Beruflich Dokumente
Kultur Dokumente
3 What’s New
ISE Product Team
June 2017
• DNA Integration
• Policy UI (New Policy Screens)
• Social Login for Guest
Agenda • Posture Enhancements
• Read-Only Access
• Upgrade Readiness
• ACS Parity & Migration
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco DNA
E nterprise portfolio
Design Provision
Assurance Policy
Software-Defined Access
Network data platform AP IC -E M Identity S ervices E ngine
Wireless Wireless
R outers S witches
access points L AN controllers
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
DNA Center – Group-Based Access Control
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Features
New Policy UI
Agenda Policy set table
Conditions Studio
Attribute Selector
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Alpha policy sets – ISE 2.2
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Improved Usability – Alpha policy sets – ISE 2.3
Hit counts
Expand
Combining operators
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Policy Sets view
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Conditions Studio
Add attributes
Search
Categorize
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Policy conditions construction
1. Add attributes
2. Create condition with
suitable operator
(AND or OR )
3. Build the conditions as
needed with AND/ OR
combination.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Guests may use social
credentials to login
• Faster Guest Login
• Registration is Optional
• Visibility with Social
Media tools
Social Login • Connect & Market via
Social Media application
• ISE 2.3 allows Facebook
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Guest with Social Login Flows
No Registration With Registration Registration &
Sponsor Approval
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Information in Livelogs
Facebook username and Social Media identifier
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
OAuth Flow
OAuth is an open standard ISE PSN Facebook
for access delegation,
commonly used as a way for
Internet users to grant
websites or applications
access to their information on
other websites but without
giving them the passwords.[1]
This mechanism is used by
companies such as Google,
Facebook, Microsoft and
Twitter to permit the users to
share information about their
accounts with third party
applications or websites.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Guest OAuth Authentication
• ISE 2.3 allows performing authentication against Facebook only on CWA
Guest flows
• Authentication is made (as usual) via the browser
• Once user is authenticated, the flow continues as usual
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Features
Temporal Agent
Better SCCM behavior
Enhanced Application Visibility
Endpoint Hardware inventory
Default Posture policies – Out
of Box
Posture
Endpoint Attributes
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Temporal Agent Details
Replaces NAC Web agent with
OSX support
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
View End Point Applications installed
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Hardware Inventory
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Hardware Inventory – List view attributes
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Application visibility view in ISE 2.3
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Flexible Notification Details
Use of native Windows and Mac OS
system notification
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Agent Mode Full
Better SCCM behavior
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Features to reduce Posture
configuration complexities
Default posture conditions,
requirements, policies
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• RBAC Read-Only Role
• Cannot change config!
• Useful for collaboration,
learning, demos,
Read-Only Admin troubleshooting
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Upgrade Readiness
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
URT Flow
app install urt Extract & Run
URT
Run upgrade
patch
ISE Version
Compatibility Record sanity
<30 days
Check success in ISE
Run pre-requisite
checks
Config Schema
URT build date
Upgrade
check (on cloned DB)
Estimate upgrade
No time
Warning &
confirm
<30
days
Copy upgrade
patch
Yes Yes
Clone Config
Database
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
URT Screenshot
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
URT Screenshot
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Pass & Fail Examples
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Agenda
Features
5 New Reports
• Authentication summary.
• Active Sessions.
Reporting
• Top N Authentication report by
Failure Reason.
• Top N Authentication report by
Network Device
• Top N Authentication report by
User
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Infrastructure Support
• Reporting
• User support
ACS Parity
• Logging and Management
• Migration support
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Agenda
Features
Support for IPv6 ( TACACS+ only)
Network Devices (TACACS)
TACACS Authentication
TACACS Authorization
Infrastructure
TACACS Accounting
Support Connection modes
Live Logs and Reporting
Proxy (AAA, Accounting- local, remote)
Features
Network Devices
Network Devices and Supportfor IP ranges in all octets and
exclusions.
Network Device Groups
Network Device Groups
Increased Scalability:
• Support for 10,000 Network Device
Groups
• Support for 6 level hierarchy with 32
characters
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Agenda
Features
From ACS 4.x to ISE 2.3
• New migration tool
Featuressupported for
Migration Support Migration to ISE 2.x
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Migration from ACS 4.x to ISE 2.3
Caveats:
• The ISE migration tool should be running on ACS 4.x machine.
• The migration tool should run from VNC connected ACS 4.x
machine.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Migration tool Enhancements
• Policy Migration with New Policy Engine,
• Network devices with IPv6
• External Proxy with IPv6
• Policies with Time and Date
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential