Solved: cisco ise 2.4 system requirement issue

mmercaldieze · ‎09-04-2018

I am building a cisco ise 2.4 vm, this is only for 1000 nodes just using tacacs authentication (1 to 1 replacement for ACS)

Has anyone set this up to use fewer than 12 core? It just seems like alot.

Damien Miller · ‎09-04-2018

From a VMware perspective the cpu count really doesn't matter. You can give 10 vm's 16 cpu each even if you only have 16 physical cores, they are truly virtual. The finite CPU resource is MHz, you will be reserving 12,000 MHz of CPU with the OVA template.

In theory you only need 6 vCPU to satisfy the 12,000 MHz 3515 reservation, this is because the install guide specifies you must use at least 2.0 GHz core CPUs (6 x 2GHZ = 12,000 MHZ). So will it run with less, yes, should you run it with less, no.

There are a few good reasons to not run it out of spec.
1. Licensing counts the vCPU and RAM to determine if you have the suitable VM licenses installed.
2. TAC will probably request you bring the VM to spec when they see it out of spec in the support bundle.
3. The BU tested it for production with a standard spec.

The exception to this is for evaluation or possibly lab use, I wouldn't stray for production.

View solution in original post

Damien Miller · ‎09-04-2018

From a VMware perspective the cpu count really doesn't matter. You can give 10 vm's 16 cpu each even if you only have 16 physical cores, they are truly virtual. The finite CPU resource is MHz, you will be reserving 12,000 MHz of CPU with the OVA template.

In theory you only need 6 vCPU to satisfy the 12,000 MHz 3515 reservation, this is because the install guide specifies you must use at least 2.0 GHz core CPUs (6 x 2GHZ = 12,000 MHZ). So will it run with less, yes, should you run it with less, no.

There are a few good reasons to not run it out of spec.
1. Licensing counts the vCPU and RAM to determine if you have the suitable VM licenses installed.
2. TAC will probably request you bring the VM to spec when they see it out of spec in the support bundle.
3. The BU tested it for production with a standard spec.

The exception to this is for evaluation or possibly lab use, I wouldn't stray for production.

paul · ‎09-04-2018

The CPU count does matter because ISE uses that to detect the system it is running on and does some resource allocation on it. For example, if you go with 6 CPU and 12k MHz, ISE will think the system is a 3415. This was the whole reason for the CPU correction in the OVAs.

Damien Miller · ‎09-04-2018

Yeah I was referring specifically to how VMware treats cores/sockets and why I included point 1 below. VMware cpu counts are true virtualization, you can over allocate them and most don't realize this.

I do find it somewhat backwards that that we need 16 vCPU in 2.4 to meet the medium VM spec even though 8 will suffice for the 16k MHz CPU reservations. It's even more of a pain when you upgrade old VM's to 2.4 since you have to power them down and double the vCPU count to meet an arbitrary license value. I'm not sour at all about it.

paul · ‎09-04-2018

Basically since 2.2 the OVAs have been wrong and even 2.3 customers should be correcting their CPU count to get accurate platform detection in ISE. Yeah total pain.