Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
760
Views
2
Helpful
2
Replies

Most efficient Shared Storage

Go to solution
pmerlitt
Cisco Employee
Cisco Employee

‎10-05-2017 09:26 AM

Experts,

My customer is trying to redesign ISE on VM’s correctly so that it works in the most efficient manner on a shared storage infrastructure.  The processor, memory and disk space requirements are clear, but they need help with optimizing the shared storage network.  The customer would prefer access to a Tested Reference Configuration or Preferred Architecture that they can mimic if it is available.  In lieu of Preferred/Tested Reference Design, the customer just wants help zooming in on the best possible storage design for ISE.  They seem to have every type of shared storage available to them, FC, FCoE, NFS and they can use HDD’s or SSDs.  They also have various performance controllers they can use.  They want to understand what would perform the best.


Here’s what I have for the environment:

ISE

Is licensed for up to 25K concurrent connections

Has 10 nodes deployed and enough licenses to go to 20 nodes

The nodes are deployed across the 2 large campuses

Primary Admin node and primary reporting node at Campus 1

Backup Admin and reporting nodes are at Campus 2

3 Policy Nodes on Campus 1 and 3 on Campus 2

There is a 10Gig intercampus link between them

In lieu of a Preferred Architecture for storage can someone answer these questions so the customer's storage experts can figure out the most efficient storage design:

what tests are being used to measure I/O throughput?

How much data is being transferred during the test and does this represent typical application reads/writes?

Is it an iometer test?

is there another test that is being used?

What is the block size of the data?

What are typical types and sizes of the reads and writes that the applications will perform?


Thanks!

Paul Merlitti

1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10

‎10-05-2017 03:13 PM

IO test can be run before install via .iso start menu and is also run during ISE install and on periodic intervals post install.  The basic test is a dd script that runs multiple counts and takes average.  If average below the guidance called out in Install Guide (currently 300 MB/s read, 50MB/s write), then an alarm is triggered. Write bs=1024k.   Output from CLI "sh tech" will also provide current results as well as historical results.

We do not have a reference SAN configuration.  As you can see in your own customer's case, there are many possible combinations and rather than stipulate a specific solution, we allow customer to implement their storage solution of choice provided it meets the read/write guidelines noted above.

I can say that disks of 10k RPM or faster, use of good caching controllers, and RAID choice will certainly impact the results.  More details can be found in BRKSEC-3699 session from Cisco Live (available on ciscolive.com) under the reference version of presentation.

/Craig

View solution in original post

0 Helpful
2 Replies 2

Go to solution
kthiruve
Cisco Employee
Cisco Employee

‎10-05-2017 12:24 PM

Hi,

Please let us know the version of ISE you are running.

Here are the VM requirements listed in our Cisco ISE install guide for ISE 2.2.

https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/install_guide/b_ise_InstallationGuide22/b_ise_InstallationGuide22_chapter_01.html

Thanks

Krishnan

Go to solution
Craig Hyps
Level 10
Level 10

‎10-05-2017 03:13 PM

IO test can be run before install via .iso start menu and is also run during ISE install and on periodic intervals post install.  The basic test is a dd script that runs multiple counts and takes average.  If average below the guidance called out in Install Guide (currently 300 MB/s read, 50MB/s write), then an alarm is triggered. Write bs=1024k.   Output from CLI "sh tech" will also provide current results as well as historical results.

We do not have a reference SAN configuration.  As you can see in your own customer's case, there are many possible combinations and rather than stipulate a specific solution, we allow customer to implement their storage solution of choice provided it meets the read/write guidelines noted above.

I can say that disks of 10k RPM or faster, use of good caching controllers, and RAID choice will certainly impact the results.  More details can be found in BRKSEC-3699 session from Cisco Live (available on ciscolive.com) under the reference version of presentation.

/Craig

0 Helpful
Customers Also Viewed These Support Documents