Cisco Identity Solutions Engine 1.1 Update Is Now Available ISE
Cisco recently released the latest update for Identity Solutions Engine (ISE). Below are some features and findings. My team has been running this in the lab for a while and so far it’s been rock solid. For those who have seen Cisco Prime Network Control System (NCS), the ISE GUI now has the same theme (see the pictures above and below).
ISE 1.04
ISE 1.1
FEATURES
- Common Criteria Certification – This release will be submitted for Common Criteria Certification, which is a requirement for many federal agencies.
- FIPS – ISE 802.1x services with Common Access Card (CAC) including NAC & AnyConnect Agent
- IOS Sensor on 15.0(1) SE1 for Cat 3000 and IOS 15.1(1) SG for CAT 4000. This is a huge for Profiling since it’s the first time Cisco is leveraging the switches for profiling data rather than probing from the ISE server down (like all other profiling type solutions). It makes sense to do this since typical information being probed is already available on switches.* Catalyst 2000 support and DHCP data for IOS Sensor will come later.
- Active Endpoint Scanning – Manual scan and specific scan action per profile template
- Endpoint protection services aka (Blacklisting devices) – Enable administrators to quarantine devices by IP or MAC address.
- Multiple language support for guest, sponsor and client provisioning portals.
- NAC agent, AnyConnect NAM client, ISE user input fields and reports.
- Guest without Logon (Device registration WebAuth). Simple URL for Sponsor Portal Access (A simple, short link). Custom Portal Theme
- OCSP Support
- NTP Server authentication
- External Authentication for Administrators (including CAC)
- ISE VM Appliance will include VMWare Tools
- SGA Out Of Band PAC Provisioning
- SGACL Monitor Mode
- NMAP added to profiling
SOME OTHER THINGS TO NOTE ABOUT THE ISE 1.1 RELEASE:
- There are some Internet Explorer 8 problems that are performance related. The current release notes claim “be patient” and “click several times”.
- There are some disk space and performance issues on the UCS SATA-2 storage systems.
- We have been running it on vshpare 5.0 without a problem even though 4 is the supported platform. Same goes for ISE 1.04
- ISE IPEP will need to be disconnect and use Certificate Based Authetnication to connect to a PAP prior to upgrade http://www.cisco.com/en/US/docs/security/ise/1.1/release_notes/ise1.1_rn.html#wp248769 – IPEP Bug CSCtu39612
ISE 1.1 release notes can be found HERE
Cisco Identity Services Engine 1.1 Update Is Now Available - Some Details On The Release | ISE,
You said you were able to install on “vshpare 5.0”. I’m assuming your hypervisor was ESX/ESXi 5.0? Just wondering how you were able to since I’m trying to install on ESXi 5.0 and cannot get past booting off of the CD. The bootup goes to a kernel panic complaining about the file system not being provisioned correctly.
Hi Eric,
Yes we are running ESX 5. It could be a hardware compatibility or storage issue.
Forgot about NMAP … just added it to the post
Hello!
You have a great blog, with excelent posts.
Congratulations!!!!
Regards,
Marco Bartulihe
This is great blog post . Thanks for sharing a very helpful article.