Thursday 13 November 2014

Cisco ISE 1.3

After much anticipation Cisco has finally released Identity Services Engine version 1.3 for general release.  1.3 promises to address many of the shortfalls of previous versions ISE such as easier BYOD certificate  management through its own inbuilt Certificate Authority, the ability to join more than one Active Directory (I know you could join more through an LDAP connector but the native client is cool) and improved guest portal design functionality.

Cisco ISE version 1.3 release notes can be read here
    

Upgrading

The upgrade process seems quite stable, in my deployment I backed up the ISE configuration to my NAS repository (scheduled and highly recommended to have this set up).  I reimaged my VM appliance with the new 1.3 ISO rather than upgrade the 1.2 appliance just as personally I feel a fresh installation is always a better approach. 







 

Once the ADE-OS appliance is installed it runs through the setup guide to get you up and running, after this completed and ISE is fully installed I restored the 1.2 config back to the new 1.3 deployment.  Note this restore process only works with 1.2 backups not earlier releases.

Logging onto the ISE GUI after the restore revealed the ISE had not joined the AD domain, this was a documented feature and after a quick AD join the administrative logon for AD users was restored.
The configuration looked complete and in most areas was identical to the previous release.

First Impressions

There  are some nice new GUI views portal customisation as well as the internal CA functionality, this was easy to setup and test and the original NDES integration to AD remained active until the new internal CA was selected under the NSP profile (see below).  Testing with an iPad worked first time with the new ISE provisioned certificate working as the original AD NDES one had and matched the authorisation policy (which verified the CN and MAC address of the client matched).


 

The newly provisioned certificates can then be managed through the ISE CA




All in all I am impressed with the updates to ISE 1.3, it is starting to become a much more user friendly system and should go some way to push the ease of management and security for BYOD access.
Posted by at
Labels: , ,

1 comment:

  1. gibsonherry11 December 2017 at 02:49

    Hello, I also would like to comment over all the points mentioned in this blog. I agree with essence of few point but somewhere I found myself on other place. I hope, there might little opinion of others as well.Cisco SF200

    ReplyDelete

Subscribe to: Post Comments (Atom)