Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6541
Views
11
Helpful
4
Replies

ISE in the Cloud

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎09-08-2018 11:49 AM

 

I'm wondering if anyone has evaluated running ISE in AWS or Azure.  It would be cool to see ISE as a service offering, but i'm not asking about that right now.  

 

Earlier this year AWS/vmware teamed up to announce vmware cloud, building esxi hosts on a bare metal ec2 boxes. It appears AWS would be able to handle the workloads quite easily, no nested virtualization, 2xcpu /w 18x2.3GHz core each, 512 GB RAM, and 15 TB nvme storage. 

 

I haven't looked as closely at Azure, but for some time they have offered nested hyper-v virtualization. I  have not run ISE on hyper-v myself which mean I'm less familiar with the requirements. 

 

I'm wondering if any one has evaluated either of these as an options for customers that can't/don't want any onsite hardware.  

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to Arne Bier

‎09-09-2018 11:37 PM

Yeah, it doesn't seem as viable in Azure since it would have to be nested in another hyper-v capable VM. Maybe for a 3515 deployment it could potentially work, but with 3595's you would have to use massive dv3/ev3 service, Standard_E32_v3 or larger.

I don't see a great solution right now for deployments in environments where the compute is entirely cloud based.

View solution in original post

4 Replies 4

Go to solution
Arne Bier
VIP
VIP

‎09-08-2018 07:09 PM

I have been playing around with Azure a while and even their smaller CPU builds can rack up the costs pretty quickly.  I would go for the reserved instances to get the savings that would be needed when running an ISE node 24/7.  At this point it would also be nice to have an ISE image that is not so RAM and CPU hungry.  I'd say ISE is quite bloated and greedy (due to Java and Oracle running under the covers). 

If a typical customer migrating from ACS to ISE, who wants a bit of wired and wireless 802.1x and perhaps Guest services, might benefit from an ISE node that only needs 8 GB of RAM and 4 vCPU's.

 

Do the math on what it would cost to run one "small" ISE node in Azure (even with reserved instance pricing).  I have not done it but I have not had the need to.

 

 

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to Arne Bier

‎09-09-2018 11:37 PM

Yeah, it doesn't seem as viable in Azure since it would have to be nested in another hyper-v capable VM. Maybe for a 3515 deployment it could potentially work, but with 3595's you would have to use massive dv3/ev3 service, Standard_E32_v3 or larger.

I don't see a great solution right now for deployments in environments where the compute is entirely cloud based.

Go to solution
yadulla hussainks
Level 1
Level 1

‎12-19-2023 12:45 PM

Hello Everyone,

Can anyone share a link for migrating CISCO ISE to Azure 

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to yadulla hussainks

‎12-19-2023 01:53 PM

Deploy Cisco Identity Services Engine Natively on Cloud Platforms 

The only 'migration' strategy would be to build the cluster in Azure, restore a backup from your on-prem ISE cluster, then re-configure your network devices to point to the new PSNs.

You should also be aware of this issue with Azure. This default behaviour will break EAP-TLS, so you would need to have MS support enable the workaround.
https://learn.microsoft.com/en-us/answers/questions/996062/azure-drops-my-udp-fragmentated-packets-when-they

 

Customers Also Viewed These Support Documents