Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2738
Views
10
Helpful
2
Replies

Disable ISE Profiling Service

Go to solution
vsurresh
Level 1
Level 1

‎09-09-2021 08:48 AM

Hi, all.

 

At the moment we don't have any policies based on 'device type' such as apply this profile if the device is 'Android'

Is it safe to disable the profiling service if we are not using them? I understand we may loose the ability to see the device type on the authentication logs. Apart from that, is there a downside of disabling it completely?

The main reason I'm trying to disable the service is to free up some CPU / Memory on the ISE.

 

Thanks in advance.  

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎09-09-2021 03:57 PM

I can't think of any impact to the basic RADIUS functionality disabling the Profiling Service on the PSNs would have, but losing visibility of the types of endpoints on your network would be crippling the functionality of ISE. This would follow the adage 'you can't secure what you can't see'. You also would not be able to use features like Posture or BYOD in future as ISE would not know what type of client provisioning was needed.

If you're using the supported ISE CPU/Memory specs as per cs.co/ise-scale, there should be no concerns regarding CPU/Memory usage. If you're not using those defined specs (including reservation of memory resources for VMs), any performance issues you might experience would not be supported by TAC, which is taking a pretty big risk.

If you are using the supported specs and experiencing CPU/Memory utilisation issues, there may be an underlying issue that requires investigation by TAC.

View solution in original post

2 Replies 2

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎09-09-2021 03:57 PM

I can't think of any impact to the basic RADIUS functionality disabling the Profiling Service on the PSNs would have, but losing visibility of the types of endpoints on your network would be crippling the functionality of ISE. This would follow the adage 'you can't secure what you can't see'. You also would not be able to use features like Posture or BYOD in future as ISE would not know what type of client provisioning was needed.

If you're using the supported ISE CPU/Memory specs as per cs.co/ise-scale, there should be no concerns regarding CPU/Memory usage. If you're not using those defined specs (including reservation of memory resources for VMs), any performance issues you might experience would not be supported by TAC, which is taking a pretty big risk.

If you are using the supported specs and experiencing CPU/Memory utilisation issues, there may be an underlying issue that requires investigation by TAC.

Go to solution
vsurresh
Level 1
Level 1
In response to Greg Gibbs

‎09-13-2021 01:41 AM

Thanks, Gregg. Appreciated your response. 

I understand that we would loose some visibility by disabling Profiling. 

 

0 Helpful
Customers Also Viewed These Support Documents