Ideally for them, the UI would have no more than four buttons, as the helpdesk representatives won’t be using 90% of the features and menus ISE provides… Ever! That it would take too much time for them to get used to Cisco ISE’s UI. Their main concern was that many of their representatives would be challenged when introduced to a new system. Occasionally, someone gets locked out of the network – due to outdated antivirus updates or an employee computer being replaced/reinstalled – and they do not want to bother networking engineers with endpoint issues. Often, these are part-time students and entry positions at the company. The ongoing day-to-day operation of their existing NAC solution is handled mostly by the endpoint technicians and helpdesk representatives. However, now that they are considering replacing their existing NAC solution with Cisco ISE – they have some concerns. Networking engineers and security experts love it for TACACS+, controlling and auditing who is doing what changes in the network, and who’s allowed to enter which command. Our story starts, as always, with one of my customers explaining to me how Cisco ISE’s richness of features and capabilities is highly appreciated. Group-based policy using Cisco TrustSec.Network Segmentation based on devices and roles.Network Admission Control (NAC) identifying endpoints as they connect to the network (both wired and wireless).True visibility of what you have on your network.
TACACS+/RADIUS for central management of networking equipment.It provides many (many!) different services that are all required to meet today’s user expectations while protecting the organization from threats: Nowadays, ISE is the policy engine for your network. Around ISE 2.4, however, I started working with it more closely, unveiling more and more of its potential. ISE has always been there, taking over Secure ACS as the network’s TACACS+ server, or managing VPN policy for ASA appliances. To be honest, Cisco ISE (Identity Services Engine) grew on me over time.
ISE provides many services for protection from threats However, if you are interested in the approach we took, our thought process, and tools that led us to the end result – keep on reading! In this blog series, we will describe from inception to execution the journey of Vanilla ISE – a simplified ISE GUI for endpoint technicians. If that is the case, let me make your life easy – here’s a link to the Vanilla ISE GitHub repo. Some people prefer to begin with the end result, and reverse engineer their way backward. Introducing Vanilla ISE – a simplified ISE GUI for endpoint technicians