Cisco Cisco Identity Services Engine 1.0.4 Notas de publicación
3
Release Notes for Cisco Identity Services Engine, Release 1.0.4
OL-25482-01
Node Types, Personas, Roles, and Services
Types of Nodes
A Cisco ISE network has only two types of nodes:
•
Cisco ISE node—An ISE node could assume any of the following three personas:
–
Administration—Allows you to perform all administrative operations on Cisco ISE. It handles
all system-related configuration and configurations related to functionality such as
authentication, authorization, auditing, and so on. In a distributed environment, you can have
only one or a maximum of two nodes running the Administration persona. The Administration
persona can take on any one of the following roles: standalone, primary, or secondary. If the
primary Administration node goes down, you have to manually promote the secondary
Administration node. There is no automatic failover for the Administration persona.
all system-related configuration and configurations related to functionality such as
authentication, authorization, auditing, and so on. In a distributed environment, you can have
only one or a maximum of two nodes running the Administration persona. The Administration
persona can take on any one of the following roles: standalone, primary, or secondary. If the
primary Administration node goes down, you have to manually promote the secondary
Administration node. There is no automatic failover for the Administration persona.
–
Policy Service—Provides network access, posture, guest access, and profiling services. This
persona evaluates the policies and makes all the decisions. You can have more than one node
assuming this persona. Typically, there would be more than one Policy Service persona in a
distributed deployment. All Policy Service personas that reside behind a load balancer share a
common multicast address and can be grouped together to form a node group. If one of the
nodes in a node group fails, the other nodes in that group process the requests of the node that
has failed, thereby providing high availability.
persona evaluates the policies and makes all the decisions. You can have more than one node
assuming this persona. Typically, there would be more than one Policy Service persona in a
distributed deployment. All Policy Service personas that reside behind a load balancer share a
common multicast address and can be grouped together to form a node group. If one of the
nodes in a node group fails, the other nodes in that group process the requests of the node that
has failed, thereby providing high availability.
Note
At least one node in your distributed setup should assume the Policy Service persona.
–
Monitoring—Enables Cisco ISE to function as the log collector and store log messages from all
the Administration and Policy Service personas on the ISE nodes in your network. This persona
provides advanced monitoring and troubleshooting tools that you can use to effectively manage
your network and resources.
the Administration and Policy Service personas on the ISE nodes in your network. This persona
provides advanced monitoring and troubleshooting tools that you can use to effectively manage
your network and resources.
A node with this persona aggregates and correlates the data that it collects to provide you with
meaningful information in the form of reports. Cisco Cisco ISE allows you to have a maximum of
two nodes with this persona that can take on primary or secondary roles for high availability. Both
the primary and secondary Monitoring personas collect log messages. In case the primary
Monitoring persona goes down, the secondary Monitoring persona automatically assumes the role
of the primary Monitoring persona.
meaningful information in the form of reports. Cisco Cisco ISE allows you to have a maximum of
two nodes with this persona that can take on primary or secondary roles for high availability. Both
the primary and secondary Monitoring personas collect log messages. In case the primary
Monitoring persona goes down, the secondary Monitoring persona automatically assumes the role
of the primary Monitoring persona.
Note
At least one node in your distributed setup should assume the Monitoring persona.
•
Inline Posture node—A gatekeeping node that is positioned behind network access devices such as
wireless LAN controllers (WLCs) and virtual private network (VPN) concentrators on the network.
Inline Posture enforces access policies after a user has been authenticated and granted access, and
wireless LAN controllers (WLCs) and virtual private network (VPN) concentrators on the network.
Inline Posture enforces access policies after a user has been authenticated and granted access, and
Persona
The persona or personas of a node determine the services provided by a
node. An Cisco ISE node can assume any or all of the following personas:
Administration, Policy Service, and Monitoring.
node. An Cisco ISE node can assume any or all of the following personas:
Administration, Policy Service, and Monitoring.
Role
Determines if a node is a standalone, primary, or secondary node. Applies
only to Administration and Monitoring nodes.
only to Administration and Monitoring nodes.
Table 1-1
Cisco Cisco ISE Deployment Terminology
Term
Description