Any others deploying Cisco ISE on VMware? Are there any special provisions being put in place e.g. putting the VMs on their own hosts or behind a load balancer, etc. or keeping them with the rest of the workloads?
Cisco have this: https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/install_guide/b_ise_InstallationGuide31/b_ise_InstallationGuide31_chapter_4.html
We have 2 virtual ISE running on ESX 7 on Nutanix HCI hardware. They're just in with all the other production VMs. They work great.
The only provision we have is that we have to exclude those VMs from our Rubrik backups as currently if Rubrik attempts to backup virtualized ISE: ISE dies.
We learned this hard way! (Reference: this absolutely minimal cisco bug page: Cisco Bug: CSCvu92228 - [DOC] ISE Compatibility Matrix Should Identify Whether VM Backups with Rubrik are Supported)
Very good to know! Thank you so much for the heads up!!!
In my environment in Site A and Site B, these VMs are isolated from the rest VMs. It means we have dedicated hosts only for these VMs.
Expensive solution? - definitely, I don't know why - but the Network team insists on such a solution.