Cisco Identity Services Engine Hardware Installation Guide, Release 1.1.x
Installing the Cisco ISE System Software on a VMware Virtual Machine
Downloads: This chapterpdf (PDF - 2.06MB) The complete bookPDF (PDF - 8.2MB) | Feedback

Table of Contents

Installing Cisco ISE in a V Mware Virtual Machine

Virtual Machine Requirements

Disk Space Requirements

Evaluating the Cisco ISE Release 1.1. x

Configuring a VMware ESX or ESXi Server

Creating New Virtual File Size

Configuring VMware Server Interfaces for the Cisco ISE Profiler Service

Configuring the VMware Server

Preparing a VMware System for Cisco ISE Software Installation

Configuring a VMware System Using the Cisco Identity Services Engine ISE Software DVD

Installing the Cisco ISE Software on a VMware System

Connecting to the Cisco ISE VMware Server Using Serial Console

Installing Cisco ISE in a VMware Virtual Machine

This chapter describes the system requirements for installing the Cisco Identity Services Engine (ISE) 3300 Series appliance software in a VMware virtual machine. The following topics provides information about the installation process:


Note The Inline Posture node is supported only on Cisco ISE 3300 Series appliances. It is not supported on VMware server systems. All the other designated roles are supported for use on VMware virtual machines.


Virtual Machine Requirements

Table 1-1 lists the minimum system requirements to install Cisco ISE 3300 Series software on a VMware virtual machine to support 100 endpoints for evaluation purposes only.

 

Table 1-1 Minimum VMware System Requirements

Requirement Type
Minimum Requirements

CPU

Intel Quad-Core; 2.13 GHz or faster

Memory

4 GB RAM

Hard disks

60 to 600 GB of disk storage (size depends on deployment and tasks)

We recommend that you use a hard disk drive with a minimum of 10,000 RPM.

The Cisco ISE must be installed on a single disk in VMware. If you use several small disks to meet the disk space requirement for installation you could experience some unexpected behavior.

File System

VMFS

Note We recommend that you use VMFS for storage. Other storage protocols are not tested and might result in some file system errors.

Disk controller

SCSI controller

NIC

1 GB NIC interface required (two or more NICs are recommended)


Note When creating network connections for any NICs that you configure, make sure to select the corresponding Flexible network adapter from the Adapter drop-down list. For this release, Cisco ISE supports the Flexible network adapter for all NICs. See Step 10 in Configuring the VMware Server.


Hypervisor

Supported VMware versions include:

  • VMware ESX 4.x
  • VMware ESXi 4.x
  • VMware ESXi 5.x

Note While the minimum disk space required for an evaluation VMware virtual machine (VM) is 60 GB, production VMs require a minimum of 200GB. You cannot migrate data to a production VM from an evaluation VM created with less than 200 GB of disk space. You can migrate data only from VMs created with 200 GB or more disk space to a production environment.


Disk Space Requirements

The minimum system requirements for the virtual machine must be similar to the Cisco ISE 3300 Series appliance hardware configuration. Refer to the Identity Services Engine 3300 Series Appliances Data Sheet for the hardware configuration. See “Deployment Sizing and Scaling Recommendations” section for virtual machine specifications for a production environment.

Table 1-2 lists the minimum Cisco ISE hard disk space allocation requirements for running on a VMware server in a production deployment. Use the supported VMware ESX and ESXi server versions listed in Table 1-1 for running Cisco ISE software in a production deployment.

 

Table 1-2 Minimum VMware Production Disk Space Requirements

ISE Persona
Minimum Disk Space Requirements for Production1

Standalone ISE

600 GB

Administration

200 GB

Monitoring

500 GB

Administration and Monitoring

600 GB

Administration, Monitoring, and Policy Service

600 GB

Policy Service

100 GB

1.Additional disk space is required to support local logging, and to store the backup and upgrade files in the local disk.


Note The Cisco ISE software will only use up to 600 GB of disk space regardless of how much more disk space you allocate to the virtual machine.


On any node that has the Monitoring persona enabled, 30% of the VM disk space is allocated for log storage. For a Monitoring node with 600 GB VM disk space, 180 GB is allocated for log storage. A deployment with 100,000 user endpoints generates 2 GB of logs approximately per day. In this case, you can store 30 days of logs in the Monitoring node, after which you must transfer the old data to a repository and purge it from the Monitoring database. For extra log storage, you can increase the VM disk space. For every 100 GB of disk space that you add, you get 30 GB more for log storage. Depending on your requirements, you can increase the VM disk size up to a maximum of 600 GB or 180 GB log storage. The 30% disk space allotment is applicable only for fresh installations. If you upgrade to 1.1.x, a maximum of 150 GB is allocated for the MnT node irrespective of the VM disk size.


Note The Cisco ISE must be installed on a single disk in VMware.


Evaluating the Cisco ISE Release 1.1. x

For evaluation purposes, Cisco ISE Release 1.1. x can be installed in any of the supported VMware server virtual machines that meet the Virtual Machine Requirements. When evaluating Cisco ISE Release 1.1. x , you can configure less disk space in the virtual machine, but you still are required to allocate a minimum disk space of 60 GB.

To download the Cisco ISE Release 1.1. x software for evaluation, complete the following steps:


Step 1 Go to the following link:

http://wwwcisco.com/go/ise (You must already have valid Cisco.com login credentials to access this link.)

Step 2 Click Download Software.

The Cisco ISE Release 1.1. x software image comes with a 90-day evaluation license already installed, so you can begin testing all Cisco ISE services once your installation and initial configuration are complete.


 

To migrate a Cisco ISE configuration from an evaluation system to a fully licensed production system, you need to complete the following tasks:

  • Back up the configuration of the evaluation version
  • Install a production deployment license
  • Restore the configuration to the production system
  • Increase disk space for installation

Note The minimum Cisco ISE hard disk space allocation requirements for running on a VMware servers in an evaluation environments that support only 100 users is 60 GB. When you move your VMware server to a production environment that support a larger number of users, however, be sure to reconfigure your Cisco ISE installation to the recommended minimum disk size that is listed in Table 1-2 or higher (up to the allowed maximum of 600 GB). See “Deployment Sizing and Scaling Recommendations” section for information on virtual machine requirements for a production environment.


Configuring a VMware ESX or ESXi Server

This section describes how to configure a VMware ESX or ESXi server on the VMware virtual machine. This section provides procedures for performing some important configuration-related tasks.

To perform the following procedures, you must log in to the ESXi server as a user with administrative privileges (root user). The values that are provided in the following procedures and illustrations are examples only. Actual values depend on your deployment requirements.

Before You Begin

Before you configure your VMware ESX or ESXi server, read the following:

  • Cisco ISE 1.1.4 is a 32-bit system. Ensure that your virtual machine’s guest operating system is set to 32 bits. See http://kb.vmware.com/selfservice/microsites/search.do?language=en
    _US&cmd=displayKC&externalId=1005870
    for information on how to set your guest operating system type.
  • Ensure that you allocate the recommended amount of disk space on the VMware virtual machine. See Table 1-2 for more details.
  • The VMware virtual file system (VMFS) is set for each of the storage volumes configured on the VMware host. You must choose a VMFS block size based on the largest virtual disk size hosted on the VMware host. Once you configure the VMFS block size, you cannot change it without reformatting the VMFS partitions. Your VMware VMFS block size should be based on the size of the largest virtual disk:

1 MB—256 GB

2 MB—512 GB

4 MB—1 TB

8 MB—2 TB

Ensure that you have read and performed the task described in Creating New Virtual File Size.

  • Do not choose VMware thin provisioning as a storage type. This release of the Cisco ISE software does not support using VMware thin provisioning as a storage type on any of the supported VMware servers. Thin provisioning is not a default setting and Cisco advises against choosing the check box for thin provisioning in Step 13 (as shown in Figure 1-13).
  • If you are enabling the Profiler service, ensure that you have read and performed the tasks described in Configuring VMware Server Interfaces for the Cisco ISE Profiler Service.

Creating New Virtual File Size

To create a new virtual file size, perform the following steps:


Step 1 Choose Configuration > Storage > Add Storage Wizard .

You can find the Add Storage wizard at the upper-right corner of the configuration window.

Figure 1-1 Configuration Window

 

Step 2 From the Storage Type drop-down list, choose Disk/LUN and click Next .

Step 3 Choose 200 GB for disk space size, choose 2 MB as the VMFS block size, and click Next .

100 GB is the minimum disk space size that is required for installing VMware with Cisco ISE. However, Cisco ISE will only use up to a maximum of 600 GB even if you assign extra space in your VMware system. The value that you set should be from 100 to 600 GB, depending on your deployment.


Note It is important to note that the VMware virtual file system (VMFS) is set for each of the storage volumes configured in the VMware host. This means that your choice of the VMFS block size will need to take into account the largest virtual disk sizes hosted on the VMware host. Once the block size is set it cannot be changed without having to reformat the VMFS partitions.

If you specify the default VMFS 1-MB block size, you will not be able to create a 600-GB disk space for your virtual machine on the VMware host. Only by specifying a VMFS block size of 2 MB when the VMFS file system is being created, will you be able to configure up to 600 GB of disk space for your virtual machine.


Step 4 Click Finish .

The new VMware system with a 200-GB virtual disk size and a 2-MB block size is created successfully.

Step 5 Verify the new file size, choose Configuration > Memory , and click Properties.

Figure 1-2 displays the properties of a disk space created with the name ds1.

Figure 1-2 Disk Space Properties Window

 


 

Configuring VMware Server Interfaces for the Cisco ISE Profiler Service

To configure the VMware server interfaces to support the collection of SPAN or mirrored traffic to a dedicated probe interface for the Cisco ISE Profiler service, perform the following steps:


Step 1 Choose Configuration > Networking > Properties > VMNetwork (the name of your VMware server instance) > VMswitch0 (one of your VMware ESXi server interfaces) > Properties > Security.

Step 2 In the Policy Exceptions pane under the Security tab, check the Promiscuous Mode check box.

Step 3 In the adjacent drop-down list, choose Accept , and click OK .

Repeat the same steps on the other VMware ESX server interface used for profiler data collection of SPAN or mirrored traffic.

Figure 1-3 VMNetwork Properties Window

 


 

Configuring the VMware Server

This section describes how to configure VMware servers by using the VMware vSphere Client.


Step 1 Log in to the ESXi Server.

Step 2 In the VMware vSphere Client, in the left pane, right-click your host container and choose New Virtual Machine.

The New Virtual Machine Wizard appears.

Step 3 In the Configuration dialog box, choose Custom as the VMware configuration, as shown in Figure 1-4, and click Next .

Figure 1-4 Virtual Machine Configuration Dialog Box

 

The Name and Location dialog box appears (see Figure 1-5).

Step 4 Enter a name that you want for referencing the VMware system, and click Next .

Figure 1-5 Name and Location Dialog Box

 


Tip Use the hostname that you want to use for your VMware host.


The Datastore dialog box appears (see Figure 1-6).

Step 5 Choose a datastore that has the recommended amount of space available, and click Next .

Figure 1-6 Datastore Dialog Box

 

The Virtual Machine Version dialog box appears.

Step 6 (Optional) If your VM host or cluster supports more than one VMware virtual machine version, choose Virtual Machine Version 7 , and click Next .

The Guest Operating System dialog box appears (see Figure 1-7).

Step 7 Choose Linux and Red Hat Enterprise Linux 5 (32-bit) from the Version drop-down list.

Figure 1-7 Guest Operating System Dialog Box

 

The Number of Virtual Processors dialog box appears (see Figure 1-8).

Step 8 From the Number of Virtual Processors drop-down list, choose 4 . Click Next .

Figure 1-8 Number of Virtual Processors Dialog Box

 

In some versions of ESX server, the following screen appears. Choose 2 from the Number of virtual sockets and the Number of cores per virtual socket drop-down list (see Figure 1-9). Click Next .

Figure 1-9 Number of Virtual Sockets and Cores Dialog Box

 

The Memory Configuration dialog box appears (see Figure 1-10).

Step 9 Enter a value based on the recommendations in Table 1-1 , and click Next .

Figure 1-10 Memory Configuration Dialog Box

 

The Network Interface Card (NIC) Configuration dialog box appears (see Figure 1-11).

Step 10 Choose a NIC and Adapter, and click Next .

Figure 1-11 NIC Configuration Dialog Box

 

The SCSI controller dialog box appears.

Step 11 Choosen an SCSI controller and click Next .

The Select a Disk dialog box appears (see Figure 1-12).

Step 12 Choose Create a new virtual disk and click Next .

Figure 1-12 Select a Disk

 

The Virtual Disk Size and Provisioning Policy dialog box appears.

Step 13 Do not check the Allocate and commit space on demand (Thin Provisioning) check box and Support clustering features such as Fault Tolerance check box in the Disk Provisioning dialog box (see Figure 1-13). Click Next to continue.

Figure 1-13 Disk Provisioning Dialog Box

 

The Advanced Options dialog box appears.

Step 14 Choose the Advanced Options, and click Next .

The Ready to Complete New Virtual Machine dialog box appears (see Figure 1-14).

Step 15 Verify the configuration details, such as Name, Guest OS, Virtual CPU, Memory, and Virtual Disk Size of the newly created VMware system.

Figure 1-14 Ready to Complete Dialog Box

 

Step 16 Click Finish .

The VMware system is now installed.


 

To activate the newly created VMware system, right-click VM in the left pane of your VMware client user interface and choose Power > Power On .

Preparing a VMware System for Cisco ISE Software Installation

After configuring the VMware system, you are ready to install the Cisco ISE software. To install the Cisco ISE software from your Cisco Identity Services Engine ISE VM Appliance (ISE Software Version 1.1.1.xxx) DVD, you need to configure the VMware system to boot from this Cisco ISE DVD. This requires that the VMware system be configured with a virtual DVD drive to boot from the Cisco Identity Services Engine ISE VM Appliance (ISE Software Version 1.1.1.xxx) DVD.

You can do this by using different methods that are dependent upon your network environment. See Configuring a VMware System Using the Cisco Identity Services Engine ISE Software DVD to configure the VMware system by using the DVD drive of your VMware ESX server host.

Configuring a VMware System Using the Cisco Identity Services Engine ISE Software DVD

This section describes how to configure a VMware system to boot from the Cisco Identity Services Engine ISE VM Appliance (ISE Software Version 1.1.1.xxx) DVD by using the DVD drive of the VMware ESX server host.

To configure the VMware system by using the DVD drive, complete the following steps:


Step 1 In the VMware Infrastructure Client, highlight the newly created VMware system, and choose Edit Virtual Machine Settings .

The Virtual Machine Properties window appears. Figure 1-15 displays the properties of a VMware system created with the name Cisco ISE Release 1.0.

Figure 1-15 Virtual Machine Properties Dialog Box

 

Step 2 In the Virtual Machine Properties dialog box, choose CD/DVD Drive 1 .

The CD/DVD Drive1 properties dialog box appears.

Step 3 Choose the Host Device option, and from the drop-down list, choose your DVD host device.

Step 4 Choose the Connect at Power On option, and click OK to save your settings.

You can now use the DVD drive of the VMware ESX server to install the Cisco ISE software.


 

When you complete the configuration, click the Console tab, right-click VM in the left pane, choose Power, and choose Reset to restart the VMware system.

Installing the Cisco ISE Software on a VMware System

This section describes the installation process for the Cisco ISE software on a VMware.

To install the Cisco ISE software on a VMware system, complete the following steps:


Step 1 Log into the VMware Infrastructure Client.

Step 2 Ensure that Universal Time Coordinated (UTC) is set in BIOS:

a. If the VMware system is turned on, turn the system off.

b. Turn on the VMware system.

c. Press F1 to enter the BIOS Setup mode.

d. Using the arrow key, navigate to Date and Time and press Enter .

e. Enter the time for your appliance to the UTC/Greenwich Mean Time (GMT) time zone.


Note We recommend that you set all Cisco ISE nodes to the UTC time zone. This time zone setting ensures that the reports and logs from the various nodes in your deployment are always in sync with regard to the timestamps.


f. Press Esc to exit to the main BIOS menu.

g. Press Esc to exit from the BIOS Setup mode.


Note After installation, if you do not install a permanent license, Cisco ISE automatically installs a 90-day evaluation license that supports a maximum of 100 endpoints.


Step 3 Insert the Cisco ISE VM Appliance (ISE Software Version 1.1.1.xxx) DVD into the VMware ESX host CD/DVD drive, and turn on the virtual machine.


Note If you do not have access to this DVD, you can download the Cisco ISE Release 1.1.x software from the Cisco Software Download Site at http://software.cisco.com/download/navigator.html?a=a&i=rpm. You will be required to provide your Cisco.com credentials.


When the Cisco Identity Services Engine ISE VM Appliance (ISE Software Version 1.1.1.xxx) DVD boots, the console displays:

Welcome to Cisco ISE
To boot from the hard disk press <Enter>
Available boot options:
[1] Cisco Identity Services Engine Installation (Monitor/Keyboard)
[2] Cisco Identity Services Engine Installation (Serial Console)
[3] Reset Administrator Password (Keyboard/Monitor)
[4] Reset Administrator Password (Serial Console)
<Enter> Boot from hard disk
Please enter boot option and press <Enter>.
boot: 1

You can choose either the monitor and keyboard port, or the console port to perform the initial setup.

Step 4 At the system prompt, type 1 to choose a monitor and keyboard port, or type 2 to choose a console port, and press Enter .

This starts the installation of the Cisco ISE software on the VMware system.


Note Allow 20 minutes for the installation process to complete.


When the installation process finishes, the virtual machine reboots automatically.

When the VM reboots, the console displays:

Type 'setup' to configure your appliance
localhost:

Step 5 At the system prompt, type setup , and press Enter .

The Setup Wizard appears and guides you through the initial configuration. For more information on the setup process, see Understanding the Setup Program Parameters.


 

Connecting to the Cisco ISE VMware Server Using Serial Console

To connect to Cisco ISE VMWare server using the serial console, complete the following steps:


Step 1 Power off the particular VMware server (for example ISE-120).

Step 2 Right click on the VMware server and choose Edit.

Step 3 Choose the Hardware tab and click Add.

 

Step 4 Choose Serial Port and click Next .

 

Step 5 For Serial Port Output choose Use physical serial port on the host . Click Next.

 

Step 6 Choose the port. You may choose one of the following two options:

    • /dev/ttyS0 (In the DOS or Windows operating system, this will appear as COM1).
    • /dev/ttyS1 (In the DOS or Windows operating system, this will appear as COM2).

Step 7 Click Next.

 

Step 8 Check the device status. It will be shown as Connected.