.png)
Cisco recently announced the third major release of their Identity Services Engine product, ISE 3.0! There have been some improvements to features available in previous versions of the platform and also some big additions and changes, namely relating to the licesning structures. Cisco’s flagship network access control product continues to:
The biggest change coming to ISE 3.0 is in its licensing model. In prior versions, licenses at the Base tier that provided entry-level 802.1X and Guest services were permanent licenses that did not require renewal. However, in ISE 3.0 Base licenses also become term-based in the same way as the prior Plus and Apex tiers.
Licensing tiers have also been renamed, in line with the current standard licensing tiers for Enterprise Network products:
The new licensing model is described by Cisco as using a “nested doll” model – put simply, where previously Apex licenses did not include Plus tier features, licenses now include all features in any below tier. Premier licenses include Advantage and Essentials features, and Advantage licenses include Essentials features.
More information on the new licensing model and conversion can be found here.
We offer Cisco Licensing streamlining services to Cisco customers. Find out more here.
ISE 3.0 also features a new, streamlined User Interface with guided workflows for advanced use cases. In the same vein as the wizards and Work Centres that were added to later 2.x releases, these help users access and deploy some traditionally complex ISE features with ease.
You can see a screenshot of the new live sustem in ISE 3.0 below.
ISE 3.0 brings Agentless Posture functionality to complement existing Agent-based Posture Assessment features. ISE can be configured to automatically deploy a temporary lightweight posture assessment client to the endpoint that removes itself after assessment, without having to commit to rolling out AnyConnect across their entire install base.
ISE 3.0 also adds Controlled Release support for Azure Active Directory as an external identity source. Where previously in 2.x Azure AD identities were only accessible via guest flow or with an integrated on–premise Active Directory, Azure AD can now be used directly with 802.1X using OAuth and ROPC. This gives cloud identity only organisations the ability to secure wireless and wired access in the same way as those with an on-premise AD deployment using 802.1X.
