Cisco Identity Services Engine (ISE), as a next-generation identity and access control policy platform enables enterprises to enforce compliance, enhance infrastructure security, and streamline their service operations. Cisco ISE's unique architecture allows enterprises to gather real-time contextual information from networks, users, and devices in order to make proactive governance decisions by tying identity to various network elements including access switches, wireless LAN controllers (WLCs), virtual private network (VPN) gateways, and data center switches.
Cisco ISE is a key component of the Cisco Security Group Access Solution. Cisco ISE is a consolidated policy-based access control solution that:
Combines authentication, authorization, accounting (AAA), posture, profiler, and guest management services into one appliance
Enforces endpoint compliance by checking the device posture of all endpoints accessing the network, including 802.1X environments
Provides support for discovery, profiling, policy-based placement, and monitoring of endpoint devices on the network
Enables consistent policy in centralized and distributed deployments allowing services to be delivered where they are needed
Employs advanced enforcement capabilities including Security Group Access (SGA) through the use of Security Group Tags (SGTs) and Security Group (SG) Access Control Lists (ACLs)
Supports scalability to support a number of deployment scenarios from small office to large enterprise environments
The Cisco ISE software comes preinstalled on a range of physical appliances with various performance characterizations. The inherent scalability of Cisco ISE allows you to add appliances to a deployment and increase performance and resiliency, as needed. The Cisco ISE architecture supports standalone and distributed deployments, along with high-availability options. Cisco ISE allows you to configure and manage your network from a centralized portal for efficiency and ease of use.
Cisco ISE also incorporates distinct configurable roles and services, so that you can create and apply Cisco ISE services where they are needed in the network. The result being a comprehensive Cisco ISE deployment that operates as an fully functional and integrated system.
This installation guide provides the following types of information about the Cisco ISE Release 1.1.x:
Prerequisites for installation
Procedures for installing the Cisco ISE software on a supported Cisco ISE appliance
Procedures for installing the Cisco ISE software on a supported VMware virtual machine
Procedures for installing the Cisco ISE software on a supported Cisco Network Admission Control (NAC) Appliance or Cisco Secure Access Control System (ACS) Appliance
Cisco ISE Release 1.1.x offers a choice of five appliance platforms, depending upon the size of your deployment:
Small network—Cisco ISE 3315 and Cisco SNS 3415
Medium network—Cisco ISE 3355, Cisco SNS 3415, and Cisco SNS 3495
Large network—Cisco ISE 3395, Cisco SNS 3415, and Cisco SNS 3495
Note You can install the Cisco ISE version 1.1.4 on the Cisco SNS-3400 Series appliances and on any platform that is supported in the Cisco ISE Release 1.1.3.
The Cisco ISE software runs on the Cisco Application Deployment Engine (ADE) Release 2.0 operating system (ADE-OS). The Cisco ADE-OS and Cisco ISE software run on a dedicated Cisco ISE 3300 Series appliance, a dedicated Cisco SNS-3400 Series appliance, or on a VMware server (Cisco ISE VM).
For VMware-based installations, configure the VMware environment to meet a specific set of minimal system requirements and install the Cisco ISE Release 1.1.x software. The supported VMware versions include the following:
VMware Elastic Sky X (ESX), version 4.0, 4.0.1, and 4.1,
Note VMware server, version 2.0, is only supported only for demonstrating the features of Cisco ISE Release 1.1.x, and is not supported for production environments.
This guide is designed for network administrators, system integrators, or network deployment personnel who install and configure the Cisco ISE software on Cisco ISE 3300 Series appliances or on VMware servers. As a prerequisite to using this hardware installation guide, you should be familiar with networking equipment and cabling and have a basic knowledge of electronic circuitry, wiring practices, and equipment rack installations.
Warning Only trained and qualified personnel should be allowed to install, replace, or service this equipment. Statement 1030
Table 1 lists the organization of the
Cisco ISE Hardware Installation Guide, Release 1.1.x
Table 1 Cisco ISE Hardware Installation Guide Organization
Describes how to install Cisco ISE software on a supported Cisco NAC appliance or a Cisco Secure ACS Appliance.
eference material that may be useful to review before attempting to install the Cisco ISE 3300 Series Release 1.1.x software. For each of the installation processes, see the corresponding chapter, appendix, or guide.
Table 2 Cisco ISE 3300 Series Installation Scenarios
Introducing the Cisco ISE appliance and predeployment requirements
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly
What’s New in Cisco Product Documentation
, which also lists all new and revised Cisco technical documentation, at:
Subscribe to the
What’s New in Cisco Product Documentation
as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop by using a reader application. The RSS feeds are a free service, and Cisco currently supports RSS Version 2.0.