Solved: ISE 2.4 Configuration Backup file size becomes huge

ASD SOC Tata Communications · ‎03-14-2019

I run 2 x ISE 2.4 Patch 5.

I have scheduled a weekly backup (Configurational Backup).

The size of the backup file grows every week (500MB on last week and now 750MB).

Is there a way to reduce it ? What takes so much space?

Before I was running ACS V4R1 and the sizes of the backup files were less than 1MB.

I read in the admin guide (b_ise_admin_guide_24.pdf) that I should need around 200GB per file. And I would need to keep the last 3 versions.

Any tips?

Nadav · ‎03-14-2019

Unlike Operational data, configuration backups aren't well optimized. It's for the most part a matter of what's configured on your PAN. If you have a great deal of objects configured (NADs, endpoints, users etc.) then the file size will grow accordingly.

There was an issue well before your version where the backups included all the log files and they weren't well compressed, so that the configuration backup grew noticeably larger even if the ISE configuration was unchanged.

If you aren't adding objects over a long period of time and you see that the configuration size is growing from day to day, I'd open a case with TAC.

View solution in original post

paul · ‎03-14-2019

Your backup grows with the # of endpoints in your database. On my large deployment I have close to 750k endpoints and my backup size is 767 MB.

Damien Miller · ‎03-15-2019

Something is wrong there, or are you taking operation backups?

The typical configuration backup for any deployment I have been a part of is between 70 MB (brand new), and 12 GB (lots of logs that shouldn't have been included). On a deployment with 1.2 million known endpoints, the backup files averaged around 3 GB each. On a deployment with 3.8 million, same thing.

Now for you @ASD SOC Tata Communications, the admin guide says for large deployments you should have a repository with at least 200 GB of space available, not that each backup will be 200 GB. This means that the FTP server you are sending your files to should have enough space to keep some history. Each configuration backup file will be a gzipped, tar'd, and encrypted file of around 1 - 4 GB with a patched 2.4 deployment.
"We recommend that you have a repository size of 10 GB for small deployments (100 endpoints or less), 100 GB for medium deployments, and 200 GB for large deployments."

If you are taking operation backups, those will be dependent on how much logging your monitoring node is storing.

paul · ‎03-15-2019

Yikes I meant MB not GB. I have corrected my reply. Basically I don't see anything wrong with the backup size that was posted depending on the # of endpoints.

Nadav · ‎03-14-2019

Unlike Operational data, configuration backups aren't well optimized. It's for the most part a matter of what's configured on your PAN. If you have a great deal of objects configured (NADs, endpoints, users etc.) then the file size will grow accordingly.

There was an issue well before your version where the backups included all the log files and they weren't well compressed, so that the configuration backup grew noticeably larger even if the ISE configuration was unchanged.

If you aren't adding objects over a long period of time and you see that the configuration size is growing from day to day, I'd open a case with TAC.