Network devices are the main avenues for wired networks, wireless and VPN connections to allow the users and the endpoint to connect to the network to access various services. With the help of credentials such as passwords, certificates, tokens or at least the endpoints MAC address. Now these credentials reach ISE in a process called authentication
Cisco ISE features distinct configurable personas, services, and roles, which allow you to create and apply Cisco ISE services where they are needed in the network. The result is a comprehensive Cisco ISE deployment that operates as a fully functional and integrated system. Also, Cisco ISE nodes can be deployed with one or more of the Administration (PAN), Monitoring (MnT), and Policy Service personas (PSN)
User authentication policies in Cisco ISE enable you to provide authentication for a number of user login session types using a variety of standard authentication protocols including, but not limited to, Password Authentication Protocol PAP, CHAP, PEAP, and EAP. Cisco ISE specifies the allowable protocol(s) that are available to the network devices on which the user tries to authenticate and specifies the identity sources from which user authentication is validated. The following features are available in the recent ISE releases:
Cisco ISE Agentless Posture
Cisco ISE now supports agentless posture giving you the option to identify classify and configure an endpoint or device without installing anything on it. This gives your team the flexibility to manage the speed and ease of onboarding new users and devices at any time or place as they see fit what’s more
ISE can also be set to automatically identify and classify new devices based on their behavior using AI endpoint analytics. This way policy can be applied dynamically as the device’s posture or situation changes and you don’t have to reconfigure it manually
Cisco ISE on Azure
You can now take ISE to the cloud as it is already deployable on VMware and AWS. ISE also supports SSO with Microsoft Azure active directory so you can use cloud-based identity to authenticate users. Cisco is leading the migration to the cloud so as your company is headed there ISE is right there with you to support and enable your cloud-first strategy
Finally, to help you manage it all with ease Cisco has completely overhauled the user experience with ISE to make it more intuitive, supportive and easy to set up monitor and use
Cisco ISE New User Interface
ISE menu system has been restructured into expandable categories accessible from the Hamburger menu. Everything is logically organized to quickly get you to where you need via expandable pull-down menus.
Cisco Identity Service Engine License
Basically, the Cisco ISE license activating has been changed in recent years. Till now, the Cisco license structure used in ISE version 2. x release was called the Lego model. In this model, there are three different license tiers: ISE Base license for user visibility and enforcement, ISE Plus license for context and ISE Apex license for compliance. So, it is called the Lego model because you can assemble your licenses as you need their associated features. The features you can use with one license, don't overlap with the features you can use with another license and you have to have a Base license to use Plus and or Apex license.
Cisco ISE Essentials license provides user visibility and enforcement features including AAA and 802.1X, Guest (Hotspot, Self-Reg, Sponsored) and Easy Connect (PassiveID)
Cisco ISE Advantage license enables all Essentials features plus the following capabilities
Context Sharing (pxGrid Out/In)
Profiling Enforcement *
AI Endpoint Analytics Enforcement *
Group-Based Policy (TrustSec) *
BYOD (+CA, +MDP) *
RTC (ANC) *
Profiling Visibility *
AI Endpoint Analytics Visibility *
User-Defined Network for Cloud *
Cisco ISE Premier license is a full-stack license including all Advantage features plus the following capabilities
Posture Visibility and Enforcement *
MDM Visibility and Enforcement *
TC-NAC Visibility and Enforcement *
Cisco ISE Device Admin license activates all TACACS capabilities on the ISE
Cisco ISE VM common license covers VM Small, Medium, and Large licenses for virtual devices
Cisco ISE IPsec license supports VPN communication between Cisco ISE Policy Services Nodes (PSNs) and Cisco Network Access Devices (NADs). One Cisco ISE IPsec license is required for every Policy Services Node used for IPsec VPN communication to the NADs. There is a maximum of 150 IPsec tunnels per Policy Services Node
Cisco ISE Universal license is an offline and permanent solution for registering all the above features in the highly secure networks
This article is an advertisement and Mehr News Agency has no opinion on its content.
Your Comment