cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3082
Views
0
Helpful
10
Replies

ISE VM Requirements clarification

erigglem
Cisco Employee
Cisco Employee

Team, I'm looking for clarification on the virtual machine CPU requirements for ISE

 

The ISE 2.4 installation guide states the following as CPU requirements for Medium Virtual Appliance:

Production

  • Clock Speed—2.0 GHz or faster

  • Number of Cores

    SNS 3500 Series Appliance:

    • `Medium—16 processors (8 cores with hyperthreading enabled

 

But later in the document it says:

Table 3. VM Appliance Specifications for a Production Environment

Platform

Medium VM Appliance (based on SNS-3595)

Processor

8 total cores (at 2.0 GHz or above) or a total minimum CPU allocation of 16000 MHz.

Note 

You must enable hyperthreading and assign the resulting number of logical processors (16) to each server.

 

The "OR" in the above table is what is confusing.

 

Question: If the host is running 3.0Ghz clock-speed procs, will TAC support them if they run only 6 cores to achieve the >16000Mhz CPU reservation? This would contradict the core-count requirement of 8 total cores in the red-highlighted section above.

10 Replies 10

kthiruve
Cisco Employee
Cisco Employee

Hi,

 

This is a great question. In general when using multithreaded application more cores is better. Here is a reference article I found that would explain how it works.

https://create.pro/blog/cores-faster-cpu-clock-speed-explained/

I think this is a bug in the documentation. I will reach out to the relevant team.

Thank you for pointing this out.

 

-Krishnan

 

 

The hyper threading thing is just confusing because it has nothing to do with the VM setup itself.  If you load up the new OVAs Cisco provide a 3515 will be provisioned with 12 CPUs and 12,000 MHz of reservations and the 3595 will be setup with 16 CPUs and 16,000 MHz of reservations. 

 

Now if the ESX host server has hyper threading enabled the 12 CPUs will only consume 6 CPUs and the 16 CPUs will only consume 8 CPUs, but this has absolutely nothing to do with the VM itself.  The VM will always think it has 12 or 16 CPUs.

Also, if you don't put the right number of CPUs in the VM, ISE won't detect the platform correctly and allocate resources.  That was the whole issue with the OVAs since 2.2.  The OVAs had the wrong number of CPUs causing ISE to not detect the correct platform.

Recommend looking at the performance and scale cisco live for deep details as well

https://community.cisco.com/t5/security-documents/ise-training/ta-p/3619944#toc-hId-1281981443

Thanks Krishan - can you please reply back when you receive an answer from the relevant team? Much appreciated.

Hi, Have you gotten any updates about this? I run into the same question.

Regardless of a follow up from Krishnan, I will say that you're going to want the correct number of vCPU/cores regardless of the MHz you configuration provides. The reason being is that the platform profile (3515 - 3695) won't be allocated correctly if the VM doesn't meet the template. ISE could boot up with a base/default/platform profile. From a VMware perspective, you are hard allocating between 12,000 and 24,000 Mhz now depending on the vm template. How many cores you assign is irrelevant to VMware, the vcpu is an entirely logical construct that you can over allocate, you cannot however over allocate the finite MHz reservations.

Licensing also looks at the vCPU mapping and memory in order to determine if you are licensed correctly, this might be less of an issue since reducing the number of cores should be covered by the larger license still.


I would however go out on a limb here and say that the physical appliances perform better than VM's for the sole reason that they are not bound to the VM reservation limit. The Cisco OVA templates have both a 12,000-24,000 MHz reservation, but they also have the exact same limit set. A 3595 had a single CPU with 8 x 2.6 GHz cores, this meant the physical appliance had 20800 MHz available, while our VM's only had 16,000 Mhz.

Just a quick correction Damien. Cisco has removed the CPU max limit from their OVAs and admitted that it was a mistake to have those in there in the first place. 16,000 MHz is reserved for a 3595 but no upper limit. So the system can use more if needed.


That's good to know, makes a lot more sense. Haven't deployed a new OVA myself in a while.

hslai
Cisco Employee
Cisco Employee

VMware ESXi - More cores or faster cores? : vmware is a good read. Certain tasks in ISE are more CPU-bound; e.g. massy re-profiling and during ISE service initialization. Best to monitor the work loads of various ISE nodes and adjust accordingly.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: