Solved: Virtual ISE - Vmotion

ryanmbess · ‎02-10-2026

Hello all,

We are entertaining virtual cisco ISE as a PSN for one of our remote sites. It seems like all the live/hot vmotion problems have been fixed. Is anyone using virtual ISE and can validate the vmotion concerns are no longer there?

https://www.cisco.com/c/en/us/td/docs/security/ise/3-4/install_guide/b_ise_installationGuide34/b_ise_InstallationGuide_chapter_2.html

VMware virtual machine requirements
You can use the VMware migration feature to migrate VM instances (running any persona) between hosts. Cisco ISE supports both hot and cold migration.

Hot migration is also called live migration or vMotion. You do not need to shut down or power off Cisco ISE during hot migration. You can migrate the Cisco ISE VM without any interruption in its availability.

Cisco ISE must be shutdown and powered off for cold migration. Cisco ISE does not allow to stop or pause the database operations during cold migration. Hence, ensure that Cisco ISE is not running and active during the cold migration.

balaji.bandi · ‎02-10-2026

Live vMotion (Hot Migration) is now fully supported.

what is your average round-trip latency? (ISE is sensitive to anything over 300ms for database replication)

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎02-10-2026

Live vMotion (Hot Migration) is now fully supported.

what is your average round-trip latency? (ISE is sensitive to anything over 300ms for database replication)

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Arne Bier · ‎02-10-2026

I have been using live vMotion since ISE 3.3 and never noticed any issues as a result of using it. In my customer scenarios they don't tend to include ISE in DRS groups (as far as I know) but I know that they will deliberately vacate VMs (including ISE) to upgrade/patch the ESXi hosts.

I would trust that VMWare have done a reliable job in ensuring there is no data loss or corruption.

There is more chance of breaking your ISE by doing a sanctioned ISE patch or upgrade.

ryanmbess · ‎02-13-2026

Thanks. It's encouraging to hear that you've had success with live vMotions.

Marcelo Morais · ‎02-12-2026

@ryanmbess ,

vMotion is supported since ISE 3.1.

My preferences for a vMotion are:

1st Cold vMotion

ISE Nodes shutdown:

ise/admin# halt

2nd "Cold vMotion"

ISE Nodes with "application stop":

ise/admin# application stop ise

3rd Hot vMotion

ISE Nodes up and running

Tested since ISE 3.3 P4 !

Hope this helps !

balaji.bandi · ‎02-12-2026

So none of the 3 options causes data loss. To my knowledge, (never had a virtual environment though for ISE)

Once I had a bad experience due to VM resources - ISE had a performance issue, so I prefer physical somehow.

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Marcelo Morais · ‎02-13-2026

@balaji.bandi ,

yes, none of the 3 options causes Data Loss

PS: what I prefer about VM over the SNS is that the SNS Appliance supports the UEFI (Unified Extensible Firmware Interface) Secure Boot feature, which ensures that only a signed Cisco ISE image can be installed, in other words, although the SNS is a Cisco UCS C, the SNS Appliance are a dedicated Appliance ONLY for Cisco ISE, and cannot be repurposed ... please take a look at:

ISE - What we need to know about SNS / VM .