cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1009
Views
1
Helpful
3
Replies
Cisco Employee

ISE VM resource reservation clarification

Hi team,

Need some clarification on ISE VM resource reservation. There seems to be two ways to reserve it, one is using the slider under the VM properties next to "Reservation" and the other is either setting CPU affinity under Advance CPU or "Reserve all guest memory" on the memory page.

From what I've read - using the slider guarantees resources to the VM but the underlying RAM/CPU is still shared across all other VM's. Whereas forcing dedicated CPU/RAM to the VM, those resources will not be shared with any other VM's.

Which one is THE way to set reservation?

Sizing is for ISE 3495 - large deplyment, 10k-12k sessions. Currently deployed as Dedicated with one PAN, one MnT and 3x PSN - running into sluggish UI, slow authentication performance, back-up issues etc. 3x PSN just to get by which is overkill...

CPU

Screen Shot 2017-10-17 at 9.54.31 PM.png

Memory

Screen Shot 2017-10-17 at 9.54.38 PM.png

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Advocate

Re: ISE VM resource reservation clarification

To clarify a bit, base requirement is to set reservations. We do not require CPU affinity or memory lockout.  In other words, we want to make sure the required mem and cpu is available and never oversubscribed, but do not require that resources are locked/restricted from other VMs when excess resources available. 

I found a couple interesting articles on related point--quite detailed, but they get into reservations and sharing:

CPU reservations irrelevant - core scheduling m... |VMware Communities

How to set CPU affinity and memory. |VMware Communities

We do not currently mandate affinity.

/Craig

View solution in original post

3 REPLIES 3
Highlighted
Cisco Employee

Re: ISE VM resource reservation clarification

You should be forcing dedicated CPU/RAM to the VM, those resources will not be shared with any other VM's.

Check the guide for more information, specifically, Virtual Machine Resource and Performance Checks

https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/install_guide/b_ise_InstallationGuide23/b_ise_InstallationGuide23_chapter_011.html#reference_83A921B909E04673BFBD689BEDD2D991

Highlighted
Advocate

Re: ISE VM resource reservation clarification

To clarify a bit, base requirement is to set reservations. We do not require CPU affinity or memory lockout.  In other words, we want to make sure the required mem and cpu is available and never oversubscribed, but do not require that resources are locked/restricted from other VMs when excess resources available. 

I found a couple interesting articles on related point--quite detailed, but they get into reservations and sharing:

CPU reservations irrelevant - core scheduling m... |VMware Communities

How to set CPU affinity and memory. |VMware Communities

We do not currently mandate affinity.

/Craig

View solution in original post

Highlighted
Cisco Employee

Re: ISE VM resource reservation clarification

Craig and Jason,

Thanks for the response. Another question - for the above screenshots where the "limit setting" is set to unlimited which allows the VM to burst to the max - would that affect how the ISE VM performs?

I've always seen limits being set, so in the ISE case, we'd limit it to 16000Mhz and 32GB ram and not unlimited.

Minh