The Cisco ISE Identity Services Engine (ISE) is your one-stop solution to streamline security policy management and reduce operating costs. With ISE, you can see users and devices controlling access across wired, wireless, and VPN connections to the corporate network.
Cisco Identity Services Engine (ISE) can be installed on the Cisco SNS hardware or virtual appliances. To achieve performance and scalability comparable to the Cisco ISE hardware appliance, the virtual machine should be allocated system resources equivalent to the Cisco SNS 3500 or 3600 series appliances. This section lists the hardware, software, and virtual machine requirements required to install Cisco ISE.
The following table lists the VMware virtual machine requirements.
| Requirement Type | Specifications |
|---|---|
| CPU | Evaluation Clock Speed—2.0 GHz or faster Number of Cores—2 CPU cores Production Clock Speed—2.0 GHz or faster number of Cores SNS 3500 Series Appliance: Small—12 processors (6 cores with hyperthreading enabled) Medium—16 processors (8 cores with hyperthreading enabled) Large—16 processors (8 cores with hyperthreading enabled) SNS 3600 Series Appliance: Small—16 processors (8 cores with hyperthreading enabled) Medium—24 processors (12 cores with hyperthreading enabled) Large—24 processors (12 cores with hyperthreading enabled) Note Even though Hyperthreading might improve overall VM performance, it does not change the supported scaling limits per VM appliance. Additionally, you must still allocate CPU resources based on the required number of physical cores, not the number of logical processors. |
| Memory | Evaluation—16 GB Production Small—16 GB for SNS 3515 and 32 GB for SNS 3615 Medium—64 GB for SNS 3595 and 96 GB for SNS 3655Large—256 GB |
| Hard Disks | Evaluation—200 GBProduction300 GB to 2.4 TB of disk storage (size depends on deployment and tasks).See the recommended disk space for VMs in the following link: Disk Space Requirements.We recommend that your VM host server use hard disks with a minimum speed of 10,000 RPM.Note When you create the Virtual Machine for Cisco ISE, use a single virtual disk that meets the storage requirement. If you use more than one virtual disk to meet the disk space requirement, the installer may not recognize all the disk space. |
| Storage and File System | The storage system for the Cisco ISE virtual appliance requires a minimum write performance of 50 MB per second and read performance of 300 MB per second. Deploy a storage system that meets these performance criteria and is supported by VMware server. Cisco ISE provides a number of methods to verify if your storage system meets these minimum requirements before, during, and after Cisco ISE installation. See Virtual Machine Resource and Performance Checks for more information. We recommend the VMFS file system because it is most extensively tested, but other file systems, transports, and media can also be deployed provided they meet the above requirements. |
| Disk Controller | Paravirtual (default for RHEL 7 64-bit) or LSI Logic ParallelFor best performance and redundancy, a caching RAID controller is recommended. Controller options such as RAID 10 (also known as 1+0) can offer higher overall write performance and redundancy than RAID 5, for example. Additionally, battery-backed controller cache can significantly improve write operations. Note Updating the disk SCSI controller of an ISE VM from another type to VMware Paravirtual may render it not bootable. |
| NIC | 1 NIC interface required (two or more NICs are recommended; six NICs are supported). Cisco ISE supports E1000 and VMXNET3 adapters. Note We recommend that you select E1000 to ensure correct adapter order by default. If you choose VMXNET3, you might have to remap the ESXi adapter to synchronize it with the ISE adapter order. |
| VMware Virtual Hardware Version/Hypervisor | VMware Virtual Machine Hardware Version 8 or higher on ESXi 5.x (5.1 U2 minimum) and 6.x . Note If you are installing Cisco ISE on an ESXi 5.x server, to support RHEL 7 as the Guest OS, update the VMware hardware version to 9 or later. RHEL 7 is supported with VMware hardware version 9 and later. |
Let’s start Installation:
Step 0
Download ISE-2.6.0.156-virtual-SNS3615-SNS3655-600 from Cisco site https://software.cisco.com/download/home/283801620/type/283802505/release/2.6.0
Step1
Step 1
Select your downloaded ova file.
Step 2
Step 3
Type the name of VM and select Inventory Location.
Step 4
Choose the right option for your needs
Small- Use this configuration for small deployments. This deployment will need 16vCPUs and 32768 Memory for the vApp
Medium– Use this configuration for small deployments. This deployment will need 24vCPUs and 98304 Memory for the vApp
Step 5
Select Destination storage for the virtual Machine files
Step 6
Step 7
It will show you only default network of Vcenter. After installation, you can choose the right network for your ISE instance.
Step 8
Double check of ISE 2.6 installation details.
Step 9
Wait for “Comleted Successfully” message.
Step 10
After successfully installation you need to do the initial configuration. For doing this open Vcenter console and double click “Enter” button. And checge main configuration for accessing via SSH or GUI.
Step 11
Check the status of the ISE processes by entering the show application status ise command, and press Enter.
The console displays:
cise01-noc/admin# show application status ise
ISE PROCESS NAME STATE PROCESS ID
Database Listener running 14890
Database Server running 70 PROCESSES
Application Server running 19158
Profiler Database running 16293
ISE Indexing Engine running 20773
AD Connector running 22466
M&T Session Database running 16195
M&T Log Collector running 19294
M&T Log Processor running 19207
Certificate Authority Service running 22237
EST Service running 29847
SXP Engine Service disabled
Docker Daemon running 21197
TC-NAC Service disabled
Wifi Setup Helper Container not running
pxGrid Infrastructure Service disabled
pxGrid Publisher Subscriber Service disabled
pxGrid Connection Manager disabled
pxGrid Controller disabled
PassiveID WMI Service disabled
PassiveID Syslog Service disabled
PassiveID API Service disabled
PassiveID Agent Service disabled
PassiveID Endpoint Service disabled
PassiveID SPAN Service disabled
DHCP Server (dhcpd) disabled
DNS Server (named) disabled
cise01-noc /admin#
Step 12
Open your favorite browser, type login and password whick you entered on Step 10
Please help me correct them if you find any mistakes. For supporting us Share this with your friends.