Manualsbrain.com
  1. Инструкции и руководства
  2. Бренды
  3. Cisco
  4. Cisco Identity Services Engine Software
  5. Белая книга

Белая книга для Cisco Cisco Identity Services Engine Software

Скачать
Страница из 13
 
 
© 2015 Cisco and/or its affiliates. All rights reserved. This document is zzCisco Public. 
1 of 13 
Cisco IT Article 
Cisco IT and Identity Services Engine 
Cisco IT and the Identity Services Engine 
A multiyear deployment journey. 
By Greg Rasner  
Security Engagement Manager, Cisco 
The Cisco Identity Services Engine (ISE), a policy engine, enables contextual network access control across wired 
and wireless networks, and extends to mobile connectivity as well (Bring Your Own Device, or BYOD). Contextual 
controls are based on multiple variables, including who (user identity), when (time of day), where (location), how 
(access method), and what (device). ISE works with our existing infrastructure to enforce security policy on all 
devices that attempt to gain access to the network. To do this, ISE can use access switches, wireless controllers, 
and most Cisco
®
 network gear for edge authentication, as device profiling sensors, and as access enforcement 
points. 
ISE is also capable of extending authentication services on other vendors
’ 802.1X-compliant hardware, and 
enabling web authentication as backup for non-802.1X-compliant devices. ISE is deployed as an appliance or runs 
on a virtual machine (VM). We deploy ISE on a VM, which is in step with our overall data center virtualization and 
footprint reduction goals. We are taking a measured, controlled approach to rolling out new ISE capabilities. 
This approach helps IT to ensure a smooth adoption, to collect user feedback, and to build on and leverage ISE 
capabilities in each phase. 
Cisco IT was an early adopter of ISE (deploying ISE 1.1 in 2012), and we have made much progress rolling out 
ISE capabilities in the last year and a half. See 
 to learn about our decision-
making during the initial deployment phase. That deployment strategy held throughout 
Cisco’s fiscal-year 2014, 
which ran from August 2013 to July 2014. 
This article focuses on key areas of our current ISE deployments, including Deployment Strategy, Testing and 
Certification Process, Guest Networking and Enhancements, Profiling, Wireless Authentication, Wired 
Authentication, Replication and Scaling, Operational Support, Pilot and Limited Deployments, and 
Challenges/Lessons Learned.