cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2660
Views
0
Helpful
7
Replies

ISE VM Sizing for Medium Deployment

NETAD
Level 4
Level 4

Hello, I'm installing 2 ISE nodes and need some directions whether to go with 35xx or the 36xx series. Total number of endpoints 10K max. 

 

From what I'm seeing the 35xx is EOL and 36xx is being shipped with 2.6 but yet Cisco's recommended ISE code is 2.4 so I'm a bit confused here. Should I install a 36xs and downgrade to 2.4? or can I still use the 35xx and be ok from an EOL/ESO standpoint. 

 

Thanks 

2 Accepted Solutions

Accepted Solutions

Damien Miller
VIP Alumni
VIP Alumni
Cisco released a new 2.4 ISO that includes the drivers for the 36x5 appliances, and it is to be used in conjunction with patch 9+. So you can order SNS 36x5 appliances and reimage them to 2.4 or leave them on 2.6 if you are comfortable following testing.

If that 10k endpoint count is active endpoints, then two 3655 appliances would probably be a good fit since 3615's are designed to support 10k active in hybrid/standalone deployments. If active endpoints and future scale is below 10k active endpoints, then 3615's would be OK.

View solution in original post

Ah OK my bad, virtual appliances changes things. You should download and deploy a 2.4 3595 OVA/ISO today, and this is still being recommended.


The physical SNS 35x5 appliances went end of sale because the UCS M4 hardware did, but the 3595 templates and appliances are not end of support. When you are ready to move to 2.6 you can either stay on the 3595 size VM, or update it to a 3615/3655 template.

View solution in original post

7 Replies 7

Damien Miller
VIP Alumni
VIP Alumni
Cisco released a new 2.4 ISO that includes the drivers for the 36x5 appliances, and it is to be used in conjunction with patch 9+. So you can order SNS 36x5 appliances and reimage them to 2.4 or leave them on 2.6 if you are comfortable following testing.

If that 10k endpoint count is active endpoints, then two 3655 appliances would probably be a good fit since 3615's are designed to support 10k active in hybrid/standalone deployments. If active endpoints and future scale is below 10k active endpoints, then 3615's would be OK.

Thanks Damien, so the 35xx is not an option at this point right? Also these will be virtual appliances. Can I still downgrade to 2.4 if I download the pre-provisioned ova's for the 3615's or 3655's?

Ah OK my bad, virtual appliances changes things. You should download and deploy a 2.4 3595 OVA/ISO today, and this is still being recommended.


The physical SNS 35x5 appliances went end of sale because the UCS M4 hardware did, but the 3595 templates and appliances are not end of support. When you are ready to move to 2.6 you can either stay on the 3595 size VM, or update it to a 3615/3655 template.

Thanks I will go with a 3595 ova. Now to update it to 3615/3655 template, do I have to deploy new 36x5 ova's and restore the config onto them?

Another question on resources, from what I'm seeing the medium 3595 comes with 64GB of RAM, what's the lowest I can lower to? Can I go with 16 or 32 GB? For disk space, it comes provisioned with either 200 GB or 1.2TB, can those be tweaked or will it cause corruption? and Finally for CPU it's at 16 CPU's, can that be lowered as well?

You will be able to shut down the VM in the future, adjust the CPU and memory + reservations, then start the VM up again. ISE will recognize the new allocation and adjust to its template.

The templates are not to be adjust outside of what Cisco has defined. Doing so will lead to TAC asking them be corrected during any troubleshooting, and it has not been tested/certified. In a hybrid/standalone deployment where the PAN/MNT are hosted on the same node....
A 3515 supports 7500 active endpoints, it requires 16 GB and 12,000 MHz reserved.
A 3595 support 20k active endpoints, it requires 64 GB and 16,000 MHz reserved.

It is recommend you go with at least 600 GB if the PAN/MNT are shared on the same VM. If you want a custom size then you have to install ISE from the ISO. You cannot adjust OVA disk space, well you can, but ISE will not recognize disk space changes. I would recommend any standalone PSN be installed from the ISO with 300 GB, instead of 200, Cisco changed the 2.6 PSN recommendation to 300 GB in the release notes, but the OVAs were not updated. This would prevent a reinstall in the future if you were doing an inline upgrade.

Hi Damien, is true that if we go with a small ova size a 3515 and we up the ram and cpu later we would be uncompliant and we would need licensing for a medium? Here’s the situation, the client purchased ISE back in 2012 and never deployed so now we’re trying to convert the license. From what I know it will automatically get converted to a medium. Is that accurate or not?

That's correct, the original VM licenses will be converted to medium R-ISE-VMM-K9 licenses. You send an email to licensing@cisco.com with the Cisco SO number the original VM licenses were purchased on and they convert any purchased.

Process covered at the bottom of this page.
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-24/213171-ise-2-4-upgrade-alarms-fewer-vm-license.html