Cisco Identity Services Engine Ordering Guide

This document describes the packaging structure and ordering information for the Cisco Identity Services Engine (ISE). This guide is for Cisco sales, partners, distributors, and customers. This ordering guide covers the following products⁚ Cisco ISE appliances.

Introduction

The Cisco Identity Services Engine (ISE) is the industry’s only complete Network Access Control (NAC) solution, but it’s more than that. Cisco ISE is the bedrock of a zero-trust solution. The Cisco ISE ordering guide will help you understand the different models and licensing types to make the best use of your ISE deployment. In zero-trust architecture, Cisco Identity Services Engine (ISE) is the policy decision point. It gathers intel from the stack to authenticate users and endpoints, automatically containing threats. Cisco ISE 3.4, our latest version, provides your network with operational flexibility, increased security, and cohesiveness with intelligent insights.

Purpose

This document is designed to provide a comprehensive guide to ordering Cisco Identity Services Engine (ISE) products and services. It covers the various components of an ISE deployment, including appliances, licenses, and support services. The purpose of this guide is to help customers understand the different options available and make informed decisions about their ISE deployment. This guide is intended to be a valuable resource for Cisco sales, partners, distributors, and customers who are planning to deploy or upgrade their Cisco ISE infrastructure.

Audience

This ordering guide is intended for a wide range of individuals and organizations involved in the procurement and deployment of Cisco Identity Services Engine (ISE) solutions. The primary audience includes⁚

• Cisco Sales Teams⁚ Sales representatives can use this guide to understand the different ISE products and licensing options, enabling them to effectively present and sell ISE solutions to customers.
• Cisco Partners⁚ Partners, including integrators and resellers, can leverage this guide to gain a comprehensive understanding of ISE offerings, allowing them to provide informed solutions and services to their clients.
• Distributors⁚ Distributors can use this guide to familiarize themselves with ISE products and licensing models, facilitating efficient distribution and inventory management.
• Customers⁚ End users, including IT professionals and network administrators, can refer to this guide to understand the ordering process and to make informed decisions about the appropriate ISE appliances, licenses, and services for their specific network requirements.

Scope

This ordering guide provides a comprehensive overview of the Cisco Identity Services Engine (ISE) product line, encompassing both hardware and software components. It aims to equip readers with the necessary knowledge to make informed decisions regarding ISE deployments. The guide covers the following key aspects⁚

• Cisco ISE Appliances⁚ A detailed description of the various ISE appliance models, including their specifications, capabilities, and recommended use cases.
• Appliance Ordering Information⁚ Clear instructions on how to order ISE appliances, including the appropriate SKUs, configuration options, and relevant documentation.
• Migration Ordering Information⁚ Guidance for customers migrating from older ISE versions or other network access control solutions to the latest ISE release, outlining the necessary steps and licensing considerations.
• Cisco ISE Licenses and Services⁚ A comprehensive explanation of the different ISE license types, their features, and pricing models. The guide also covers the various support and services offered by Cisco for ISE deployments.
• License Enforcement⁚ A detailed description of how ISE licenses are enforced, including the mechanisms for license activation, monitoring, and compliance.
• License Management⁚ Guidance on managing ISE licenses, including best practices for license allocation, renewal, and troubleshooting.

Cisco Identity Services Engine Overview

Cisco Identity Services Engine (ISE) is a comprehensive network access control (NAC) solution that goes beyond traditional security measures. It acts as the foundation for a zero-trust security framework, ensuring secure network access for both users and devices. ISE empowers organizations to enforce granular security policies based on user identity, device posture, and network context. Its capabilities extend beyond basic authentication and authorization, encompassing a wide range of security features.

ISE enables organizations to⁚

• Enforce access control policies⁚ Define and enforce access rules based on user identity, device type, location, and other factors, ensuring secure access to network resources.
• Assess device posture⁚ Perform real-time assessments of connected devices to ensure they meet security standards, such as operating system updates, antivirus protection, and firewall configuration.
• Automate remediation actions⁚ Trigger automated actions, such as quarantining or remediation, for non-compliant devices, reducing security risks and simplifying network administration.
• Gain visibility and control⁚ Provide comprehensive insights into network activity, including user logins, device connections, and security events, enabling proactive security management.
• Integrate with existing systems⁚ Seamlessly integrate with other security solutions, such as directory services, firewalls, and intrusion detection systems, creating a comprehensive security ecosystem.

In today’s dynamic network environments, Cisco ISE plays a crucial role in safeguarding sensitive information and ensuring business continuity.

Cisco ISE Use Cases

Cisco Identity Services Engine (ISE) addresses a wide range of security and access control challenges across various enterprise environments. Here are some key use cases where ISE excels⁚

• Secure Network Access Control (NAC)⁚ ISE enforces strict access policies based on user identity, device posture, and network context, preventing unauthorized access and mitigating security risks. It can automatically quarantine non-compliant devices, ensuring only authorized and secure devices connect to the network.
• BYOD (Bring Your Own Device) Management⁚ In today’s mobile-first world, ISE simplifies BYOD management by allowing employees to use their personal devices securely while ensuring they meet company security standards. It can enforce different access levels based on device type and user role.
• Guest Access Control⁚ ISE provides a secure and controlled environment for guest access, allowing visitors to connect to the network while restricting access to sensitive resources. It can offer guest portals for self-registration and provide granular control over guest network access.
• Wireless Network Security⁚ ISE extends its access control capabilities to wireless networks, enforcing security policies for wireless clients and ensuring secure access to wireless resources.
• Endpoint Security Posture Assessment⁚ ISE continuously monitors the security posture of connected devices, checking for updates, antivirus protection, and other security measures. It can automatically remediate non-compliant devices, improving overall network security.
• Network Segmentation⁚ ISE enables network segmentation by creating virtual networks based on user roles and device types, further enhancing security and access control.

Cisco ISE is a versatile solution that empowers organizations to address a wide range of security challenges, ensuring a secure and controlled network environment.

Ordering Guide Steps

The Cisco Identity Services Engine (ISE) ordering process involves several key steps to ensure you acquire the right components and licenses to meet your specific requirements. Here’s a breakdown of the essential steps⁚

1. Estimate Concurrent Endpoints⁚ Determine the approximate number of devices (users, endpoints, or things) that will concurrently connect to your network. This helps estimate the required license capacity.
2. Estimate Required Appliances⁚ Based on your network size, complexity, and expected traffic load, determine the number and type of Cisco ISE appliances needed for optimal performance and scalability.
3. Select Appliance Type⁚ Choose the appropriate ISE appliance model based on your needs. Cisco offers various options, including physical appliances and virtual machines, each with different performance characteristics and licensing requirements.
4. Select Support Level⁚ Determine the level of technical support you require. Cisco offers various support options, including basic, standard, and premium, to provide tailored assistance based on your organization’s needs.
5. Choose Licenses⁚ Select the appropriate Cisco ISE licenses based on the features and functionalities you require. ISE offers various licensing models, including base licenses, Plus licenses, and specialized licenses for specific use cases.
6. Review and Order⁚ Carefully review your chosen components and licenses to ensure they accurately reflect your requirements. Place your order through authorized Cisco channels, such as Cisco sales representatives, partners, or distributors.

By following these steps, you can ensure a smooth and efficient ordering process for Cisco ISE, acquiring the necessary hardware and software to implement a robust and secure network access control solution.

Cisco ISE Appliances

Cisco Identity Services Engine (ISE) appliances serve as the foundation of your network access control (NAC) infrastructure, providing the processing power and resources to enforce security policies and manage user and device identities. Cisco offers a range of ISE appliances to cater to different deployment scenarios and network sizes. These appliances are designed to deliver high performance, scalability, and reliability, ensuring seamless operation and effective security enforcement.

The choice of ISE appliances depends on factors such as the number of concurrent endpoints, network traffic volume, and the complexity of your security policies. Cisco offers both physical appliances and virtual machines, providing flexibility in deployment and integration with your existing infrastructure. Physical appliances offer dedicated hardware resources and high performance, while virtual machines provide cost-effectiveness and flexibility in resource allocation.

When selecting ISE appliances, consider factors such as processing power, memory capacity, storage space, and network interface capabilities. Ensure the chosen appliances meet your current and future needs to avoid performance bottlenecks or capacity limitations as your network grows.

Appliance Ordering Information

When ordering Cisco ISE appliances, it is crucial to specify the desired model, configuration, and licensing options. Cisco provides a range of ISE appliances, each tailored to different network sizes and security requirements. You can choose from physical appliances with dedicated hardware resources or virtual machines offering flexibility and cost-effectiveness. To determine the appropriate appliance for your environment, consider factors such as the number of concurrent endpoints, network traffic volume, and the complexity of your security policies.

To order ISE appliances, you can contact Cisco sales, partners, or distributors. Provide them with the specific model number, quantity, and any required customization options. Ensure you also specify the desired licensing options, including the number of endpoints, the type of license (base, plus, or premium), and the desired support level. Cisco offers different support levels, including basic, advanced, and premium, with varying levels of service and responsiveness.

For virtual machines, you will need to specify the desired virtual machine specifications, such as CPU cores, memory capacity, and storage space. Cisco provides guidelines on virtual machine sizing based on the expected workload and network traffic.

Migration Ordering Information

Migrating from older versions of Cisco ISE to newer releases can involve license upgrades and adjustments. Cisco provides guidance and tools to streamline the migration process. To ensure a smooth transition, it is essential to understand the licensing requirements for the target ISE version and to plan for any necessary license upgrades or changes. If you are upgrading from an older version of ISE that uses a different licensing model, you may need to purchase additional licenses or adjust your existing licenses to align with the new licensing structure.

Cisco provides detailed information on migration paths and licensing options in its documentation. It is recommended to consult the latest ISE documentation and to contact Cisco support if you have any questions or require assistance with the migration process. When ordering licenses for a migration, specify the target ISE version and the desired licenses for the new environment. Cisco offers various licensing options for ISE, including base, plus, and premium licenses, each providing different features and capabilities.

To ensure a seamless migration, it is advisable to perform a thorough evaluation of your existing licenses, identify any necessary upgrades or changes, and plan for the license procurement and deployment before initiating the migration process. This will help minimize any potential disruptions or delays during the transition to the new ISE version.

Cisco ISE Licenses and Services

Cisco Identity Services Engine (ISE) offers a range of licenses and services designed to cater to diverse enterprise needs. These licenses provide access to various features and functionalities, enabling organizations to implement robust security and access control policies across their networks. ISE licensing is structured to align with common enterprise use cases, minimizing the number of orderable licenses and optimizing service adoption.

The core of ISE licensing revolves around the concept of concurrent endpoints, which represents the number of devices that can simultaneously connect to the network and be managed by ISE; Cisco offers different license tiers, including base, plus, and premium, each providing a specific set of features and capabilities. Base licenses provide fundamental access control and security features, while Plus licenses offer advanced capabilities such as guest access, posture assessment, and network profiling. Premium licenses encompass all the features of the base and plus licenses, along with additional capabilities for advanced threat detection, network segmentation, and compliance reporting.

Cisco also provides a range of services to support ISE deployments, including professional services, training, and support. These services can help organizations with the planning, implementation, and ongoing management of their ISE infrastructure, ensuring a successful and secure deployment.

License Enforcement

Cisco ISE employs a robust license enforcement mechanism to ensure compliance with the terms of purchased licenses. This mechanism plays a crucial role in maintaining the integrity of the system and preventing unauthorized use of features. The enforcement process begins with the issuance of a license key, which is typically delivered electronically and activated upon installation.

ISE regularly checks the license key and validates its authenticity and validity. If a license is found to be expired, invalid, or tampered with, ISE will restrict access to the corresponding features. This restriction may include disabling specific functionalities, limiting the number of concurrent endpoints, or even preventing access to the entire system.

To ensure smooth operation and prevent unexpected disruptions, it is essential to maintain accurate license records and to proactively renew licenses before they expire. Cisco provides tools and resources to help organizations manage their ISE licenses effectively, including the ability to view current license details, track expiration dates, and manage license renewals.