Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2728
Views
1
Helpful
5
Replies

cisco ISE Azure Application

Go to solution
iran
Level 1
Level 1

‎04-01-2023 04:21 PM

I have seen here Deploy Cisco Identity Services Engine Natively on Cloud Platforms - Cisco ISE on Azure Cloud Services [Cisco Identity Services Engine] - Cisco

That Cisco ISE has two variants in Azure.
1. Azure Application
2. Virtual Machine variant

In the first option is it possible to add or assign an IP address to a second interface after the deployment?

I did not find any documentation about it

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎04-02-2023 12:11 PM - edited ‎04-02-2023 12:13 PM

@iran

Both options create and initialize an ISE VM with one and only one network interface. We may add additional interfaces afterwards.

The doc you cited above has the info there. Deploy Cisco Identity Services Engine Natively on Cloud Platforms / Chapter: Cisco ISE on Azure Cloud Services / Known Limitations of Cisco ISE in Microsoft Azure Cloud Services says,

...

  • To add a secondary NIC to any VM in Microsoft Azure, you must first power off the VM.

...

Then, follow Azure doc on Microsoft Learn / Azure Networking / Virtual Network / Add network interfaces to or remove network interfaces from virtual machines to add another interface.

Finally, power on the ISE VM and use ISE admin CLI to configure the private IP address for the new interfaces.

 

View solution in original post

5 Replies 5

Go to solution
hslai
Cisco Employee
Cisco Employee

‎04-02-2023 12:11 PM - edited ‎04-02-2023 12:13 PM

@iran

Both options create and initialize an ISE VM with one and only one network interface. We may add additional interfaces afterwards.

The doc you cited above has the info there. Deploy Cisco Identity Services Engine Natively on Cloud Platforms / Chapter: Cisco ISE on Azure Cloud Services / Known Limitations of Cisco ISE in Microsoft Azure Cloud Services says,

...

  • To add a secondary NIC to any VM in Microsoft Azure, you must first power off the VM.

...

Then, follow Azure doc on Microsoft Learn / Azure Networking / Virtual Network / Add network interfaces to or remove network interfaces from virtual machines to add another interface.

Finally, power on the ISE VM and use ISE admin CLI to configure the private IP address for the new interfaces.

 

Go to solution
iran
Level 1
Level 1
In response to hslai

‎04-02-2023 03:58 PM

Thank you for your quick reply.

One more question.
I am a little bit confused between the difference from Azure Application and Virtual Machine variant.

In Azure Application variant, it is a virtual machine like any other virtual machines in which we can access the console, edit/add interfaces... ?
Still not very clear to me, the difference between the two variants and the advantages of each one.

Thank you

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to iran

‎04-03-2023 05:01 PM

@iran , both methods deploy the same resulting ISE virtual instance in Azure with the same features and capabilities. The only difference is how the node is deployed.
With the Azure Application method, you are presented with a template and prompted to enter each value that will be used to configure the ISE application (hostname, DNS name, etc). Azure uses this to build an ARM template that is then used to build the node.
With the VM variant, you must provide those details in the User Data field. This option is typically easier to use if you are deploying ISE nodes using your own orchestration tools like Ansible/Terraform.

0 Helpful

Go to solution
Tony-Nguyen
Level 1
Level 1

‎07-18-2024 11:27 PM

Hi @Greg Gibbs, we plan to migrate ISEs to Azure cloud and upgrade to 02 dedicated PAN/MNT and 02 dedicated PSN nodes.

Could you pls advise what are best network/security practice for implementation such

put them on the same Azure Group Resource, Region, Virtual network, Subnet ... or on the different resources and how?

Thank you

Tony

 

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to Tony-Nguyen

‎07-21-2024 03:07 PM

Please open a new conversation for questions that are not specifically related to the same topic.

Your question is also more of a general Azure architecture best practice and depends greatly on your Azure environment, so you should discuss this with your Azure architects. At a minimum, you would at least want high-availability across two AZs, if not two Regions.

0 Helpful
Top