CISCO IDENTITY SERVICE ENGINE (ISE)

Cisco Identity Service Engine (ISE) – is a high-performance and flexible solution for access control with context, which brings together authentication, authorization, and accounting (AAA) services, assessing the status of endpoint, profiling and access control within a single platform.

ISE has such functions like:

  • Holding corporate user’s  and endpoint devices authentication -provides the ability to determine what enterprise users and/or devices are allowed access to the network.
  • Providing authorization to enterprise users and endpoints – determines which network resources successfully authenticated user and/or device is permitted to get Guest access– creating a temporary guest account for customers, visitors and definition of corporate network resources available to them.
  • Use of personal devices by corporate users – allows users to register personal devices from which limited access to company resources will be allowed.
  • Device profiling – support for built-in device profiles, as well as their creation for more flexible configuration of access policies.State Assessment of the connected devices – allows to check devices that are connected to the network to meet the requirements (for example, to the installed OS, antivirus, antivirus updates, anti-spyware, etc.) and in case of non-compliance, notify the user about it and propose necessary actions to fulfill these requirements.
  • Providing AAA for network  devices– providing a single place for authentication, authorization and accounting for administrators access to network equipment, without creating many local accounts and access rules on these devices.
  •  Platform Exchange Grid(pxGrid) –  using to exchange contextual information between Cisco platforms and partners, to increase the speed of response to threats.

Cisco ISE can be represent as a hardware (as Secure Network Server ) or virtual solution.

Licensing is carried out by the number of devices and functionality.

Types of licenses:

  • Base – permanent license that allows authentication and authorization functionality of corporate users and devices, guest access and use of corporate users their personal devices.
  • Plus – is a subscription and addition to the Base license, adds the functionality of device profiling and platform Exchange Grid (pxGrid).
  • Appex – is a subscription and addition to the Base license, adds a state  assessment functionality of the connected devices.
  • Device Administration – a permanent license includes the ability to provide AAA for network equipment ( you need Base license for a minimum of 100 devices.)