This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Hi, can you please advise if it is possible to deploy vISE in any public cloud services such as AWS? If not, is this something that will be available in future?
Solved! Go to Solution.
What is the use case for this? I don't expect there is any need to perform network authentication inside of a cloud (no switches/WLC's etc) - so that leads me to believe that perhaps having the PAN in the public cloud be interesting. But MnT is the SYSLOG target for all nodes - so that would consume a lot of bandwidth and IOPS (i.e. require a large VM spec). And the PSN's? You can talk IPSec to the NAD - that means you want to be sure that every NAD supports IPSec (or DTLS).
The whole expense of lifting and shifting a monolith like ISE to the cloud seems non sensical to me - it's expensive enough on premise even if you own your own hardware. I would like to see someone prove that the ROI of shifting a deployment to public cloud is beneficial.
Cisco should produce a smaller version of ISE (stripped down version) or even better, make a cloud native app. Some kind of server-less solution where you pay for the transaction time for your processing radius/TACACS requests. That reminds me - is there even a secure version of the TACACS protocol?
Perhaps it's not about cost. Perhaps it's about hype - that everything is moving to public cloud and we'd all better get on the bandwagon.
I would be keen to see some cost calculations for running up a 'small' ISE VM in AWS. I am sure there must be some cost modelling for this, and perhaps some options to the customer - e.g. using a specific machine spec that meets the Cisco spec - what is the list price in USD for 365 days of operation. And then compare it with a reserved instance of the same spec.
The other cost factor is perhaps the cost of the networking traffic - possibly won't run into the petabytes ... but if I recall correctly, there may be some implications about the cost AWS egress data (ingress is free, but egress is not free). Perhaps that's all a thing of the past.
My perception of all of this is that running ISE 3.0 in the public cloud could get very expensive. I might also be completely wrong - I'd like to know some facts from people who have looked into the numbers.
If this was a SaaS service then perhaps customers would only pay per RADIUS/TACACS authentication? That would be interesting.
Understood your concerns on ISE running as VM instance with VMware Cloud on AWS.
ISE as IaaS with AMI (Amazon Machine Image) on AWS is the expectation with the upcoming major release of ISE 3.x, which can offer much better services.!
Let's wait for the release to know more details on this.