Cisco ISE- Cisco Identity Services Engine
Cisco ISE- Identity services engine is next generation identity and Access control policy platform for the enterprise based network. It is one of the integral part in the enterprise network. It can apply access control policies on wired and wireless network. It will give you the real-time contextual information from the network to the admins.
It determines in the network whether users are accessing the network on an authorized, policy-compliant device. It also did a major role in the network by establishes user identity, location, and access history, which can be used for compliance and reporting for the enterprise network. You can also assigns services based on the assigned user role, group, and associated policy in the enterprise network.
Cisco ISE also grants authenticated users with access to specific segments of the network or specific applications and services or both, based on authentication results which we defined in the network by the administrators.
It determines in the network whether users are accessing the network on an authorized, policy-compliant device. It also did a major role in the network by establishes user identity, location, and access history, which can be used for compliance and reporting for the enterprise network. You can also assigns services based on the assigned user role, group, and associated policy in the enterprise network.
 |
| Fig 1.1- Cisco ISE architecture |
Cisco ISE also grants authenticated users with access to specific segments of the network or specific applications and services or both, based on authentication results which we defined in the network by the administrators.
 |
| Fig 1.2- Cisco ISE |
Defining the Cisco ISE, It is a consolidated policy-based access control system that includes a lot of features available in existing Cisco policy platforms. It performs the following functions:
- It actually combines authentication, authorization, accounting (AAA), posture, and profiler into one appliance
- It also provides comprehensive guest access management for the Cisco ISE administrator, sanctioned sponsor administrators, or both
- It can enforces endpoint compliance by providing comprehensive client provisioning measures and assessing device posture for all endpoints that access the network, including 802.1X environments
- It do provides support for discovery, profiling, policy-based placement, and monitoring of endpoint devices on the network
- It enables consistent policy in centralized and distributed deployments that allows services to be delivered where they are needed
- It employs advanced enforcement capabilities including security group access (SGA) through the use of security group tags (SGTs) and security group access control lists (SGACLs)
- At last, it supports scalability to support a number of deployment scenarios from small office to large enterprise environments
