Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1907
Views
0
Helpful
5
Replies

Scaling ISE VM based on endpoint

Go to solution
manvik
Level 3
Level 3

‎06-10-2020 07:34 AM

Hi Guys,

Currently using R-ISE-VM-K9 SKU as VM. Endpoint base license is 250. 

Now we are planning to add 1500 more endpoints for 802.1x authentication

 

Will the current ISE VM support this scaling or should I buy a higher ISE VM.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to manvik

‎06-10-2020 11:53 PM

R-ISE-VM-K9 is not a specific size of ISE VM, it is the traditional ISE VM license part number that we bought from Cisco prior to the release of ISE version 2.4. The VM templates are determined by CPU and memory assigned, ex. 3515, 3595, 3615 etc. As long as you are on a 3415 or larger template, you can support up to 5k active endpoints.

Also note, you do not have to buy all new licences, if you already own 500 licenses, and you need 1500 to cover your active endpoint count, you can order an additional 1000 and they can be added to a smart account or installed directly on ISE. You will also want to ensure you look at your plus licenses if you are leveraging profiling or pxgrid context sharing. The vendor you purchase licenses from should also be able to help identify if you need plus/apex licenses.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎06-10-2020 07:47 AM

You will need additional base licenses to support the targeted 1500 number. Consumption is 1 for 1. A base license is consumed for each 8021x onboarded host and is not released until the session is no longer active (tracking via accounting). For specific scaling concerns see here: https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148
HTH!
0 Helpful

Go to solution
manvik
Level 3
Level 3
In response to Mike.Cifelli

‎06-10-2020 10:20 PM

Hi,

Does that mean a new ISE VM license should be purchased?

If we are using "R-ISE-VM-K9" currently with 300 endpoints and now scaling to 1500 endpoins. Should the ISE VM spec increase?

 

Are there any datasheets available stating ISE VM vs Endpoint connection capability.

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to manvik

‎06-10-2020 10:32 PM

You are supposed to have a one to one mapping of VM licenses for virtual ise nodes you deploy. If you deploy 2 ISE VM's, you should have two licenses, if you deploy 24, you should have 24 VM licenses.

The smallest ISE VM/appliance template is capable of supporting 5,000 active endpoint sessions. You shouldn't have to change your ISE nodes unless you are looking at upgrading from older ISE versions to new and you're model is no longer supported.
https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148#toc-hId--632457705

As Mike pointed out, you need to ensure you have enough endpoint licenses to cover the number of active endpoints you have authenticating. This ISE licensing guide includes examples of how licenses are used.
https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf

You can check your current endpoint license usage at https://<ise ip>//admin/#administration/administration_system/administration_system_licensing. Here you can see your current ISE Base and Plus license entitlement, and determine if you have enough licenses to cover the new endpoints you will be adding.
0 Helpful

Go to solution
manvik
Level 3
Level 3
In response to Damien Miller

‎06-10-2020 10:54 PM

Thank you Damien and Mike,

Our active endpoint sessions (802.1x authentications from desktop, laptop) would be around 1500 only.

Yes, I would purchase new base license for 1500 endpoints.

 

I undesrand, "R-ISE-VM-K9" VM can support upto 5000 endpoints and requires additional base license only.

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to manvik

‎06-10-2020 11:53 PM

R-ISE-VM-K9 is not a specific size of ISE VM, it is the traditional ISE VM license part number that we bought from Cisco prior to the release of ISE version 2.4. The VM templates are determined by CPU and memory assigned, ex. 3515, 3595, 3615 etc. As long as you are on a 3415 or larger template, you can support up to 5k active endpoints.

Also note, you do not have to buy all new licences, if you already own 500 licenses, and you need 1500 to cover your active endpoint count, you can order an additional 1000 and they can be added to a smart account or installed directly on ISE. You will also want to ensure you look at your plus licenses if you are leveraging profiling or pxgrid context sharing. The vendor you purchase licenses from should also be able to help identify if you need plus/apex licenses.
0 Helpful
Customers Also Viewed These Support Documents