Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12233
Views
20
Helpful
5
Replies

Diffence Between R-ISE-VM-K9= vs Sized VMs (R-ISE-VMS-K9)

Go to solution
XLG
Level 1
Level 1

‎06-07-2018 02:30 AM - edited ‎02-21-2020 10:57 AM

Hello

 

I'm having issues understanding the use of this SKU : R-ISE-VM-K9= (descripted as virtual image)

 

When those exists : (descripted as virtual machines)

 

R-ISE-VMS-K9=

R-ISE-VMM-K9=

R-ISE-VML-K9=

 

"R-ISE-VM-K9=" is also EOL since February 2018.

 

For example, if I'm asked to size a VM ISE solution for 4K endpoints with PLUS licences - should I go for this?

 

R-ISE-VMM-K9= x 1 or/and R-ISE-VM-K9= x 1

L-ISE-BSE-5K= x 1

L-ISE-TACACS= x 1

 

Also, is there a difference between what they call "virtual machine" and "vitual image" ? (in the ordering guide)

 

Another thing, why would a client purchase multiple VMs as well as multiple TACACS+ licences for the same environment? 

 

Thank you very much for you help !

 

XLG

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎06-07-2018 05:57 AM

Hi

 

The new SKUs are:

R-ISE-VMS-K9

R-ISE-VMM-K9

R-ISE-VML-K9

 

This is more in terms of how large is your deployment and pick the right VM.

You can check on ISE ordering guide: https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf

 

Price is different as well between them. Before you had 1 VM licence and no matter how large it was, it was same price for all. Now, with ISE 2.4, all licensing changed and you can get the small VM cheaper than before (I believe it's 1k less) but also it will be cheaper than the large VM.

 

It becomes more important in terms of design to define which one will fit you requirements. You can use several links to help you designing it:

 - https://communities.cisco.com/thread/76628?start=0&tstart=0

 - https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/install_guide/b_ise_InstallationGuide24/b_ise_InstallationGuide24_chapter_01.html

 

If you have 4k devices to handle, small VM should be enough.

 

For Tacacs, before it was 1 licence for the complete cluster no matter if you activated Tacacs feature on 1 or more PSNs. Now, it's 1 licence per node activated. Usually you would have at least 2 licences for redundancy purposes.

 

You gave SKUs for tacacs and base but not for plus licences. You said you would need plus for 4k. Take a look on ordering guide (link dropped before) to see which SKU to use.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

5 Replies 5

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎06-07-2018 05:57 AM

Hi

 

The new SKUs are:

R-ISE-VMS-K9

R-ISE-VMM-K9

R-ISE-VML-K9

 

This is more in terms of how large is your deployment and pick the right VM.

You can check on ISE ordering guide: https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf

 

Price is different as well between them. Before you had 1 VM licence and no matter how large it was, it was same price for all. Now, with ISE 2.4, all licensing changed and you can get the small VM cheaper than before (I believe it's 1k less) but also it will be cheaper than the large VM.

 

It becomes more important in terms of design to define which one will fit you requirements. You can use several links to help you designing it:

 - https://communities.cisco.com/thread/76628?start=0&tstart=0

 - https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/install_guide/b_ise_InstallationGuide24/b_ise_InstallationGuide24_chapter_01.html

 

If you have 4k devices to handle, small VM should be enough.

 

For Tacacs, before it was 1 licence for the complete cluster no matter if you activated Tacacs feature on 1 or more PSNs. Now, it's 1 licence per node activated. Usually you would have at least 2 licences for redundancy purposes.

 

You gave SKUs for tacacs and base but not for plus licences. You said you would need plus for 4k. Take a look on ordering guide (link dropped before) to see which SKU to use.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
XLG
Level 1
Level 1
In response to Francesco Molino

‎06-07-2018 06:00 AM

Thank you very much for this very clear and complete answer !
0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to XLG

‎06-07-2018 06:27 AM

You're welcome

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
Milko Zhelev
Level 1
Level 1
In response to Francesco Molino

‎08-29-2018 03:09 AM

What about of the deployment of the virtual machines.. if you have 1 big site (200 users) and if we have 10 small sites (100 users)  that is required to have Policy node in each small sites. How many VM small license is required to have?

0 Helpful

Go to solution
Mohammed al Baqari
Level 11
Level 11
In response to Milko Zhelev

‎08-29-2018 10:01 AM

License depends on the number of endpoints per feature group (endpoints per
base lic, endpoints per plus lic, endpoints per apex lic). If you are
deploying distributed model, the number of PSNs isn't relevant. Its about
the total number of endpoints detected in PAN node
0 Helpful
Customers Also Viewed These Support Documents