Solved: Re: Deploying an ISE Virtual Machine

nastiakhon · ‎01-23-2026

Hello. Please help me with the following question.
We're planning to deploy ISE virtual machines. We have two data centers. The architecture is as follows:
Data Center 1 - ISE node 1 (PAN + MnT + pxGrid primary)
Data Center 1 - ISE node 3 (PSN)

Data Center 2 - ISE node 2 (PAN + MnT + pxGrid secondary)
Data Center 2 - ISE node 4 (PSN)

Can we create a VM with the following parameters?

Data Center 1 - ISE-node 1 (vCPU-12 RAM-32GB Disk-800GB)
Data Center 1 - ISE-node 3 (vCPU-12 RAM-32GB Disk-400GB)

Data Center 2 - ISE-node 2 (vCPU-12 RAM-32GB Disk-800GB)
Data Center 2 - ISE-node 4 (vCPU-12 RAM-32GB Disk-400GB)

Is it normal for the PSN node to have a smaller disk? Can we make the disk on ISE-node 1 800GB and, for example, 400GB on ISE-node 2?
Also, the RECOMMENDED disk size should be 800GB. That's too much for us. Can you tell me why so much space is needed? What exactly will be stored there?

Please advise.

Rob Ingram · ‎01-23-2026

@nastiakhon sounds like you are deploying a medium size deployment as per https://www.cisco.com/c/en/us/td/docs/security/ise/performance_and_scalability/b_ise_perf_and_scale.html

If you deploy ISE from an ISO you can manually specify the resources (disk size) etc or alternatively deploy from OVA, which has the resources preconfigured with OVA options for a 300GB, 600GB, 1200GB or 2400GB disk drive https://software.cisco.com/download/home/283801620/type/283802505/release/3.4.0

I would recommend deploying from the OVA which is preconfigured with the recommended virtual resources (vCPU, memory and HDD). In a medium sized deployment, 600GB disks for the PAN/MnT nodes and 300GB for the PSN should suffice. The MnT nodes require more disk space for storing logs etc and yes it's normal for the PSN to have smaller disks.

View solution in original post

Rob Ingram · ‎01-23-2026

@nastiakhon sounds like you are deploying a medium size deployment as per https://www.cisco.com/c/en/us/td/docs/security/ise/performance_and_scalability/b_ise_perf_and_scale.html

If you deploy ISE from an ISO you can manually specify the resources (disk size) etc or alternatively deploy from OVA, which has the resources preconfigured with OVA options for a 300GB, 600GB, 1200GB or 2400GB disk drive https://software.cisco.com/download/home/283801620/type/283802505/release/3.4.0

I would recommend deploying from the OVA which is preconfigured with the recommended virtual resources (vCPU, memory and HDD). In a medium sized deployment, 600GB disks for the PAN/MnT nodes and 300GB for the PSN should suffice. The MnT nodes require more disk space for storing logs etc and yes it's normal for the PSN to have smaller disks.

nastiakhon · ‎01-23-2026

Could you please tell me if PAN nodes can have different disk sizes? Or do they have to be the same size?

Rob Ingram · ‎01-23-2026

@nastiakhon the two PAN/MnT/pxGrids nodes should both be the same size, i.e, 600GB and the PSN nodes would both be the same size, i.e, 300GB.

nastiakhon · ‎01-23-2026

Thank you very much for your help!

Cristian Matei · ‎01-23-2026

Hi,

@nastiakhon What eats the HDD is logging and honestly a lot of crap. Carefully look on the VPU / RAM & HD requirements, here, as well as log retention period based on number of devices:

https://www.cisco.com/c/en/us/td/docs/security/ise/3-5/install_guide/b_ise_Installation_Guide_35/b_ise_InstallationGuide_chapter_2.html

Related to disk size, PSN is not the problem, you can safely go with 300GB, only if you have the luxury go with 400GB. However, from experience, as related to PAN, I strongly suggest to allocate minimum 800GB.

Couple of additional advices:

1. Constantly / by-monthly monitor disk size and take action before it becomes 70-80 % full.

2. Whenever you'll perform patch upgrading, always remove all previous patches and only afterwards apply latest patch, to avoid bloating data and useless HDD increase, which if it happens, you take it with you to the next and next versions.

Good luck,

Cristian.