Cisco Secured Network Server Series Appliances and Virtual Machine Requirements

Hardware and Virtual Appliance Requirements for Cisco ISE

Cisco Identity Services Engine (Cisco ISE) can be installed on Cisco Secure Network Server (SNS) hardware or virtual appliances. To achieve performance and scalability comparable to the Cisco ISE hardware appliance, the virtual machine should be allocated system resources equivalent to the Cisco SNS hardware appliances. This section lists the hardware, software, and virtual machine requirements required to install Cisco ISE.


Note

Harden your virtual environment and ensure that all the security updates are up-to-date. Cisco is not liable for any security issues found in hypervisors.


Note

Cisco ISE does not support VM snapshots for backing up ISE data on any of the virtual environments (VMware, Linux KVM, Microsoft Hyper-V, and Nutanix AHV) because a VM snapshot saves the status of a VM at a given point in time. In a multi-node Cisco ISE deployment, data in all the nodes are continuously synchronized with current database information. Restoring a snapshot might cause database replication and synchronization issues. We recommend that you use the backup functionality included in Cisco ISE for archival and restoration of data. Using snapshots to back up ISE data results in stopping Cisco ISE services. A reboot is required to bring up the ISE node.


Caution

If the Snapshot feature is enabled on the VM, it might corrupt the VM configuration. If this issue occurs, you might have to reimage the VM and disable VM snapshot.

Cisco Secured Network Server Hardware Appliances

For Cisco Secured Network Server (SNS) hardware appliance specifications, see "Table 1, Product Specifications" in the Cisco Secure Network Server Data Sheet.

For Cisco SNS 3600 series appliances, see Cisco SNS-3600 Series Appliance Hardware Installation Guide.

For Cisco SNS 3700 series appliances, see Cisco SNS-3700 Series Appliance Hardware Installation Guide.

For information about the supported hardware platforms for Cisco ISE 3.3, see Supported Hardware.

Support for Cisco Secure Network Server 3700 Series Appliance

The Cisco Secure Network Server (SNS) 3700 series appliances are based on the Cisco Unified Computing System (Cisco UCS) C220 Rack Server and are specifically configured to support Cisco ISE. Cisco SNS 3700 series appliances are designed to deliver high performance and efficiency for a wide range of workloads.

The Cisco SNS 3700 series appliances are available in the following models:

  • Cisco SNS 3715 (SNS-3715-K9)

  • Cisco SNS 3755 (SNS-3755-K9)

  • Cisco SNS 3795 (SNS-3795-K9)

The Cisco SNS 3715 appliance is designed for small deployments. Cisco SNS 3755 and Cisco SNS 3795 appliances have several redundant components such as hard disks and power supplies and are suitable for larger deployments that require highly reliable system configurations. Cisco SNS 3795 is recommended for PAN and MnT personas.

Cisco ISE Release 3.1 Patch 6 and above and Cisco ISE Release 3.2 Patch 2 and above versions support Cisco SNS 3700 series appliances.

The following table describes the hardware specifications of Cisco SNS 3700 series appliances.

Table 1. Cisco SNS 3700 Series Appliance Hardware Specifications

Cisco SNS 3700 Series Appliance

Hardware Specifications

Cisco SNS-3715-K9

  • Cisco UCS C220 M6

  • Intel Xeon Silver 4310 CPU 2.10 GHz

  • 12 CPU Cores, 24 Threads

  • 32 GB RAM

  • 1 x 600-GB HDD or 1 x 800-GB SSD

  • RAID-0

  • 2 x 10Gbase-T

    4 x 10GE SFP

Cisco SNS-3755-K9

  • Cisco UCS C220 M6

  • Intel Xeon Silver 4316 CPU 2.30 GHz

  • 20 CPU Cores, 40 Threads

  • 96 GB RAM

  • 4 x 600-GB HDD or 4 x 800-GB SSD

  • RAID 10

  • 2 x 10Gbase-T

    4 x 10GE SFP

Cisco SNS-3795-K9

  • Cisco UCS C220 M6

  • Intel Xeon Silver 4316 CPU 2.30 GHz

  • 20 CPU Cores, 40 Threads

  • 256 GB RAM

  • 8 x 600-GB HDD or 8 x 800-GB SSD

  • RAID 10

  • 2 x 10Gbase-T

    4 x 10GE SFP

Note

  • You cannot add additional hardware resources like memory, processor, or hard disk to a Cisco SNS 3700 series appliance.

  • Mixing SAS/SATA hard drives and SAS/SATA SSDs is not supported. You must use either SAS/SATA hard drives or SAS/SATA SSDs.

  • SSD offers improved performance in disk read/write operations and other Cisco ISE operations like boot, installation, upgrade, and database-intensive tasks like backup, reports generation, and so on.

  • SFPs must be ordered separately. For component part numbers, see Cisco UCS C-Series Rack Server Data Sheet.

For more information, see the Cisco SNS-3700 Series Appliance Hardware Installation Guide.

Trusted Platform Module

Cisco SNS 3700 series appliances have pre-built Trusted Platform Module (TPM) adapter that can securely store artifacts used to authenticate the server. These artifacts can include passwords, certificates, or encryption keys. TPM is also used for random number generation for improved security.

You can configure Virtual Trusted Platform Module (vTPM) on VMware ESXi server (ESXi 7.0 update 3 or later). To do this:

  1. Install vCenter version 7 update 3 or later.

    While installing vCenter, you must configure the FQDN properly. The DNS server must be able to resolve the FQDN.

  2. Configure Native Key Provider:

    1. In the vCenter GUI, choose vCenter IP > Configure > Security > Key Provider > Add Key Provider.

    2. Click Native Key Provider and enter a name for the key provider.

    3. Click Take Backup.

      Ensure that the key provider status is displayed as Active.

  3. Create a cluster on vCenter and add the ESXi host to the cluster.

  4. Create a new VM in the cluster.

  5. In the Customize Hardware window, choose Add New Device > Trusted Platform Module.

    You must disable the Secure Boot option. Ensure that the Encryption option is set as Required.

  6. Map the Cisco ISE ISO to the new VM and complete the installation.

VMware Virtual Machine Requirements for Cisco ISE

You can use the VMware migration feature to migrate virtual machine (VM) instances (running any persona) between hosts. Cisco ISE supports both hot and cold migration.

  • Hot migration is also called live migration or vMotion. Cisco ISE need not be shutdown or powered off during the hot migration. You can migrate the Cisco ISE VM without any interruption in its availability.

  • Cisco ISE must be shutdown and powered off for cold migration. Cisco ISE does not allow to stop or pause the database operations during cold migration. Hence, ensure that Cisco ISE is not running and active during the cold migration.


    Note

    You must use the application stop command before using the halt command or powering off the VM to prevent database corruption issues.

The 300 GB OVA templates are sufficient for Cisco ISE nodes that serve as dedicated Policy Service or pxGrid nodes.

The 600 GB and 1.2 TB OVA templates are recommended to meet the minimum requirements for ISE nodes that run the Administration or Monitoring persona.

If you need to customize the disk size, CPU, or memory allocation, you can manually deploy Cisco ISE using the standard .iso image. However, it is important that you ensure the minimum requirements and resource reservations specified in this document are met. The OVA templates simplify ISE virtual appliance deployment by automatically applying the minimum resources required for each platform.

Table 2. OVA Template Reservations

OVA Template Type

Number of CPUs

CPU Reservation (In GHz)

Memory (In GB)

Memory Reservation (In GB)

Evaluation

4

No reservation.

16

No reservation.

Extra Small

8

8

32

32

Small (SNS 3615)

16

16

32

32

Medium (SNS 3655)

24

24

96

96

Large (SNS 3695)

24

24

256

256

Small (SNS 3715)

24

24

32

32

Medium (SNS 3755)

40

40

96

96

Large (SNS 3795)

40

40

256

256

Note

  • You can enable only the PSN persona on Extra Small VM. PAN and MnT personas are not supported for this node.

  • Extra Small VM is supported only for deployments that have less than or up to 500,000 sessions.

We strongly recommend that you reserve CPU and memory resources to match the resource allocation. Failure to do so may significantly impact ISE performance and stability.

For information about the supported operating systems, see Supported Operating System for Virtual Machines.

For information about the product specifications for Cisco SNS appliance, see Cisco Secure Network Server Data Sheet.

The following table lists the VMware virtual machine requirements.

Table 3. VMware Virtual Machine Requirements

Requirement Type

Specifications

CPU

  • Evaluation

    • Clock speed: 2.0 GHz or faster

    • Number of CPU cores: 4 CPU cores

  • Production

    • Clock speed: 2.0 GHz or faster

    • Number of cores:

      • SNS 3600 Series Appliance:

        • Extra Small: 8

        • Small: 16

        • Medium: 24

        • Large: 24

          Note

           

          The number of cores is twice of that present in equivalent of the Cisco Secure Network Server 3600 series, due to hyperthreading. For example, in case of Small network deployment, you must allocate 16 vCPU cores to meet the CPU specification of SNS 3615, which has 8 CPU Cores or 16 Threads.

      • SNS 3700 Series Appliance:

        • Small: 24

        • Medium: 40

        • Large: 40

          Note

           

          The number of cores is twice of that present in equivalent of the Cisco Secure Network Server 3700 series, due to hyperthreading. For example, in case of Small network deployment, you must allocate 24 vCPU cores to meet the CPU specification of SNS 3715, which has 12 CPU Cores or 24 Threads.

Memory

  • Evaluation: 16 GB

  • Production

    • Extra Small: 32 GB

    • Small: 32 GB for SNS 3615 and SNS 3715

    • Medium: 96 GB for SNS 3655 and SNS 3755

    • Large: 256 GB for SNS 3695 and SNS 3795

Hard Disks

  • Evaluation: 300 GB

  • Production

    300 GB to 2.4 TB of disk storage (size depends on deployment and tasks).

    See the recommended disk space for VMs in the following link: Disk Space Requirements.

    We recommend that your VM host server use hard disks with a minimum speed of 10,000 RPM.

    Note

     

    When you create the Virtual Machine for Cisco ISE, use a single virtual disk that meets the storage requirement. If you use more than one virtual disk to meet the disk space requirement, the installer may not recognize all the disk space.

Storage and File System

The storage system for the Cisco ISE virtual appliance requires a minimum write performance of 50 MB per second and a read performance of 300 MB per second. Deploy a storage system that meets these performance criteria and is supported by VMware server.

You can use the show tech-support command to view the read and write performance metrics.

We recommend the VMFS file system because it is most extensively tested, but other file systems, transports, and media can also be deployed provided they meet the above requirements.

Disk Controller

Paravirtual or LSI Logic Parallel

For best performance and redundancy, a caching RAID controller is recommended. Controller options such as RAID 10 (also known as 1+0) can offer higher overall write performance and redundancy than RAID 5, for example. Additionally, battery-backed controller cache can significantly improve write operations.

Note

 

Updating the disk SCSI controller of an ISE VM from another type to VMware Paravirtual may render it not bootable.

NIC

1 NIC interface required (two or more NICs are recommended; six NICs are supported). Cisco ISE supports E1000E and VMXNET3 adapters.

Note

 

You have to remap the ESXi adapter to synchronize it with the ISE adapter order.

VMware Virtual Hardware Version/Hypervisor

  • OVA templates: VMware version 14 or higher on ESXi 6.7, ESXi 7.0, and ESXi 8.0.

  • ISO file supports ESXi 6.7, ESXi 7.0, and ESXi 8.0.

Linux KVM Requirements for Cisco ISE

Table 4. Linux KVM Virtual Machine Requirements

Requirement Type

Minimum Requirements

CPU

  • Evaluation

    • Clock Speed: 2.0 GHz or faster

    • Number of Cores: 4 CPU cores

  • Production

    • Clock Speed: 2.0 GHz or faster

    • Number of Cores:

      • SNS 3600 Series Appliance:

        • Extra Small: 8

        • Small: 16

        • Medium: 24

        • Large: 24

          Note

           

          The number of cores is twice of that present in equivalent of the Cisco Secure Network Server 3600 series, due to hyperthreading. For example, in case of Small network deployment, you must allocate 16 vCPU cores to meet the CPU specification of SNS 3615, which has 8 CPU Cores or 16 Threads.

      • SNS 3700 Series Appliance:

        • Small: 24

        • Medium: 40

        • Large: 40

          Note

           

          The number of cores is twice of that present in equivalent of the Cisco Secure Network Server 3700 series, due to hyperthreading. For example, in case of Small network deployment, you must allocate 24 vCPU cores to meet the CPU specification of SNS 3715, which has 12 CPU Cores or 24 Threads.

Memory

  • Evaluation: 16 GB

  • Production

    • Extra Small: 32 GB

    • Small: 32 GB for SNS 3615 and SNS 3715

    • Medium: 96 GB for SNS 3655 and SNS 3755

    • Large: 256 GB for SNS 3695 and SNS 3795

Hard disks

  • Evaluation: 300 GB

  • Production

    300 GB to 2.4 TB of disk storage (size depends on deployment and tasks).

    See the recommended disk space for VMs in the following link: Disk Space Requirements.

    We recommend that your VM host server use hard disks with a minimum speed of 10,000 RPM.

    Note

     

    When you create the Virtual Machine for Cisco ISE, use a single virtual disk that meets the storage requirement. If you use more than one virtual disk to meet the disk space requirement, the installer may not recognize all the disk space.

KVM Disk Device

Disk bus - virtio, cache mode - none, I/O mode - native

Use preallocated RAW storage format.

NIC

1 NIC interface required (two or more NICs are recommended; six NICs are supported). Cisco ISE supports VirtIO drivers. We recommend VirtIO drivers for better performance.

Hypervisor

KVM on QEMU 2.12.0-99 or above

Microsoft Hyper-V Requirements for Cisco ISE

Table 5. Microsoft Hyper-V Virtual Machine Requirements

Requirement Type

Minimum Requirements

CPU

  • Evaluation

    • Clock speed: 2.0 GHz or faster

    • Number of cores: 4 CPU cores

  • Production

    • Clock speed: 2.0 GHz or faster

    • Number of Cores:

      • SNS 3600 Series Appliance:

        • Extra Small: 8

        • Small: 16

        • Medium: 24

        • Large: 24

          Note

           

          The number of cores is twice of that present in equivalent of the Cisco Secure Network Server 3600 series, due to hyperthreading. For example, in case of Small network deployment, you must allocate 16 vCPU cores to meet the CPU specification of SNS 3615, which has 8 CPU Cores or 16 Threads.

      • SNS 3700 Series Appliance:

        • Small: 24

        • Medium: 40

        • Large: 40

          Note

           

          The number of cores is twice of that present in equivalent of the Cisco Secure Network Server 3700 series, due to hyperthreading. For example, in case of Small network deployment, you must allocate 24 vCPU cores to meet the CPU specification of SNS 3715, which has 12 CPU Cores or 24 Threads.

Memory

  • Evaluation: 16 GB

  • Production

    • Extra Small: 32 GB

    • Small: 32 GB for SNS 3615 and SNS 3715

    • Medium: 96 GB for SNS 3655 and SNS 3755

    • Large: 256 GB for SNS 3695 and SNS 3795

Hard disks

  • Evaluation: 300 GB

  • Production

    300 GB to 2.4 TB of disk storage (size depends on deployment and tasks).

    See the recommended disk space for VMs in the following link: Disk Space Requirements.

    We recommend that your VM host server use hard disks with a minimum speed of 10,000 RPM.

Note

 

When you create the Virtual Machine for Cisco ISE, use a single virtual disk that meets the storage requirement. If you use more than one virtual disk to meet the disk space requirement, the installer may not recognize all the disk space.

NIC

1 NIC interface required (two or more NICs are recommended; six NICs are supported).

Hypervisor

Hyper-V (Microsoft)

Nutanix AHV Requirements for Cisco ISE

Cisco ISE must be deployed on Nutanix AHV using the standard Cisco ISE .iso image. Deploying Cisco ISE using OVA templates is not supported on Nutanix AHV.

The following table specifies the recommended resource reservations for different types of deployment on Nutanix AHV:

Type Number of CPUs CPU Reservation (In GHz) Memory (In GB) Memory Reservation (In GB) Hard Disks

Evaluation

4

No reservation

16

No reservation

300 GB

Extra Small

8

8

32

32

300 GB
Small 16 16 32 32 600 GB
Medium 24 24 96 96 1.2 TB
Large 24 24 256 256 2.4 TB (4*600 GB)

You must do the following configuration on Nutanix AHV before proceeding with Cisco ISE installation:

  • Create a virtual machine (VM) on Nutanix AHV and keep the VM powered off.

  • Access the Nutanix CVM using ssh login and run the following commands:

    • $acli

    • <acropolis> vm.serial_port_create <Cisco ISE VM Name> type=kServer index=0

    • <acropolis> vm.update <Cisco ISE VM Name> disable_branding=true

    • <acropolis> vm.update <Cisco ISE VM Name> extra_flags=”enable_hyperv_clock=False”

  • Exit Acropolis CLI and power on the VM to proceed with Cisco ISE installation using the standard .iso image.

Table 6. Nutanix AHV Requirements

Requirement Type

Minimum Requirements

CPU

  • Evaluation:

    • Clock Speed: 2.0 GHz or faster

    • Number of Cores: 2 CPU cores

  • Production:

    • Clock Speed: 2.0 GHz or faster

    • Number of Cores

      • Extra Small—8 processors (4 cores with hyperthreading enabled)

      • Small—12 processors (6 cores with hyperthreading enabled)

      • Large—16 processors (8 cores with hyperthreading enabled)

Cisco ISE supports Hyperthreading. We recommend that you enable Hyperthreading, if it is available.

Note

 

Even though Hyperthreading might improve overall performance, it does not change the supported scaling limits per virtual machine appliance. Additionally, you must still allocate CPU resources based on the required number of physical cores, not the number of logical processors.

Memory

  • Evaluation:

    • Basic—4 GB (for evaluating guest access and basic access policy flows)

    • Advanced—16 GB (for evaluating advanced features such as pxGrid, Internal CA, SXP, Device Administration, and Passive Identity Services)

  • Production:

    • Small—16 GB

    • Large—64 GB

Hard disks

  • Evaluation: 200 GB

  • Production:

    200 GB to 2 TB of disk storage (size depends on deployment and tasks).

    We recommend that your VM host server use hard disks with a minimum speed of 10,000 RPM.

    Note

     

    You must use 4*600 GB for 2.4 TB hard disk support.

KVM Disk Device

Disk bus - SCSI

NIC

1 GB NIC interface required (two or more NICs are recommended; six NICs are supported). Cisco ISE supports VirtIO drivers. We recommend VirtIO drivers for better performance.

Hypervisor

AOS - 6.8, Nutanix AHV - 20230302.100169

Cisco ISE on VMware Cloud Solutions

On any public cloud platform, you must configure your VPN to enable reachability from the VMware engine to on-premises deployments, and other required devices and services. You can deploy Cisco ISE on VMware cloud solutions on the following public cloud platforms:

  • VMware Cloud on Amazon Web Services (AWS): Host Cisco ISE on a software-defined data center offered by VMware Cloud on AWS. Configure the appropriate security group policies on VMware Cloud (in the Networking and Security > Security > Gateway Firewall Settings window) to enable reachability to on-premises deployments, and other required devices and services.

  • Azure VMware Solution: Azure VMware Solution runs VMware workloads natively on Microsoft Azure. You can host Cisco ISE as a VMware virtual machine.

  • Google Cloud VMware Engine: The Google Cloud VMware Engine runs software-defined data centers by VMware. You can host Cisco ISE as a VMware virtual machine using the VMware Engine.

    For more information on deploying Cisco ISE on cloud platforms, see Deploy Cisco Identity Services Engine Natively on Cloud Platforms.

Virtual Machine Appliance Size Recommendations for Cisco ISE

The virtual machine (VM) appliance specifications should be comparable with physical appliances run in a production environment.

Keep the following guidelines in mind when allocating resources for the appliance:

  • Failure to allocate the specified resources might result in performance degradation or service failure. We highly recommend that you deploy dedicated VM resources and not share or oversubscribe resources across multiple guest VMs. Deploying Cisco ISE virtual appliances using the OVF templates ensures that adequate resources are assigned to each VM. If you do not use OVF templates, then ensure that you assign the equivalent resource reservations when you manually install Cisco ISE using the ISO image.


    Note

    If you choose to deploy Cisco ISE manually without the recommended reservations, you must assume the responsibility to closely monitor your appliance’s resource utilization and increase resources, as needed, to ensure proper health and functioning of the Cisco ISE deployment.

  • If you are using the OVA templates for installation, check the following settings after the installation is complete:

    • Ensure that you assign the resource reservations that are specified in the VMware Virtual Machine Requirements for Cisco ISE section in the CPU/Memory Reservation field (under the Virtual Hardware tab in the Edit Settings window) to ensure proper health and functioning of the Cisco ISE deployment.

    • Ensure that the CPU usage in the CPU Limit field (under the Virtual Hardware tab in the Edit Settings window) is set to Unlimited. Setting a limit for CPU usage (for example, setting the CPU usage limit as 12000 MHz) will impact the system performance. If limit has been set, you must shutdown the VM client, remove the limit, and the restart the VM client.

    • Ensure that the memory usage in the Memory Limit field (under the Virtual Hardware tab in the Edit Settings window) is set to Unlimited. Setting a limit for memory usage (for example, setting the limit as 12000 MB) will impact the system performance.

    • Ensure that the Shares option is set as High in the Hard Disk area (under the Virtual Hardware tab in the Edit Settings window).

      Admin and MnT nodes rely heavily on disk usage. Using shared disk storage VMware environment might affect the disk performance. You must increase the number of disk shares allocated to a node to increase the performance of the node.

  • Policy Service nodes on VMs can be deployed with less disk space than Administration or Monitoring nodes. The minimum disk space for any production Cisco ISE node is 300 GB.

  • VMs can be configured with 1 to 6 NICs. The recommendation is to allow for 2 or more NICs. Additional interfaces can be used to support various services such as profiling, guest services, or RADIUS.


Note

If you decrease the RAM or CPU allocation for a VM, you must reimage Cisco ISE with the changed VM configuration. However, increasing the RAM or CPU capacity does not require re-image.

Disk Space Requirements for VMs in a Cisco ISE Deployment

The following table lists the Cisco ISE disk-space allocation recommended for running a virtual machine in a production deployment.


Note

You must change the firmware from BIOS to EFI in the boot mode of VM settings to boot GPT partition with 2 TB or above.

Table 7. Recommended Disk Space for Virtual Machines

Cisco ISE Persona

Minimum Disk Space for Evaluation

Minimum Disk Space for Production

Recommended Disk Space for Production

Maximum Disk Space

Standalone Cisco ISE

300 GB

600 GB

600 GB to 2.4 TB

2.4 TB

Distributed Cisco ISE, Administration only

300 GB

600 GB

600 GB

2.4 TB

Distributed Cisco ISE, Monitoring only

300 GB

600 GB

600 GB to 2.4 TB

2.4 TB

Distributed Cisco ISE, Policy Service only

300 GB

300 GB

300 GB

2.4 TB

Distributed Cisco ISE, pxGrid only

300 GB

300 GB

300 GB

2.4 TB

Distributed Cisco ISE, Administration and Monitoring (and optionally, pxGrid)

300 GB

600 GB

600 GB to 2.4 TB

2.4 TB

Distributed Cisco ISE, Administration, Monitoring, and Policy Service (and optionally, pxGrid)

300 GB

600 GB

600 GB to 2.4 TB

2.4 TB


Note

Additional disk space is required to store local debug logs, staging files, and to handle log data during upgrade, when the Primary Administration node temporarily becomes a Monitoring node.

Disk Space Guidelines for Cisco ISE

Keep the following guidelines in mind when deciding the disk space for Cisco ISE:

  • Cisco ISE must be installed on a single disk in virtual machine.

  • Disk allocation varies based on logging retention requirements. On any node that has the Monitoring persona enabled, 60 percent of the VM disk space is allocated for log storage. A deployment with 25,000 endpoints generates approximately 1 GB of logs per day.

    For example, if you have a Monitoring node with 600-GB VM disk space, 360 GB is allocated for log storage. If 100,000 endpoints connect to this network every day, it generates approximately 4 GB of logs per day. In this case, you can store 76 days of logs in the Monitoring node, after which you must transfer the old data to a repository and purge it from the Monitoring database.

For extra log storage, you can increase the VM disk space. For every 100 GB of disk space that you add, you get 60 GB more for log storage.

If you increase the disk size of your virtual machine after initial installation, perform a fresh installation of Cisco ISE. A fresh installation helps properly detect and utilize the full disk allocation.

The following table lists the number of days that RADIUS logs can be retained on your Monitoring node based on the allocated disk space and the number of endpoints that connect to your network. The numbers are based on the following assumptions: Ten or more authentications per day per endpoint with logging suppression enabled.

Table 8. Monitoring Node Log Storage—Retention Period in Days for RADIUS

No. of Endpoints

300 GB

600 GB

1024 GB

2048 GB

5,000

504

1510

2577

5154

10,000

252

755

1289

2577

25,000

101

302

516

1031

50,000

51

151

258

516

100,000

26

76

129

258

150,000

17

51

86

172

200,000

13

38

65

129

250,000

11

31

52

104

500,000

6

16

26

52

The following table lists the number of days that TACACS+ logs can be retained on your Monitoring node based on the allocated disk space and the number of endpoints that connect to your network. The numbers are based on the following assumptions: The script runs against all NADs, 4 sessions per day, and 5 commands per session.

Table 9. Monitoring Node Log Storage—Retention Period in Days for TACACS+

No. of Endpoints

300 GB

600 GB

1024 GB

2048 GB

100

12,583

37,749

64,425

128,850

500

2,517

7,550

12,885

25,770

1,000

1,259

3,775

6,443

12,885

5,000

252

755

1,289

2,577

10,000

126

378

645

1,289

25,000

51

151

258

516

50,000

26

76

129

258

75,000

17

51

86

172

100,000

13

38

65

129

Increase Disk Size

If you find that context and visibility functions are slow, or storage space for logs is not sufficient, you must allocate more disk space.

To plan for more log storage, for every 100 GB of disk space that you add, 60 GB is available for log storage.

In order for ISE to detect and utilize the new disk allocation, you must deregister the node, update the VM settings, and reinstall Cisco ISE. One way to do this is to install Cisco ISE on a new larger node, and add that node to the deployment as high availability. After the nodes are synchronized, configure the new VM as the primary node and deregister the original VM.

Decrease Disk Size

After installing Cisco ISE, if you reduce the VM reservations, you must do the following:

  1. Perform backup of Cisco ISE.

  2. Reimage Cisco ISE with the changed VM configuration.

  3. Restore Cisco ISE.