Showing results for 
Search instead for 
Did you mean: 

ISE Appliance versus VM Comparison


We often get asked:  Which is better for an ISE deployment - Appliances or VMs?

There is no difference between the use of physical or virtual ISE nodes in a deployment:

  • documentation is the same
  • operation is the same
  • performance and scale is the same (assuming you use equivalent, dedicated hardware for the VM as our appliances)
  • we support mixing physical and virtual ISE nodes in a deployment

With each ISE release, we create OVA files whose resource requirements are directly mapped to our current supported appliances:

Ultimately the final decision for VM vs Appliance is a customer decision and it is based on their Preferences for their environment:

  • Dedicated hardware resources for guaranteed performance
  • Do not need to rely on other teams to properly configure and resource the ISE application
  • Politically, "network/security hardware" is owned by network/security team
  • Rack and stack new appliances
  • Requires physical access to upgrade to newer releases
Virtual Machines
  • Flexibility to run on any UC hardware infrastructure, anywhere
  • Quickly create new ISE nodes when and where needed
  • Quickly clone and deploy new ISE PSN nodes for large deployments or for Upgrades
  • Quickly try new ISE versions and features in the lab
  • Option to use flash storage for major performance increase, especially on ISE MNT nodes
  • Option for greater storage beyond the physical appliance capability (up to 2TB) for longer log retention
  • Politically, VMs may be owned by Server team which may be a problem for the network or security team(s)
  • Potential for hardware misconfiguration or under-resourcing when built from ISO
  • Failure to use the required VM Resource Reservations with an OVA
  • Nearly all ISE performance problems reported to TAC are due to improperly resourced ISE VMs or lack of use of Resource Reservations!
Rising star
Hi, Thanks for this succinct comparison! Any chance you can explain why an SNS "requires physical access"? It's a UCS server, why can't I just upload the ISO and upgrade via CIMC?