Cisco ISE on Amazon Web Services
Extend the Cisco ISE policies in your home network to new remote deployments securely through Amazon Web Services (AWS).
You can configure and launch Cisco ISE in AWS through AWS CloudFormation Templates (CFTs) or Amazon Machine Images (AMIs). We recommend that you use CFTs through one of the ways in the following list. To launch Cisco ISE on AWS, perform one of the following procedures:
CFTs are AWS solutions that allow you to easily create and manage cloud deployments. Extend your network into the cloud by creating a virtual private cloud in AWS and configure a virtual private gateway to enable communication with your organization's network over an IPsec tunnel.
The following illustration is only an example. You can place common services such as Certificate Authority (CA), Active Directory (AD), Domain Name System (DNS) servers, and Lightweight Directory Access Protocol (LDAP) on premises or in AWS, based on the requirements of your organization.
For information about using CFTs in AWS, see the AWS CloudFormation User Guide.
The following table contains details of the Cisco ISE instances that are currently available. You must purchase a Cisco ISE VM license to use any of the following instances. See Amazon EC2 On-Demand Pricing for information on EC2 instance pricing for your specific requirements.
Cisco ISE Instance Type |
CPU Cores |
RAM (in GB) |
---|---|---|
t3.xlarge This instance supports the Cisco ISE evaluation use case and is supported in Cisco ISE Release 3.1 Patch 1 and later releases. 100 concurrent active endpoints are supported. |
4 |
16 |
m5.2xlarge |
8 |
32 |
c5.4xlarge |
16 |
32 |
m5.4xlarge |
16 |
64 |
c5.9xlarge |
36 |
72 |
m5.8xlarge |
32 |
128 |
m5.16xlarge |
64 |
256 |
Compute-optimized instances such as c5.4xlarge and c5.9xlarge are intended for compute-intensive tasks or applications and are best suited for Policy Service Node (PSN) use.
General purpose instances such as m5.4xlarge, m5.8xlarge, and m5.16xlarge are intended for data processing tasks and database operations and are best suited for use as Policy Administration Node (PAN) or Monitoring and Troubleshooting (MnT) nodes, or both.
If you use a general purpose instance as a PSN, the performance numbers are lower than the performance of a compute-optimized instance as a PSN.
The m5.2xlarge instance must be used as an extra small PSN only.
For information on the scale and performance data for AWS instances, see the Cisco ISE Performance and Scale guide.
For information on the scale and performance data for AWS instance types, see the Performance and Scalability Guide for Cisco Identity Services Engine.
You can leverage the AWS S3 storage service to easily store backup and restore files, monitoring and troubleshooting reports, and more.
In addition to the procedures explained above, you can also use the following Cisco developed solutions to install and automatically create multi-node Cisco ISE deployments on AWS:
-
Cisco ISE AWS Partner Solution for small deployments.
-
Cisco Developed Terraform Script for deployments of any size.