Overview
Provides guidance on how to allocate VM disk space for Cisco ISE, explains disk sizing limits, and details how disk allocation impacts log retention for different personas and endpoint counts. Outlines best practices for resizing disks and optimizing log storage on Monitoring nodes.
Consider these guidelines when determining the disk space for Cisco ISE:
-
Cisco ISE must be installed on a single disk in a VM.
-
Disk allocation varies based on logging retention requirements. On any node that has the Monitoring persona enabled, 60 percent of the VM disk space is allocated for log storage. A deployment with 25,000 endpoints generates approximately 1 GB of logs per day.
For example, if you have a Monitoring node with 600 GB VM disk space, 360 GB is allocated for log storage. If 100,000 endpoints connect to this network every day, it generates approximately 4 GB of logs per day. In this case, you can store 76 days of logs in the Monitoring node, after which you must transfer the old data to a repository and purge it from the Monitoring database.
For extra log storage, you can increase the VM disk space. For every 100 GB of disk space that you add, you get 60 GB more for log storage.
If you increase the disk size of your virtual machine after initial installation, perform a fresh installation of Cisco ISE. This ensures that Cisco ISE properly detects and uses the full disk allocation.
This table shows the retention period for RADIUS logs on your Monitoring node based on disk space and endpoint count. These values are based on these assumptions: Ten or more authentications per day per endpoint with logging suppression enabled.
| Number of endpoints |
300 GB |
600 GB |
1024 GB |
2048 GB |
|---|---|---|---|---|
| 5,000 |
504 |
1510 |
2577 |
5154 |
| 10,000 |
252 |
755 |
1289 |
2577 |
| 25,000 |
101 |
302 |
516 |
1031 |
| 50,000 |
51 |
151 |
258 |
516 |
| 100,000 |
26 |
76 |
129 |
258 |
| 150,000 |
17 |
51 |
86 |
172 |
| 200,000 |
13 |
38 |
65 |
129 |
| 250,000 |
11 |
31 |
52 |
104 |
| 500,000 |
6 |
16 |
26 |
52 |
This table shows the TACACS+ log retention period on your Monitoring node based on disk space and endpoint count. These values are based on these assumptions: The script runs against all NADs, 4 sessions per day, and 5 commands per session.
| Number of endpoints |
300 GB |
600 GB |
1024 GB |
2048 GB |
|---|---|---|---|---|
| 100 |
12,583 |
37,749 |
64,425 |
128,850 |
| 500 |
2,517 |
7,550 |
12,885 |
25,770 |
| 1,000 |
1,259 |
3,775 |
6,443 |
12,885 |
| 5,000 |
252 |
755 |
1,289 |
2,577 |
| 10,000 |
126 |
378 |
645 |
1,289 |
| 25,000 |
51 |
151 |
258 |
516 |
| 50,000 |
26 |
76 |
129 |
258 |
| 75,000 |
17 |
51 |
86 |
172 |
| 100,000 |
13 |
38 |
65 |
129 |
Increase disk size
If the context and visibility functions are slow or storage space for logs is not sufficient, you must allocate more disk space.
For every 100 GB of disk space that you add, 60 GB is available for log storage.
To enable Cisco ISE to detect and use the new disk allocation, you must deregister the node, update the VM settings, and reinstall Cisco ISE. You can install Cisco ISE on a new, larger node and add that node to the deployment for high availability. After synchronizing the nodes, configure the new VM as the primary node and deregister the original VM.
Decrease disk size
If you reduce the VM reservations after installing Cisco ISE, you must perform these steps:
-
Perform a backup of Cisco ISE.
-
Re-image Cisco ISE with the updated VM configuration.
-
Restore Cisco ISE.