cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

263
Views
0
Helpful
10
Replies
Cisco Employee

ISE VM Requirements clarification

Team, I'm looking for clarification on the virtual machine CPU requirements for ISE

 

The ISE 2.4 installation guide states the following as CPU requirements for Medium Virtual Appliance:

Production

  • Clock Speed—2.0 GHz or faster

  • Number of Cores

    SNS 3500 Series Appliance:

    • `Medium—16 processors (8 cores with hyperthreading enabled

 

But later in the document it says:

Table 3. VM Appliance Specifications for a Production Environment

Platform

Medium VM Appliance (based on SNS-3595)

Processor

8 total cores (at 2.0 GHz or above) or a total minimum CPU allocation of 16000 MHz.

Note 

You must enable hyperthreading and assign the resulting number of logical processors (16) to each server.

 

The "OR" in the above table is what is confusing.

 

Question: If the host is running 3.0Ghz clock-speed procs, will TAC support them if they run only 6 cores to achieve the >16000Mhz CPU reservation? This would contradict the core-count requirement of 8 total cores in the red-highlighted section above.

10 REPLIES 10
Cisco Employee

Re: ISE VM Requirements clarification

Hi,

 

This is a great question. In general when using multithreaded application more cores is better. Here is a reference article I found that would explain how it works.

https://create.pro/blog/cores-faster-cpu-clock-speed-explained/

I think this is a bug in the documentation. I will reach out to the relevant team.

Thank you for pointing this out.

 

-Krishnan

 

 

VIP Engager

Re: ISE VM Requirements clarification

The hyper threading thing is just confusing because it has nothing to do with the VM setup itself.  If you load up the new OVAs Cisco provide a 3515 will be provisioned with 12 CPUs and 12,000 MHz of reservations and the 3595 will be setup with 16 CPUs and 16,000 MHz of reservations. 

 

Now if the ESX host server has hyper threading enabled the 12 CPUs will only consume 6 CPUs and the 16 CPUs will only consume 8 CPUs, but this has absolutely nothing to do with the VM itself.  The VM will always think it has 12 or 16 CPUs.

VIP Engager

Re: ISE VM Requirements clarification

Also, if you don't put the right number of CPUs in the VM, ISE won't detect the platform correctly and allocate resources.  That was the whole issue with the OVAs since 2.2.  The OVAs had the wrong number of CPUs causing ISE to not detect the correct platform.

Cisco Employee

Re: ISE VM Requirements clarification

Recommend looking at the performance and scale cisco live for deep details as well

https://community.cisco.com/t5/security-documents/ise-training/ta-p/3619944#toc-hId-1281981443
Highlighted
Cisco Employee

Re: ISE VM Requirements clarification

Thanks Krishan - can you please reply back when you receive an answer from the relevant team? Much appreciated.

Cisco Employee

Re: ISE VM Requirements clarification

Hi, Have you gotten any updates about this? I run into the same question.
VIP Engager

Re: ISE VM Requirements clarification

Regardless of a follow up from Krishnan, I will say that you're going to want the correct number of vCPU/cores regardless of the MHz you configuration provides. The reason being is that the platform profile (3515 - 3695) won't be allocated correctly if the VM doesn't meet the template. ISE could boot up with a base/default/platform profile. From a VMware perspective, you are hard allocating between 12,000 and 24,000 Mhz now depending on the vm template. How many cores you assign is irrelevant to VMware, the vcpu is an entirely logical construct that you can over allocate, you cannot however over allocate the finite MHz reservations.

Licensing also looks at the vCPU mapping and memory in order to determine if you are licensed correctly, this might be less of an issue since reducing the number of cores should be covered by the larger license still.


I would however go out on a limb here and say that the physical appliances perform better than VM's for the sole reason that they are not bound to the VM reservation limit. The Cisco OVA templates have both a 12,000-24,000 MHz reservation, but they also have the exact same limit set. A 3595 had a single CPU with 8 x 2.6 GHz cores, this meant the physical appliance had 20800 MHz available, while our VM's only had 16,000 Mhz.
VIP Engager

Re: ISE VM Requirements clarification

Just a quick correction Damien. Cisco has removed the CPU max limit from their OVAs and admitted that it was a mistake to have those in there in the first place. 16,000 MHz is reserved for a 3595 but no upper limit. So the system can use more if needed.


VIP Engager

Re: ISE VM Requirements clarification

That's good to know, makes a lot more sense. Haven't deployed a new OVA myself in a while.
Cisco Employee

Re: ISE VM Requirements clarification

VMware ESXi - More cores or faster cores? : vmware is a good read. Certain tasks in ISE are more CPU-bound; e.g. massy re-profiling and during ISE service initialization. Best to monitor the work loads of various ISE nodes and adjust accordingly.