Item: Cisco Identity Services Engine (ISE)
Rating: 7
Author: Verified User

Overall Satisfaction with Cisco Identity Services Engine (ISE)

Use Cases and Deployment Scope

We use Cisco Identity Services Engine as the main SDA/SDN policy server as well as handling our profiling in tandem with Secure Client. A lot of our manual device lists and custom policies are handled through Cisco Identity Services Engine as well. Some of our monitoring and troubleshooting for wired and wireless is handled through Cisco Identity Services Engine. Since we use it for doing Radius for wireless and Secure Client handles auth for wired it lets us shortcut some basic issues that users may encounter like password or account issues. Additionally I've been developing spreadsheet and quick lookup tools using the Cisco Identity Services Engine API.

Pros and Cons

Pros

Combined wired and wireless device monitoring
Policy configuration/management and device exceptions
User identification and device tracking
Integration with Radius and Duo

Cons

There are many pages spread out that do the same thing or are slightly different depending on how you access them
The individual pages can be small and be overly segmented into different tabs when a sub-heading on a longer page would be more readable and teachable
Although the API is well connected to other existing software since the ID lets them synchronize well, other device details tend to not populate for custom API integrations. Apparent redundancy in the API fields as well, though most of my experience with it is looking up and modifying endpoints

Return on Investment

Greater device connection visibility for troubleshooting in general and dacl status.
Great individual device policy management, but difficult to manage or select multiple devices at once.
Easy to identify simple issues where users use the wrong password for wireless or other similar problems with an authoritative answer and not asking "Are you sure you typed it in correctly?"

Alternatives Considered

Cisco Catalyst 9800 Series Wireless Controllers, Palo Alto Panorama and Infoblox DDI (BloxOne)

I think all give some visibility of device monitoring and management, but Cisco Identity Services Engine gives a good way to manage more details about the device in a centralized way that gives a wider range of monitoring and control than the other softwares individually. I don't think Cisco Identity Services Engine eliminates the need for these other software as of now, but there is potential for Cisco Identity Services Engine to be able to take over more of these roles.

Key Insights

Do you think Cisco Identity Services Engine (ISE) delivers good value for the price?

Not sure

Are you happy with Cisco Identity Services Engine (ISE)'s feature set?

Yes

Did Cisco Identity Services Engine (ISE) live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Cisco Identity Services Engine (ISE) go as expected?

Yes

Would you buy Cisco Identity Services Engine (ISE) again?

Yes

Other Software Used

Cisco Catalyst 9800 Series Wireless Controllers, Palo Alto Panorama, Infoblox DDI (BloxOne)

Likelihood to Recommend

For SDA deployments or if your security team would like more identity information to ensure security compliance or user/device access restrictions/permissions. For dot1x Cisco Identity Services Engine was very helpful and a critical piece of equipment/software to enable Secure Client and more device connection detail visibility. Some more legacy devices will have issues with dot1x and therefore have issues profiling on Cisco Identity Services Engine, so in environments with extensive use of older or legacy devices Cisco Identity Services Engine may struggle to provide value.

Comments

Please log in to join the conversation

Cisco Identity Services Engine (ISE) - Solid central platform with potential for more.