Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1139
Views
1
Helpful
4
Replies

TACACS+ OVA guidance

Go to solution
jmichale
Cisco Employee
Cisco Employee

‎04-03-2018 06:37 PM

I have a customer that will be deploying ISE only for TACACS+ and they have asked what OVA image they should use - Medium or Large.

They will have over 4,000 devices.

They will not be using ISE for any endpoint devices.

Is there a document sizing guide to determine the appropriate OVA?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10
In response to paul

‎04-04-2018 08:57 AM

Actually it will depend on the required TPS and storage retention requirements.   If computer scripts are making changes daily to all 4k devices with Command AuthZ and Accounting, the 3515 with 200GB disk could easily be exceeded in terms of TPS and retention. 

In addition to the Performance and Scale page, see ISE TACACS+ Deployment & Sizing Guidance

The performance page does include TPS rates per platform as well as data retention data.  BRKSEC-3699 session (reference presentation) on ciscolive.com also provides more details on T+ sizing.

Craig

View solution in original post

0 Helpful
4 Replies 4

Go to solution
paul
Level 10
Level 10

‎04-04-2018 05:59 AM

The 3515 200 GB OVA should be plenty.  Here is the sizing guide. 

ISE Performance & Scale

Go to solution
Craig Hyps
Level 10
Level 10
In response to paul

‎04-04-2018 08:57 AM

Actually it will depend on the required TPS and storage retention requirements.   If computer scripts are making changes daily to all 4k devices with Command AuthZ and Accounting, the 3515 with 200GB disk could easily be exceeded in terms of TPS and retention. 

In addition to the Performance and Scale page, see ISE TACACS+ Deployment & Sizing Guidance

The performance page does include TPS rates per platform as well as data retention data.  BRKSEC-3699 session (reference presentation) on ciscolive.com also provides more details on T+ sizing.

Craig

0 Helpful

Go to solution
jmichale
Cisco Employee
Cisco Employee
In response to Craig Hyps

‎04-05-2018 06:38 AM

Craig, thanks for the reply.  In the ISE Performance and Scale document there is only the SNS-3595 (Large) Hardware Appliance ISE Performance & Scale

The customer will be deploying ISE as a VM.

In the ISE 2.4 Installation Guide there are 2 different OVA's for the 3595 - Virtual SNS-3595 OVA (Medium) and Virtual SNS-3595 OVA (Large)

Cisco Identity Services Engine Installation Guide, Release 2.4 - SNS-3500 Series Appliances and Virtual Machine Require…

1) Are the ISE Performance Numbers in the "ISE Performance & Scale" doc for the SNS-3595 (Large) Hardware Appliance the same as the Virtual SNS-3595 OVA (Large).  Or stated another way, can we use the numbers in the "ISE Performance & Scale" doc for the Virtual SNS-3595 OVA (Large)?

2) For a TACACS+ only deployment can we use the Medium OVA - Virtual SNS-3595 OVA (Medium)?

3) Are there any performance numbers for the OVA deployments of ISE for a TACACS+ deployment?

0 Helpful

Go to solution
Craig Hyps
Level 10
Level 10
In response to jmichale

‎04-05-2018 06:54 AM

The performance numbers refer to PSNs, not MnT nodes.  There is currently no plan to test the Large 3595 as a PSN in ISE 2.4.  The Large appliance is targeted for higher MnT performance specific to page and report loads.  It will also be a requirement if we release deployment scaling figures beyond 500k in the future.

1) For T+ scaling, use 3595 figures for deployment scale.  As noted, the large appliance would not be deployed as a PSN which dictates the per PSN scale sizing.  Each PSN logs to MnT which is where deployment scale is impacted.

2) Yes.  You can always choose between a hardware appliance or a VM equivalent.

3) Refer to the hardware equivalent performance figures as guidance.

Craig

0 Helpful
Customers Also Viewed These Support Documents