Cisco ISE Blog
What You Need to Know About Identity Service Engines
The enterprise network these days are already changing quickly , especially with regards to employee mobility. The employees' connection to the enterprise resources nowadays are no longer limited to the desktops that are placed in their workstations because there are already various devices such as tablets, personal laptops, and smart phones that they can use. Although the ability to access certain resources from anywhere can significantly increase the productivity of your company, it can also increase the possibility of security threats and date breaches since it would be hard to control the security of the devices that are accessing your network. With that being said, it will be a huge and difficult task to keep track of all the devices that are accessing the network, and if ever there is a need for more access, the more it becomes unsustainable to manage.
An identity-based network access policy and control enforcement system called Cisco identity service engine (ISE) should be considered. When identity service engine (ISE) is used, a network administrator will be allowed to centrally control the access policies for wireless and wired endpoints that are based on the information gathered from certain messages that are passed between the ISE node that is also known as profiling, and the device. Moreover, ISE also updates the profiling database daily to keep up with the greatest, as well as the latest devices so that there will be no gaps in device visibility.
In order to provide policy enforcement, as well as security compliance on the device before it is authorized to access the network, identity service engine or ISE makes an identity attachment to the device based on the user, function, and other characteristics. An endpoint will only be allowed to access the network if the results from various variables matches with the specific rules where the interface is connected, or else, a guest access will be provided based on your company's guidelines or there will be a complete denial of access. Basically, an identity service engine or ISE is an automated policy enforcement engine that manages that regular tasks of accessing the list management, device and guest on boarding, as well as switch port VLAN changes for end-users, and more so that the network administrator can do other tasks and projects that are also important. Read cisco ise review here!
An cisco ise posture platform is usually a distributed deployment nodes that consist of three various types such as policy services node (PSN), policy administration node (PAN) and monitoring and troubleshooting node (MnT).