Cisco Identity Services Engine (ISE) is a next-generation identity and access control policy platform that enables enterprises to enforce compliance, enhance infrastructure security, and streamline their service operations. The unique architecture of Cisco ISE allows enterprises to gather real-time contextual information from networks, users, and devices. The administrator can then use that information to make proactive governance decisions by tying identity to various network elements including access switches, Wireless LAN controllers (WLCs), Virtual private network (VPN) gateways, and data center switches.
Cisco ISE is a key component of the Cisco Security Group Access Solution.
Cisco ISE is a consolidated policy-based access control system that incorporates a superset of features available in existing Cisco policy platforms. Cisco ISE performs the following functions :
• Combines authentication, authorization, accounting (AAA), posture, and profiler into one appliance
• Provides for comprehensive guest access management for the Cisco ISE administrator, sanctioned sponsor administrators, or both
• Enforces endpoint compliance by providing comprehensive client provisioning measures and assessing device posture for all endpoints that access the network, including 802.1X environments
• Provides support for discovery, profiling, policy-based placement, and monitoring of endpoint devices on the network
• Enables consistent policy in centralized and distributed deployments that allows services to be delivered where they are needed
• Employs advanced enforcement capabilities including security group access (SGA) through the use of security group tags (SGTs) and security group access control lists (SGACLs)
• Supports scalability to support a number of deployment scenarios from small office to large enterprise environments The following key functions of Cisco ISE enable you to manage your entire access network
