Bob the Training Guy – Your Resource for All Cisco and VMware Training [email protected]
Why Migrate to the Cisco Identity Services Engine (ISE)?
You can’t take chances on security. You need the very best weapons to fight all the threats that threaten your devices, network platforms, information, and resources. The Cisco® Secure Access Control System (ACS) has been a very popular choice for highly secure network access control and network device administration for almost 15 years. However, with the proliferation of more and more devices due to bring-your-owndevice (BYOD) programs and the advent of the Internet of Things (IoT), enterprises are recognizing that they need more. It’s time to migrate to a new product that provides not only the features of Cisco Secure ACS but also many more advanced security and mobility capabilities.
The Cisco Identity Services Engine (ISE) is the market-leading security policy management platform that unifies and automates access control to proactively enforce role-based access to enterprise networks and resources. It doesn’t matter whether a user connects over a wired or wireless network or a VPN. Cisco Ise delivers superior user and device visibility to provide streamlined mobility experiences. It shares vital contextual data with integrated ecosystem partner solutions to accelerate their ability to identify, mitigate, and remediate threats.
The platform combines authentication, authorization, posture assessment, profiling, and guest management services in a unified appliance. A single management console for configuring and administering services gives you consistency and simplified administration. Less hardware is required because multiple services can now run on a single node.
Migration Benefits
- Eliminate complexity and management time with unified policy management: Stop managing multiple administrative consoles. The Cisco Identity Services Engine (ISE) provides a single console where authentication, authorization, posture, guest, and profiling policies can be created and managed. Policy elements can be reused across all services, reducing tasks, overhead, and inconsistencies.
- Build richer contextual
policies: The Cisco ISE gathers
information from devices, the
infrastructure, and services to
help you build richer contextual
policies that can be enforced
centrally across the network.
You can track all users and
devices connected to the
network using Cisco ISE as a
single source of information
for connected user and device
identity and location as well as
endpoint health.
- Discover, identify, and monitor
all IP-enabled endpoints: IT
teams gain complete visibility
of both user devices and other
devices, such as printers and
sensors, on the corporate
network.
- Enforce dynamic access
control: The Cisco ISE
combines authentication,
authorization, and accounting
(AAA), posture, profiling,
and guest management
capabilities in a single appliance
to enforce dynamic access
control. The Cisco ISE can be
deployed across the enterprise
infrastructure, supporting
802.1X wired, wireless, and
VPN networks.
Protecting Your Cisco Investment
We’ve made the move from Cisco Secure Acs to Cisco ISE easy and cost-efficient. Cisco ISE runs on the same Secure Network Server (SNS) hardware platform as the Cisco Secure ACS. Migrate easily with existing Cisco Secure Network Server (SNS) 3415 and 3495 hardware. The Cisco ISE software is also supported on VMware.
With the exception of TACACS+-based network device administration
features, all Cisco Secure ACS capabilities are available in the base
software version of Cisco ISE. Cisco is offering a 50 percent discount on
the base migration products.
Depending on your current deployment, you will need to purchase the appropriate hardware and software in order to migrate.
Customers using the Cisco SNS 34x5 hardware platform do not need to purchase hardware migration products. These appliances support the latest Cisco ISE software release. Customers on earlier Cisco Secure ACS hardware platforms must purchase discounted Cisco ISE hardware appliances.
All Cisco Secure ACS customers with RADIUS deployments can migrate to the latest Cisco ISE software release. Customers who use the Cisco Secure ACS deployment for network device administration should contact their local Cisco account managers to discuss their options for TACACS+-based device administration deployment.
Migration Tools and Cisco Services
The Cisco ISE comes with a tool to help customers migrate from Cisco Secure ACS 5.5 deployments to Cisco ISE Software 1.3. The tool will automatically migrate Cisco Secure ACS configuration data (such as user and device information and policy) to the Cisco ISE, but it will not migrate monitoring and troubleshooting data. The migration tool does not include support for migrating network device administration configuration to the Cisco ISE because Cisco ISE Software Releases 1.2 and 1.3 do not support TACACS+ functionality.
Cisco Secure ACS customers who have deployed the Cisco Network Admission Control (NAC) Guest Server and NAC Profiler will need to manually migrate guest and profiler configuration policies.
Migration tools from Cisco Secure ACS 5.x to Cisco ISE are built into Cisco ISE Software Release Software Application Support and Upgrades (SASU) contract except for monitoring and troubleshooting. For the NAC Guest Server, automatic migration is planned for Cisco ISE Software Release 2.0. For the NAC Profiler, no migration tool will be available.
Please use the Service Finder to find the service part number for the appliance or VM-based product on which you are running your Cisco ISE software. This part number is needed for Cisco SMARTnet™ service contracts for an SNS 34x5appliance running Cisco ISE software and for a Software Application Support plus Upgrades (SASU) contract for Cisco ISE instances running on virtual machines (VMs).
Next Steps
For more information on the Cisco ISE, please Click Here.
To find your local Cisco Partner for more information Click Here.
Source: http://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/at-a-glance-c45-733506.pdf as viewed on 12/3/15.
For more information on Security, ISE, Cisco or
VMware training, contact Bob the Training Guy at [email protected]
or call 330-680-5733.