[2024][CISCO ISE#1] ISE서버 VMware ESXi에 설치 하기.

2024. 7. 7. 10:00

안녕하세요.

오늘은 [2024][CISCO ISE#1] ISE서버 VMware ESXi에 설치하기.

Evaluation을 설치하면 라이선스 없이 90일 동안 무료로 사용 가능 합니다.

1. https://www.cisco.com/c/en/us/td/docs/security/ise/3-0/install_guide/b_ise_InstallationGuide30/b_ise_InstallationGuide30_chapter_2.html

Cisco Identity Services Engine Installation Guide, Release 3.0 - Cisco Secured Network Server Series Appliance

Cisco Secured Network Server Series Appliances and Virtual Machine Requirements

www.cisco.com

Cisco ISE를 설치하기 위해서는 요구 사항을 충족해야 합니다.

Table 2. VMware Virtual Machine RequirementsRequirement TypeSpecifications

CPU	Evaluation Clock speed: 2.0 GHz or faster Number of CPU cores: 4 CPU cores Production Clock speed: 2.0 GHz or faster Number of cores: SNS 3500 Series Appliance: Small: 12 Medium: 16 Large: 16 SNS 3600 Series Appliance: Small: 16 Medium: 24 Large: 24
Memory	Evaluation: 16 GB Production Small: 16 GB for SNS 3515 and 32 GB for SNS 3615 Medium: 64 GB for SNS 3595 and 96 GB for SNS 3655 Large: 256 GB for SNS 3695
Hard Disks	Evaluation: 300 GB ProductionSee the recommended disk space for VMs in the following link: Disk Space Requirements. We recommend that your VM host server use hard disks with a minimum speed of 10,000 RPM. 300 GB to 2.4 TB of disk storage (size depends on deployment and tasks).
Storage and File System	The storage system for the Cisco ISE virtual appliance requires a minimum write performance of 50 MB per second and a read performance of 300 MB per second. Deploy a storage system that meets these performance criteria and is supported by VMware server. You can use the show tech-support command to view the read and write performance metrics. We recommend the VMFS file system because it is most extensively tested, but other file systems, transports, and media can also be deployed provided they meet the above requirements.
Disk Controller	Paravirtual or LSI Logic Parallel For best performance and redundancy, a caching RAID controller is recommended. Controller options such as RAID 10 (also known as 1+0) can offer higher overall write performance and redundancy than RAID 5, for example. Additionally, battery-backed controller cache can significantly improve write operations.
NIC	1 NIC interface required (two or more NICs are recommended; six NICs are supported). Cisco ISE supports E1000 and VMXNET3 adapters.
VMware Virtual Hardware Version/Hypervisor	VMware Virtual Machine Hardware Version 8 or higher on ESXi 5.x (5.1 U2 minimum) and 6.x.

2. Cisco ISE evaluation 파일을 다운로드합니다.

https://software.cisco.com/download/home/283801620/type/283802505/release/3.2.0

3. VMware ESXi를 접속합니다.

ISE 3.2 ISO파일을 VMware ESXi에 업로드합니다.

4. 가상시스템 -> VM생성/등록을 선택합니다.

5. 다음을 선택합니다.

6. 아래처럼 입력합니다.

이름: VM이름을 정합니다

게스트 운영 체제 제품군: Linux

게스트 운영 체제 버전: Ubuntu Linux(64비트)

7. VM를 설치할 스토리지를 선택합니다.

8. CPU 정보를 입력합니다.

9. 메모리는 최소 16G를 선택하고 하디 디스크는 최소 500G 선택합니다.

저는 하드디스크 용량이 부족해서 100G를 선택하겠습니다.

10. 그리고 CD/DVD 드라이브에서 ise-3.2 iso파일을 선택합니다.

11. 완료 버튼을 클릭합니다.

12. 생성한 VM를 실행합니다.

13. 1번을 선택합니다.

14. 설치가 완료될 때까지 기다립니다.

15. 설치가 완료되면 아래와 같이 사진이 나옵니다.

기본 설정을 하기 위해서 setup 입력합니다.

16. 기본 설정을 합니다.

hostname: ISE-3-2

IP address: 192.168.10.233

IP netmask: 255.255.255.0

IP default Gateway: 192.168.10.253

DNS domain: local

nameserver: 8.8.8.8

SSH service: Y

인터페이스가 설정될 때까지 기다립니다.

설치가 완료되었습니다.

17. SSH를 접속합니다.

192.168.10.233

show application status ise 입력합니다.

그리고 Application Server 데몬이 Running 상태인지 확인합니다.

ISE-3-2/admin#show application status ise

ISE PROCESS NAME                       STATE            PROCESS ID
--------------------------------------------------------------------
Database Listener                      running          7714
Database Server                        running          150 PROCESSES
Application Server                     running          27154
Profiler Database                      running          16484
ISE Indexing Engine                    running          28375
AD Connector                           running          29681
M&T Session Database                   running          22900
M&T Log Processor                      running          27403
Certificate Authority Service          running          29497
EST Service                            running          59181
SXP Engine Service                     disabled
TC-NAC Service                         disabled
PassiveID WMI Service                  disabled
PassiveID Syslog Service               disabled
PassiveID API Service                  disabled
PassiveID Agent Service                disabled
PassiveID Endpoint Service             disabled
PassiveID SPAN Service                 disabled
DHCP Server (dhcpd)                    disabled
DNS Server (named)                     disabled
ISE Messaging Service                  running          11023
ISE API Gateway Database Service       running          15160
ISE API Gateway Service                running          21481
ISE pxGrid Direct Service              running          46232
Segmentation Policy Service            disabled
REST Auth Service                      disabled
SSE Connector                          disabled
Hermes (pxGrid Cloud Agent)            disabled
McTrust (Meraki Sync Service)          disabled
ISE Node Exporter                      running          30285
ISE Prometheus Service                 running          32051
ISE Grafana Service                    running          36904
ISE MNT LogAnalytics Elasticsearch     disabled
ISE Logstash Service                   disabled
ISE Kibana Service                     disabled
% WARNING: ISE DISK SIZE NOT LARGE ENOUGH FOR PRODUCTION USE
% RECOMMENDED DISK SIZE: 200 GB, CURRENT DISK SIZE: 100 GB

ISE-3-2/admin#

18. https://192.168.10.233

입력합니다.