The dramatic increase in BYOD devices, work from home and cloud applications has made obtaining visibility harder than ever. The Cisco ISE can be deployed on both physical Cisco’s SNS Server and virtual environments like VMware, KVM and Hyper-V. Cisco ISE architecture supports both standalone and distributed (also known as “high-availability” or “redundant”) deployments where one machine assumes the primary role and another “backup” machine assumes the secondary role.
Cisco ISE features distinct configurable personas, services, and roles, which allow you to create and apply Cisco ISE services where they are needed in the network. The result is a comprehensive Cisco ISE deployment that operates as a fully functional and integrated system. Also, Cisco ISE nodes can be deployed with one or more of the Administration (PAN), Monitoring (MnT), and Policy Service personas (PSN)
User authentication policies in Cisco ISE enable you to provide authentication for a number of user login session types using a variety of standard authentication protocols including, but not limited to, Password Authentication Protocol PAP, CHAP, PEAP, and EAP. Cisco ISE specifies the allowable protocol(s) that are available to the network devices on which the user tries to authenticate and specifies the identity sources from which user authentication is validated
To ensure that the imposed network security measures remain relevant and effective, Cisco ISE enables you to validate and maintain security capabilities on any client machine that accesses the protected network. By employing posture policies that are designed to ensure that the most up-to-date security settings or applications are available on client machines, the Cisco ISE administrator can ensure that any client machine that accesses the network meets
Now, Cisco ISE 3.0 makes all the experiences incredibly simpler, adds complete and dynamic visibility and enables cloud-first security. Approach visibility is the number one function of ISE giving you a detailed view into every device. You can get a snapshot of activity, unusual behavior, access denials and more all in a new easy to read graphic interface and to maintain visibility with the increase in BYOD and IoT devices coming on and off the network.
Cisco ISE Licensing
Basically, the Cisco ISE licensing has been changed during recent years. Till now, the Cisco license structure used in ISE version 2.x release was called the Lego model. In this model, there are three different license tiers: ISE Base license for user visibility and enforcement, ISE Plus license for context and ISE Apex license for compliance. So, it is called the Lego model because you can assemble your licenses as you need their associated features. The features you can use with one license, don't overlap with the features you can use with another license and you have to have a Base license to use Plus and or Apex license.
Since ISE 3.0, the most significant change is the hierarchy of the license tiers which is called the nested doll model. In this model, the higher tier license covers the lower tier license. So, you can use any features with ISE Essential license if you have ISE Advantage or ISE Premium license. Also, you can use any ISE features with an advantage license if you have a premier license
The new licensing structure is much simpler than the 2.x licensing model. For example, to fully use Cisco ISE functionality in ISE version 2.x you need three different licenses. But you need only one license in the 3.0 model. Another significant change is that Cisco ISE 3 licenses support only smart licensing. when a smart license token is active and registered in the Cisco ISE administration portal, the Cisco smart software manager or CSSM monitors the license consumption by each endpoint session or product license. So, you need your Cisco smart account registered in the CSSM and your ISE deployment needs to be continuously connected to the CSSM to monitor the license consumption. You can find the Cisco ISE license PIDs and features in the following figure.
However, in case that customers are not willing to connect their devices to the Internet and any inbound or outbound connection would violate their network security policies, they can use Cisco ISE PLR license or Cisco ISE Permanent License Reservation which enables all premier capabilities on the product permanently. This license also includes a device admin license and Cisco ISE virtual license
Moreover, all tier licenses including the essentials license are now time-based why the device admin license is still perpetual. Additionally, device admin licenses no longer need any tier licenses in 3.0 whereas it needs at least 100 base licenses in 2.x model
In general, the Essentials license equals the Base license, Advantage license is equivalent to Base and Plus licenses, and Premium license is identical to Base, Plus and Apex licenses.
This article is an advertisement and Mehr News Agency has no opinion on its content.