Deploy ISE in Cloud

ZenithArchaios · ‎12-16-2014

Hi,

I'm trying to evaluate about the possibility of deploying ISE in the public cloud. There's a documentation about Installing the Cisco ISE System Software on a VMware Virtual Machine (http://www.cisco.com/c/en/us/td/docs/security/ise/1-1-1/installation_guide/ise_install_guide/ise_vmware.html#81560), however, I couldn't find any information or cases where it has actually been deployed in such as way. If it cannot be done, is there any reason to it?

Any help or information regarding this will be greatly appreciated.

Venkatesh Attuluri · ‎12-18-2014

ISE installation is supported only on specific platforms/hypervisor. not supported for platform not on list

http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/installation_guide/b_ise_InstallationGuide13/b_ise_InstallationGuide12_chapter_011.html#ID-1417-00000007

nspasov · ‎12-18-2014

I have done many ISE deployments and most of them were installed in VMWare. The important things here to remember are:

1. Make sure you follow the specs and configure the VM Guests with the appropriate hardware resources. Many VM admins don't like these requirements and end up only provisioning a portion of the resources required. Or will do thin provisioning vs thick. Things like that will make the ISE system run poor and you risk DB corruption and other instabilities

2. The resources must be reserved in VMware. This is again another tough pill for VM admins to swallow. However, if your ISE environment is down then a good portion of your users and endpoints won't be getting on the network!

3. If the ISE nodes will be hosted somewhere in the cloud then you must have the proper WAN link(s). For instance:

- The round trip delay between the endpoints and the ISE node must not be greater than 200ms

- You should account for approximately 120kbps traffic per each endpoint (for all services: 802.1x, profiling and posture)

I hope this helps!

Thank you for rating helpful posts!