Cisco SNS 3515 Identity Services Engine Instruction Manual

Cisco SNS 3515 Identity Services Engine

Product Information

Specifications

• Product Name: Cisco ISE
• Compatibility: Cisco SNS hardware appliances, VMware virtual machines
• Supported Operating Systems: Cisco ISE 2.0.1 or later releases
• Installation Method: Bootable USB device, ISO file

Product Usage Instructions

Creating a Bootable USB Device to Install Cisco ISE

1. Reformat the USB device using FAT16 or FAT32 to free up all the space.
2. Plug in the USB device to the local system and launch LiveUSB-creator.
3. Click Browse from the Use existing Live CD area and choose the Cisco ISE ISO file.
4. Choose the USB device from the Target Device drop-down list. If there is only one USB device connected to the local system, it is selected automatically.
5. Click Create Live USB. The progress bar indicates the progress of the bootable USB creation.
6. After this process is complete, the content of the USB drive is available in the local system that you used to run the USBtool.
7. Manually update two text files located on the USB drive. Open the following text files in a text editor: Additional Installation Information 1, Additional Installation Information 2.
8. In these files, replace all instances of the cdrom string with ks=hd:sdb1:/ks.cfg as an example.
9. Save the files and exit.
10. Safely remove the USB device from the local system.
11. Plug in the bootable USB device to the Cisco ISE appliance.
12. Restart the appliance and boot from the USB drive to install Cisco ISE.

Reimaging the Cisco SNS Hardware Appliance

The Cisco SNS hardware appliances do not have built-in DVD drives. Therefore, to reimage a Cisco ISE hardware appliance with Cisco ISE software, follow these steps:

1. Note that Cisco SNS hardware appliances support the Unified Extensible Firmware Interface (UEFI) secure boot feature.
2. Ensure that only a Cisco-signed ISE image can be installed on the SNS hardware appliances.
3. Prevent installation of any unsigned operating system even with physical access to the device.
4. For example, generic operating systems such as Red Hat Enterprise Linux or Microsoft Windows cannot boot on this appliance.
5. Make sure that the SNS 3515 and SNS 3595 appliances support only Cisco ISE 2.0.1 or later releases.
6. Do not attempt to install a release earlier than 2.0.1 on the SNS 3515 or SNS 3595 appliance.

Installing Cisco ISE on VMware Virtual Machine Using the ISO File

This section describes how to install Cisco ISE on a VMware virtual machine using the ISO file.

Prerequisites for Configuring a VMware ESXi Server

Review the following configuration prerequisites listed in this section before you attempt to configure a VMWare ESXi server:

Virtualization Technology Check

If you have an ESXi server installed already, you can check if Virtualization Technology is enabled on it without rebooting the machine. To do this, use the excel-info command.

FAQ

• Q: What are the supported operating systems for Cisco ISE?
• A: Cisco ISE supports 2.0.1 or later releases.
• Q: Can I install a release earlier than 2.0.1 on the SNS 3515 or SNS 3595 appliance?
• A: No, you cannot install a release earlier than 2.0.1 on the SNS 3515 or SNS 3595 appliance.
• Q: Can I install Cisco ISE on a VMware virtual machine using an ISO file?
• A: Yes, you can install Cisco ISE on a VMware virtual machine using the ISO file.

SNS Appliance Reference

Create a Bootable USB Device to Install Cisco ISE

Before you begin

• Use the LiveUSB-creator tool to create a bootable USB device from the Cisco ISE installation ISO file. Download

• https://github.com/lmacken/liveus creator/releases/tag/3.12.0 https://github.com/lmacken/liveusb-creator/releases/tag/3.12.0 to the local system.

• Download the Cisco ISE installation ISO file to the local system.

• Use a 16-GB or 32-GB USB device.

• Step 1 Reformat the USB device using FAT16 or FAT32 to free up all the space.

• Step 2 Plug in the USB device to the local system and launch LiveUSB-creator.

• Step 3 Click Browse from the Use existing Live CD area and choose the Cisco ISE ISO file.

• Step 4 Choose the USB device from the Target Device drop-down list. If there is only one USB device connected to the local system, it is selected automatically.

• Step 5 Click Create Live USB. The progress bar indicates the progress of the bootable USB creation. After this process is complete, the content of the USB drive is available in the local system that you used to run the USB tool. There are two text files that you must manually update before you can install Cisco ISE.

• Step 6 From the USB drive, open the following text files in a text editor:

• isolinux/isolinux.cfg or syslinux/syslinux.cfg

• EFI/BOOT/grub.cfg

• Step 7 Replace the term “cdrom” in both files.

• If you have a SNS 3515, 3595, 3615, 3655, or 3695 appliance, replace the term “cdrom” with “hd:sdb1” in both files. Specifically, replace all instances of the “cdrom” string. For example, replace
  ks=cdrom/ks.cfg
  with
  ks=hd:sdb1:/ks.cfg

• Step 8 Save the files and exit.

• Step 9 Safely remove the USB device from the local system.

• Step 10 Plug in the bootable USB device to the Cisco ISE appliance, restart the appliance, and boot from the USB drive to install Cisco ISE. Reimage

Reimage the Cisco SNS Hardware Appliance

The Cisco SNS hardware appliances do not have built-in DVD drives. Therefore, to reimage a Cisco ISE hardware appliance with Cisco ISE software, you can do one of the following:

Note

Cisco SNS hardware appliances support the Unified Extensible Firmware Interface (UEFI) secure boot feature. This feature ensures that only a Cisco- signed ISE image can be installed on the SNS hardware appliances, and prevents installation of any unsigned operating system even with physical access to the device. For example, generic operating systems, such as Red Hat Enterprise Linux or Microsoft Windows cannot boot on this appliance.The SNS 3515 and SNS 3595 appliances support only Cisco ISE 2.0.1 or later releases. You cannot install a release earlier than 2.0.1 on the SNS 3515 or SNS 3595 appliance.

• Use the Cisco Integrated Management Controller (Cisco IMC) interface to map the installation .iso file to the virtual DVD device.
• Create an install DVD with the installation .iso file plug in a USB external DVD drive and boot the appliance from the DVD drive.
• Create a bootable USB device using the installation .iso file and boot the appliance from the USB drive.

VMware Virtual Machine

Note

The VMware form factor instructions provided in this document are applicable for Cisco ISE installed on Cisco Hyperflex as well.

Virtual Machine Resource and Performance Checks

Before installing Cisco ISE on a virtual machine, the installer performs hardware integrity checks by comparing the available hardware resources on the virtual machine with the recommended specifications.
During a VM resource check, the installer checks for the hard disk space, number of CPU cores allocated to the VM, CPU clock speed, and RAM allocated to the VM. If the VM resources do not meet the basic evaluation specifications, the installation terminates. This resource check is applicable only for ISO- based installations. When you run the Setup program, a VM performance check is done, where the installer checks for disk I/O performance. If the disk I/O performance does not meet the recommended specifications, a warning appears on the screen, but it allows you to continue with the installation.

• The VM performance check is done periodically (every hour) and the results are averaged for a day. If the disk I/O performance does not meet the recommended specification, an alarm is generated.
• The VM performance check can also be done on demand from the Cisco ISE CLI using the show tech-support command.
• The VM resource and performance checks can be run independently of Cisco ISE installation. You can perform this test from the Cisco ISE boot menu.

Install Cisco ISE on VMware Virtual Machine Using the ISO File

This section describes how to install Cisco ISE on a VMware virtual machine using the ISO file.

Prerequisites for Configuring a VMware ESXi Server

Review the following configuration prerequisites listed in this section before you attempt to configure a VMWare ESXi server:

• Remember to log in to the ESXi server as a user with administrative privileges (root user).
• Cisco ISE is a 64-bit system. Before you install a 64-bit system, ensure that Virtualization Technology (VT) is enabled on the ESXi server.
• Ensure that you allocate the recommended amount of disk space on the VMware virtual machine.
• If you have not created a VMware virtual machine file system (VMFS), you must create one to support the Cisco ISE virtual appliance. The VMFS is set for each of the storage volumes configured on the VMware host. For VMFS5, the 1-MB block size supports up to 1.999 TB virtual disk size.

Virtualization Technology Check

If you have an ESXi server installed already, you can check if Virtualization Technology is enabled on it without rebooting the machine. To do this, use the Excel-info command. Here is an example:

• If HV Support has a value of 3, then VT is enabled on the ESXi server and you can proceed with the installation.
• If HV Support has a value of 2, then VT is supported, but not enabled on the ESXi server. You must edit the BIOS settings and enable VT on the server.

Enable Virtualization Technology on an ESXi Server

You can reuse the same hardware that you used for hosting a previous version of the Cisco ISE virtual machine. However, before you install the latest release, you must enable Virtualization Technology (VT) on the ESXi server.

• Step 1 Reboot the appliance.
• Step 2 Press F2 to enter setup.
• Step 3 Choose Advanced > Processor Configuration.
• Step 4 Select Intel(R) VT and enable it.
• Step 5 Press F10 to save your changes and exit.

Configure VMware Server Interfaces for the Cisco ISE Profiler Service

Configure VMware server interfaces to support the collection of Switch Port Analyzer (SPAN) or mirrored traffic to a dedicated probe interface for the Cisco ISE Profiler Service.

• Step 1 Choose Configuration > Networking > Properties > VMNetwork (the name of your VMware server instance)VMswitch0 (one of your VMware ESXi server interfaces) Properties Security.
• Step 2 In the Policy Exceptions pane on the Security tab, check the Promiscuous Mode check box.
• Step 3 In the Promiscuous Mode drop-down list, choose Accept and click OK. Repeat the same steps on the other VMware ESXi server interface used for profiler data collection of SPAN or mirrored traffic

Connect to the VMware Server Using the Serial Console

• Step 1 Power down the particular VMware server (for example ISE-120).
• Step 2 Right-click the VMware server and choose Edit.
• Step 3 Click Add on the Hardware tab.
• Step 4 Choose Serial Port and click Next.
• Step 5 In the Serial Port Output area, click the Use physical serial port on the host or the Connect via Network radio button and click Next.
  • If you choose the Connect via Network option, you must open the firewall ports over the ESXi server.
  • If you select the Use physical serial port on the host, choose the port. You may choose one of the following two options:
  • /dev/ttyS0 (In the DOS or Windows operating system, this will appear as COM1).
  •  /dev/ttyS1 (In the DOS or Windows operating system, this will appear as COM2).
• Step 6 Click Next.
• Step 7 In the Device Status area, check the appropriate check box. The default is Connected.
• Step 8 Click OK to connect to the VMware server

Configure a VMware Server

Before you begin Ensure that you have read the Prerequisites for Configuring a VMware ESXi Server.

• Step 1 Log in to the ESXi server.
• Step 2 In the VMware vSphere Client, in the left pane, right-click your host container and choose New Virtual Machine.
• Step 3 In the Select a Creation Type area, click Create a new virtual machine and click Next.
• Step 4 I n the Select a Name and Folder area, enter a name for the VMware system, select a location from the displayed list, and click Next. Tip Use the hostname that you want to use for your VMware host.
• Step 5 In the Select a compute resource area, choose a destination compute resource and click Next.
• Step 6 In the Select storage area, choose a datastore that has the recommended amount of space available and click Next.
• Step 7 In the Select compatibility area, from the Compatible with drop-down list, choose an ESXi version that is compatible with your Cisco ISE version and click Next. For information the ESXi versions that are compatible with your Cisco ISE release, see “Supported Virtual Environments” in the Release Notes for Cisco Identity Services Engine for your release.
• Step 8 In the Select a guest OS area, carry out the following steps and then click Next:
  • From the Guest OS Family drop-down list, choose Linux.
  • From the Guest OS Version drop-down list, choose the supported Red Hat Enterprise Linux (RHEL) version.
• Step 9 In the Customize hardware area, in the Virtual Hardware tab, carry out the following configurations and then click Next
  •  choose the required values from the CPU and Memory drop-down lists according to the SNS series appliance you use:
• SNS 3600 Series Appliance:
  • Small—16 vCPU cores, 32 GB
  • Medium—24 vCPU cores, 96 GB
  • Large—24 vCPU cores, 256 GB The number of cores is twice of that present in the equivalent of the Cisco Secure Network Server 3600 series, due to hyperthreading. For example, in case of Small network deployment, you must allocate 16 vCPU cores to meet the CPU specification of SNS 3615, which has 8 CPU Cores or 16 Threads

Note

You must reserve vCPU and memory resources equivalent to the configured vCPU cores and memory allocations. Failure to do so may significantly impact Cisco ISE performance and stability. Click the CPU and Memory collapsible areas and update the reservation fields for each setting.

• * From the New SCSI Controller drop-down list, choose Paravirtual.

  • From the New Network and New CD/DVD Drive drop-down lists, choose the required network and ISO files.
• Step 10 Choose the amount of memory and click Next.
• Step 11 Choose the NIC driver from the Adapter drop-down list and click Next.
• Step 12 Choose Create a new virtual disk and click Next.
• Step 13 In the Disk Provisioning dialog box, click Thick provisioned, eagerly zeroed radio button, and click Next to continue. Cisco ISE supports both thick and thin provisioning. However, we recommend that you choose thick provisioned, eagerly zeroed for better performance, especially for Monitoring nodes. If you choose thin provisioning, operations such as upgrade, backup and restore, and debug logging that require more disk space might be impacted during initial disk expansion.
• Step 14 Uncheck the Support clustering features such as Fault Tolerance check box.
• Step 15 In the Ready to Complete area, verify the configuration details, such as name, guest OS, CPUs, memory, and disk size of the newly created VMware system.
• Step 16 Click Finish. The VMware system is now installed.

What to do next

To activate the newly created VMware system, right-click VM in the left pane of your VMware client user interface and choose Power > Power On.

Increase Virtual Machine Power-On Boot Delay Configuration

On a VMware virtual machine, the boot delay by default is set to 0. You can change this boot delay to help you choose the boot options (while resetting the Administrator password, for example).

• Step 1 From the VSphere client, right-click the VM and choose Edit Settings.
• Step 2 Click the Options tab.
• Step 3 Choose Advanced > Boot Options.
• Step 4 From the Power on Boot Delay area, select the time in milliseconds to delay the boot operation.
• Step 5 Check the check box in the Force BIOS Setup area to enter into the BIOS setup screen when the VM boots the next time.
• Step 6 Click OK to save your changes.

Install Cisco ISE Software on a VMware System

• Step 1 Log in to the VMware client.

• Step 2 For the VM to enter the BIOS setup mode, right-click the VM and select Edit Settings.

• Step 3 Click the Options tab.

• Step 4 Click Boot Options, and in the Force BIOS Setup area, check the BIOS check box to enter the BIOS setup screen when the VM boots. You must change the firmware from BIOS to EFI in the boot mode of VM settings to boot GPT partitions with 2 TB or more capacity. Note If you have selected Guest OS RHEL 8 and EFI boot mode, disable the Enable UEFI Secure Boot option. This option is enabled by default for the Guest operating system RHEL 8 VM.

• Step 5 Click OK.

• Step 6 Ensure that the Coordinated Universal Time (UTC) and the correct boot order are set in BIOS

  • If the VM is turned on, turn the system off.
  •  Turn on the VM. The system enters the BIOS setup mode.
  • In the Main BIOS menu, using the arrow keys, navigate to the Date and Time field and press Enter.
  • Enter the UTC/Greenwich Mean Time (GMT) time zone. This time zone setting ensures that the reports, logs, and posture-agent log files from the various nodes in your deployment are always synchronized with regard to the time stamps.
  • Using the arrow keys, navigate to the Boot menu and press Enter.
  • Using the arrow keys, select CD-ROM drive and press + to move the CD-ROM drive up the order.
  • Using the arrow keys, navigate to the Exit menu and choose Exit Saving Changes.
  • Choose Yes to save the changes and exit.

• Step 7 Insert the Cisco ISE software DVD into the VMware ESXi host CD/DVD drive and turn on the virtual machine. When the DVD boots, the console displays the Cisco ISE software DVD into the VMware ESXi host CD/DVD drive and turn on the virtual machine. When the DVD boots, the console displays

• Step 8 Use the arrow keys to select Cisco ISE Installation (Serial Console) or Cisco ISE Installation (Keyboard/Monitor) and press Enter. If you choose the serial console option, you should have a serial console set up on your virtual machine. See the VMware vSphere Documentation for information on how to create a console. The installer starts the installation of the Cisco ISE software on the VMware system. Allow 20 minutes for the installation process to complete. When the installation process finishes, the virtual machine reboots automatically. When the VM reboots, the console displays

• Step 9 At the system prompt, type setup and press Enter

The Setup Wizard appears and guides you through the initial configuration

VMware Tools Installation Verification

Verify VMWare Tools Installation Using the Summary Tab in the vSphere Client

Go to the Summary tab of the specified VMware host in the vShpere Client. The value in the VMware Tools field should be OK.

Figure 1: Verifying VMware Tools in the vSphere Client

Verify VMWare Tools Installation Using the CLI

You can also verify if the VMware tools are installed using the show inventory command. This command lists the NIC driver information. On a virtual machine with VMware tools installed, VMware Virtual Ethernet driver will be listed in the Driver Descr field.

Support for Upgrading VMware Tools

The Cisco ISE ISO image contains the supported VMware tools. Upgrading VMware tools through the VMware client user interface is not supported with Cisco ISE. If you want to upgrade any VMware tools to a higher version, support is provided through a newer version of Cisco ISE.

Clone a Cisco ISE Virtual Machine

You can clone a Cisco ISE VMware virtual machine (VM) to create an exact replica of a Cisco ISE node. For example, in a distributed deployment with multiple Policy Service nodes (PSNs), VM cloning helps you deploy the PSNs quickly and effectively. You do not have to install and configure the PSNs individually. You can also clone a Cisco ISE VM using a template.

Note For cloning, you need VMware vCenter. Cloning must be done before you run the Setup program.

Before you begin

• Ensure that you shut down the Cisco ISE VM that you are going to clone. In the vSphere client, right-click the Cisco ISE VM that you are about to clone and choose Power > Shut Down Guest.

• Ensure that you change the IP Address and Hostname of the cloned machine before you power it on and connect it to the network.

• Step 1 Log in to the ESXi server as a user with administrative privileges (root user). VMware vCenter is required to perform this step.

• Step 2 Right-click the Cisco ISE VM you want to clone, and click Clone.
  Step 3 Enter a name for the new machine that you are creating in the Name and Location dialog box and click Next. This is not the hostname of the new Cisco ISE VM that you are creating, but a descriptive name for your reference.

• Step 4 Select a Host or Cluster on which you want to run the new Cisco ISE VM and click Next.

• Step 5 Select a datastore for the new Cisco ISE VM that you are creating and click Next. This datastore could be the local datastore on the ESXi server or a remote storage. Ensure that the datastore has enough disk space.

• Step 6 Click the Same format as source radio button in the Disk Format dialog box and click Next. This option copies the same format that is used in the Cisco ISE VM that you are cloning this new machine from.

• Step 7 Click the Do not Customize radio button in the Guest Customization dialog box and click Next.

• Step 8 Click Finish

What to do next

• Changing the IP Address and Hostname of a Cloned Virtual Machine
• Connecting a Cloned Cisco Virtual Machine to the Network

Clone a Cisco ISE Virtual Machine Using a Template

If you are using vCenter, then you can use a VMware template to clone a Cisco ISE virtual machine (VM). You can clone the Cisco ISE node to a template and use that template to create multiple new Cisco ISE nodes. Cloning a virtual machine using a template is a two-step process:

Before you begin

Note For cloning, you need VMware vCenter. Cloning must be done before you run the Setup program

• Step 1 Create a Virtual Machine Template, on page 10
• Step 2 Deploy a Virtual Machine Template, on page 11

Create a Virtual Machine Template

Before you begin

• Ensure that you shut down the Cisco ISE VM that you are going to clone. In the vSphere client, right-click the Cisco ISE VM that you are about to clone and choose Power > Shut Down Guest.
•  We recommend that you create a template from a Cisco ISE VM that you have just installed and not run the setup program on. You can then run the setup program on each of the individual Cisco ISE nodes that you have created and configured IP addresses and hostnames individually
• Step 1 Log in to the ESXi server as a user with administrative privileges (root user). VMware vCenter is required to perform this step.
• Step 2 Right-click the Cisco ISE VM that you want to clone and choose Clone > Clone to Template.
• Step 3 Enter a name for the template, choose a location to save the template in the Name and Location dialog box, and click Next.
• Step 4 Choose the ESXi host that you want to store the template on and click Next.
• Step 5 Choose the datastore that you want to use to store the template and click Next. Ensure that this data store has the required amount of disk space.
• Step 6 Click the Same format as the source radio button in the Disk Format dialog box and click Next. The Ready to Complete dialog box appears.
• Step 7 Click Finish

Deploy a Virtual Machine Template
After you create a virtual machine template, you can deploy it on other virtual machines (VMs).

• Step 1 Right-click the Cisco ISE VM template that you have created and choose Deploy Virtual Machine from this template.
• Step 2 Enter a name for the new Cisco ISE node, choose a location for the node in the Name and Location dialog box, and click Next.
• Step 3 Choose the ESXi host where you want to store the new Cisco ISE node and click Next.
• Step 4 Choose the datastore that you want to use for the new Cisco ISE node and click Next. Ensure that this data store has the required amount of disk space.
• Step 5 Click the Same format as the source radio button in the Disk Format dialog box and click Next.
• Step 6 Click the Do not Customize radio button in the Guest Customization dialog box. The Ready to Complete dialog box appears.
• Step 7 Check the Edit Virtual Hardware check box and click Continue. The Virtual Machine Properties page appears.
• Step 8 Choose the Network adapter, uncheck the Connected and Connect at power on checkboxes, and click OK.
• Step 9 Click Finish. You can now power on this Cisco ISE node, configure the IP address and hostname, and connect it to the network.

What to do next

• Change the IP Address and Hostname of a Cloned Virtual Machine
• Connect a Cloned Cisco Virtual Machine to the Network

Change the IP Address and Hostname of a Cloned Virtual Machine

After you clone a Cisco ISE virtual machine (VM), you have to power it on and change the IP address and hostname.

Before you begin

• Ensure that the Cisco ISE node is in a standalone state.
• Ensure that the network adapter on the newly cloned Cisco ISE VM is not connected when you power on the machine. Uncheck the Connected and Connect at power on check boxes. Otherwise, if this node comes up, it will have the same IP address as the source machine from which it was cloned.

Figure 2 : Disconnecting the Network Adapter

• Ensure that you have the IP address and hostname that you are going to configure for the newly cloned VM as soon as you power on the machine. This IP address and hostname entry should be in the DNS server. You cannot use “localhost” as the hostname for a node.
• Ensure that you have certificates for the Cisco ISE nodes based on the new IP address or hostname. Procedure
• Step 1 Right-click the newly cloned Cisco ISE VM and choose Power > Power On.
• Step 2 Select the newly cloned Cisco ISE VM and click the Console tab.
• Step 3 Enter the following commands on the Cisco ISE CLI: configure terminal hostname hostname The hostname is the new hostname that you are going to configure. The Cisco ISE services are restarted.
• Step 4 Enter the following commands

interface gigabit 0
ip address ip_address netmask
The ip_address is the address that corresponds to the hostname that you entered in step 3 and netmask is the subnet mask
of the ip_address. The system will prompt you to restart the Cisco ISE services. See the Cisco Identity Services Engine  CLI Reference Guide, for the ip address and hostname commands

• Step 5 Enter Y to restart Cisco ISE services.

Connect a Cloned Cisco Virtual Machine to the Network

After you power on and change the ip address and hostname, you must connect the Cisco ISE node to the network

• Step 1 Right-click the newly cloned Cisco ISE virtual machine (VM) and click Edit Settings.
• Step 2 Click the Network adapter in the Virtual Machine Properties dialog box.
• Step 3 In the Device Status area, check the Connected and Connect at power on checkboxes.
• Step 4 Click OK.

Migrate Cisco ISE VM from Evaluation to Production

After evaluating the Cisco ISE release, you can migrate from an evaluation system to a fully licensed production system.

Before you begin

•  When you move the VMware server to a production environment that supports a larger number of users, be sure to reconfigure the Cisco ISE installation to the recommended minimum disk size or higher (up to the allowed maximum of 2.4 TB).
• Please note that you cannot migrate data to a production VM from a VM created with less than 300 GB of disk space. You can only migrate data from VMs created with 300 GB or more disk space to a production environment
• Step 1 Back up the configuration of the evaluation version.
• Step 2 Ensure that your production VM has the required amount of disk space.
• Step 3 Install a production deployment license.
• Step 4 Restore the configuration to the production system.

Check Virtual Machine Performance On-Demand

You can run the show tech-support command from the CLI to check the VM performance at any point of time. The output of this command will be similar to the following

Virtual Machine Resource Check from the Cisco ISE Boot Menu

You can check for virtual machine resources independent of Cisco ISE installation from the boot menu. The CLI transcript appears as follows:

Use the arrow keys to select System Utilities (Serial Console) or System Utilities (Keyboard/Monitor) and press Enter. The following screen appears

Enter 2 to check for VM resources. The output will be similar to the following

Linux KVM

KVM Virtualization Check

KVM virtualization requires virtualization support from the host processor; Intel VT-x for Intel processors and AMD-V for AMD processors. Open a terminal window on the host and enter the cat /proc/cpuinfo command. You must see either the vmx or the svm flag

• For Intel VT-x:
• For Intel VT-x:

Install Cisco ISE on KVM

This procedure explains how to create a KVM on RHEL and install Cisco ISE on it using the Virtual Machine Manager (virt-manager If you choose to install Cisco ISE through the CLI, enter a command similar to the following one:

Before you begin
Download the Cisco ISE ISO image to your local system.

• Step 1 From the virt-manager, click New. The Create a new virtual machine window appears.
• Step 2 Click Local install media (ISO media or CDROM), and then click Forward.
• Step 3 Click the Use ISO image radio button, click Browse, and select the ISO image from your local system.
  • Uncheck the Automatically detect operating system based on install media check box, choose Linux as the OS type, choose supported Red Hat Enterprise Linux version, and click Forward
• Step 4 Choose the RAM and CPU settings and click Forward.
• Step 5 Check the Enable storage for this virtual machine check box and choose the storage settings.
  • Click the Select managed or other existing storage radio button.
  • Click Browse.
  • From the Storage Pools navigation pane on the left, click disk FileSystem Directory.
  • Click New Volume.
  • Create storage volume window appears.
  • Enter a name for the storage volume.
  • Choose raw from the Format drop-down list.
  • Enter the Maximum Capacity.
  • Click Finish.
  •  Choose the volume that you created and click Choose Volume.
  •  Click Forward. The Ready to Begin the Installation screen appears.
• Step 6 Check the Customize configuration before installing the check box.
• Step 7 Under Advanced options, choose the macvtap as the source for the interface, choose Bridge in the Source mode drop-down list, and click Finish.
  • (Optional) Click Add Hardware to add additional NICs. Choose macvtap as the Network source and virtio as the Device model.
  •  Click Finish.
• Step 8 In the Virtual Machine screen, choose the disk device and under Advanced and Performance Options, choose the following options, and click Apply.

• Step 9 Click Begin Installation to install Cisco ISE on KVM. The Cisco ISE installation boot menu appears.

• Step 10 At the system prompt, enter 1 to choose a monitor and keyboard port, or 2 to choose a console port, and press Enter. The installer starts the installation of the Cisco ISE software on the VM. When the installation process finishes, the console displays

• Step 11 At the system prompt, type setup and press Enter. The Setup Wizard appears and guides you through the initial configuration

Microsoft Hyper-V

Create a Cisco ISE Virtual Machine on Hyper-V

This section describes how to create a new virtual machine, map the ISO image from the local disk to the virtual CD/DVD drive, edit the CPU settings, and install Cisco ISE on Hyper-V.

Note

Cisco ISE does not support the use of Multipath I/O (MPIO). Hence, the installation will fail if you are using MPIO for the VM.

Before you begin
Download the Cisco ISE ISO image from cisco.com to your local system.

• Step 1 Launch Hyper-V Manager on a supported Windows server.

Figure 3: Hyper-V Manager Console

• Step 2 Right-click the VM host and click New > Virtual Machine

Figure 4: Create New Virtual Machine

• Step 3 Click Next to customize the VM configuration

Figure 5: New Virtual Machine Wizard

• Step 4 Enter a name for the VM and (optionally) choose a different path to store the VM, and click Next.

Figure 6: Specify Name and Location

• Step 5 Click the Generation 1 radio button and click Next. If you choose to create a Generation 2 ISE VM, ensure that you disable the Secure Boot option in the VM settings.

Figure 7 : Specify Generation

• Step 6 Specify the amount of memory to allocate to this VM, for example, 16000 MB, and click Next.

Figure 8: Assign Memory

• Step 7 Select the network adapter and click Next.

Figure 9 : Configure Networking

• Step 8 Click the Create a virtual hard disk radio button and click Next

Figure 10 : Connect Virtual Hard Disk

• Step 9 Click the Install an operating system from a bootable CD/DVD-ROM radio button.
  • From the Media area, click the Image file (.iso) radio button.
  •  Click Browse to select the ISE ISO image from the local system and click Next.

Figure 11 : Installation Options

• Step 10 Click Finish.

Figure 12 : Complete the New Virtual Machine Wizard

The Cisco ISE VM is created on Hyper-V.

Figure 13: New Virtual Machine created

• Step 11 Select the VM and edit the VM settings.
  • Select Processor. Enter the number of virtual processors, for example, 6, and click OK

Figure 14: Edit VM Settings

• Step 12 Select the VM and click Connect to launch the VM console. Click the start button to turn on the Cisco ISE VM

Figure 15: Start the Cisco ISE VM

The Cisco ISE installation menu appears.

Figure 16: CIsco ISE installation menu

• Step 13 Enter 1 to install Cisco ISE using a keyboard and monitor

Read User Manual Online (PDF format)

Download This Manual (PDF format)

Download this manual  >>