Trying to decide for my customer the benefit of upgrade to 2.6 instead of 2.4. They are currently on 2.2. I'm am trying to see if the benefits outweighs the extra VM resourcing requirements (2.6 uses extra vCPU which comes at an increased cost).
I understand that 2.6 is the recommended, and the new features with IoT this customer won't be using. Is there any other real benefit with going to 2.6 which would outweigh the extra vCPU costs?
Hi @Damien Miller thanks for your response. Is the 300 GB min hard disk for dedicated PSN's the offical recommendation from Cisco? There is no mention of this as the mimimum requirement. The ova file for PSN on version 2.6 to download mentions 200 GB and so does the documentation - https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/install_guide/b_ise_InstallationGuide26/b_ise_InstallationGuide_26_chapter_01.html
Can you please clarify the reason for 300GB hard disk minimum for PSN?
It looks like Cisco has flip flopped on this again. The admin guide has been changed again to reflect 200 GB minimum. For the last six months they listed 300 GB as the minimum dedicated node disk in the install guide chart.
There is still a warning listed here:
"Cisco ISE, Release 2.4 and later requires a minimum disk size of 300GB for virtual machines as the local disk allocation is increased to 29GB."
If you deploy the recommended OVA's found on cisco.com downloads, the smallest is 600 GB. Many people have had issues with 200 GB PSN's with 2.2 and 2.4 nodes. Each time a patch is installed more of the disk space is consumed for required patch and roll back files. The problem that this has caused is when you go to do an inline upgrade, the patch files have consumed too much of the disk, and the next upgrade fails because there is not enough disk space. It's been an issue with 2.2 and 2.4 because the life space of these releases has resulted in a lot of patch files. If you install each patch, then you use more disk space each time.
There are various reasons to consider upgrading the VM specs to meet the 36xx platforms and using 2.6 including:
Another question, besides not getting template scale is there a downside to having ISE 2.6 VM's spec'd same as the 35xx? Will this cause problems later on (in 6-18months time) with new patches or a new version of ISE, where it won't support 35xx spec'd VM's? I am just trying to think ahead while also keeping to the compute budget.
Can we have have PSN's spec'd with 35xx in the same deployment with PAN/MnT spec'd for 36xx appliances?