Cisco Identity Services Engine (ISE) Mentored Install - Pilot

Similar documents
Cisco CloudCenter QuickStart Mentored Implementation Service

For Sales Kathy Hall

Introduction to 802.1X Operations for Cisco Security Professionals (802.1X)

Cisco ISE Features. Cisco Identity Services Engine Administrator Guide, Release 1.4 1

The Context Aware Network A Holistic Approach to BYOD

Cisco Network Admission Control (NAC) Solution

Cisco ISE Licenses. Your license has expired. If endpoint consumption exceeds your licensing agreement.

ONE POLICY. Tengku Shahrizam, CCIE Asia Borderless Network Security 20 th June 2013

Vendor: Cisco. Exam Code: Exam Name: Implementing Cisco Secure Access Solutions. Version: Demo

Cisco ISE Features Cisco ISE Features

Question: 1 The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node?

Cisco ISE Licenses. You cannot upgrade the Evaluation license to an Plus and/or Apex license without first installing the Base license.

Identity Based Network Access

2012 Cisco and/or its affiliates. All rights reserved. 1

Integrating Meraki Networks with

Cisco TrustSec How-To Guide: Central Web Authentication

Manage Authorization Policies and Profiles

Guest Access User Interface Reference

Cisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller

Cisco TrustSec How-To Guide: Phased Deployment Overview

Symantec Network Access Control Starter Edition

Cisco Secure Access Control

Cisco Identity Services Engine

Enterprise Guest Access

Partner Webinar. AnyConnect 4.0. Rene Straube Cisco Germany. December 2014

Cisco ISE pxgrid App 1.0 for IBM QRadar SIEM. Author: John Eppich

Borderless Networks. Tom Schepers, Director Systems Engineering

Support Device Access

Symantec Network Access Control Starter Edition

Cisco S802dot1X - Introduction to 802.1X(R) Operations for Cisco Security Professionals.

Data Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement

Cisco Identity Services Engine

Manage Authorization Policies and Profiles

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Network Deployments in Cisco ISE

Cisco Exam Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ]

Reviewer s guide. PureMessage for Windows/Exchange Product tour

Yes, You can protect your endpoints! Szilard Csordas, Security Consultant scsordas [at] cisco.com

Exam Questions Demo Cisco. Exam Questions

Setup Adaptive Network Control

Securing Cisco Wireless Enterprise Networks ( )

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Cisco TrustSec How-To Guide: Monitor Mode

Support Device Access

Symantec Network Access Control Starter Edition

DumpsFree. DumpsFree provide high-quality Dumps VCE & dumps demo free download

Secure wired and wireless networks with smart access control

Networks with Cisco NAC Appliance primarily benefit from:

Configure Guest Access

Delivering a Secure BYOD Solution with XenMobile MDM and Cisco ISE

ISE Version 1.3 Self Registered Guest Portal Configuration Example

Configure Guest Flow with ISE 2.0 and Aruba WLC

Cisco ONE for Access Wireless

Securing BYOD with Cisco TrustSec Security Group Firewalling

Service Description: Advanced Services- Fixed Price: Cisco UCCE Branch Advise and Implement Services (ASF-CX-G-REBPB-CE)

Digital Advisory Services Professional Service Description SIP SBC with Field Trial Endpoint Deployment Model

Network Deployments in Cisco ISE

VMware vcloud Air Accelerator Service

Introduction to ISE-PIC

Cisco Identity Services Engine. data breaches are mitigated by all means possible. Businesses must strive to adhere to global

ISE Version 1.3 Hotspot Configuration Example

ISE with Static Redirect for Isolated Guest Networks Configuration Example

Network Visibility and Segmentation

Cisco Exam Questions and Answers (PDF) Cisco Exam Questions BrainDumps

Service Description: Cisco Security Implementation Services. This document describes the Cisco Security Implementation Services.

Readme for ios 7 WebAuth on Cisco Wireless LAN Controller, Release 7.4 MR 2

P ART 3. Configuring the Infrastructure

ISE Primer.

Configure Client Posture Policies

Service Description: Advanced Services Configurable (AS-C) Assessment Services

ScaleCare Services. Statement of Work. Prepared For: Client: Clarion Limestone School Client Contact: Dan Brocious

Pulse Policy Secure X Network Access Control (NAC) White Paper

Services Summary. Deliverables. Location of Services. Services Assumptions & Exclusions. General Project Management

User-to-Data-Center Access Control Using TrustSec Design Guide

Service Description: Identity Services Engine Implementation-Subscription Service

CertKiller q

Cisco NAC Network Module for Integrated Services Routers

Cisco QuickStart Implementation Service for Tetration Analytics Medium

CLEARPASS CONVERSATION GUIDE

Introducing Cisco Identity Services Engine for System Engineer Exam

Configure Client Posture Policies

TITLE GOES HERE RUCKUS CLOUDPATH ENROLLMENT SYSTEM. The only integrated security and policy management platform that delivers: COMPRISED OF:

Klaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access

Unified Communications Networks Security and Platforms

A. Post-Onboarding. the device wit be assigned the BYOQ-Provision firewall role in me Aruba Controller.

Deploying Cisco ASA VPN Solutions v2.0 (VPN)

Securing the Empowered Branch with Cisco Network Admission Control. September 2007

BYOD: Management and Control for the Use and Provisioning of Mobile Devices

Your wireless network

User Directories and Campus Network Authentication - A Wireless Case Study

Guest Service Changes

BYOD Business year of decision!

Network Segmentation Through Policy Abstraction: How TrustSec Simplifies Segmentation and Improves Security Sept 2014

Symbols. Numerics I N D E X

Securing BYOD With Network Access Control, a Case Study

What Is Wireless Setup

Vendor: Cisco. Exam Code: Exam Name: Implementing Advanced Cisco Unified Wireless Security (IAUWS) v2.0. Version: Demo

Windows Server Network Access Protection. Richard Chiu

Tech update security 30 /

Digital Advisory Services Professional Service Description SIP Centralized IP Trunk with Field Trial Model

Transcription:

Cisco Identity Services Engine (ISE) Mentored Install - Pilot Skyline Advanced Technology Services (ATS) offers Professional Services for a variety of Cisco-centric solutions. From inception to realization, our senior staff of engineers is available for any size project or duration for the following services: Consulting Services Staff Augmentation Network Design Installation Services For an in-depth discussion regarding your technical and staffing needs, our team is with you every step of the way. Contact your Skyline-ATS representative today. Are you deploying Cisco Identity Services Engine? Contact your Skyline Account Manager today for more information. 800-375-9546 info@skyline-ats.com www.skyline-ats.com Description The Cisco Identity Services Engine (ISE) Mentored Install - Pilot is a unique engineering enablement offering designed to assist Cisco Partners in building service offerings around the Cisco Identity Service Engine (ISE) solution. This offering is designed for Partners who are selling, designing, and deploying Cisco ISE solutions and require assistance with and training on design and deployment. The engagement consists of a design and readiness review followed by engineering support during the mentored install. During the design phase, a Skyline-ATS Security Solutions Architect will work with the Partner and customer to complete a High Level Design, assess the readiness of the network, provide recommendations for IOS upgrades and/or equipment replacement and/or configuration changes to make the network ISE ready. The mentored installation is focused around installation and deployment of an operational Cisco Identity Services Engine (ISE) system in a Pilot scenario while providing the Partner deployment experience as well as a well-defined knowledge transfer on the ISE design, installation and deployment. This Pilot assumes that all relevant use cases will be designed, implemented and tested specific to a limited number of end points and users. The Mentored Install will cover wired and wireless network access control, BYOD, Profiling, Posture Assessment, TACACS+ and VPN. The objective of this Mentored Install is to educate the Partner and/or customer to enable them to complete pushing the solution out to all endpoints/end-users without the need for Skyline-ATS assistance. The engagement is expected to take between one and three weeks depending on the services required. Overall Objectives 1. Collaborate with key personnel to design and determine functionality goals. 2. Interactive training and design sessions geared to educate the Partner and finalize the design. 3. Provide interactive training to Partner personnel throughout the selling, designing, and deployment process focusing on those areas the Partner feels they need assistance with. Customer Responsibilities Participate in a High Level Design Workshop via WebEx pre-installation Provide proper rack and other supporting infrastructure, such as power, HVAC etc. System must be racked and powered prior to Skyline arriving onsite Partner/Customer must provide adequate resources to perform the implementation with Skyline providing Interactive training and guidance Partner/Customer will assist with all testing scenarios Statement of Work (SOW) After the Skyline-ATS ISE Engineer thoroughly qualifies the Partner/Customers ISE requirements, a detailed Statement of Work will be submitted for customer approval prior to the QuickStart installation engagement. Instructor Lead Training (ILT) Instructor Led Training is also available for those customers that want to increase their knowledge of Cisco Identity Services Engine technology beyond what is provided in this mentored installation.

Cisco Identity Services Engine (ISE) Mentored Deployment Pilot Summary Cisco ISE is a security policy management platform that provides secure access to network resources. Cisco ISE functions as a policy decision point and enables enterprises to ensure compliance, enhance infrastructure security, and streamline service operations. Cisco ISE allows enterprises to gather real-time contextual information from networks, users, and devices. The administrator can then use that information to make governance decisions by tying identity to various network elements, including access switches, wireless LAN controllers (WLCs), Virtual Private Network (VPN) gateways, and data center switches. Cisco ISE acts as the policy manager in the Cisco TrustSec solution and supports TrustSec software-defined segmentation. Not all customers will want to deploy all ISE capabilities at once and may opt for more of a phased approach. Because of that, this service is broken out into multiple options. Options may be combined into a single deployment or any number of options may be combined to support the phased approach. Cisco Identity Services Engine Mentored Install Options A Mentored Install can include one or more of following options as applicable: OPTION 1: Cisco Identity Services Engine (ISE) High Level Design (HLD) 1 Day Remote High Level Design Skyline will interview the Client and Customer engineers in order to complete a High Level Design Document. Design discussions will include but are not limited to: 1. Business Objectives 2. Timelines 3. Customer Environment 4. Physical Network Topology details 5. Deployment Details a. Operations b. Unknowns c. High Availability d. Migration e. ISE Node details f. Certificate options 6. Build of Materials 7. Performance Specifications Wired and/or Wireless Network Analysis 1. Perform a review of the models and code revisions of network devices involved in current deployment. 2. Review network support capabilities for requested features. VPN Analysis 1. Perform a review of the models and code revisions of network devices involved in current deployment. a. Identify models requiring a code upgrade. b. Identify models requiring replacement. 2. Review network support capabilities for requested features.

OPTION 2: Cisco Identity Services Engine (ISE) Base Implementation Services (Wired and/or Wireless) - 5 Days Review High Level Design 1. Review the high level design and proposed policies. 2. Discuss with Client and make recommendations for changes if applicable. ISE Node Implementation 1. Deploy two (2) ISE Appliances (virtual or physical) as all-in-one nodes configured for High Availability (HA) in the Client s wired production environment in support of the Proof of Concept. a. Each node will be configured as an Admin Node, Monitor Node and Policy Service Node (PSN). 2. Integrate ISE nodes with existing Active Directory. 3. Set up ISE Management Access. a. Set up administration access and policies. b. Install Licenses. c. Discuss Certificate options and install certificates. 4. Create users and end user portals. Configure Policies Skyline will consider scenarios such as user versus endpoint authentication (certificate or non-certificate based), role-based identification and segmentation (employees, contractors, guests, and so on), or endpoint-based differentiation (corp asset vs non-corp asset). These unique security policies will map directly to the final ISE Policy Sets. 1. Configure Policy Sets a. Create up to 5 Policy Sets that indicate the allowed protocol and/or server sequence (RADIUS or TACACS) as applicable based on design discussions. 2. Configure Authentication Policies a. Create up to 5 authentication policy use cases to show customer how to create and deploy authentication policies b. 802.1x will be used for any compliant endpoints - configure standard authentication policy to authenticate against corporate AD. c. Discuss 802.1x Authentication policy protocols and configure the appropriate protocols for the use cases e.g. EAP-Chaining/EAP-FAST. d. Configure Centralized Web Authentication Guest Access Lifecycle. e. MAC Authentication Bypass will be used for Apple devices and devices that are not 802.1x compliant f. Configure authentication policy to authenticate against MAC list - ISE Local. 3. Configure Authorization Policies: a. Create up to 5 authorization policy use cases to show customer how to create and deploy authorization policies (example: corporate assets + corporate users, phones, WAPs, printers). b. Some of the use cases will fall under the MAC list for authorization. c. Customer will create and deploy any additional policies. 4. Create two MAC lists in ISE to show customer how to create and populate MAC lists. a. Customer will create and deploy any additional MAC lists.

Configure Network Access Devices 1. Configure ISE for network access devices. 2. Deploy Network Access Device (NAD) configuration templates to a sampling of devices (3-4 NADs). After that customer will deploy to the remaining Network Access Devices (NADs). Configure Endpoint Devices 1. Discuss/Advise Endpoint Device configuration steps and implementation guidelines. 2. Creation and deployment of an 802.1x supplicant; native or Cisco AnyConnect Network Access Manager (NAM) configuration template for multiple endpoint types. 3. Document Endpoint Device implementation. Demonstrate the deployment of a few endpoints for each use case. a. Desktop/Laptop (Windows + Apple MACs) b. Printers c. IP Phones d. Other endpoints as required OPTION 3: Cisco Identity Services Engine (ISE) Profiling Implementation Services 1 Day Profiling Using the ISE Profiler to provide dynamic detection and classification of endpoints connected to the network using standard extensive library of profiles and use that classification for authorizing it to connect to the network and granted access based on their profile. 1. Configure Profiling based on default policies for the following: a. WAPs b. Printers c. IP Phones d. Other devices, up to 4 additional device types.

OPTION 4: Cisco Identity Services Engine (ISE) BYOD Implementation Services 2 days BYOD Implementation Creation of Bring Your Own Device (BYOD) policies to allow or restrict access to internet, corporate LANs etc. 1. Configure ISE to support Corporate BYOD policies. a. Access to Intranet. b. Limited access to other corporate network services to be defined. 2. Configure BYOD guest access. OPTION 5: Cisco Identity Services Engine (ISE) Posture Assessment/Remediation Implementation Services 3 days Posture Assessment/Remediation Configuring ISE to assess the posture of endpoint devices by analyzing factors such as antivirus, antispyware, personal FW processes to allow access or quarantine a device and/or process for remediation services. 1. Configure 2-3 Posture Policies based on Customer requirements (ex. Anti-Virus validations, MS Windows version assessment, etc ) 2. Configure standard Posture Authorization policies for Non-Compliant, Compliant, Quarantined workstations

OPTION 6: Cisco Identity Services Engine (ISE) VPN Authentication/Authorization - RADIUS 1 Day ISE - VPN Authentication/Authorization RADIUS Configuring ISE VPN Authentication / Authorization against RADIUS on a Cisco ASA. 1. Add/Modify AAA Device information in ISE for RADIUS on ASA 5500-x series security appliance. 2. Create VPN Policy Set. 3. Configure ISE Authentication policy - VPN users. 4. Configure ISE Authorization polices - VPN users (up to 2) (example: Employees, Contractors). 5. Create/Deploy AAA-RADIUS configuration templates for ASA 5500-x security appliance. 6. Configure/Deploy Cisco AnyConnect (up to 5 endpoints). OPTION 7: Cisco Identity Services Engine (ISE) TACACS 2 Days ISE - Device Management - TACACS+ Configuring ISE for Device Management using TACACS+ 1. Add AAA Device information in ISE for TACACS+ on ASA 5500-x series security appliances and network devices (up to 5). 2. Configure ISE Device Management + TACACS+ Authentication policy. 3. Configure ISE Device Management + TACACS+ Authorization polices (up to 2). a. (example: Net_Engineers, NOC_Engineers). 4. Configure ISE Device Management Command Set policies (up to 2). a. (example: Net_Engineer_Command_Set, NOC_Engineers_Command_Set). 5. Create/Deploy AAA-TACACS+ configuration templates for ASA 5500-x series. 6. Create/Deploy AAA-TACACS+ configuration for corporate network devices (up to 5 Devices).

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback