As the number of supported endpoints grows, additional PDPPs can be added to the solution. The PDPs are the workhorses of the solution that provide the RADIUS server functionality, posture assessment, and profiling. The true secret to the scalability of ISE is the flexibility to create multiple PDPs. Both of the M&T ISE servers receive data for an active/active solution. Additionally, failover can be provided by adding a second PAP. For example, the PAP can be placed on a separate server. In addition, the licensing to support this environment starts at 100 endpoint license.įor larger environments, each of the services can be split into multiple ISE servers. For example, a small office, such as a lawyer or doctor’s office, could be supported using one physical appliance or virtual machine. This is what allows the solution to scale from a small environment to a large environment. These services can be placed on one physical appliance/virtual machine or broken out into many physical appliances/virtual machines. Provides for system wide collection of ISE data RADIUS, WebAuth, posture, profiling, guest sponsor, guest portal, and client provisioning User interface for all management activities It is broken into the services listed below: Service This is all made possible because ISE has been built on a modular architecture. In actuality, ISE has been built to scale from small environments of less than 100 endpoints to large environments up to 100,000 endpoints. With all of these capabilities, it can easily be assumed that ISE only supports medium to large enterprises. The same example can be extrapolated to other devices that cannot provide authentication such as IP phones or UPS devices This allows for both the scalability of automatically allowing printers access to the network and the security of limiting the access. ISE can use its profiling capabilities to discover printer MAC addresses and automatically allow discovered printers just the access to the network required to provide printing services. ISE can use the MAC addresses of the profiled endpoints to automatically allow certain endpoints access to the network.Ī perfect example would be the profiling of printers. This is because ISE introduces the capability to profile endpoints based on information gathered from the network. It is important to understand that ISE is based on endpoints rather than users. The end result is a new identity and access solution that is built on mature technologies and provides one consolidated web GUI that allows for intuitive configuration and monitoring of authentication, computer posture, device profiles, and guest services. In addition, ISE introduces the integration of profiling and guest services features into the solution. ISE is built on the mature capabilities of Cisco ACS for 802.1X authentication and NAC Appliance for posture assessment. The Cisco Identity Services Engine (ISE) provides a way to ensure that only authorized users gain access to the network and that these authorized users are using approved computers that meet the company security policy requirements.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |