration persona. But I already have the Admin persona deployed. Will the policy service role become disabled if I attempt to add too many PSN's to the existing deployment?