Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1396
Views
2
Helpful
3
Replies

Image Integrity Check on VM

Go to solution
samthada
Level 1
Level 1

‎08-10-2017 11:32 AM

Hello,

I have a question about Secure Boot and the Image Integrity Check features that were introduced in 2.0.1.

The release notes for 2.0.1 clearly say that both Secure Boot and the Image Integrity Check features are only available on the physical appliance. My question is that in later version of ISE, is this still the case? I could understand why Secure Boot could only occur on the physical appliance, but I'm wondering why the image integrity check isn't included in the image when deploying ISE on a VM.

The real question is, in any version of ISE, does the image thats installed on the VM include the Image Integrity Check?

1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎08-10-2017 12:36 PM

You are correct that the secure boot feature is for ISE SNS appliances as our teams worked with the UCS teams to get it to work. If you have a business case for VM, as well, then please discuss it with our PM team. AFAIK, VMWare VM may support it but requires newer ESXi releases and VM hardware version -- Enable or Disable UEFI Secure Boot for a Virtual Machine

Nonetheless, many of ISE binary files are being checked for integrity since ISE 2.0.1, regardless SNS appliances or VM appliances.

View solution in original post

3 Replies 3

Go to solution
hslai
Cisco Employee
Cisco Employee

‎08-10-2017 12:36 PM

You are correct that the secure boot feature is for ISE SNS appliances as our teams worked with the UCS teams to get it to work. If you have a business case for VM, as well, then please discuss it with our PM team. AFAIK, VMWare VM may support it but requires newer ESXi releases and VM hardware version -- Enable or Disable UEFI Secure Boot for a Virtual Machine

Nonetheless, many of ISE binary files are being checked for integrity since ISE 2.0.1, regardless SNS appliances or VM appliances.

Go to solution
samthada
Level 1
Level 1
In response to hslai

‎09-26-2017 02:47 PM

Thanks for the response. I have a couple follow ups.

1. When does the integrity check take place?

2. What happens in the instance that the check fails?

3. What specific binaries does it check?

Thank again!

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to samthada

‎09-26-2017 02:54 PM

The checks are generally happening at the initialization stage. The ISE services will shut down if the checks failing. All the essential binary files are checked.

0 Helpful
Customers Also Viewed These Support Documents