Today you may have Cisco NAC appliance or ACS and have heard great things about Cisco’s latest access control technology known as Identity Services Engine (ISE). What are you options to migrate to ISE? Here are some things you should know.
NOTE: These tips apply to how things are August 2011.
OVERVIEW:
ISE provides all the functionality of legacy NAC appliance, NAC Profiler and NAC Guest server. ISE provides all the functionality of ACS except device administration. This makes all existing customers running these services except ACS device administration (TACACS /RADIUS) an upgrade candidate. Many customers are keeping ACS for device management and purchasing new ISE solutions.
SOFTWARE
ISE is a free software upgrade for customers who have NAC appliance or NAC profiler. This is for both for the base and advance licenses.
ISE is a 50% software discount for customers who have ACS or NAC guest server. The 50% discount is a migration part for the base license only. The advance features license will not be impacted by this discount.
HARDWARE
ISE is supported on current generation NAC appliance hardware (3315, 3355,3395) and ACS (1121) hardware.
ISE is not support on any previous generation hardware (3310,3350, 3390, 1120, 3140, etc.). There are hardware/vmware migration discounts for customers moving from these platforms to the latest appliance or VMware systems.
ISE is available in appliance and VMware. There are VMware bundle options to increase discount when purchasing multiple VMware instances.
ISE hardware is discounted if the customer owns older NAC appliance (3310,3350 or 3390) or ACS appliance (1120).
Example 1:
Customer has a NAC manager appliance, 2000 user Cisco NAC Server appliance, Cisco Profiler appliance and Cisco Guest server. All hardware is the newer model IBM appliances (3315,3355 or 3395). The customer can get ISE software at no cost. They can download ISE .ISO for free from cisco.com and reimage the appliances to the latest ISE software. They can order a license from a Cisco partner at no cost as long as they have an active Smartnet contract and the supported hardware. The customer only needs one license since license management is centralized regardless of the number of existing appliances.
Example 2:
Customer has a NAC manager appliance, 2000 user NAC Server, Cisco Profiler and Cisco Guest server. All hardware is older HP servers (3310,3350 or 3390). The customer can download ISE .ISO for free from cisco.com and order a license at no cost. The hardware will not support ISE. This customer will have to migrate to the latest ISE appliance or vmware system for each NAC appliance server. The cost of the hardware will be discounted.
Example 3:
Customer has Cisco ACS supporting 2000 users and wants to migrate to ISE. They will need to purchase the 50% discounted ISE base and full advance licenses. They will need to migrate to ISE via VMware or Appliance if they don’t own an ACS 1121 appliance.
