ISE 2.3 Whats New

ISE 2.
3 What’s New
ISE Product Team
June 2017
• DNA Integration
• Policy UI (New Policy Screens)
• Social Login for Guest
Agenda • Posture Enhancements
• Read-Only Access
• Upgrade Readiness
• ACS Parity & Migration
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco DNA
E nterprise portfolio
C isco DNA™ C enter:

S imple workflows
Design Provision
Assurance Policy
Cisco DNA Center
Software-Defined Access
Network data platform AP IC -E M Identity S ervices E ngine
Wireless Wireless
R outers S witches
access points L AN controllers
DNA Center – Group-Based Access Control
Features
New Policy UI
Agenda Policy set table
 Conditions Studio
 Attribute Selector
Alpha policy sets – ISE 2.2
Improved Usability – Alpha policy sets – ISE 2.3
Hit counts
Expand
Add policy sets
Combining operators
Policy Sets view
Conditions Studio
Add attributes
Search
Categorize
Drag and Drop

Pre-built
list
Policy conditions construction
1. Add attributes
2. Create condition with
suitable operator
(AND or OR )
3. Build the conditions as
needed with AND/ OR
combination.
• Guests may use social
credentials to login
• Faster Guest Login
• Registration is Optional
• Visibility with Social
Media tools
Social Login • Connect & Market via
Social Media application
• ISE 2.3 allows Facebook
Guest with Social Login Flows
No Registration With Registration Registration &
Sponsor Approval
Information in Livelogs
Facebook username and Social Media identifier
OAuth Flow
OAuth is an open standard ISE PSN Facebook
for access delegation,
commonly used as a way for
Internet users to grant
websites or applications
access to their information on
other websites but without
giving them the passwords.[1]
This mechanism is used by
companies such as Google,
Facebook, Microsoft and
Twitter to permit the users to
share information about their
accounts with third party
applications or websites.
Guest OAuth Authentication
• ISE 2.3 allows performing authentication against Facebook only on CWA
Guest flows
• Authentication is made (as usual) via the browser
• Once user is authenticated, the flow continues as usual
Features
 Temporal Agent
 Better SCCM behavior
 Enhanced Application Visibility
 Endpoint Hardware inventory
 Default Posture policies – Out
of Box
Posture
 Endpoint Attributes
Temporal Agent Details
 Replaces NAC Web agent with
OSX support
 Runs once then uninstalls
 Does not require admin privileges
 Same rich posture checks as

AnyConnect (e.g. same
application inventory but only one
time)
 Only manual remediation
 Downloaded via portal via URL

re-direct so options to integrate
with Guest, BYOD, CWA, etc.
View End Point Applications installed
Hardware Inventory
Hardware Inventory – List view attributes
Application visibility view in ISE 2.3
Flexible Notification Details
 Use of native Windows and Mac OS
system notification
 Focus is on policy failures and

communication errors
 Agent Modes (Full, Stealth, Stealth

with Notification)
Agent Mode Full
Better SCCM behavior
Features to reduce Posture
configuration complexities
 Default posture conditions,
requirements, policies
Default policies  Default client provisioning policies

 Default Authz policies
• RBAC Read-Only Role
• Cannot change config!
• Useful for collaboration,
learning, demos,
Read-Only Admin troubleshooting
Upgrade Readiness
URT Flow
app install urt Extract & Run
URT
Run upgrade
patch
ISE Version
Compatibility Record sanity
<30 days
Check success in ISE
Run pre-requisite
checks
Config Schema
URT build date
Upgrade
check (on cloned DB)
Estimate upgrade
No time
Warning &
confirm
<30
days
Copy upgrade
patch
Yes Yes
Standalone Config Data

Persona Check Collect logs
(or) SPAN Upgrade
(on cloned DB)
Clone Config
Database
URT Screenshot
URT Screenshot
Pass & Fail Examples
Agenda
Features
 5 New Reports
• Authentication summary.
• Active Sessions.
Reporting
• Top N Authentication report by
Failure Reason.
Network Device
User
• Infrastructure Support
• Network Devices and Network

Device Groups
• Reporting
• User support
ACS Parity
• Logging and Management
• Migration support
Agenda
Features
Support for IPv6 ( TACACS+ only)
 Network Devices (TACACS)
 TACACS Authentication
 TACACS Authorization
Infrastructure
 TACACS Accounting
Support  Connection modes
 Live Logs and Reporting
 Proxy (AAA, Accounting- local, remote)
MAR cache synchronization

among PSN Clusters
Agenda
Features
Network Devices
Network Devices and  Supportfor IP ranges in all octets and
exclusions.
Network Device Groups
Network Device Groups
 Increased Scalability:
• Support for 10,000 Network Device
Groups
• Support for 6 level hierarchy with 32
characters
Agenda
Features
 From ACS 4.x to ISE 2.3
• New migration tool
 Featuressupported for
Migration Support Migration to ISE 2.x
Migration from ACS 4.x to ISE 2.3
Caveats:
• The ISE migration tool should be running on ACS 4.x machine.
• The migration tool should run from VNC connected ACS 4.x
machine.
• ISE migration tool requires to be run on top of Java 7.
Migration tool Enhancements
• Policy Migration with New Policy Engine,
• Network devices with IPv6
• External Proxy with IPv6
• Policies with Time and Date
• Migration support of Policy sets with conditions includes

AND and OR

ISE 2.3 Whats New

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

ISE 2.3 Whats New

Hochgeladen von

Copyright:

Verfügbare Formate

ISE 2.

C isco DNA™ C enter:

Cisco DNA Center

Add policy sets

Drag and Drop

 Runs once then uninstalls

 Does not require admin privileges

 Same rich posture checks as

 Only manual remediation

 Downloaded via portal via URL

 Focus is on policy failures and

 Agent Modes (Full, Stealth, Stealth

Default policies  Default client provisioning policies

Standalone Config Data

• Network Devices and Network

MAR cache synchronization

• ISE migration tool requires to be run on top of Java 7.

• Migration support of Policy sets with conditions includes

Das könnte Ihnen auch gefallen