Cisco Secured Network Server Series Appliances and Virtual Machine Requirements

Cisco ISE hardware and virtual appliance requirements

Cisco ISE can be installed on Cisco Secure Network Server (SNS) hardware or virtual appliances. The virtual machine should have the same system resources as the Cisco SNS hardware appliances to achieve similar performance and scalability as the Cisco ISE hardware appliance. This section lists the hardware, software, and virtual machine requirements for installing Cisco ISE.


Note

Harden your virtual environment and ensure that all security updates are current. Cisco is not liable for any security issues found in hypervisors.


Caution

Cisco ISE does not support VM snapshots to back up data on any virtual environment. Enabling the Snapshot feature on the VM might corrupt the configuration. If this happens, you may need to reimage the VM.

Cisco SNS hardware appliances

For Cisco SNS 3600 series appliances, see Cisco SNS-3600 Series Appliance Hardware Installation Guide.

For Cisco SNS 3700 series appliances, see Cisco SNS-3700 Series Appliance Hardware Installation Guide.

For Cisco SNS 3800 series appliances, see Cisco SNS-3800 Series Appliance Hardware Installation Guide.

For information about the supported hardware platforms for your version of Cisco ISE, see the Release Notes for Cisco Identity Services Engine.

Support for Cisco SNS 3800 series appliance

The Cisco SNS 3800 series appliances are based on the Cisco Unified Computing System (Cisco UCS) C225 M8 Rack Server and are configured specifically to support Cisco ISE. Cisco SNS 3800 series appliances are designed to deliver high performance and efficiency for a wide range of workloads.

The Cisco SNS 3800 series appliances are available in these models:

  • Cisco SNS 3815 (SNS-3815-K9)

  • Cisco SNS 3855 (SNS-3855-K9)

  • Cisco SNS 3895 (SNS-3895-K9)

Cisco SNS 3815 appliance is ideal for small deployments. Cisco SNS 3855 and Cisco SNS 3895 appliances have several redundant components such as hard disks and power supplies and are suitable for larger deployments that require highly reliable system configurations. Cisco SNS 3895 is recommended for PAN and MnT personas.


Note

  • You must use only these ISO and upgrade bundle files for Cisco SNS 3800 appliances:

    • ise-3.4.0.608b.SPA.x86_64.iso

    • ise-upgradebundle-3.1.x-3.3.x-to-3.4.0.608b.SPA.x86_64.tar.gz

    • ise-urtbundle-3.4.0.608b-1.0.0.SPA.x86_64.tar.gz

  • Cisco SNS 3800 appliances are supported from Cisco ISE release 3.4 patch 4 onwards.

  • Cisco SNS 3855 appliance can be configured with one hard disk or four hard disks. It is recommended to enable only the PSN or pxGrid persona if your Cisco SNS 3855 appliance is configured with only one hard disk.

This table describes the hardware specifications of Cisco SNS 3800 series appliances.

Table 1. Cisco SNS 3800 series appliance hardware specifications

Cisco SNS 3800 series appliance

RAM

CPU cores

Number of hard disks

Total hard disk capacity

RAID

Cisco SNS-3815-K9

64 GB

16 cores, 32 threads

NVME-1

960 GB

NA

64 GB

16 cores, 32 threads

SED-1

960 GB

RAID-0

64 GB

16 cores, 32 threads

SED-FIPS-1

1.6 TB

RAID-0

Cisco SNS-3855-K9

128 GB

24 cores, 48 threads

NVME-1

960 GB

NA

128 GB

24 cores, 48 threads

NVME-4

1.9 TB

RAID-10

128 GB

24 cores, 48 threads

SED-1

960 GB

RAID-0

128 GB

24 cores, 48 threads

SED-4

1.9 TB

 RAID-10

128 GB

24 cores, 48 threads

SED-FIPS-1

1.6 TB

RAID-0

128 GB

24 cores, 48 threads

SED-FIPS-4

3.2 TB

RAID-10

Cisco SNS-3895-K9

256 GB

24 cores, 48 threads

NVME-8

3.8 TB

RAID-10

256 GB

24 cores, 48 threads

SED-8

3.8 TB

RAID-10

256 GB

24 cores, 48 threads

SED-FIPS-8

6.4 TB

RAID-10

For more information, see the Cisco SNS 3800 Series Appliance Hardware Installation Guide.

VMware virtual machine requirements

You can use the VMware migration feature to migrate VM instances (running any persona) between hosts. Cisco ISE supports both hot and cold migration.

  • Hot migration is also called live migration or vMotion. You do not need to shut down or power off Cisco ISE during hot migration. You can migrate the Cisco ISE VM without any interruption in its availability.

  • Cisco ISE must be shutdown and powered off for cold migration. Cisco ISE does not allow to stop or pause the database operations during cold migration. Hence, ensure that Cisco ISE is not running and active during the cold migration.


    Note

    You must use the application stop command before using the halt command or powering off the VM to prevent database corruption issues.

The 300 GB OVA templates are sufficient for Cisco ISE nodes that serve as dedicated Policy Service or pxGrid nodes.

The 600 GB and 1.2 TB OVA templates are recommended to meet the minimum requirements for nodes that run the Administration or Monitoring persona.

If you need to customize the disk size, CPU, or memory allocation, you can manually deploy Cisco ISE using the standard .iso image. However, it is important that you ensure the minimum requirements and resource reservations specified in this document are met. The OVA templates simplify ISE virtual appliance deployment by automatically applying the minimum resources required for each platform.

Table 2. OVA template reservations

OVA template type

Number of CPUs

CPU reservation (in GHz)

Memory (in GB)

Memory reservation (in GB)

Evaluation

4

No reservation.

16

No reservation.

Extra Small

8

8

32

32

Small (SNS 3615)

16

16

32

32

Medium (SNS 3655)

24

24

96

96

Large (SNS 3695)

24

24

256

256

Small (SNS 3715)

24

24

32

32

Medium (SNS 3755)

40

40

96

96

Large (SNS 3795)

40

40

256

256

Small (SNS 3815)

32

32

64

64

Medium (SNS 3855)

48

48

128

128

Large (SNS 3895)

48

48

256

256

Note

You can enable only the PSN persona on Extra Small VM. PAN and MnT personas are not supported for this node.

Reserve CPU and memory resources to match the required allocation. Not reserving enough resources can significantly affect ISE performance and stability.

This table lists the VMware virtual machine requirements.

Table 3. VMware virtual machine requirements

Requirement type

Specifications

CPU

  • Evaluation

    • Clock speed: 2.0 GHz or faster

    • Number of CPU cores: 4 CPU cores

  • Production

    • Clock speed: 2.0 GHz or faster

    • Number of cores:

      • SNS 3600 series appliance:

        • Extra Small: 8

        • Small: 16

        • Medium: 24

        • Large: 24

          Note

           

          The number of cores is twice that found in the equivalent Cisco SNS 3600 series because of hyperthreading. For example, in a small network deployment, you must allocate 16 vCPU cores to meet the CPU specification of SNS 3615, which has 8 CPU cores or 16 threads.

      • SNS 3700 series appliance:

        • Small: 24

        • Medium: 40

        • Large: 40

          Note

           

          The number of cores is twice that found in the equivalent Cisco SNS 3700 series because of hyperthreading. For example, in a small network deployment, you must allocate 24 vCPU cores to meet the CPU specification of SNS 3715, which has 12 CPU cores or 24 threads.

      • SNS 3800 series appliance:

        • Small: 32

        • Medium: 48

        • Large: 48

          Note

           

          The number of cores is twice that found in the equivalent Cisco SNS 3800 series because of hyperthreading. For example, in a small network deployment, you must allocate 32 vCPU cores to meet the CPU specification of SNS 3815, which has 16 CPU cores or 32 threads.

Memory

  • Evaluation: 16 GB

  • Production

    • Extra Small: 32 GB

    • Small:

      • 32 GB for SNS 3615 and SNS 3715

      • 64 GB for SNS 3815

    • Medium:

      • 96 GB for SNS 3655 and SNS 3755

      • 128 GB for SNS 3855

    • Large: 256 GB for SNS 3695, SNS 3795, and SNS 3895

Hard disks

  • Evaluation: 300 GB

  • Production

    300 GB to 2.4 TB of disk storage (size depends on deployment and tasks).

    We recommend that your VM host server use hard disks with a minimum speed of 10,000 RPM.

Note

 

When you create the VM for Cisco ISE, use a single virtual disk that meets the storage requirement. If you use more than one virtual disk to meet the disk space requirement, the installer may not recognize all the disk space.

Storage and file system

The storage system for the Cisco ISE virtual appliance requires a minimum write performance of 50 MB per second and a read performance of 300 MB per second. Deploy a storage system that meets these performance criteria and is supported by VMware server.

You can use the show tech-support command to view the read and write performance metrics.

We recommend the VMFS file system because it is most extensively tested, but other file systems, transports, and media can also be deployed provided they meet the above requirements.

Disk controller

Paravirtual or LSI Logic Parallel

For best performance and redundancy, a caching RAID controller is recommended. Additionally, battery-backed controller cache can significantly improve write operations.

Note

 

Updating the disk SCSI controller of a Cisco ISE VM from another type to VMware Paravirtual may render it not bootable.

NIC

1 NIC interface required (two or more NICs are recommended; six NICs are supported).

Cisco ISE supports E1000E and VMXNET3 adapters.

Note

 

You have to remap the ESXi adapter to synchronize it with the Cisco ISE adapter order.

VMware virtual hardware version/Hypervisor

  • OVA templates: VMware version 14 or higher on ESXi 6.7, ESXi 7.0, and ESXi 8.0.

  • ISO file supports ESXi 6.7, ESXi 7.0, and ESXi 8.0.

Linux KVM requirements

Table 4. Linux KVM requirements

Requirement type

Minimum requirements

CPU

  • Evaluation

    • Clock speed: 2.0 GHz or faster

    • Number of cores: 4 CPU cores

  • Production

    • Clock speed: 2.0 GHz or faster

    • Number of cores:

      • SNS 3600 series appliance:

        • Extra Small: 8

        • Small: 16

        • Medium: 24

        • Large: 24

          Note

           

          The number of cores is twice that of an equivalent Cisco SNS 3600 series appliance, due to hyperthreading. For example, for a small network deployment, you must allocate 16 vCPU cores to match the CPU specification of SNS 3615, which has 8 CPU cores or 16 threads.

      • SNS 3700 series appliance:

        • Small: 24

        • Medium: 40

        • Large: 40

          Note

           

          The number of cores is twice that of an equivalent Cisco SNS 3700 series appliance, due to hyperthreading. For example, for a small network deployment, you must allocate 24 vCPU cores to meet the CPU specification of SNS 3715, which has 12 CPU cores or 24 threads.

      • SNS 3800 series appliance:

        • Small: 32

        • Medium: 48

        • Large: 48

          Note

           

          The number of cores is twice that of an equivalent Cisco SNS 3800 series appliance, due to hyperthreading. For example, for a small network deployment, you must allocate 32 vCPU cores to match the CPU specification of SNS 3815, which has 16 CPU cores or 32 threads.

Memory

  • Evaluation: 16 GB

  • Production

    • Extra Small: 32 GB

    • Small:

      • 32 GB for SNS 3615 and SNS 3715

      • 64 GB for SNS 3815

    • Medium:

      • 96 GB for SNS 3655 and SNS 3755

      • 128 GB for SNS 3855

    • Large: 256 GB for SNS 3695, SNS 3795, and SNS 3895

Hard disks

  • Evaluation: 300 GB

  • Production

    300 GB to 2.4 TB of disk storage (size depends on deployment and tasks).

    We recommend using hard disks with a minimum speed of 10,000 RPM on your VM host server.

    Note

     

    When you create the VM for Cisco ISE, use a single virtual disk that meets the storage requirement. If you use multiple virtual disks to meet disk space requirements, the installer might fail to detect the total disk space.

KVM Disk Device

Disk bus - virtio, cache mode - none, I/O mode - native

Use preallocated RAW storage format.

NIC

1 NIC interface required (two or more NIC interfaces are recommended; six NIC interfaces are supported).

Cisco ISE supports VirtIO drivers. We recommend VirtIO drivers for better performance.

Hypervisor

KVM on QEMU 2.12.0-99 or above

Microsoft Hyper-V requirements

Table 5. Microsoft Hyper-V requirements

Requirement type

Minimum requirements

CPU

  • Evaluation

    • Clock speed: 2.0 GHz or faster

    • Number of cores: 4 CPU cores

  • Production

    • Clock speed: 2.0 GHz or faster

    • Number of cores:

      • SNS 3600 series appliance:

        • Extra Small: 8

        • Small: 16

        • Medium: 24

        • Large: 24

          Note

           

          The number of cores is twice that of the equivalent Cisco SNS 3600 series, due to hyperthreading. For example, for a Small network deployment, you must allocate 16 vCPU cores to meet the CPU specification of SNS 3615, which has 8 CPU cores or 16 threads.

      • SNS 3700 series appliance:

        • Small: 24

        • Medium: 40

        • Large: 40

          Note

           

          The number of cores is twice that of the equivalent Cisco SNS 3700 series, due to hyperthreading. For example, for a Small network deployment, you must allocate 24 vCPU cores to meet the CPU specification of SNS 3715, which has 12 CPU cores or 24 threads.

      • SNS 3800 series appliance:

        • Small: 32

        • Medium: 48

        • Large: 48

          Note

           

          The number of cores is twice that of the equivalent Cisco SNS 3800 series, due to hyperthreading. For example, for a Small network deployment, you must allocate 32 vCPU cores to meet the CPU specification of SNS 3815, which has 16 CPU cores or 32 threads.

Memory

  • Evaluation: 16 GB

  • Production

    • Extra Small: 32 GB

    • Small:

      • 32 GB for SNS 3615 and SNS 3715

      • 64 GB for SNS 3815

    • Medium:

      • 96 GB for SNS 3655 and SNS 3755

      • 128 GB for SNS 3855

    • Large: 256 GB for SNS 3695, SNS 3795, and SNS 3895

Hard disks

  • Evaluation: 300 GB

  • Production

    300 GB to 2.4 TB of disk storage (size depends on deployment and tasks).

    We recommend that your VM host server use hard disks with a minimum speed of 10,000 RPM.

Note

 

Create the VM for Cisco ISE with a single virtual disk that meets the storage requirement. If you use multiple virtual disks, the installer may not detect the total disk space.

NIC

1 NIC interface required (two or more NICs are recommended, and six NICs are supported).

Hypervisor

Hyper-V (Microsoft)


Note

Cisco ISE supports Azure Stack HCI 23H2 and later versions. The virtual machine requirements and the installation procedure for the Cisco ISE VMs in the Azure Stack HCI are the same as that of Microsoft Hyper-V.

Nutanix AHV requirements

Cisco ISE must be deployed on Nutanix AHV using the standard Cisco ISE .iso image. You cannot deploy Cisco ISE using OVA templates on Nutanix AHV.

This table specifies the recommended resource reservations for different types of deployment on Nutanix AHV:

Type Number of CPUs CPU reservation (in GHz) Memory (in GB) Memory reservation (in GB) Hard disks

Evaluation

4

No reservation

16

No reservation

300 GB

Extra Small

8

8

32

32

300 GB
Small 16 16 32 32 600 GB
Medium 24 24 96 96 1.2 TB
Large 24 24 256 256 2.4 TB (4*600 GB)

You must do these configuration on Nutanix AHV before you install Cisco ISE:

  • Create a VM on Nutanix AHV and keep the VM powered off.

  • If you are using AOS 6.8 or earlier versions, access the Nutanix CVM using ssh login and run these commands:

    • <acropolis> vm.serial_port_create <Cisco ISE VM Name> type=kServer index=0

    • <acropolis> vm.update <Cisco ISE VM Name> disable_branding=true

    • <acropolis> vm.update <Cisco ISE VM Name> disable_hyperv=true

    If you are using AOS 7.0, access the Nutanix CVM using ssh login and run these commands:

    • <acropolis> vm.serial_port_create <Cisco ISE VM Name> type=kServer index=0

    • <acropolis> vm.update <Cisco ISE VM Name> disable_branding=true

  • Exit Acropolis CLI, power on the VM, and install Cisco ISE using the standard .iso image.

Table 6. Nutanix AHV requirements

Requirement type

Minimum requirements

CPU

  • Evaluation:

    • Clock speed: 2.0 GHz or faster

    • Number of cores: 2 CPU cores

  • Production:

    • Clock Speed: 2.0 GHz or faster

    • Number of Cores

      • Extra Small: 8 processors (4 cores with hyperthreading enabled)

      • Small: 12 processors (6 cores with hyperthreading enabled)

      • Large: 16 processors (8 cores with hyperthreading enabled)

Cisco ISE supports hyperthreading. We recommend that you enable hyperthreading, if it is available.

Note

 

Hyperthreading can improve overall performance, but supported scaling limits for each virtual machine appliance remain unchanged. Allocate CPU resources based on the required number of physical cores instead of logical processors.

Memory

  • Evaluation:

    • Basic: 4 GB (for evaluating guest access and basic access policy flows)

    • Advanced: 16 GB (for evaluating advanced features such as pxGrid, Internal CA, SXP, Device Administration, and Passive Identity Services)

  • Production:

    • Small: 16 GB

    • Large: 64 GB

Hard disks

  • Evaluation: 300 GB

  • Production:

    300 GB to 2 TB of disk storage (size depends on deployment and tasks).

    We recommend that your VM host server use hard disks with a minimum speed of 10,000 RPM.

    Note

     

    You must use four 600 GB hard disks for 2.4 TB hard disk support.

KVM disk device

Disk bus - SCSI

NIC

1 GB NIC interface required (two or more NICs are recommended; six NICs are supported).

Cisco ISE supports VirtIO drivers. We recommend VirtIO drivers for better performance.

Hypervisor

AOS - 6.8 and 7.0, Nutanix AHV - 10.0

Red Hat OpenShift requirements

You can deploy Cisco ISE release 3.4 patch 4 and later VMs on Red Hat OpenShift Virtualization platform. This enables you to manage both VM and container workloads on a single platform.

Review these requirements before you deploy a Cisco ISE VM on Red Hat OpenShift platform.

  • Cisco ISE must be deployed on OpenShift platform using the standard Cisco ISE ISO image. Deploying Cisco ISE using OVA templates is not supported.

  • Cisco ISE supports Red Hat OpenShift container platform 4.19 and later versions.

  • You must install the OpenShift Virtualization plug-in to deploy Cisco ISE.

  • You must install the OpenShift Container Network Interface (CNI) for network configuration.

Ensure you meet these prerequisites before installing Cisco ISE on OpenShift platform:

  • Create the storage infrastructure for Cisco ISE on OpenShift platform. Configure persistent volumes, storage classes, and persistent volume claims to meet CPU, memory, and other resource requirements for Cisco ISE VMs.

  • Create a bootable volume for the Cisco ISE ISO file. Choose Bootable Volume > Add Volume > ISO image and upload the Cisco ISE ISO file. Enter the required details in the Volume Mode, Access Mode, Volume Name, and Preferences fields and then click Save.

  • Configure a secondary-VLAN interface. Choose Networking > Network Attachment Definitions and create a secondary network.

    Do not use the pod network for Cisco ISE configuration.

  • Create YAML files to configure a VM. In the YAML file, specify the VM settings such as CPU cores, disks, and boot order.

  • Choose Virtualization > Overview > Create Virtual Command Line Tools and use the oc and virtctrl OpenShift Command Line Interface utilities to create partitions based on Cisco ISE VM resource requirements.

    You can also create a pod to upload the ISO file.

  • Ensure that the persistent volume claims and VM are on the same node.

Choose Virtual Machine > Create > YAML file to create a VM. You can monitor the installation progress from the Console > VNC page.

The installation process for Cisco ISE on OpenShift platform is the same as on other VM platforms. For information on how to install Cisco ISE using the ISO image, see Install Cisco ISE Using CIMC.


Note

You must use only this ISO file for Cisco ISE release 3.4 to support the Red Hat OpenShift platform:

ise-3.4.0.608b.SPA.x86_64.iso

VMware cloud solutions for Cisco ISE

On any public cloud platform, configure your VPN to allow the VMware engine to connect to on-premises deployments and to other required devices and services. You can deploy Cisco ISE on VMware cloud solutions using these public cloud platforms:

  • VMware Cloud on Amazon Web Services (AWS): Host Cisco ISE on a software-defined data center provided by VMware Cloud on AWS. Configure the appropriate security group policies on VMware Cloud (in the Networking and Security > Security > Gateway Firewall Settings page) to allow access to on-premises deployments and other required devices and services.

  • Azure VMware Solution: Azure VMware Solution runs VMware workloads natively on Microsoft Azure. You can host Cisco ISE as a VMware virtual machine.

  • Google Cloud VMware Engine: The Google Cloud VMware Engine runs software-defined data centers by VMware. You can host Cisco ISE as a VMware virtual machine using the VMware Engine.

For more information on deploying Cisco ISE on cloud platforms, see Deploy Cisco Identity Services Engine Natively on Cloud Platforms.

Virtual machine size recommendations

The VM appliance specifications should match those of physical appliances used in a production environment.

Follow these guidelines when allocating resources for the appliance:

  • Do not share or oversubscribe resources across multiple guest VMs. Use OVF templates to assign adequate resources. If you install Cisco ISE manually using the ISO image, ensure you assign equivalent reservations.

    If you do not allocate the specified resources, performance degradation or service failure might occur. To avoid these issues, deploy dedicated VM resources.

    If you deploy Cisco ISE manually without the recommended reservations, you must closely monitor your appliance’s resource utilization. Increase resources as needed to ensure proper health and functioning of the Cisco ISE deployment.

  • If you are using the OVA templates for installation, check these settings in the Edit Settings page (under the Virtual Hardware tab), after the installation is complete:

    • Ensure that you assign the resource reservations that are specified in the VMware virtual machine requirements section in the CPU/Memory Reservation field to ensure proper health and functioning of the Cisco ISE deployment.

    • Ensure that the CPU usage in the CPU Limit field is set to Unlimited. Setting a limit for CPU usage impacts system performance. If a limit is set, shut down the VM client, remove the limit, and restart the client.

    • Ensure that the memory usage in the Memory Limit field is set to Unlimited. Setting a limit for memory usage will impact the system performance.

    • Ensure that the Shares option is set as High in the Hard Disk area.

      Admin and MnT nodes rely heavily on disk usage. Using shared disk storage VMware environment might degrade disk performance. You must increase the number of disk shares allocated to a node to improve performance.

  • You can deploy Policy Service nodes on VMs with less disk space than Administration or Monitoring nodes. The minimum disk space for any production Cisco ISE node is 300 GB.

  • VMs can be configured with one to six NICs. Configure VMs with at least two NICs when possible. Additional interfaces support services such as profiling, guest services, or RADIUS.


Note

If you decrease the RAM or CPU allocation for a VM, you must reimage Cisco ISE with the new VM configuration. However, increasing the RAM or CPU capacity does not require reimaging.

Disk space requirements for VMs in a Cisco ISE deployment

This table lists the Cisco ISE disk-space allocation recommended for running a VM in a production deployment.


Note

To boot a GPT partition with 2 TB or more, change the firmware from BIOS to EFI in the VM settings boot mode.

Table 7. Recommended disk space for VMs

Cisco ISE persona

Minimum disk space for evaluation

Minimum disk space for production

Recommended disk space for production

Maximum disk space

Standalone Cisco ISE

300 GB

600 GB

600 GB to 2.4 TB

2.4 TB

Distributed Cisco ISE, Administration only

300 GB

600 GB

600 GB

2.4 TB

Distributed Cisco ISE, Monitoring only

300 GB

600 GB

600 GB to 2.4 TB

2.4 TB

Distributed Cisco ISE, Policy Service only

300 GB

300 GB

300 GB

2.4 TB

Distributed Cisco ISE, pxGrid only

300 GB

300 GB

300 GB

2.4 TB

Distributed Cisco ISE, Administration and Monitoring (and optionally, pxGrid)

300 GB

600 GB

600 GB to 2.4 TB

2.4 TB

Distributed Cisco ISE, Administration, Monitoring, and Policy Service (and optionally, pxGrid)

300 GB

600 GB

600 GB to 2.4 TB

2.4 TB


Note

Additional disk space is required to store local debug logs and staging files. Extra space is also needed to handle log data during an upgrade, when the Primary Administration node temporarily becomes a Monitoring node.

Disk space guidelines for Cisco ISE

Consider these guidelines when determining the disk space for Cisco ISE:

  • Cisco ISE must be installed on a single disk in a VM.

  • Disk allocation varies based on logging retention requirements. On any node that has the Monitoring persona enabled, 60 percent of the VM disk space is allocated for log storage. A deployment with 25,000 endpoints generates approximately 1 GB of logs per day.

    For example, if you have a Monitoring node with 600 of GB VM disk space, 360 GB is allocated for log storage. If 100,000 endpoints connect to this network every day, it generates approximately 4 GB of logs per day. In this case, you can store 76 days of logs in the Monitoring node, after which you must transfer the old data to a repository and purge it from the Monitoring database.

For extra log storage, you can increase the VM disk space. For every 100 GB of disk space that you add, you get 60 GB more for log storage.

If you increase the disk size of your virtual machine after initial installation, perform a fresh installation of Cisco ISE. This ensures that Cisco ISE properly detects and uses the full disk allocation.

This table shows the retention period for RADIUS logs on your Monitoring node based on disk space and endpoint count. These values are based on these assumptions: Ten or more authentications per day per endpoint with logging suppression enabled.

Table 8. Monitoring node log storage (retention period in days for RADIUS)

Number of endpoints

300 GB

600 GB

1024 GB

2048 GB

5,000

504

1510

2577

5154

10,000

252

755

1289

2577

25,000

101

302

516

1031

50,000

51

151

258

516

100,000

26

76

129

258

150,000

17

51

86

172

200,000

13

38

65

129

250,000

11

31

52

104

500,000

6

16

26

52

This table shows the TACACS+ log retention period on your Monitoring node based on disk space and endpoint count. These values are based on these assumptions: The script runs against all NADs, 4 sessions per day, and 5 commands per session.

Table 9. Monitoring node log storage (retention period in days for TACACS+)

Number of endpoints

300 GB

600 GB

1024 GB

2048 GB

100

12,583

37,749

64,425

128,850

500

2,517

7,550

12,885

25,770

1,000

1,259

3,775

6,443

12,885

5,000

252

755

1,289

2,577

10,000

126

378

645

1,289

25,000

51

151

258

516

50,000

26

76

129

258

75,000

17

51

86

172

100,000

13

38

65

129

Increase disk size

If the context and visibility functions are slow or storage space for logs is not sufficient, you must allocate more disk space.

For every 100 GB of disk space that you add, 60 GB is available for log storage.

To enable Cisco ISE to detect and use the new disk allocation, you must deregister the node, update the VM settings, and reinstall Cisco ISE. You can install Cisco ISE on a new, larger node and add that node to the deployment for high availability. After synchronizing the nodes, configure the new VM as the primary node and deregister the original VM.

Decrease disk size

If you reduce the VM reservations after installing Cisco ISE, you must perform these steps:

  1. Perform a backup of Cisco ISE.

  2. Re-image Cisco ISE with the updated VM configuration.

  3. Restore Cisco ISE.