cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

ISE Appliances vs VMs vs Cloud Deployment Comparison

5478
Views
37
Helpful
1
Comments

We often get asked:

Which is better for an ISE deployment - Appliances, VMs or Cloud?

There is no difference - other than the initial installation and upgrade procedures - between the operation of physical or virtual (VM or cloud) ISE nodes in a deployment:

  • documentation is the same
  • operation is the same
  • performance and scale is the same - assuming you use equivalent, dedicated hardware for virtual instances as our appliances
  • we support mixing physical and virtual ISE nodes in a deployment

image.png

For each ISE release, OVA files are created whose resource requirements are directly mapped to the currently supported appliances which are documented in the ISE Performance and Scale document.

Ultimately the final decision for Appliance vs VM vs Cloud is a customer decision based on their needs and preferences for their environment:

  Pros Cons
Appliances
  • Dedicated hardware resources for guaranteed performance
  • Do not need to rely on other teams to properly configure and resource the ISE application
  • Politically, "network/security hardware" is owned by network/security team
  • Procurement Process
  • Potential supply chain delays
  • Rack and stack new appliances
  • Requires physical access to upgrade to newer releases
  • No Blue-Green upgrade options unless you have an entire backup ISE deployment
Virtual Machines
  • Flexibility to run on any unified computing hardware infrastructure, anywhere
  • Quickly create new ISE nodes when and where needed
  • Quickly clone and deploy new ISE PSN nodes for large deployments or for Upgrades
  • Quickly try new ISE versions and features in the lab
  • Option to use flash storage for major performance increase, especially on ISE MNT nodes
  • Option for greater storage beyond the physical appliance capability (up to 2TB) for longer log retention
  • Option for Blue-Green ISE upgrades if you have the VM resources for a parallel ISE deployment
  • Potential procurement process delays including supply chain delays for unified computing hardware if you do not already have it
  • Politically, VMs may be owned by Server team which may be a problem for the network or security team(s)
  • Potential for hardware misconfiguration or under-resourcing when built from ISO
  • Potential to ignore the required VM Resource Reservations. Many ISE performance problems reported to TAC are due to improperly resourced ISE VMs or lack of VM Resource Reservations!
Cloud Instances
  • Rapid deployment - about 1 hour if you use a cloud provider's wizard; 30 minutes with automation
  • Flexible hardware instance types (up to 2TB) storage like VMs
  • Simple, pay-as-you-go billing
  • Deployment automation
  • Quickly spin up test instances for new scenarios or trying a new ISE version
  • Learning curve - every cloud provider has different terminology, tools and APIs
  • Security - there is no implicit security you must provision security groups and VPNs yourself
  • Potential for surprise bills if you do not terminate resources
  • No in-place upgrades - only backup and restore to new nodes for Blue-Green deployment upgrades

 

 

References

Comments
Nadav
Rising star
Hi, Thanks for this succinct comparison! Any chance you can explain why an SNS "requires physical access"? It's a UCS server, why can't I just upload the ISO and upgrade via CIMC?
Create
Recognize Your Peers
Content for Community-Ad