Cisco Identity Services Engine Hardware Installation Guide, Release 1.1.x
Preface
Downloads: This chapterpdf (PDF - 126.0KB) The complete bookPDF (PDF - 8.2MB) | Feedback

Table of Contents

Preface

Overview of Cisco Identity Services Engine

Purpose

Audience

Document Organization

Installation Reference

Document Conventions

Related Documentation

Release-Specific Documents

Platform-Specific Documents

Documentation Updates

Obtaining Documentation and Submitting a Service Request

Preface

Revised: March 2014, OL-26137-01

This preface provides the following information about the Cisco Identity Services Engine (ISE) 3300 Series appliance:

Overview of Cisco Identity Services Engine

Cisco Identity Services Engine (ISE), as a next-generation identity and access control policy platform enables enterprises to enforce compliance, enhance infrastructure security, and streamline their service operations. Cisco ISE's unique architecture allows enterprises to gather real-time contextual information from networks, users, and devices in order to make proactive governance decisions by tying identity to various network elements including access switches, wireless LAN controllers (WLCs), virtual private network (VPN) gateways, and data center switches.

Cisco ISE is a key component of the Cisco Security Group Access Solution. Cisco ISE is a consolidated policy-based access control solution that:

  • Combines authentication, authorization, accounting (AAA), posture, profiler, and guest management services into one appliance
  • Enforces endpoint compliance by checking the device posture of all endpoints accessing the network, including 802.1X environments
  • Provides support for discovery, profiling, policy-based placement, and monitoring of endpoint devices on the network
  • Enables consistent policy in centralized and distributed deployments allowing services to be delivered where they are needed
  • Employs advanced enforcement capabilities including Security Group Access (SGA) through the use of Security Group Tags (SGTs) and Security Group (SG) Access Control Lists (ACLs)
  • Supports scalability to support a number of deployment scenarios from small office to large enterprise environments

The Cisco ISE software comes preinstalled on a range of physical appliances with various performance characterizations. The inherent scalability of Cisco ISE allows you to add appliances to a deployment and increase performance and resiliency, as needed. The Cisco ISE architecture supports standalone and distributed deployments, along with high-availability options. Cisco ISE allows you to configure and manage your network from a centralized portal for efficiency and ease of use.

Cisco ISE also incorporates distinct configurable roles and services, so that you can create and apply Cisco ISE services where they are needed in the network. The result being a comprehensive Cisco ISE deployment that operates as an fully functional and integrated system.

Purpose

This installation guide provides the following types of information about the Cisco ISE Release 1.1.x:

  • Prerequisites for installation
  • Procedures for installing the Cisco ISE software on a supported Cisco ISE appliance
  • Procedures for installing the Cisco ISE software on a supported VMware virtual machine
  • Procedures for installing the Cisco ISE software on a supported Cisco Network Admission Control (NAC) Appliance or Cisco Secure Access Control System (ACS) Appliance

Cisco ISE Release 1.1.x offers a choice of five appliance platforms, depending upon the size of your deployment:

  • Small network—Cisco ISE 3315 and Cisco SNS 3415
  • Medium network—Cisco ISE 3355, Cisco SNS 3415, and Cisco SNS 3495
  • Large network—Cisco ISE 3395, Cisco SNS 3415, and Cisco SNS 3495

Note You can install the Cisco ISE version 1.1.4 on the Cisco SNS-3400 Series appliances and on any platform that is supported in the Cisco ISE Release 1.1.3.


The Cisco ISE software runs on the Cisco Application Deployment Engine (ADE) Release 2.0 operating system (ADE-OS). The Cisco ADE-OS and Cisco ISE software run on a dedicated Cisco ISE 3300 Series appliance, a dedicated Cisco SNS-3400 Series appliance, or on a VMware server (Cisco ISE VM).

For VMware-based installations, configure the VMware environment to meet a specific set of minimal system requirements and install the Cisco ISE Release 1.1.x software. The supported VMware versions include the following:

  • VMware Elastic Sky X (ESX), version 4.0, 4.0.1, and 4.1,
  • VMware ESXi, version 4.0, 4.0.1, and 4.1
  • VMware ESX 5.x

Note For more information about VMware-based installations, see Chapter 1, “Installing Cisco ISE in a VMware Virtual Machine”.



Note VMware server, version 2.0, is only supported only for demonstrating the features of Cisco ISE Release 1.1.x, and is not supported for production environments.


Audience

This guide is designed for network administrators, system integrators, or network deployment personnel who install and configure the Cisco ISE software on Cisco ISE 3300 Series appliances or on VMware servers. As a prerequisite to using this hardware installation guide, you should be familiar with networking equipment and cabling and have a basic knowledge of electronic circuitry, wiring practices, and equipment rack installations.


Warning Only trained and qualified personnel should be allowed to install, replace, or service this equipment. Statement 1030


Document Organization

Table 1 lists the organization of the Cisco ISE Hardware Installation Guide, Release 1.1.x .

 

Table 1 Cisco ISE Hardware Installation Guide Organization

Chapter/Appendix and Title
Description

Chapter 1, “Understanding the Cisco ISE Network Deployment”

Provides an overview of the Cisco ISE 3300 Series appliance deployments and their components. Read this chapter before planning a new Cisco ISE 3300 Series deployment.

Chapter 1, “Introducing the Cisco ISE Hardware”

Provides an overview of the Cisco ISE 3300 Series hardware.

Chapter 1, “Configuring the Cisco ISE Appliances”

Describes how to perform an initial installation of the Cisco ISE software on the Cisco ISE 3300 Series hardware.

Chapter 1, “Installing Cisco ISE in a VMware Virtual Machine”

Describes how to install Cisco ISE software on the VMware ESX or ESXi virtual machines.

Chapter 1, “Performing Post-Installation Tasks”

Provides information on installing a Cisco ISE 3300 Series license and lists the configuration tasks that you need to perform following installation.

Appendix 1, “Preparing to Install the Cisco ISE 3300 Series Hardware”

Describes the necessary safety instructions, site requirements, and tasks that you need to perform before installing the Cisco ISE 3300 Series hardware.

Appendix 1, “Preparing to Install the Cisco SNS-3400 Series Hardware”

Describes the safety guidelines, site requirements, and guidelines that you must observe before installing the Cisco SNS-3400 Series appliances.

Appendix 1, “Installing the Cisco ISE 3300 Series Hardware”

Provides detailed instructions on performing the rack-mounting of a Cisco ISE 3300 Series appliance, connecting all cables, powering up the appliance, and removing or replacing the appliance.

Appendix 1, “Installing the Cisco SNS-3400 Series Hardware”

Describes how to install your Cisco SNS-3400 Series appliances and connect any of the supported appliances to the network.

Appendix 1, “Maintaining the Cisco ISE 3300 Series Applliance”

Provides recommendations for maintaining the Cisco ISE 3300 Series appliance following installation.

Appendix A, “Cisco SNS-3400 Series Server Specifications”

Describes the technical specifications for the Cisco SNS-3400 Series server.

Appendix A, “Troubleshooting the Cisco ISE Appliance”

Provides techniques for troubleshooting the initial start up of a Cisco ISE 3300 Series appliance.

Appendix A, “Cisco ISE Appliance Ports Reference”

Provides a reference list of ports that are used by the Cisco ISE 3300 Series appliance services, applications, and devices.

Appendix A, “Installing Cisco ISE on Cisco NAC and Cisco Secure ACS Appliances”

Describes how to install Cisco ISE software on a supported Cisco NAC appliance or a Cisco Secure ACS Appliance.

Installation Reference

Table 2 lists r eference material that may be useful to review before attempting to install the Cisco ISE 3300 Series Release 1.1.x software. For each of the installation processes, see the corresponding chapter, appendix, or guide.

 

Table 2 Cisco ISE 3300 Series Installation Scenarios

Installation Process
Reference

Introducing the Cisco ISE appliance and predeployment requirements

1. Chapter 1, “Introducing the Cisco ISE Hardware”

2. Appendix 1, “Preparing to Install the Cisco ISE 3300 Series Hardware”

Installing the initial Cisco ISE appliance and configuring the Cisco ISE software

1. Appendix 1, “Installing the Cisco ISE 3300 Series Hardware”

2. Chapter 1, “Configuring the Cisco ISE Appliances”

Installing the initial Cisco ISE software on the VMware server

1. Chapter 1, “Installing Cisco ISE in a VMware Virtual Machine”

Licensing and using the web interface to log in

1. Chapter 1, “Performing Post-Installation Tasks”

Installing Cisco ISE software on a Cisco NAC Appliance or on a Cisco Secure ACS Appliance

1. Appendix A, “Installing Cisco ISE on Cisco NAC and Cisco Secure ACS Appliances”

Document Conventions

This guide uses the following conventions to convey instructions and information.

 

Item
Convention

Commands, keywords, special terminology, and options that should be chosen during procedures

boldface font

Variables for which you supply values and new or important terminology

italic font

Displayed session and system information, paths, and file names

screen font

Information you enter

boldface screen font

Variables you enter

italic screen font

Menu items and button names

boldface font

Indicates menu items to choose, in the order in which you choose them.

Option > Network Preferences


Note Means reader take note. Notes contain helpful suggestions or references to material that is not covered in this guide



Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.

Related Documentation

Release-Specific Documents

Table 3 lists the product documentation available for the Cisco ISE Release. General product information for Cisco ISE is available at http://www.cisco.com/go/ise . End-user documentation is available on Cisco.com at http://www.cisco.com/en/US/products/ps11640/tsd_products_support_series_home.html .

 

Table 3 Product Documentation for Cisco Identity Services Engine

Document Title
Location

Release Notes for the Cisco Identity Services Engine, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/prod_release_notes_list.html

Cisco Identity Services Engine Network Component Compatibility, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/products_device_support_tables_list.html

Cisco Identity Services Engine User Guide, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/products_user_guide_list.html

Cisco Identity Services Engine Hardware Installation Guide, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/prod_installation_guides_list.html

Cisco Identity Services Engine Upgrade Guide, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/prod_installation_guides_list.html

Cisco Identity Services Engine Migration Guide for Cisco Secure ACS 5.1 and 5.2, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/prod_installation_guides_list.html

Cisco Identity Services Engine Sponsor Portal User Guide, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/products_user_guide_list.html

Cisco Identity Services Engine CLI Reference Guide, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/prod_command_reference_list.html

Cisco Identity Services Engine API Reference Guide, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/prod_command_reference_list.html

Cisco Identity Services Engine Troubleshooting Guide, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/prod_troubleshooting_guides_list.html

Regulatory Compliance and Safety Information for Cisco Identity Services Engine, Cisco 1121 Secure Access Control System, Cisco NAC Appliance, Cisco NAC Guest Server, and Cisco NAC Profiler

http://www.cisco.com/en/US/products/ps11640/prod_installation_guides_list.html

Cisco Identity Services Engine In-Box Documentation and China RoHS Pointer Card

http://www.cisco.com/en/US/products/ps11640/products_documentation_roadmaps_list.html

Documentation Updates

Table 4 lists the documentation updates for this Cisco ISE product release.

 

Table 4 Updates for Cisco Identity Services Engine Hardware Installation Guide, Release 1.1.x

Date
Description

11/29/2013

Resolved CSCul72606

9/3/13

Resolved CSCui97432

4/25/13

Cisco Identity Services Engine, Release 1.1.4

2/28/13

Cisco Identity Services Engine, Release 1.1.3

10/31/13

Cisco Identity Services Engine, Release 1.1.2

1/31/13

Resolved CSCue27909

8/31/12

Resolved CSCua12292

7/10/12

Cisco Identity Services Engine, Release 1.1.1

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation , which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop by using a reader application. The RSS feeds are a free service, and Cisco currently supports RSS Version 2.0.