cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

97
Views
0
Helpful
6
Replies
Cisco Employee

ISE VM on KVM hypervisor. HA mode deployment.

Hello, 

 

Planning to deploy ISE Small as a VM on KVM hypervisor. Deployment needs to be in HA mode.

 

Will it work ? how to configure the two VMs as HA pair ?

 

Latency limitations ? any other limitation/dependency on network ?

 

any deployment reference ?

 

thanks,

Neelesh

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advocate

Re: ISE VM on KVM hypervisor. HA mode deployment.

Have you looked at the ISE Installation Guide? It’s an excellent read. 

yes it works. 

HA has nothing to do with hypervisor choice. It’s a deployment choice and built into ISE product. Look at the install guide. All will be revealed. 

View solution in original post

6 REPLIES 6
Highlighted
VIP Advocate

Re: ISE VM on KVM hypervisor. HA mode deployment.

Have you looked at the ISE Installation Guide? It’s an excellent read. 

yes it works. 

HA has nothing to do with hypervisor choice. It’s a deployment choice and built into ISE product. Look at the install guide. All will be revealed. 

View solution in original post

Cisco Employee

Re: ISE VM on KVM hypervisor. HA mode deployment.

Hi Arne,

I have read the install guide. appreciate the details in the guide. Still I am a little lost.

How do I configure the VMs as primary-secondary (hot-standby) ? 

If I deploy ISE in standalone mode, all 3 personas (admin, PSN, monitoring) will run on primary VM. In case of primary VM fails, will all 3 personas failover to secondary VM deployed in different Geo location ?

 

VIP Advocate

Re: ISE VM on KVM hypervisor. HA mode deployment.

The Admin nodes contain the config database and those are Deployed on separate nodes in active standby mode. The standby is always in sync and can be failed over to if needed. PSN is not redundant. If it dies then you need to fix or replace it. NAS needs to be configured to point to a secondary or tertiary PSN. Deploy as many PSNs as you need to keep your NASs happy. 

 

Cisco Employee

Re: ISE VM on KVM hypervisor. HA mode deployment.

So I create 2 VMs (primary and secondary) and procure 2 licenses of ISE VM and TACACS.

Admin and monitoring persona will work on active-standby mode on primary-secondary VM respectively and failover will work.

PSN-1 will work on primary VM and PSN-2 will work on secondary VM. Both PSN IPs will be configured in Network devices as primary / secondary. Some devices will use PSN1 as primary and others can be configured for PSN2 as primary.

Please confirm or correct my understanding.

Thanks,
Neelesh
VIP Advocate

Re: ISE VM on KVM hypervisor. HA mode deployment.

Your understanding is correct. PSN's are active/active regardless of the PAN/MNT persona layout. You can always send authentication requests to either PSN.
Cisco Employee

Re: ISE VM on KVM hypervisor. HA mode deployment.


@Arne Bier wrote:

Have you looked at the ISE Installation Guide? It’s an excellent read. 

yes it works. 

HA has nothing to do with hypervisor choice. It’s a deployment choice and built into ISE product. Look at the install guide. All will be revealed. 


there are also http://cs.co/ise-guides http://cs.co/ise-help and we have a youtube channel - http://cs.co/ise-videos