I recently had the opportunity to attend a Cisco Gold lab focused on Cisco’s Identity Services Engine (ISE). I was particularly interested in the capabilities of the ISE that would help us deal with the “Bring Your Own Device” (BYOD) mess we are starting to get into. I found ISE to be very robust and powerful. Thankfully I have a decent knowledge of 802.1x and the various EAP types, a necessity to configure and work with ISE. A strong knowledge of Radius capabilities is also a great asset. Of course a very solid knowledge of the devices that will be using ISE as there authentication server is also needed. ISE is not for the network novice for sure but It’s very powerful in the right hands.
ISE offers a solution to the wireless BYOD hurdle many organizations face. However, it also can be used to authenticate VPN users, 802.1x wired clients, VTY Access, and more. It implements Radius so its very flexible and extensible. Cisco boasts the ISE as the one central system to manage all policies for your organization. Overall ISE is the key piece to Cisco’s “Trust-Sec” infrastructure.
I could probably talk about what I have seen of ISE for a while but instead I will let some of the guys over at Techwise TV do the talking for me. Check it out:
Like I said, the Techwise guys do a better job than I could have showing of the ISE features and functionality.
In closing the product looks very promising. There is one issue, however. I have not been able to find anyone who is actually using this yet. I asked our Cisco partner how many ISE implementations they have done and the number was in the single digits. I have not yet gotten firm pricing back but I understand that to be fairly steep as well. Resources on ISE are also a bit scares. I suspect Cisco has and will have more resourses particularly for anyone you purchases the product. On the Cisco Pressbook side of things there is only one ISE book I was able to find and it is not going to be out until May of 2013. Will ISE continue to make the 802.1x technology expensive and cumbersome to implement? Time will tell. As for me and the medium sized network I manage ISE will have to wait at least until next budget year…
If you have anything to add about Cisco’s ISE feel free to share below!