cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8700
Views
43
Helpful
0
Comments
thomas
Cisco Employee
Cisco Employee

We often get asked:

Which is better for an ISE deployment - Appliances, VMs or Cloud?

There is no difference - other than the initial installation and upgrade procedures - between the operation of physical or virtual (VM or cloud) ISE nodes in a deployment:

  • documentation is the same
  • operation is the same
  • performance and scale is the same - assuming you use equivalent, dedicated hardware for virtual instances as our appliances
  • we support mixing physical and virtual ISE nodes in a deployment

For each ISE release, OVA files are created whose resource requirements are directly mapped to the currently supported appliances which are documented in the ISE Performance and Scale document.

Ultimately the final decision for Appliance vs VM vs Cloud is a customer decision based on their needs and preferences for their environment:

    Pros Cons
Appliances
  • Dedicated hardware resources for guaranteed performance
  • Do not need to rely on other teams to properly configure and resource the ISE application
  • Politically, "network/security hardware" is owned by network/security team
  • Procurement Process
  • Potential supply chain delays
  • Rack and stack new appliances
  • Requires physical access to upgrade to newer releases
  • No Blue-Green upgrade options unless you have an entire backup ISE deployment
Virtual Machines
  • Flexibility to run on any unified computing hardware infrastructure, anywhere
  • Quickly create new ISE nodes when and where needed
  • Quickly clone and deploy new ISE PSN nodes for large deployments or for Upgrades
  • Quickly try new ISE versions and features in the lab
  • Option to use flash storage for major performance increase, especially on ISE MNT nodes
  • Option for greater storage beyond the physical appliance capability (up to 2TB) for longer log retention
  • Option for Blue-Green ISE upgrades if you have the VM resources for a parallel ISE deployment
  • Potential procurement process delays including supply chain delays for unified computing hardware if you do not already have it
  • Politically, VMs may be owned by Server team which may be a problem for the network or security team(s)
  • Potential for hardware misconfiguration or under-resourcing when built from ISO
  • Potential to ignore the required VM Resource Reservations. Many ISE performance problems reported to TAC are due to improperly resourced ISE VMs or lack of VM Resource Reservations!
Cloud Instances
  • Rapid deployment - about 1 hour if you use a cloud provider's wizard; 30 minutes with automation
  • Flexible hardware instance types (up to 2TB) storage like VMs
  • Simple, pay-as-you-go billing
  • Deployment automation
  • Quickly spin up test instances for new scenarios or trying a new ISE version
  • Learning curve - every cloud provider has different terminology, tools and APIs
  • Security - there is no implicit security you must provision security groups and VPNs yourself
  • Potential for surprise bills if you do not terminate resources
  • No in-place upgrades - only backup and restore to new nodes for Blue-Green deployment upgrades

 

References

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: