Solved: Does the OVA limits the max endpoint number or the VM?

64M80 · ‎01-21-2019

Hi,

A team installed an ISE 2.3.0.xxx 3415 OVA on a VM with plenty of storage (>1TB).

OVA: ISE-2.3.0.298-virtual-SNS3415-600

About 9000 devices are going to be monitored, so don´t know if that amount can be handled since the installation wasn't the 3395.

Does anyone knows if the OVA type restricts itself the max number of decives or is it the VM allocated hardware?

Best,

Damien Miller · ‎01-21-2019

Each version ISE has a theoretical max as listed for recent versions in the scaling guide Balaji linked, but don't run away yet. The difference between the various OVA's within a version train is what Cisco is saying they have tested and verified scaling to. They won't stop trying to do their job if you go over the suggested scaling limits as the software is still the same between templates, just don't be surprised if new issues arise. For example, if running 2.2+ on a two node 3415 deployment, then it has been tested for 5,000 endpoints. The same two node deployment running on 3595 templates would be tested to support 20,000 endpoint. Maybe you can squeak out more than this, maybe not.

Scaling is not an exact science, every deployment leverages different features, and has different intricacies. If you are near or over a limit then it is time to look at scaling again.Its also important to remember that as you upgrade to new versions, memory and cpu count can also change. If the release notes indicate different resource allocations/reservations/requirements, then it's best to follow them.

If you want to modify the CPU, and RAM reservations on the 3415 ova they deployed to be the 3495 spec, you can do that. Just power it down, modify the resources, and power it back up again. Keep in mind that there are suggested resource reservations in the VM template, change those too along with CPU and Memory allocations. It's not recommend running 9k endpoints on a 3415 deployment.

View solution in original post

balaji.bandi · ‎01-21-2019

here is the good reference document for ISE scale for VM :

https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148

Personally i for that kind of device, i will go 3 or 4 node setup. distribute the load across the VM, so this will give flexibility and high availability. and increase the performance also.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Damien Miller · ‎01-21-2019

Each version ISE has a theoretical max as listed for recent versions in the scaling guide Balaji linked, but don't run away yet. The difference between the various OVA's within a version train is what Cisco is saying they have tested and verified scaling to. They won't stop trying to do their job if you go over the suggested scaling limits as the software is still the same between templates, just don't be surprised if new issues arise. For example, if running 2.2+ on a two node 3415 deployment, then it has been tested for 5,000 endpoints. The same two node deployment running on 3595 templates would be tested to support 20,000 endpoint. Maybe you can squeak out more than this, maybe not.

Scaling is not an exact science, every deployment leverages different features, and has different intricacies. If you are near or over a limit then it is time to look at scaling again.Its also important to remember that as you upgrade to new versions, memory and cpu count can also change. If the release notes indicate different resource allocations/reservations/requirements, then it's best to follow them.

If you want to modify the CPU, and RAM reservations on the 3415 ova they deployed to be the 3495 spec, you can do that. Just power it down, modify the resources, and power it back up again. Keep in mind that there are suggested resource reservations in the VM template, change those too along with CPU and Memory allocations. It's not recommend running 9k endpoints on a 3415 deployment.