04-03-2018 09:21 PM
HI all
My customer is in the process of migrate ACS to ISE, they have some capacity issues with the current ACS deployment and we want to know if the migration with ISE will help them to solve the following:
1. The ACS is limited to 2M logs per day, there are some days where the customer reaches 3.5M or 4M per day and some logs are lost due to this limitation, it also takes a lot of time to perform a search or to display the logs.
2. The ACS /opt directory is limited in space and the customer is exceeding the recommended 30% every 2 weeks, the MnT node can allocate up to 60% of logging storage but I was wondering if the new Large Virtual Machine for Monitoring Persona will provide additional logging capacity in order to remove the logging limits of ACS and faster search times.
Any comments are really appreciated.
regards!
Vicente Madrigal
Solved! Go to Solution.
04-04-2018 06:48 AM
This all depends on how many transactions per second you have and also the size of your disk
Please take a look at the ise performance and scale page on the community, the High-level design document and also the Cisco live scaling ISE presentation by Craig Hyps which goes into the sizing calculations and the new super MNT which is basically a virtual machine with added CPU and memory to further increase the efficiency and robustness. You may not need to start with this so the recommendation would be to deploy with an iso so that later you could tweak your memory and CPU specifications.
If you want to set up for maximum log and capability and recommended to playing a disk size of up to 2 TB. Keep in mind you can’t change the disk size Once the system is installed. If customer wants even longer term repository then recommend offloading to an external system Because our system is a short-term repository and should not be used for long-term
04-04-2018 06:48 AM
This all depends on how many transactions per second you have and also the size of your disk
Please take a look at the ise performance and scale page on the community, the High-level design document and also the Cisco live scaling ISE presentation by Craig Hyps which goes into the sizing calculations and the new super MNT which is basically a virtual machine with added CPU and memory to further increase the efficiency and robustness. You may not need to start with this so the recommendation would be to deploy with an iso so that later you could tweak your memory and CPU specifications.
If you want to set up for maximum log and capability and recommended to playing a disk size of up to 2 TB. Keep in mind you can’t change the disk size Once the system is installed. If customer wants even longer term repository then recommend offloading to an external system Because our system is a short-term repository and should not be used for long-term
04-04-2018 08:44 AM
You can increase log retention capacity by increasing MnT disk allocation. The Large MnT VM option in 2.4 will provide better performance and storage optimization, but focus of the enhancements is on RADIUS, not T+. Regardless of super-sized 3595 VM or current 3595, you can allocate more disk at install time which makes the 60% allocation (not configurable) larger and thus capable of storing more logs.
04-04-2018 03:45 PM
Thanks Jason/Craig for your answers,
There is only one more detail that I need to clarify and maybe you have some information, the ACS View can hold up to 2 million records daily which will correspond to 2GB of data, given Syslog message size around 1K, since my customer is exceeding amount of logs that can be processed and be shown immediately (3.5GB to 4GB of daily logs) the ACS viewer is lagging behind for more than hour with logging traffic and some times the information is never displayed
Do you know if MnT has a similar limitation in the amount of logs the system can process daily and display immediately? I am assuming that the new super MnT with the additional extra memory is capable of processing and displaying much more information than the ACS view with its 2GB of daily data limits.
Any comments are really appreciated.
Regards!
04-04-2018 06:04 PM
3595-based MnT supports up to 20M messages per day.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide