Cisco Cisco Identity Services Engine 1.3
2
Release Notes for Cisco Identity Services Engine, Release 1.3
Introduction
Introduction
The Cisco ISE platform is a comprehensive, next-generation, contextually-based access control solution.
It offers authenticated network access, profiling, posture, BYOD device onboarding (native supplicant
and certificate provisioning), guest management, and security group access services along with
monitoring, reporting, and troubleshooting capabilities on a single physical or virtual appliance. Cisco
ISE is available on two physical appliances with different performance characterization, and also as
software that can be run on a VMware server. You can add more appliances to a deployment for
performance, scale, and resiliency.
It offers authenticated network access, profiling, posture, BYOD device onboarding (native supplicant
and certificate provisioning), guest management, and security group access services along with
monitoring, reporting, and troubleshooting capabilities on a single physical or virtual appliance. Cisco
ISE is available on two physical appliances with different performance characterization, and also as
software that can be run on a VMware server. You can add more appliances to a deployment for
performance, scale, and resiliency.
Cisco ISE has a scalable architecture that supports standalone and distributed deployments, but with
centralized configuration and management. It also allows for configuration and management of distinct
personas and services. This feature gives you the ability to create and apply services where they are
needed in the network, but still operate the Cisco ISE deployment as a complete and coordinated system.
centralized configuration and management. It also allows for configuration and management of distinct
personas and services. This feature gives you the ability to create and apply services where they are
needed in the network, but still operate the Cisco ISE deployment as a complete and coordinated system.
Deployment Terminology, Node Types, and Personas
Cisco ISE provides a scalable architecture that supports both standalone and distributed deployments.
Types of Nodes and Personas
A Cisco ISE network has the following types of nodes:
•
Cisco ISE node, which can assume any of the following personas:
–
Administration—Allows you to perform all administrative operations for Cisco ISE. It handles
all system-related configurations related to functionality such as authentication, authorization,
auditing, and so on. In a distributed environment, you can have one or a maximum of two nodes
running the Administration persona and configured as a primary and secondary pair. If the
primary Administration node goes down, you have to manually promote the secondary
Administration node. There is no automatic failover for the Administration persona.
all system-related configurations related to functionality such as authentication, authorization,
auditing, and so on. In a distributed environment, you can have one or a maximum of two nodes
running the Administration persona and configured as a primary and secondary pair. If the
primary Administration node goes down, you have to manually promote the secondary
Administration node. There is no automatic failover for the Administration persona.
–
Policy Service—Provides network access, posturing, BYOD device onboarding (native
supplicant and certificate provisioning), guest access, and profiling services. This persona
evaluates the policies and makes all the decisions. You can have more than one node assuming
this persona. Typically, there is more than one Policy Service persona in a distributed
supplicant and certificate provisioning), guest access, and profiling services. This persona
evaluates the policies and makes all the decisions. You can have more than one node assuming
this persona. Typically, there is more than one Policy Service persona in a distributed
Table 1
Cisco ISE Deployment Terminology
Term
Description
Service
Specific feature that a persona provides such as network access, profiler,
posture, security group access, and monitoring.
posture, security group access, and monitoring.
Node
Individual instance that runs the Cisco ISE software. Cisco ISE is available
as an appliance and also as software that can be run on a VMware server.
Each instance (either running on a Cisco ISE appliance or on a VMware
server) that runs the Cisco ISE software is called a node.
as an appliance and also as software that can be run on a VMware server.
Each instance (either running on a Cisco ISE appliance or on a VMware
server) that runs the Cisco ISE software is called a node.
Persona
Determines the services provided by a node. A Cisco ISE node can assume
any or all of the following personas: Administration, Policy Service,
Monitoring, and Inline Posture.
any or all of the following personas: Administration, Policy Service,
Monitoring, and Inline Posture.
Deployment Model
Determines if your deployment is a standalone, high availability in
standalone (a basic two-node deployment), or distributed deployment.
standalone (a basic two-node deployment), or distributed deployment.