In case you have been at Cisco Stay US in June—and even in case you weren’t—you heard the excellent news: the launch announcement of Cisco Identification Providers Community (ISE) 3.4.
For lots of community and safety directors, listening to concerning the new capabilities of the most recent model of Cisco ISE could be a little bit of a tease—we all know that you simply wish to get your arms on it and see the way it’s going to strengthen your community. At present is the conclusion of these lengthy weeks of ready as Cisco ISE 3.4 is prepared so that you can obtain and deploy in your community.
In case you haven’t heard about what’s obtainable within the newest iteration of Cisco ISE 3.4, let this be your primer. The most important takeaway is Widespread Coverage which entails fixing one among our prospects’ largest issues: fragmented and inconsistent insurance policies throughout disparate domains.
Widespread Coverage is designed to streamline and unify safety coverage enforcement throughout a corporation’s complete community. This resolution permits directors to seamlessly apply constant entry and segmentation controls to all units, customers, and purposes. These segmentation and entry insurance policies are constructed primarily based on the exchanged info garnered from these finish units.
Utilizing Cisco ISE as a central alternate hub, the answer integrates community and safety domains, normalizes contextual info, and facilitates safe communication between completely different parts. This revolutionary strategy enhances zero-trust safety throughout numerous entry patterns and places by simplifying the administration of advanced community environments. At present in beta, Widespread Coverage is anticipated for normal launch this fall.
As a part of the Widespread Coverage resolution, we re-wrote our integration with Software Centric Infrastructure (ACIs), permitting the customers to arrange a bi-directional connection to a number of APIC Information Facilities—together with single pod and multi-pod materials—instantly from Cisco ISE and begin exchanging SGT/EPG/ESG context.
Along with Widespread Coverage, the Cisco ISE 3.4 launch is jam-packed with many different options too.
Energetic Listing most popular DC choice
Beginning with Cisco ISE 3.4, directors can now manually prioritize Area Controllers (DC), giving them extra management over which DC is used for authentication and authorization. Within the occasion of an Energetic Listing failure, Cisco ISE will routinely swap to the subsequent DC on the record, making certain that customers can nonetheless entry assets. As soon as the popular DC is obtainable once more, Cisco ISE will seamlessly failback, restoring the unique precedence order.
Nice information for individuals who hate ready! With the discharge of Cisco ISE 3.4, system restart occasions have been dramatically decreased to mere minutes, various barely relying on the particular position of every node. No extra lengthy espresso breaks between reboots.
Constructing on the pxGrid Direct framework launched in Cisco ISE 3.2, which simplified integration with Configuration Administration Database (CMDB) servers missing native pxGrid help, Cisco ISE 3.4 will deliver forth a number of key enhancements:
- Sync now: In situations the place important adjustments happen throughout the CMDB, directors will now not want to attend for scheduled updates. Cisco ISE 3.4 will empower admins to provoke on-demand synchronization, guaranteeing Cisco ISE entry to probably the most up-to-date endpoint info.
- URL pusher and chronic database: Prospects will now have the flexibleness to instantly push a JSON file containing endpoint information into Cisco ISE’s persistent database. This opens new potentialities for these with out a CMDB, as they’ll nonetheless leverage pxGrid Direct by conveniently pushing information into Cisco ISE. Not like the interior endpoint database, this database shall be persistent and received’t be purged.
Retention of use settings
In earlier variations of Cisco ISE, any customizations to desk shows, like column choice, order, or width, can be reset upon leaving the web page. With Cisco ISE 3.4, the popular desk settings shall be saved and retained, even when switching browsers or units. No extra repetitive changes – the customized view is right here to remain.
Localized ISE Set up
This enhancement permits directors to reinstall ISE instantly from a neighborhood ISO file saved on the ISE server, considerably lowering the set up time from the normal 5-7 hours to simply 1-2 hours. This streamlined course of is especially useful in situations the place a reinstall is important, corresponding to system restoration or upgrades. By minimizing downtime and accelerating the set up course of, the Localized ISE Set up function enhances operational effectivity, ensures faster restoration occasions, and finally saves beneficial time for IT groups. This enchancment underscores Cisco’s dedication to offering sturdy, user-friendly options that optimize the efficiency and reliability of the community safety infrastructure.
FQDN to SGT Mapping
In Cisco ISE 3.4, we’ve tackled the challenges confronted by TrustSec directors in situations with geo-distributed or cloud deployments, the place the identical Absolutely Certified Area Identify (FQDN) would possibly resolve to completely different IP addresses relying on the DNS server. This could make it tough to constantly apply the identical SGT to all situations of the FQDN.
Cisco ISE 3.4 introduces an enhanced FQDN-to-SGT mapping function. Directors can now choose a number of nodes to resolve the FQDN, making certain that every one ensuing IP addresses are precisely related to the corresponding SGT. This new functionality streamlines coverage enforcement throughout numerous community environments, no matter variations in DNS decision.
Pac-less Communication between Cisco ISE and TrustSec NADs
Cisco ISE 3.4 introduces Pac-less Communication, a simplified strategy to communication between Cisco ISE and TrustSec community units. This innovation eliminates the necessity for directors to handle PAC recordsdata, lowering overhead and streamlining the method. Pac-less communication requires Cisco IOS-XE 17.5.1 or later, on community units, however no configuration adjustments are wanted on the Cisco ISE facet. The community units themselves will inform Cisco ISE of their supported capabilities, additional simplifying deployment and administration.
Log file administration
We’ve got heard from you that troubleshooting Cisco ISE underneath a heavy load could be a problem, particularly when log recordsdata replenish quickly and significant info would possibly get buried. Cisco ISE 3.4 addresses this with enhanced log administration capabilities. Now, directors have granular management, permitting them to set each most file measurement and the variety of log recordsdata to maintain per element. This implies no extra worries about lacking essential particulars throughout peak occasions.
Lua scripting
Recognizing the necessity for higher customization, Cisco ISE 3.4 introduces a strong new function for superior customers: Lua scripting for RADIUS attribute manipulation. With this enhancement, prospects can now execute Lua scripts instantly after processing authorization profiles, permitting them to switch or add RADIUS attributes as wanted. This flexibility empowers Cisco ISE Admins to tailor Cisco ISE to their distinctive use circumstances and necessities, going past the capabilities of the usual coverage engine. The Lua script supplies entry to all RADIUS attributes, granting full management over the authorization course of.
As you’ll be able to inform there’s lots packed into the most recent model of Cisco ISE that’s going to make your job simpler. Click on right here for extra info on Cisco ISE.
We’d love to listen to what you assume. Ask a Query, Remark Under, and Keep Linked with Cisco Safety on social!
Cisco Safety Social Channels
Instagram
Fb
Twitter
LinkedIn
Share:
0 Comments