Cisco ISE on Nutanix AHV
Cisco Identity Services Engine (ISE) is a network administration product that enables the creation and enforcement of security and access policies for endpoint devices connected to the company’s routers and switches. The purpose is to simplify identity management across diverse devices and applications.
Cisco ISE can now be deployed and be used as a virtual form factor on Nutanix AHV HCI platform in addition to other industry standard hypervisors like VMWare ESXi. Below are the technical details we followed to get a fully functional ISE VM running on AHV.
Official Cisco ISE (Identity Services Engine) Documentation: https://www.cisco.com/c/en/us/support/security/identity-services-engine/series.html
Getting the Cisco ISE image thats compatible with Nutanix AHV
- Use your Cisco login to download the following ISO file or a version greater than or equal to 2.6.x. The ISO file used for our installation: ise-2.6.0.156.SPA.x86_64.iso
- Upload the above ISO file to Nutanix Prism Element (PE) or Prism Central (PC) using image services (refer Nutanix documentation: https://portal.nutanix.com/page/documents/details?targetId=Web-Console-Guide-Prism-v5_19:wc-image-configure-acropolis-wc-t.html )
Deploying the Cisco ISE virtual appliance on Nutanix AHV
Create a VM using the above ISO image using the following configurations:
- vcpu: 12
- Memory: 16GiB
- vDisk: SCSI bus, 200GiB
- vNIC: 1
For more details on the steps to create a VM on Nutanix AHV, refer to official Nutanix documentation: https://portal.nutanix.com/page/documents/details?targetId=Web-Console-Guide-Prism-v5_19:wc-vm-management-wc-c.html
NOTE: Post creation of the virtual appliance DO NOT power on the VM till the below configurations are complete.
Additional Nutanix Command line Configuration via acli
Ssh to any of the cvms or to cluster ip and run the below acli commands to update the above created virtual machine configuration.
- <acropolis> vm.serial_port_create <Cisco ISE VA Name> type=kServer index=0
- <acropolis> vm.update <Cisco ISE VA Name> disable_branding=true
- <acropolis> vm.update <Cisco ISE VA Name> extra_flags=”enable_hyperv_clock=False”
Power on the virtual machine and choose option — “Cisco ISE Installation (Keyboard/Monitor)”
