Cisco Identity Services Engine Installation Guide, Release 3.1 - Cisco Secured Network Server 3500/3600 Series Appliances and Virtual Machine Requirements [Cisco Identity Services Engine 3.1] (2023)

Hardware and Virtual Appliance Requirements for Cisco ISE

Cisco Identity Services Engine (ISE) can be installed on Cisco SNS hardware or virtual appliances. To achieve performance and scalability comparable to the Cisco ISE hardware appliance, the virtual machine should be allocated system resources equivalent to the Cisco SNS 3500 or 3600 series appliances. This section lists the hardware, software, and virtual machine requirements required to install Cisco ISE.

Cisco Identity Services Engine Installation Guide, Release 3.1 - Cisco Secured Network Server 3500/3600 Series Appliances and Virtual Machine Requirements [Cisco Identity Services Engine 3.1] (1)
Note

Harden your virtual environment and ensure that all the security updates are up-to-date. Cisco is not liable for any security issues found in hypervisors.

Cisco Secured Network Server 3500 and 3600 Series Appliances

For Cisco Secured Network Server (SNS) hardware appliance specifications, see "Table 1, Product Specifications" in the Cisco Secure Network Server Data Sheet.

For Cisco SNS 3500 series appliances, see Cisco SNS-3500 Series Appliance Hardware Installation Guide.

For Cisco SNS 3600 series appliances, see Cisco SNS-3600 Series Appliance Hardware Installation Guide.

Cisco Identity Services Engine Installation Guide, Release 3.1 - Cisco Secured Network Server 3500/3600 Series Appliances and Virtual Machine Requirements [Cisco Identity Services Engine 3.1] (2)
Note

Cisco ISE 3.1 does not support Cisco SNS 3515 appliance. For information about the supported hardware platforms for Cisco ISE 3.1, see Supported Hardware.

VMware Virtual Machine Requirements for Cisco ISE

You can use the VMware migration feature to migrate virtual machine (VM) instances (running any persona) between hosts. Cisco ISE supports both hot and cold migration.

  • Hot migration is also called live migration or vMotion. Cisco ISE need not be shutdown or powered off during the hot migration. You can migrate the Cisco ISE VM without any interruption in its availability.

  • Cisco ISE must be shutdown and powered off for cold migration. Cisco ISE does not allow to stop or pause the database operations during cold migration. Hence, ensure that Cisco ISE is not running and active during the cold migration.

    Cisco Identity Services Engine Installation Guide, Release 3.1 - Cisco Secured Network Server 3500/3600 Series Appliances and Virtual Machine Requirements [Cisco Identity Services Engine 3.1] (3)
    Note

    You must use the application stop command before using the halt command or powering off the VM to prevent database corruption issues.

Cisco Identity Services Engine Installation Guide, Release 3.1 - Cisco Secured Network Server 3500/3600 Series Appliances and Virtual Machine Requirements [Cisco Identity Services Engine 3.1] (4)
Caution

If the Snapshot feature is enabled on the VM, it might corrupt the VM configuration. If this issue occurs, you might have to reimage the VM and disable VM snapshot.

Cisco Identity Services Engine Installation Guide, Release 3.1 - Cisco Secured Network Server 3500/3600 Series Appliances and Virtual Machine Requirements [Cisco Identity Services Engine 3.1] (5)
Note

Cisco ISE does not support VMware snapshots for backing up ISE data because a VMware snapshot saves the status of a VM at a given point in time. In a multi-node Cisco ISE deployment, data in all the nodes are continuously synchronized with current database information. Restoring a snapshot might cause database replication and synchronization issues. We recommend that you use the backup functionality included in Cisco ISE for archival and restoration of data. Using VMware snapshots to back up ISE data results in stopping Cisco ISE services. A reboot is required to bring up the ISE node.

Cisco ISE offers the following OVA templates that you can use to install and deploy Cisco ISE on virtual machines (VMs):

  • ISE-3.1.0.518b-virtual-SNS3615-SNS3655-300.ova

  • ISE-3.1.0.518b-virtual-SNS3615-SNS3655-600.ova

  • ISE-3.1.0.518b-virtual-SNS3655-SNS3695-1200.ova

  • ISE-3.1.0.518b-virtual-SNS3695-1800.ova

    Cisco Identity Services Engine Installation Guide, Release 3.1 - Cisco Secured Network Server 3500/3600 Series Appliances and Virtual Machine Requirements [Cisco Identity Services Engine 3.1] (6)
    Note

    If you want to import the SNS 3695 OVA template to the VMware vCenter content library, you can use the ISE-3.1.0.518b-virtual-SNS3695-1800.ova template. This OVA template is similar to the ISE-3.1.0.518b-virtual-SNS3695-2400.ova template, except for the reserved disk size, which has been reduced from 2400 GB to 1800 GB to workaround a limitation in the Vmware vCenter content library that prevents import of OVAs with disk size larger than 2 TB.

  • ISE-3.1.0.518b-virtual-SNS3695-2400.ova

    (Video) Configuring the CIMC and Installing Cisco ISE on an SNS Appliance

  • ISE-3.1.0.518b-ESXi-6.5-virtual-SNS3615-SNS3655-300.ova

  • ISE-3.1.0.518b-ESXi-6.5-virtual-SNS3615-SNS3655-600.ova

  • ISE-3.1.0.518b-ESXi-6.5-virtual-SNS3655-SNS3695-1200.ova

  • ISE-3.1.0.518b-ESXi-6.5-virtual-SNS3695-1800.ova

  • ISE-3.1.0.518b-ESXi-6.5-virtual-SNS3695-2400.ova

    Cisco Identity Services Engine Installation Guide, Release 3.1 - Cisco Secured Network Server 3500/3600 Series Appliances and Virtual Machine Requirements [Cisco Identity Services Engine 3.1] (7)
    Note

    If you are using ESXi 6.5, you must use the OVA templates with ESXi-6.5 in the filenames. The other OVA templates are for ESXi 6.7 and later versions.

    When you are using ESXi 6.5, you might see the following warning message:

    The configured guest OS (Red Hat Enterprise Linux 7 (64-bit)) for this virtual machine does not match the guest that is currently running (Red Hat Enterprise Linux 8 (64-bit)). You should specify the correct guest OS to allow for guest-specific optimizations.

    However, this does not have any functional impact. For more information, see CSCwb45787.

The 300 GB OVA templates are sufficient for Cisco ISE nodes that serve as dedicated Policy Service or pxGrid nodes.

The 600 GB and 1.2 TB OVA templates are recommended to meet the minimum requirements for ISE nodes that run the Administration or Monitoring persona.

If you need to customize the disk size, CPU, or memory allocation, you can manually deploy Cisco ISE using the standard .iso image. However, it is important that you ensure the minimum requirements and resource reservations specified in this document are met. The OVA templates simplify ISE virtual appliance deployment by automatically applying the minimum resources required for each platform.

Table 1. OVA Template Reservations

OVA Template Type

Number of CPUs

CPU Reservation (In MHz)

Memory (In GB)

Memory Reservation (In GB)

Evaluation

4

No reservation.

16

No reservation.

Small

16

16,000

32

32

Medium

24

24,000

96

96

Large

24

24,000

256

256

We strongly recommend that you reserve CPU and memory resources to match the resource allocation. Failure to do so may significantly impact ISE performance and stability.

For information about the supported operating systems, see Supported Operating System for Virtual Machines.

For information about the product specifications for Cisco SNS appliance, see Cisco Secure Network Server Data Sheet.

The following table lists the VMware virtual machine requirements.

Table 2. VMware Virtual Machine Requirements

Requirement Type

Specifications

CPU

  • Evaluation

    • Clock speed: 2.0 GHz or faster

    • Number of CPU cores: 4 CPU cores

  • Production

    • Clock speed: 2.0 GHz or faster

    • Number of cores:

      • SNS 3500 Series Appliance:

        • Medium: 16

        • Large: 16

          Note

          The number of cores is twice of that present in equivalent of the Cisco Secure Network Server 3500 series, due to hyperthreading.

      • SNS 3600 Series Appliance:

        • Small: 16

        • Medium: 24

        • Large: 24

          Note

          The number of cores is twice of that present in equivalent of the Cisco Secure Network Server 3600 series, due to hyperthreading. For example, in case of Small network deployment, you must allocate 16 vCPU cores to meet the CPU specification of SNS 3615, which has 8 CPU Cores or 16 Threads.

Memory

  • Evaluation: 16 GB

  • Production

    • Small: 32 GB for SNS 3615

    • Medium: 64 GB for SNS 3595 and 96 GB for SNS 3655

    • Large: 256 GB for SNS 3695

Hard Disks

  • Evaluation: 300 GB

  • Production

    300 GB to 2.4 TB of disk storage (size depends on deployment and tasks).

    See the recommended disk space for VMs in the following link: Disk Space Requirements.

    We recommend that your VM host server use hard disks with a minimum speed of 10,000 RPM.

    Note

    When you create the Virtual Machine for Cisco ISE, use a single virtual disk that meets the storage requirement. If you use more than one virtual disk to meet the disk space requirement, the installer may not recognize all the disk space.

Storage and File System

The storage system for the Cisco ISE virtual appliance requires a minimum write performance of 50 MB per second and a read performance of 300 MB per second. Deploy a storage system that meets these performance criteria and is supported by VMware server.

Cisco ISE provides a number of methods to verify if your storage system meets these minimum requirements before, during, and after Cisco ISE installation.

We recommend the VMFS file system because it is most extensively tested, but other file systems, transports, and media can also be deployed provided they meet the above requirements.

Disk Controller

Paravirtual or LSI Logic Parallel

For best performance and redundancy, a caching RAID controller is recommended. Controller options such as RAID 10 (also known as 1+0) can offer higher overall write performance and redundancy than RAID 5, for example. Additionally, battery-backed controller cache can significantly improve write operations.

Note

Updating the disk SCSI controller of an ISE VM from another type to VMware Paravirtual may render it not bootable.

NIC

1 NIC interface required (two or more NICs are recommended; six NICs are supported). Cisco ISE supports E1000 and VMXNET3 adapters.

Note

We recommend that you select E1000 to ensure correct adapter order by default. If you choose VMXNET3, you might have to remap the ESXi adapter to synchronize it with the ISE adapter order.

VMware Virtual Hardware Version/Hypervisor

  • VMware version 9 for ESXi 6.5

  • VMware version 14 for ESXi 6.7 and later

Linux KVM Requirements for Cisco ISE

Table 3. Linux KVM Virtual Machine Requirements

Requirement Type

Minimum Requirements

CPU

  • Evaluation

    • Clock Speed: 2.0 GHz or faster

    • Number of Cores: 4 CPU cores

  • Production

    • Clock Speed: 2.0 GHz or faster

    • Number of Cores:

      • SNS 3500 Series Appliance:

        • Medium: 16

        • Large: 16

          Note

          The number of cores is twice of that present in equivalent of the Cisco Secure Network Server 3500 series, due to hyperthreading.

      • SNS 3600 Series Appliance:

        • Small: 16

        • Medium: 24

        • Large: 24

          Note

          The number of cores is twice of that present in equivalent of the Cisco Secure Network Server 3600 series, due to hyperthreading. For example, in case of Small network deployment, you must allocate 16 vCPU cores to meet the CPU specification of SNS 3615, which has 8 CPU Cores or 16 Threads.

Memory

  • Evaluation: 16 GB

  • Production

    • Small: 32 GB for SNS 3615

    • Medium: 64 GB for SNS 3595 and 96 GB for SNS 3655

    • Large: 256 GB

Hard disks

  • Evaluation: 300 GB

  • Production

    300 GB to 2.4 TB of disk storage (size depends on deployment and tasks).

    See the recommended disk space for VMs in the following link: Disk Space Requirements.

    We recommend that your VM host server use hard disks with a minimum speed of 10,000 RPM.

    Note

    When you create the Virtual Machine for Cisco ISE, use a single virtual disk that meets the storage requirement. If you use more than one virtual disk to meet the disk space requirement, the installer may not recognize all the disk space.

KVM Disk Device

Disk bus - virtio, cache mode - none, I/O mode - native

Use preallocated RAW storage format.

NIC

1 NIC interface required (two or more NICs are recommended; six NICs are supported). Cisco ISE supports VirtIO drivers. We recommend VirtIO drivers for better performance.

Hypervisor

KVM on QEMU 2.12.0-99

Microsoft Hyper-V Requirements for Cisco ISE

Table 4. Microsoft Hyper-V Virtual Machine Requirements

Requirement Type

Minimum Requirements

CPU

  • Evaluation

    • Clock speed: 2.0 GHz or faster

    • Number of cores: 4 CPU cores

  • Production

    • Clock speed: 2.0 GHz or faster

    • Number of Cores:

      • SNS 3500 Series Appliance:

        • Medium: 16

        • Large: 16

          The number of cores is twice of that present in equivalent of the Cisco Secure Network Server 3500 series, due to hyperthreading.

      • SNS 3600 Series Appliance:

        • Small: 16

        • Medium: 24

        • Large: 24

          Note

          The number of cores is twice of that present in equivalent of the Cisco Secure Network Server 3600 series, due to hyperthreading. For example, in case of Small network deployment, you must allocate 16 vCPU cores to meet the CPU specification of SNS 3615, which has 8 CPU Cores or 16 Threads.

Memory

  • Evaluation: 16 GB

  • Production

    • Small: 32 GB for SNS 3615

    • Medium: 64 GB for SNS 3595 and 96 GB for SNS 3655

    • Large: 256 GB

Hard disks

  • Evaluation: 300 GB

  • Production

    300 GB to 2.4 TB of disk storage (size depends on deployment and tasks).

    See the recommended disk space for VMs in the following link: Disk Space Requirements.

    We recommend that your VM host server use hard disks with a minimum speed of 10,000 RPM.

Note

When you create the Virtual Machine for Cisco ISE, use a single virtual disk that meets the storage requirement. If you use more than one virtual disk to meet the disk space requirement, the installer may not recognize all the disk space.

NIC

1 NIC interface required (two or more NICs are recommended; six NICs are supported).

Hypervisor

Hyper-V (Microsoft)

Nutanix AHV Requirements for Cisco ISE

Cisco ISE must be deployed on Nutanix AHV using the standard Cisco ISE .iso image. Deploying Cisco ISE using OVA templates is not supported on Nutanix AHV.

The following table specifies the recommended resource reservations for different types of deployment on Nutanix AHV:

Type Number of CPUs CPU Reservation (In MHz) Memory (In GB) Memory Reservation (In GB) Hard Disks

Evaluation

4

No reservation

16

No reservation

200 GB

Small 16 16,000 32 32 600 GB
Medium 24 24,000 96 96 1.2 TB
Large 24 24,000 256 256 2.4 TB (split as 4*600 GB)

You must do the following configuration on Nutanix AHV before proceeding with Cisco ISE installation:

Table 5. Nutanix AHV Requirements

Requirement Type

Minimum Requirements

CPU

  • Evaluation:

    • Clock Speed: 2.0 GHz or faster

    • Number of Cores: 2 CPU cores

  • Production:

    • Clock Speed: 2.0 GHz or faster

    • Number of Cores

      • Small—12 processors (6 cores with hyperthreading enabled)

      • Large—16 processors (8 cores with hyperthreading enabled)

Cisco ISE supports Hyperthreading. We recommend that you enable Hyperthreading, if it is available.

Note

Even though Hyperthreading might improve overall performance, it does not change the supported scaling limits per virtual machine appliance. Additionally, you must still allocate CPU resources based on the required number of physical cores, not the number of logical processors.

Memory

  • Evaluation:

    • Basic—4 GB (for evaluating guest access and basic access policy flows)

    • Advanced—16 GB (for evaluating advanced features such as pxGrid, Internal CA, SXP, Device Administration, and Passive Identity Services)

  • Production:

    • Small—16 GB

    • Large—64 GB

Hard disks

  • Evaluation: 200 GB

  • Production:

    200 GB to 2 TB of disk storage (size depends on deployment and tasks).

    We recommend that your VM host server use hard disks with a minimum speed of 10,000 RPM.

    Note

    You must use 4*600 GB for 2.4 TB hard disk support.

KVM Disk Device

Disk bus - SCSI

NIC

1 GB NIC interface required (two or more NICs are recommended; six NICs are supported). Cisco ISE supports VirtIO drivers. We recommend VirtIO drivers for better performance.

Hypervisor

AOS - 5.20.1.1 LTS, Nutanix AHV - 20201105.2096

Cisco ISE on VMware Cloud Solutions

On any public cloud platform, you must configure your VPN to enable reachability from the VMware engine to on-premises deployments, and other required devices and services. You can deploy Cisco ISE on VMware cloud solutions on the following public cloud platforms:

  • VMware Cloud on Amazon Web Services (AWS): Host Cisco ISE on a software-defined data center offered by VMware Cloud on AWS. Configure the appropriate security group policies on VMware Cloud (in the Networking and Security > Security > Gateway Firewall Settings window) to enable reachability to on-premises deployments, and other required devices and services.

  • Azure VMware Solution: Azure VMware Solution runs VMware workloads natively on Microsoft Azure. You can host Cisco ISE as a VMware virtual machine.

  • Google Cloud VMware Engine: The Google Cloud VMware Engine runs software-defined data centers by VMware. You can host Cisco ISE as a VMware virtual machine using the VMware Engine.

Virtual Machine Appliance Size Recommendations for Cisco ISE

Large VM for Monitoring nodes was introduced in Cisco ISE 2.4. Deploying a Monitoring persona on a large VM improves performance in terms of faster response to live log queries and report completion.

Cisco Identity Services Engine Installation Guide, Release 3.1 - Cisco Secured Network Server 3500/3600 Series Appliances and Virtual Machine Requirements [Cisco Identity Services Engine 3.1] (8)
Note

This form factor is available only as a VM in Release 2.4 and later, and requires a large VM license.

The virtual machine (VM) appliance specifications should be comparable with physical appliances run in a production environment.

Keep the following guidelines in mind when allocating resources for the appliance:

  • Failure to allocate the specified resources might result in performance degradation or service failure. We highly recommend that you deploy dedicated VM resources and not share or oversubscribe resources across multiple guest VMs. Deploying Cisco ISE virtual appliances using the OVF templates ensures that adequate resources are assigned to each VM. If you do not use OVF templates, then ensure that you assign the equivalent resource reservations when you manually install Cisco ISE using the ISO image.

    Cisco Identity Services Engine Installation Guide, Release 3.1 - Cisco Secured Network Server 3500/3600 Series Appliances and Virtual Machine Requirements [Cisco Identity Services Engine 3.1] (9)
    Note

    If you choose to deploy Cisco ISE manually without the recommended reservations, you must assume the responsibility to closely monitor your appliance’s resource utilization and increase resources, as needed, to ensure proper health and functioning of the Cisco ISE deployment.

    Cisco Identity Services Engine Installation Guide, Release 3.1 - Cisco Secured Network Server 3500/3600 Series Appliances and Virtual Machine Requirements [Cisco Identity Services Engine 3.1] (10)
    Note

    OVF templates are not applicable for Linux KVM. OVF templates are available only for VMware virtual machines.

  • If you are using the OVA templates for installation, check the following settings after the installation is complete:

    • Ensure that you assign the resource reservations that are specified in the VMware Virtual Machine Requirements for Cisco ISE section in the CPU/Memory Reservation field (under the Virtual Hardware tab in the Edit Settings window) to ensure proper health and functioning of the Cisco ISE deployment.

    • Ensure that the CPU usage in the CPU Limit field (under the Virtual Hardware tab in the Edit Settings window) is set to Unlimited. Setting a limit for CPU usage (for example, setting the CPU usage limit as 12000 MHz) will impact the system performance. If limit has been set, you must shutdown the VM client, remove the limit, and the restart the VM client.

    • Ensure that the memory usage in the Memory Limit field (under the Virtual Hardware tab in the Edit Settings window) is set to Unlimited. Setting a limit for memory usage (for example, setting the limit as 12000 MB) will impact the system performance.

    • Ensure that the Shares option is set as High in the Hard Disk area (under the Virtual Hardware tab in the Edit Settings window).

      Admin and MnT nodes rely heavily on disk usage. Using shared disk storage VMware environment might affect the disk performance. You must increase the number of disk shares allocated to a node to increase the performance of the node.

  • Policy Service nodes on VMs can be deployed with less disk space than Administration or Monitoring nodes. The minimum disk space for any production Cisco ISE node is 300 GB. See for details on the disk space required for various Cisco ISE nodes and personas.

  • VMs can be configured with 1 to 6 NICs. The recommendation is to allow for 2 or more NICs. Additional interfaces can be used to support various services such as profiling, guest services, or RADIUS.

Cisco Identity Services Engine Installation Guide, Release 3.1 - Cisco Secured Network Server 3500/3600 Series Appliances and Virtual Machine Requirements [Cisco Identity Services Engine 3.1] (11)
Note

RAM and CPU adjustments on VM doesn’t require re-image.

Disk Space Requirements for VMs in a Cisco ISE Deployment

The following table lists the Cisco ISE disk-space allocation recommended for running a virtual machine in a production deployment.

Cisco Identity Services Engine Installation Guide, Release 3.1 - Cisco Secured Network Server 3500/3600 Series Appliances and Virtual Machine Requirements [Cisco Identity Services Engine 3.1] (12)
Note

You must change the firmware from BIOS to EFI in the boot mode of VM settings to boot GPT partition with 2 TB or above.

Table 6. Recommended Disk Space for Virtual Machines

Cisco ISE Persona

Minimum Disk Space for Evaluation

Minimum Disk Space for Production

Recommended Disk Space for Production

Maximum Disk Space

Standalone Cisco ISE

300 GB

600 GB

600 GB to 2.4 TB

2.4 TB

Distributed Cisco ISE, Administration only

300 GB

600 GB

600 GB

2.4 TB

Distributed Cisco ISE,Monitoring only

300 GB

600 GB

600 GB to 2.4 TB

2.4 TB

Distributed Cisco ISE,Policy Service only

300 GB

300 GB

300 GB

2.4 TB

Distributed Cisco ISE, pxGrid only

300 GB

300 GB

300 GB

2.4 TB

Distributed Cisco ISE, Administration and Monitoring (and optionally, pxGrid)

300 GB

600 GB

600 GB to 2.4 TB

2.4 TB

Distributed Cisco ISE, Administration, Monitoring, and Policy Service (and optionally, pxGrid)

300 GB

600 GB

600 GB to 2.4 TB

2.4 TB

Cisco Identity Services Engine Installation Guide, Release 3.1 - Cisco Secured Network Server 3500/3600 Series Appliances and Virtual Machine Requirements [Cisco Identity Services Engine 3.1] (13)
Note

Additional disk space is required to store local debug logs, staging files, and to handle log data during upgrade, when the Primary Administration node temporarily becomes a Monitoring node.

Disk Space Guidelines for Cisco ISE

Keep the following guidelines in mind when deciding the disk space for Cisco ISE:

  • Cisco ISE must be installed on a single disk in virtual machine.

  • Disk allocation varies based on logging retention requirements. On any node that has the Monitoring persona enabled, 60 percent of the VM disk space is allocated for log storage. A deployment with 25,000 endpoints generates approximately 1 GB of logs per day.

    For example, if you have a Monitoring node with 600-GB VM disk space, 360 GB is allocated for log storage. If 100,000 endpoints connect to this network every day, it generates approximately 4 GB of logs per day. In this case, you can store 76 days of logs in the Monitoring node, after which you must transfer the old data to a repository and purge it from the Monitoring database.

For extra log storage, you can increase the VM disk space. For every 100 GB of disk space that you add, you get 60 GB more for log storage.

If you increase the disk size of your virtual machine after initial installation, perform a fresh installation of Cisco ISE. A fresh installation helps properly detect and utilize the full disk allocation.

The following table lists the number of days that RADIUS logs can be retained on your Monitoring node based on the allocated disk space and the number of endpoints that connect to your network. The numbers are based on the following assumptions: Ten or more authentications per day per endpoint with logging suppression enabled.

Table 7. Monitoring Node Log Storage—Retention Period in Days for RADIUS

No. of Endpoints

300 GB

600 GB

1024 GB

2048 GB

5,000

504

1510

2577

5154

10,000

252

755

1289

2577

25,000

101

302

516

1031

50,000

51

151

258

516

100,000

26

76

129

258

150,000

17

51

86

172

200,000

13

38

65

129

250,000

11

31

52

104

500,000

6

16

26

52

The following table lists the number of days that TACACS+ logs can be retained on your Monitoring node based on the allocated disk space and the number of endpoints that connect to your network. The numbers are based on the following assumptions: The script runs against all NADs, 4 sessions per day, and 5 commands per session.

Table 8. Monitoring Node Log Storage—Retention Period in Days for TACACS+

No. of Endpoints

300 GB

600 GB

1024 GB

2048 GB

100

12,583

37,749

64,425

128,850

500

2,517

7,550

12,885

25,770

1,000

1,259

3,775

6,443

12,885

5,000

252

755

1,289

2,577

10,000

126

378

645

1,289

25,000

51

151

258

516

50,000

26

76

129

258

75,000

17

51

86

172

100,000

13

38

65

129

Increase Disk Size

If you find that context and visibility functions are slow, or you are running out of room for logs, you must allocate more disk space.

To plan for more log storage, for every 100 GB of disk space that you add, 60 GB is available for log storage.

In order for ISE to detect and utilize the new disk allocation, you must deregister the node, update the VM settings, and reinstall ISE. One way to do this is to install ISE on a new larger node, and add that node to the deployment as high availability. After the nodes have synchronized, make the new VM the primary and deregister the original VM.

Decrease Disk Size

After you install Cisco ISE on a VM, you must not reduce the VM reservations. If you reduce the VM memory to less than what Cisco ISE services require, Cisco ISE services fail to come up due to insufficient resources.

After you install Cisco ISE, if you must reconfigure your VM, then carry out the following steps:

  1. Perform backup of Cisco ISE.

  2. Reimage Cisco ISE with the changed VM configuration as needed.

  3. Restore Cisco ISE.

FAQs

Why is Cisco ISE required? ›

A Cisco ISE node with the Monitoring persona functions as the log collector and stores log messages from all the Administration and Policy Service nodes in a network. This persona provides advanced monitoring and troubleshooting tools that you can use to effectively manage a network and resources.

What is Cisco ISE virtual machine? ›

The Cisco Identity Services Engine (ISE) is your one-stop solution to streamline security policy management and reduce operating costs. It allows you to provide highly secure network access to users and devices.

What is the latest version of Cisco ISE? ›

The latest version, ISE 3.1, includes dozens of new features that extend zero trust security principles through increased customization and automation.

How deploy Cisco ISE ova? ›

We recommend that you download and deploy Cisco ISE OVA templates.
...
Procedure
  1. Open VMware vSphere client.
  2. Log in to VMware host.
  3. Choose File > Deploy OVF Template from the VMware vSphere Client.
  4. Click Browse to select the OVA template, and click Next.
  5. Confirm the details in the OVF Template Details page, and click Next.
28 Jan 2020

What does ISE mean in networking? ›

1. Overview of Cisco ISE. Cisco Identity Services Engine (ISE) is a next-generation identity and access control policy platform that enables enterprises to enforce compliance, enhance infrastructure security, and streamline their service operations.

What is Cisco ISE base? ›

Cisco ISE is a network admission control and access layer infrastructure, where people are connecting to network, and we assume they are trusted. Cisco ISE has improved the policy engine which handles the access layer infrastructure. ISE can authenticate everything in the wired, wireless network and VPN access points.

Top Articles
Latest Posts
Article information

Author: Manual Maggio

Last Updated: 01/19/2023

Views: 5357

Rating: 4.9 / 5 (49 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Manual Maggio

Birthday: 1998-01-20

Address: 359 Kelvin Stream, Lake Eldonview, MT 33517-1242

Phone: +577037762465

Job: Product Hospitality Supervisor

Hobby: Gardening, Web surfing, Video gaming, Amateur radio, Flag Football, Reading, Table tennis

Introduction: My name is Manual Maggio, I am a thankful, tender, adventurous, delightful, fantastic, proud, graceful person who loves writing and wants to share my knowledge and understanding with you.