Cisco Identity Services Engine

Similar documents
Networks with Cisco NAC Appliance primarily benefit from:

Cisco Network Admission Control (NAC) Solution

Cisco NAC Network Module for Integrated Services Routers

Campus Manager. Out-of-Band Network Access Control for Wired, Wireless and VPN Networks. DataSheet

Cisco Secure Network Server

Cisco ISE Features. Cisco Identity Services Engine Administrator Guide, Release 1.4 1

Cisco MCS 7825-I1 Unified CallManager Appliance

Symantec Network Access Control Starter Edition

Cisco Secure Network Server

Symantec Network Access Control Starter Edition

NAC Director. Out-of-Band Network Access Control for Wired, Wireless and VPN Networks. DataSheet

Symantec Network Access Control Starter Edition

Cisco MCS 7845-H1 Unified CallManager Appliance

Cisco ISE Features Cisco ISE Features

Data Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement

CISCO MEDIA CONVERGENCE SERVER 7825-I1

Cisco MCS 7815-I2 Unified CallManager Appliance

Cisco 3300 Series Mobility Services Engine. Open, Appliance-Based Platform for Delivering Mobility Services

Reviewer s guide. PureMessage for Windows/Exchange Product tour

Cisco NAC Appliance Hardware Platforms

Integrated Ultra320 Smart Array 6i Redundant Array of Independent Disks (RAID) Controller with 64-MB read cache plus 128-MB batterybacked

ARUBA CLEARPASS POLICY MANAGER

Cisco ISE Plus SIEM and Threat Defense: Strengthen Security with Context

Cisco MCS 7835-H2 Unified Communications Manager Appliance

Securing the Empowered Branch with Cisco Network Admission Control. September 2007

ARUBA CLEARPASS POLICY MANAGER

2012 Cisco and/or its affiliates. All rights reserved. 1

The Context Aware Network A Holistic Approach to BYOD

Portnox CORE. On-Premise. Technology Introduction AT A GLANCE. Solution Overview

IBM Internet Security Systems Proventia Management SiteProtector

Cisco Secure Control Access System 5.8

Cisco Mobility Services Engine: An Open, Appliance-Based Platform for Delivering Mobility Services

HP ProCurve Network Access Controller 800

Question: 1 The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node?

Component Assessment

Cisco MCS 7815-I1 Unified CallManager Appliance

Cisco Data Center Network Manager 5.1

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

Symantec Advanced Threat Protection: Endpoint

Enterprise Guest Access

Cisco Secure Access Control

Cisco MCS 7815-I2. Serviceable SATA Disk Drives

Vendor: Cisco. Exam Code: Exam Name: Implementing Cisco Secure Access Solutions. Version: Demo

Cisco Identity Services Engine (ISE) Mentored Install - Pilot

Cisco Stealthwatch Endpoint License

The Cisco MCS 7835-H2 can run any of the following Cisco applications:

Enterasys. Design Guide. Network Access Control P/N

Cisco MCS 7828-I5 Unified Communications Manager Business Edition 5000 Appliance

Key Features. DATA SHEET

Cisco MCS 7825-H3. Supported Cisco Applications

ISE Primer.

Cisco UCS C210 M1 General-Purpose Rack-Mount Server

SECURE 6. Secure64 Appliances Purpose-built DNS appliances for the most demanding environments DNS APPLIANCES DATA SHEET. Appliance Descriptions

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Cisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller

Forescout. Configuration Guide. Version 2.4

Understanding Network Access Control: What it means for your enterprise

2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1

ForeScout CounterACT. Configuration Guide. Version 1.1

ARUBA AIRWAVE. Visibility and management for multi-vendor access networks DATA SHEET REAL-TIME MONITORING AND VISIBILITY

Identity Based Network Access

Cisco MCS 7816-H3. Supported Cisco Applications. Key Features and Benefits

CounterACT VMware vsphere Plugin

Cisco UCS B440 M1High-Performance Blade Server

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

Configure Client Posture Policies

TrustNet Manager Group Encryption Management for Policies, Keys and Devices

For Sales Kathy Hall

ForeScout Extended Module for MaaS360

ARUBA AIRWAVE. Management and monitoring for multi-vendor campus networks DATA SHEET CONNECTIVITY ANALYTICS REAL-TIME MONITORING AND VISIBILITY RAPIDS

HP E-PCM Plus Network Management Software Series Overview

SCHOOL OF PHYSICAL, CHEMICAL AND APPLIED SCIENCES

Cisco HyperFlex HX220c Edge M5

Cisco 3300 Series Mobility Services Engine

Cisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions

ClearPass Policy Manager

HPE Intelligent Management Center

Cisco Prime Home 5.1 Technical

PANORAMA. Figure 1: Panorama deployment

Cisco HyperFlex HX220c M4 Node

CounterACT VMware vsphere Plugin

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.1

2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 6

Securing BYOD with Cisco TrustSec Security Group Firewalling

ForeScout CounterACT Pervasive Network Security Platform Network Access Control Mobile Security Endpoint Compliance Threat Management

<Insert Picture Here> Managing Oracle Exadata Database Machine with Oracle Enterprise Manager 11g

Cisco HyperFlex HX220c M4 and HX220c M4 All Flash Nodes

Cisco EnergyWise: Power Management Without Borders

Klaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access

ForeScout Extended Module for MobileIron

ONE POLICY. Tengku Shahrizam, CCIE Asia Borderless Network Security 20 th June 2013

Cisco Exam Questions & Answers

Cisco UCS C200 M2 High-Density Rack-Mount Server

IBM Proventia Management SiteProtector Installation Guide

Cisco UCS C210 M2 General-Purpose Rack-Mount Server

Cisco TrustSec How-To Guide: Phased Deployment Overview

Features. HDX WAN optimization. QoS

NetSight End to end application visibility and control

Configure Client Posture Policies

Cisco Universal Small Cell 8050 Enterprise Management System

Transcription:

Data Sheet Enterprise networks are more dynamic than ever before, servicing an increasing number of users, devices, and access methods. Along with increased access and device proliferation comes an increased potential for security breaches and new operational challenges. Maintaining network security and operational efficiency today requires new solutions that effectively enforce access policies, audit network use, monitor corporate compliance, and provide increased visibility into network-wide activity. Cisco offers a solution to assist network security officers and administrators with these obstacles: the Cisco Identity Services Engine. Product Overview The is a next-generation identity and access control policy platform that enables enterprises to enforce compliance, enhance infrastructure security, and streamline service operations. Its unique architecture allows enterprises to gather real-time contextual information from networks, users, and devices to make proactive governance decisions by enforcing policy across the network infrastructure - wired, wireless and remote. The is an integral component of the Cisco TrustSec solution and SecureX architecture. The provides a highly powerful and flexible policy-based access control solution that combines multiple services, namely authentication, authorization, and accounting (AAA); posture; profiling; and guest management on a common platform. This greatly reduces complexity and provides consistency across the enterprise. Using the, administrators can centrally create and manage access control policies for users and endpoints in a consistent fashion and gain end-to-end visibility into everything that is connected to the network. Features The : Allows enterprises to authenticate and authorize users and endpoints via wired, wireless, and VPN with consistent policy throughout the enterprise Prevents unauthorized network access to protect corporate assets Provides complete guest lifecycle management by empowering sponsors to on-board guests, thus reducing IT workload Delivers customizable portals as well as ability to host web pages to ease on-boarding and overall enduser experience inside business defined worksflows Offers comprehensive visibility of the network by automatically discovering, classifying and controlling of endpoints connecting the network to enable the appropriate services per endpoint 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 5

Addresses vulnerabilities on user machines through periodic evaluation and remediation to help proactively mitigate network threats such as viruses, worms, and spyware Enforces security policies by blocking, isolating, and repairing noncompliant machines in a quarantine area without requiring administrator attention Offers a built-in monitoring, reporting, and troubleshooting console to assist help-desk operators and administrators streamline operations Allows you to get finer granularity while identifying devices on your network with Active Endpoint Scanning. Augments network-based profiling by targeting specific endpoints (based on policy) for specific attribute device scans, resulting in better accuracy and comprehensive visibility of what is on your network Manages endpoint access to the network with Endpoint Protection Service. With EPS, an admin can specify an endpoint and select an action such as move to a new VAN or return to the original VAN, or isolate the endpoint from the network entirely - all in a simple interface The Cisco Identity Services provides several additional key features, described in Table 1. Table 1. Key s Features Feature AAA protocols Authentication protocols Policy model Access control Profiling Guest lifecycle management Posture Endpoint protection service Centralized management Monitoring and troubleshooting Details Utilizes standard RADIUS protocol for authentication, authorization, and accounting (AAA). Supports a wide range of authentication protocols, including PAP, MS-CHAP, Extensible Authentication Protocol (EAP)-MD5, Protected EAP (PEAP), EAP-Flexible Authentication via Secure Tunneling (FAST), and EAP-Transport Layer Security (TLS). Offers a rules-based, attribute-driven policy model for creating flexible and business-relevant access control policies. Provides the ability to create fine-grained policies by pulling attributes from predefined dictionaries that include information about user and endpoint identity, posture validation, authentication protocols, profiling identity, or other external attribute sources. Attributes can also be created dynamically and saved for later use. Provides a wide range of access control mechanisms, including downloadable access control lists (dacls), VLAN assignments, URL redirect, and SGA tagging leveraging the advanced capabilities of Cisco network devices. Ships with predefined device templates for a wide range of endpoints such as IP phones, printers, IP cameras, smartphones, and tablets. Administrators can also create their own device templates. These templates can be used to automatically detect, classify, and associate administrative-defined identities when endpoints connect to the network. Administrators can also associate endpoint-specific authorization policies based on device type. The collects endpoint attribute data via passive network telemetry, querying the actual endpoints, or alternatively from the Cisco Infrastructure via Device Sensors on the catalyst switches. The infrastructure-driven endpoint sensing technology on Cisco Catalyst switches are a subset of ISE sensing technology. This allows the switch to quickly collect endpoint attribute information on the switch and then pass this information using standard RADIUS to the Identity Services Engine for endpoint classification and policy-based enforcement. This switch-based sensing technology allows for the efficient distribution of endpoint information for increased scalability, deployability and time to classification. Enables full guest lifecycle management whereby guest users can access the network for a limited time, either through administrator sponsorship or by self-signing via a guest portal. Allows administrators to customize portals and policies based on specific needs of the enterprise. Verifies endpoint posture assessment for all types of users connecting to the network. Works via either a persistent client-based agent or a temporal web agent to validate that an endpoint is conforming to the company s posture policies. Provides the ability to create powerful policies that include checks for the latest OS patches, antivirus/antispyware software packages with current definition file variables (version, date, etc.), registries (key, value, etc), and applications. The Identity Services Engine also supports auto-remediation of the client as well as periodic reassessment to make sure the endpoint is not in violation of company policies. Allows administrators to quickly take corrective action (Quarantine, Un-Quarantine, or Shutdown) on riskcompromised endpoints within the network. This helps to reduce risk and increase security in the network. Enables administrators to centrally configure and manage profiler, posture, guest, authentication, and authorization services in a single web-based GUI console, greatly simplifying administration by providing consistency in managing all these services. Includes a built-in web console for monitoring, reporting, and troubleshooting to assist help-desk and network operators to quickly identify and resolve issues. Offers comprehensive historical and real-time reporting for all services, logging of all activities, and real-time dashboard metrics of all users and endpoints connecting to the network. 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 5

Feature Platform options Details Available as a physical or virtual appliance. There are three physical appliance models as well as a VMware ESXor ESXi-based appliance. Benefits The : Allows enterprises to roll out highly customized and sophisticated business access policies in a consistent fashion Reduces operational costs by providing full visibility into, historical reporting of, and enhanced troubleshooting tools for network access Reduces network outages and downtime by ensuring that only compliant users get full access to the network and non-compliant users are isolated to limited areas of the network Allows enterprises to be in compliance with regulatory mandates by ensuring that required controls can be enforced and audited Product Specifications There are three hardware options for the (see Table 2). Table 2. Hardware Specifications Processor Appliance 3315 (Small) 1 x QuadCore Intel Core 2 CPU Q9400 @ 2.66 GHz Appliance 3355 (Medium) 1 x QuadCore Intel Xeon CPU E5504 @ 2.00 GHz Memory 4 GB 4 GB 4 GB Appliance 3395 (Large) 2 x QuadCore Intel Xeon CPU E5504 @ 2.00 GHz Hard disk 2 x 250-GB SATA HDD 2 x 300-GB SAS drives 4 x 300-GB SFF SAS drives RAID No Yes (RAID 0) Yes (RAID 0+1) Removable media CD/DVD-ROM drive CD/DVD-ROM drive CD/DVD-ROM drive Network Connectivity Ethernet NICs 4 x Integrated Gigabit NICs 4 x Integrated Gigabit NICs 4 x Integrated Gigabit NICs 10BASE-T cable support 10/100/1000BASE-TX cable support Secure Sockets Layer (SSL) accelerator card Interfaces Cat 3, 4, or 5 unshielded twisted pair (UTP) up to 328 ft (100 m) Cat 3, 4, or 5 UTP up to 328 ft (100 m) Cat 3, 4, or 5 UTP up to 328 ft (100 m) Cat 5 UTP up to 328 ft (100 m) Cat 5 UTP up to 328 ft (100 m) Cat 5 UTP up to 328 ft (100 m) None Cavium CN1620-400-NHB-G Cavium CN1620-400-NHB-G Serial ports 1 1 1 USB 2.0 ports 4 (two front, two rear) 4 (one front, one internal, two rear) 4 (one front, one internal, two rear) Video ports 1 1 1 External SCSI ports None None None System Unit Form factor Rack-mount 1 RU Rack-mount 1 RU Rack-mount 1 RU Weight 28 lb (12.7 kg) fully configured 35 lb (15.87 kg) fully configured 35 lb (15.87 kg) fully configured Dimensions 1.69H x 17.32W x 22 in.l (43 x 440 x 55.9 mm) 1.69H x 17.32W x 27.99 in.l (43 x 42.62 x 711 mm) 1.69H x 17.32W x 27.99 in.l (43 x 42.62 x 711 mm) Power supply 350W Dual 675W (redundant) Dual 675W (redundant) Cooling fans 6; non-hot plug, nonredundant 9; redundant 9; redundant 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 5

Appliance 3315 (Small) Appliance 3355 (Medium) Appliance 3395 (Large) BTU rating 1024 BTU/hr (at 300W) 2661 BTU/hr (at 120V) 2661 BTU/hr (at 120V) Compliance FIPS virtual appliances are supported on VMware ESX/ESXi 4.x and should be run on hardware that equals or exceeds the characteristics of the physical appliances listed in Table 2. At minimum, s require the virtual target to have allocated at least 4 GB of memory and at least 200 GB of hard drive space. The virtual appliance is also FIPS 140-2 Level 1 compliant. System Requirements The set of system requirements for the Cisco NAC Agent, used for posture assessment, are shown in Table 3. Table 3. Cisco NAC Agent System Requirements Feature Supported OS Hard drive space Hardware Minimum Requirement Microsoft Windows Vista Business, Windows Vista Ultimate, Windows Vista Enterprise, Windows Vista Home, Windows 7, Windows XP Professional, Windows XP Home, Windows XP Media Center Edition, Windows XP Tablet PC, Windows 2000, Windows 98, Windows SE, and Windows ME; Mac OS X (v10.5.x, v10.6.x) Minimum of 10 MB free hard drive space No minimum hardware requirements (works on various client machines) License Specifications A deployment requires a license to activate different services. There are three types of Identity Services Engine licenses: ISE BASE License. Used to activate basic services, such as authentication, authorization, guest, monitoring, and troubleshooting services. ISE ADVANCED License. Used to activate advanced services, such as posture, profiling, SGA and EPS. Please note that the BASE license is a prerequisite for installing the ADVANCED license. ISE WIRELESS License. Activates all Identity Services Engine services, but only for wireless endpoints. Table 4 summarizes the license types. Table 4. License Specifications BASE License ADVANCED License WIRELESS License Authentication and authorization X X * Guest services X X * Monitoring and troubleshooting X X * Posture assessment X X * Profile X X * SGA X X * Endpoint protection service X X * * Only for wireless endpoints. 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 5

Service and Support Cisco offers a wide range of services programs to accelerate your success. These innovative programs are delivered through a combination of people, processes, tools, and partners that results in high levels of customer satisfaction. Cisco services help you to protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, see Cisco Technical Support Services or Cisco Advanced Services. Warranty information is available at http://www.cisco.com/go/warranty. Licensing information is available at http://www.cisco.com/en/us/docs/security/nac/appliance/support_guide/license.html. For More Information For more information about products and the Cisco TrustSec solution, visit http://www.cisco.com/go/ise or contact your local Cisco account representative. Printed in USA C78-656174-02 02/12 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback