Installing the Cisco ISE System Software on a VMware Virtual Machine

Available Languages

Download Options

  • PDF     (934.0 KB)
    View with Adobe Reader on a variety of devices
Updated:January 14, 2011

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Installing Cisco ISE 3300 Series Software in a VMware Virtual Machine

Table Of Contents

Installing Cisco ISE 3300 Series Software in a VMware Virtual Machine

Virtual Machine Requirements

Evaluating Cisco ISE Release 1.0

Configuring a VMware ESX or ESXi Server

Configuring the VMware Server

Prerequisite

Preparing a VMware System for Cisco ISE Software Installation

Configuring a VMware System Using the Cisco Identity Services Engine ISE Software DVD

Installing the Cisco ISE Software on a VMware System


Installing Cisco ISE 3300 Series Software in a VMware Virtual Machine

This chapter describes the system requirements for installing the Cisco Identity Services Engine (ISE) 3300 Series appliance software in a VMware virtual machine. The following topics provides information about the installation process:

Virtual Machine Requirements

Evaluating Cisco ISE Release 1.0

Configuring a VMware ESX or ESXi Server

Configuring the VMware Server

Preparing a VMware System for Cisco ISE Software Installation

Installing the Cisco ISE Software on a VMware System

Note The Inline Posture node is supported only on Cisco ISE 3300 Series appliances. It is not supported on VMware server systems. All the other designated roles are supported for use on VMware virtual machines.

Virtual Machine Requirements

The minimum system requirements for the virtual machine must be similar to the Cisco ISE 3300 Series appliance hardware configuration. Table 4-1 lists the minimum system requirements to install Cisco ISE 3300 Series software on a VMware virtual machine.

Table 4-1 Minimum VMware System Requirements 

Requirement Type
Minimum Requirements

CPU

Intel Dual-Core; 2.13 GHz or faster

Memory

4 GB RAM

Hard disks

60 to 600 GB of disk storage (size depends on deployment and tasks)

NIC

1 GB NIC interface required (four NICs are recommended)

Note When creating network connections for any NICs that you configure, make sure to select the corresponding Flexible network adapter from the Adapter drop-down list. For this release, Cisco ISE supports the Flexible network adapter for all NICs. See Step 9 in Configuring the VMware Server.

Hypervisor

Supported VMware versions include:

ESX 4.x

ESXi 4.x


Note VMware server, version 2.0, is only supported for demonstrating the features of Cisco ISE Release 1.0, and is not supported for production environments.

Note Different type of licenses are needed when you run Cisco ISE software on a VMware server for evaluation or production purposes. For license details, see Installing a License, page 5-1.

Table 4-2 lists the minimum Cisco ISE hard disk space allocation requirements for running on a VMware server in a production deployment. Use the supported VMware ESX and ESXi server versions listed in Table 4-1 for running Cisco ISE software in a production deployment.

Table 4-2 Minimum VMware Production Disk Space Requirements 

ISE Persona
Minimum Disk Space Requirements for Production

Standalone ISE

200 GB

Administration

200 GB

Monitoring

200 GB

Administration and Monitoring

200 GB

Policy Service

60 GB


Note For a Cisco ISE software running on a VMware server with the Monitoring persona enabled, the minimum supported hard disk space allocation for small, medium, and large production deployments is 200 GB.

The Cisco ISE Release 1.0 installer is designed to make use of all disk space that is allocated to a VMware server, up to a maximum that is equal to the maximum that is supported by the Cisco ISE hardware appliance. This means that if you create a VMware server with more than 600 GB, the maximum disk space that Cisco ISE will allocate for all deployment types is 600 GB.

Any remaining disk space remains unpartitioned. For example:

If a VMware server is created with a 200 GB disk space allocation, the Cisco ISE installer will allocate 200 GB for use.

If a VMware server is created with a 1 terabyte (TB) disk space allocation, the Cisco ISE installer will allocate up to its maximum allowed (600 GB).

If a VMware server is created with a 40 GB disk space allocation, the Cisco ISE installer will fail because that size allocation is below the minimum supported disk space allocation of 60 GB.

Note The minimum Cisco ISE hard disk space allocation requirements for running on a VMware server in an evaluation environment is 60 GB (up to its allowed maximum of 600 GB).

Evaluating Cisco ISE Release 1.0

For evaluation purposes, Cisco ISE Release 1.0 can be installed in any of the supported VMware server virtual machines that meet the Virtual Machine Requirements. When evaluating Cisco ISE Release 1.0, you can configure less disk space in the virtual machine, but you still are required to allocate a minimum disk space of 60 GB.

To download the Cisco ISE Release 1.0 software for evaluation, complete the following steps:

Step 1 Go to the following link:

http://cisco.com/go/ise

Step 2 Click Download Software.

You must already have valid Cisco.com login credentials to access this link.

To download a 90-day evaluation license, complete the following tasks:

Step 1 Go to the following link:

https://tools.cisco.com/S WIFT/Licensing/PrivateRegistrationServlet?DemoKeys=Y

Step 2 Click the link available in the Licenses Not Requiring a PAK section, and choose an evaluation license.

You must already have valid Cisco.com login credentials to access this link.

Note VMware server installations are supported for evaluation environments. There is no distinction between the minimum disk space requirements that are required for VMware servers that are used for evaluation or production deployments. The only distinction is in the type of license that is needed. The minimum supported VMware server installation of Cisco ISE requires 60 GB of disk space. For license details, see Installing a License, page 5-1.

To migrate a Cisco ISE configuration from an evaluation system to a fully licensed production system, you need to complete the following tasks:

Back up the configuration of the evaluation version.

Install a production deployment license.

Restore the configuration to the production system.

Configuring a VMware ESX or ESXi Server

To install Cisco ISE on a supported VMware server, you must allocate a minimum disk space of 60 GB on the VMware virtual machine. This section describes how to set the minimum required disk space on the VMware virtual machine (to change the disk space size on the VMware virtual machine, log into the VMware ESX server). This section provides procedures for performing some important configuration-related tasks.

Caution Do not select VMware thin provisioning as a storage type. This release of the Cisco ISE software does not support using VMware thin provisioning as a storage type on any of the supported VMware servers (VMware versions ESX 4.x or ESXi 4.x). This is not a default setting and Cisco advises against selecting the check box for thin provisioning in Step 10 (as shown in Figure 4-11).

Note To perform the following procedures, you must be logged in. For details on performing an initial login, see Logging In, page 5-7.

To verify or change disk allocation, complete the following steps:

Step 1 Choose Configuration > Memory, and click Properties.

If the block size is 256 MB, you must change it to 4 GB.

Step 2 Change the memory size to 4 GB by choosing Configuration > Memory.

Note It is important to note that the VMware virtual file system (VMFS) is set for each of the storage volumes configured in the VMware host. This means that your choice of the VMFS block size will need to take into account the largest virtual disk sizes hosted on the VMware host. Once the block size is set it cannot be changed without having to reformat the VMFS partitions.

To remove the default configuration, complete the following steps:

Step 1 Click Remove.

A confirmation window appears.

Step 2 Click Yes.

The default configuration is removed.

To create a new virtual file size, complete the following steps:

Step 1 Choose Configuration > Storage > Add Storage Wizard.

You can find the Add Storage wizard at the upper-right corner of the configuration window.

Figure 4-1 Configuration Window

Step 2 From the Storage Type drop-down list, choose Disk/LUN and click Next.

Step 3 Choose 60 GB for disk space size, 2 MB as the VMFS block size, and click Next.

60 GB is the minimum disk space size that is required for installing VMware with Cisco ISE. However, Cisco ISE will only use up to a maximum of 600 GB, even if you assign extra space in your VMware system. The value that you set should be between 60 and 600 GB, depending on your deployment.

Note If you specify the default VMFS 1 MB block size, you will not be able to create a 600 GB disk space for your virtual machine on the VMware host. Only by selecting a VMFS block size of 2 MB when the VMFS file system is being created are you able to configure up to 600 GB of disk space for your virtual machine.

Step 4 Click Finish.

The new VMware system with a 60 GB virtual disk size and a 2 MB block size is created successfully.

To check the new file size, choose Configuration > Memory, and click Properties.

Figure 4-2 displays the properties of a disk space created with the name ds1.

Figure 4-2 Disk Space Properties Window

To ensure proper operation of the Cisco ISE Profiler service on a VMware system, you need to configure the VMswitch0 and VMswitch1 interfaces on your VMware ESX or ESXi server (see Figure 4-3).

To configure the VMware server interfaces to support the Cisco ISE Profiler service, complete the following steps:

Step 1 Choose Configuration > Networking > Properties > VMNetwork (the name of your VMware server instance) > VMswitch0 (one of your VMware ESX server interfaces) > Properties > Security.

Step 2 In the Policy Exceptions pane under the Security tab, check the Promiscuous Mode check box.

Step 3 In the adjacent drop-down list box, choose Accept, and click OK.

Repeat the same steps on VMswitch1 (the other VMware ESX server interface).

Figure 4-3 VMNetwork Properties Window

Configuring the VMware Server

This section describes how to configure VMware servers by using the VMware Infrastructure Client.

Prerequisite

Before installing the Cisco ISE software, verify that the VMware virtual machine has a minimum of at least 60 GB of disk space allocated. For more information, see Configuring a VMware ESX or ESXi Server.

To configure the VMware server by using the VMware Infrastructure Client, complete the following steps:

Step 1 Log into the ESX Server.

Step 2 In the VMware Infrastructure Client, in the left pane, right-click your host container and choose New Virtual Machine.

The New Virtual Machine Wizard appears.

Step 3 In the Configuration Type dialog box, choose Typical as the VMware configuration, as shown in Figure 4-4, and click Next.

Figure 4-4 Virtual Machine Configuration Dialog Box

The Name and Location dialog box appears. (Figure 4-5)

Step 4 Enter a name that you want for referencing the VMware system, and click Next.

Figure 4-5 Name and Location Dialog Box

Tip Use the hostname that you want to use for your VMware host.

The Datastore dialog box appears. (Figure 4-6)

Step 5 Choose a datastore that has a minimum of 60 GB of free space available, and click Next.

Figure 4-6 Datastore Dialog Box

The Guest Operating System dialog box appears. (Figure 4-7)

Step 6 Click Linux, and from the Version drop-down list, choose Red Hat Enterprise Linux 5 (32-bit).

Figure 4-7 Guest Operating System Dialog Box

The Number of Virtual Processors dialog box appears. (Figure 4-8)

Step 7 From the Number of Virtual Processors drop-down list, choose 2 (if 2 is available); or you can choose 1. Click Next.

Figure 4-8 Number of Virtual Processors Dialog Box

The Memory Configuration dialog box appears. (Figure 4-9)

Step 8 Enter 4096 MB, and click Next.

Figure 4-9 Memory Configuration Dialog Box

The NIC Configuration dialog box appears. (Figure 4-10)

Step 9 Choose NIC 1, and click Next.

Note When creating network connections for any NICs that you configure, make sure to select the corresponding Flexible network adapter from the Adapter drop-down list. For this release, Cisco ISE supports the Flexible network adapter for all NICs.

Figure 4-10 NIC Configuration Dialog Box

The Virtual Disk Capacity dialog box appears. (Figure 4-12).

Figure 4-11 Disk Provisioning Dialog Box

Step 10 Do not check the Allocate and commit space on demand (Thin Provisioning) check box in the Disk Provisioning dialog box (Figure 4-11). Click Next to continue.

The Virtual Disk Capacity dialog box appears. (Figure 4-12)

Caution Do not select VMware thin provisioning as a storage type. This release of the Cisco ISE software does not support using VMware thin provisioning as a storage type on any of the supported VMware servers (VMware versions ESX 4.x or ESXi 4.x). This is not a default setting and Cisco advises against selecting the check box for thin provisioning in Figure 4-11.

Step 11 In the Disk Size field, enter 500 GB, and click Next.

Figure 4-12 Virtual Disk Capacity Dialog Box

The Ready to Complete New Virtual Machine dialog box appears. (Figure 4-13)

Step 12 Verify the configuration details, such as Name, Guest OS, Virtual CPU, Memory, and Virtual Disk Size of the newly created VMware system.

Figure 4-13 Ready to Complete Dialog Box

Step 13 Click Finish.

The VMware system is now installed.

To activate the newly created VMware system, right-click VM in the left pane and choose Power On.

Preparing a VMware System for Cisco ISE Software Installation

After configuring the VMware system, you are ready to install the Cisco ISE software. To install the Cisco ISE software from your Cisco Identity Services Engine ISE VM Appliance Software Version 1.0 DVD, you need to configure the VMware system to boot from this Cisco ISE DVD. This requires that the VMware system be configured with a virtual DVD drive to boot from the Cisco Identity Services Engine ISE VM Appliance Software Version 1.0 DVD.

You can do this by using different methods that are dependent upon your network environment. See Configuring a VMware System Using the Cisco Identity Services Engine ISE Software DVD to configure the VMware system by using the DVD drive of your VMware ESX server host.

Configuring a VMware System Using the Cisco Identity Services Engine ISE Software DVD

This section describes how to configure a VMware system to boot from the Cisco Identity Services Engine ISE VM Appliance Software Version 1.0 DVD by using the DVD drive of the VMware ESX server host.

To configure the VMware system by using the DVD drive, complete the following steps:

Step 1 In the VMware Infrastructure Client, highlight the newly created VMware system, and choose Edit Virtual Machine Settings.

The Virtual Machine Properties window appears. Figure 4-14 displays the properties of a VMware system created with the name Cisco ISE Release 1.0.

Figure 4-14 Virtual Machine Properties Dialog Box

Step 2 In the Virtual Machine Properties dialog box, choose CD/DVD Drive 1.

The CD/DVD Drive1 properties dialog box appears.

Step 3 Choose the Host Device option, and from the drop-down list, choose your DVD host device.

Step 4 Choose the Connect at Power On option, and click OK to save your settings.

You can now use the DVD drive of the VMware ESX server to install the Cisco ISE software.

When you complete the configuration, click the Console tab, right-click VM in the left pane, and choose Send Ctrl+Alt+Del to restart the VMware system.

Installing the Cisco ISE Software on a VMware System

This section describes the installation process for the Cisco ISE software on VMware ESX 4.x.

To install the Cisco ISE software on a VMware system, complete the following steps:

Step 1 Log into the VMware Infrastructure Client.

Step 2 Ensure that Universal Time Coordinated (UTC) is set in BIOS:

a. If the VMware system is turned on, turn the system off.

b. Turn on the VMware system.

c. Press F1 to enter the BIOS Setup mode.

d. Using the arrow key, navigate to Date and Time and press Enter.

e. Enter the time for your appliance to the UTC/Greenwich Mean Time (GMT) time zone.

Note We recommend that you set all Cisco ISE nodes to the UTC time zone. This time zone setting ensures that the reports and logs from the various nodes in your deployment are always in sync with regard to the timestamps.

f. Press Esc to exit to the main BIOS menu.

g. Press Esc to exit from the BIOS Setup mode.

Note After installation, if you do not install a permanent license, Cisco ISE automatically installs a 90-day evaluation license that supports a maximum of 100 endpoints.

Step 3 Insert the Cisco Identity Services Engine ISE VM Appliance Software Version 1.0 DVD into the VMware ESX host CD/DVD drive, and turn on the VM.

Note If you do not have access to this DVD, you can download the Cisco ISE Release 1.0 software from the Cisco Software Download Site at http://www.cisco.com/public/sw-center/index.shtml. You will be required to provide your Cisco.com credentials.

When the Cisco Identity Services Engine ISE VM Appliance Software Version 1.0 DVD boots, the console displays:

Welcome to Cisco ISE

To boot from the hard disk press <Enter>

Available boot options:

[1] Cisco Identity Services Engine Installation (Monitor/Keyboard)

[2] Cisco Identity Services Engine Installation (Serial Console)

[3] Reset Administrator Password (Keyboard/Monitor)

[4] Reset Administrator Password (Serial Console)

<Enter> Boot from hard disk

Please enter boot option and press <Enter>.

boot: 1

You can choose either the monitor and keyboard port, or the console port to perform the initial setup.

Step 4 At the system prompt, type 1 to choose a monitor and keyboard port, or type 2 to choose a console port, and press Enter.

This starts the installation of the Cisco ISE software on the VMware system.

Note Allow 20 minutes for the installation process to complete.

When the installation process finishes, the VM reboots automatically.

When the VM reboots, the console displays:

Type 'setup' to configure your appliance

localhost:

Step 5 At the system prompt, type setup, and press Enter.

The Setup Wizard appears and guides you through the initial configuration. For more information on the setup process, see Understanding the Setup Program Parameters, page 3-3.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco