Cisco Identity Service Engine (ISE) – is a high-performance and flexible solution for access control with context, which brings together authentication, authorization, and accounting (AAA) services, assessing the status of endpoint, profiling and access control within a single platform.
ISE has such functions like:
- Holding corporate user’s and endpoint devices authentication -provides the ability to determine what enterprise users and/or devices are allowed access to the network.
- Providing authorization to enterprise users and endpoints – determines which network resources successfully authenticated user and/or device is permitted to get Guest access– creating a temporary guest account for customers, visitors and definition of corporate network resources available to them.
- Use of personal devices by corporate users – allows users to register personal devices from which limited access to company resources will be allowed.
- Device profiling – support for built-in device profiles, as well as their creation for more flexible configuration of access policies.State Assessment of the connected devices – allows to check devices that are connected to the network to meet the requirements (for example, to the installed OS, antivirus, antivirus updates, anti-spyware, etc.) and in case of non-compliance, notify the user about it and propose necessary actions to fulfill these requirements.
- Providing AAA for network devices– providing a single place for authentication, authorization and accounting for administrators access to network equipment, without creating many local accounts and access rules on these devices.
- Platform Exchange Grid(pxGrid) – using to exchange contextual information between Cisco platforms and partners, to increase the speed of response to threats.
Cisco ISE can be represent as a hardware (as Secure Network Server ) or virtual solution. Licensing is carried out by the number of devices and functionality.
Types of licenses:
- Base – permanent license that allows authentication and authorization functionality of corporate users and devices, guest access and use of corporate users their personal devices.
- Plus – is a subscription and addition to the Base license, adds the functionality of device profiling and platform Exchange Grid (pxGrid).
- Appex – is a subscription and addition to the Base license, adds a state assessment functionality of the connected devices.
- Device Administration – a permanent license includes the ability to provide AAA for network equipment ( you need Base license for a minimum of 100 devices).