cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2739
Views
10
Helpful
2
Replies

Disable ISE Profiling Service

vsurresh
Level 1
Level 1

Hi, all.

 

At the moment we don't have any policies based on 'device type' such as apply this profile if the device is 'Android'

Is it safe to disable the profiling service if we are not using them? I understand we may loose the ability to see the device type on the authentication logs. Apart from that, is there a downside of disabling it completely?

The main reason I'm trying to disable the service is to free up some CPU / Memory on the ISE.

 

Thanks in advance.  

1 Accepted Solution

Accepted Solutions

Greg Gibbs
Cisco Employee
Cisco Employee

I can't think of any impact to the basic RADIUS functionality disabling the Profiling Service on the PSNs would have, but losing visibility of the types of endpoints on your network would be crippling the functionality of ISE. This would follow the adage 'you can't secure what you can't see'. You also would not be able to use features like Posture or BYOD in future as ISE would not know what type of client provisioning was needed.

If you're using the supported ISE CPU/Memory specs as per cs.co/ise-scale, there should be no concerns regarding CPU/Memory usage. If you're not using those defined specs (including reservation of memory resources for VMs), any performance issues you might experience would not be supported by TAC, which is taking a pretty big risk.

If you are using the supported specs and experiencing CPU/Memory utilisation issues, there may be an underlying issue that requires investigation by TAC.

View solution in original post

2 Replies 2

Greg Gibbs
Cisco Employee
Cisco Employee

I can't think of any impact to the basic RADIUS functionality disabling the Profiling Service on the PSNs would have, but losing visibility of the types of endpoints on your network would be crippling the functionality of ISE. This would follow the adage 'you can't secure what you can't see'. You also would not be able to use features like Posture or BYOD in future as ISE would not know what type of client provisioning was needed.

If you're using the supported ISE CPU/Memory specs as per cs.co/ise-scale, there should be no concerns regarding CPU/Memory usage. If you're not using those defined specs (including reservation of memory resources for VMs), any performance issues you might experience would not be supported by TAC, which is taking a pretty big risk.

If you are using the supported specs and experiencing CPU/Memory utilisation issues, there may be an underlying issue that requires investigation by TAC.

Thanks, Gregg. Appreciated your response. 

I understand that we would loose some visibility by disabling Profiling.