ISE 2 3 Whats New ISE Product Team







































- Slides: 39

ISE 2. 3 What’s New ISE Product Team June 2017

Agenda © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • DNA Integration • Policy UI (New Policy Screens) • Social Login for Guest • Posture Enhancements • Read-Only Access • Upgrade Readiness • ACS Parity & Migration

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

DNA Center – Group-Based Access Control © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Features New Policy UI Agenda ü Policy set table ü Conditions ü Attribute © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Studio Selector

Alpha policy sets – ISE 2. 2 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Improved Usability – Alpha policy sets – ISE 2. 3 Hit counts Expand Add policy sets Combining operators © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Policy Sets view © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Conditions Studio Add attributes Search Categorize Pre-built list © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Drag and Drop

Policy conditions construction 1. 2. 3. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Add attributes Create condition with suitable operator (AND or OR ) Build the conditions as needed with AND/ OR combination.

• • Faster Guest Login • Registration is Optional • Social Login • • © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Guests may use social credentials to login Visibility with Social Media tools Connect & Market via Social Media application ISE 2. 3 allows Facebook

Guest with Social Login Flows No Registration © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential With Registration & Sponsor Approval

Information in Livelogs Facebook username and Social Media identifier © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

OAuth Flow OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. [1] This mechanism is used by companies such as Google, Facebook, Microsoft and Twitter to permit the users to share information about their accounts with third party applications or websites. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential ISE PSN Facebook

Guest OAuthentication • ISE 2. 3 allows performing authentication against Facebook only on CWA Guest flows • Authentication is made (as usual) via the browser • Once user is authenticated, the flow continues as usual de al a m oci T s i S NO n e i g t th er o L ns vid rtal i o r a o ag ia p st P d e Me Gu © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Features ü Temporal ü ü ü Better SCCM behavior Enhanced Application Visibility Endpoint Hardware inventory ü Default Posture policies – Out of Box ü Endpoint © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Agent Attributes

Temporal Agent Details ü Replaces NAC Web agent with OSX support ü Runs once then uninstalls ü Does not require admin privileges ü Same rich posture checks as Any. Connect (e. g. same application inventory but only one time) ü Only manual remediation ü Downloaded via portal via URL re -direct so options to integrate with Guest, BYOD, CWA, etc. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

View End Point Applications installed © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Hardware Inventory © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Hardware Inventory – List view attributes © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Application visibility view in ISE 2. 3 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Flexible Notification Details ü Use of native Windows and Mac OS system notification ü Focus is on policy failures and communication errors ü Agent Modes (Full, Stealth with Notification) © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Agent Mode Full

Better SCCM behavior © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Features to reduce Posture configuration complexities üDefault posture conditions, requirements, policies Default policies üDefault © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential client provisioning Authz policies

• RBAC Read-Only Role • Cannot change config! • Read-Only Admin © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Useful for collaboration, learning, demos, troubleshooting

Upgrade Readiness © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

URT Flow Extract & Run URT app install urt ISE Version Compatibility <30 days Check Yes No Record sanity success in ISE Run pre-requisite checks Config Schema Upgrade URT build date check Warning & confirm Run upgrade patch (on cloned DB) Estimate upgrade time Copy upgrade patch <30 days Yes Persona Check Config Data Upgrade Standalone (or) SPAN (on cloned DB) Clone Config Database © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Collect logs

URT Screenshot © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

URT Screenshot © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Pass & Fail Examples © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Agenda Features ü 5 New Reports • Reporting • • © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Authentication summary. Active Sessions. Top N Authentication report by Failure Reason. Top N Authentication report by Network Device Top N Authentication report by User

• • ACS Parity © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Infrastructure Support Network Devices and Network Device Groups • Reporting • User support • Logging and Management • Migration support

Agenda Features Support for IPv 6 ( TACACS+ only) ü ü Infrastructure Support ü ü ü Network Devices (TACACS) TACACS Authentication TACACS Authorization TACACS Accounting Connection modes Live Logs and Reporting Proxy (AAA, Accounting- local, remote) MAR cache synchronization among PSN Clusters © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Agenda Features Network Devices and Network Device Groups ü Support for IP ranges in all octets and exclusions. Network Device Groups ü Increased Scalability: • Support for 10, 000 Network Device Groups • Support for 6 level hierarchy with 32 characters © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Agenda Features ü From • Migration Support © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential ACS 4. x to ISE 2. 3 New migration tool ü Features supported for Migration to ISE 2. x

Migration from ACS 4. x to ISE 2. 3 Caveats: • The ISE migration tool should be running on ACS 4. x machine. • The migration tool should run from VNC connected ACS 4. x machine. • ISE migration tool requires to be run on top of Java 7. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Migration tool Enhancements • Policy Migration with New Policy Engine, Network devices with IPv 6 • External Proxy with IPv 6 • Policies with Time and Date • • Migration support of Policy sets with conditions includes AND and OR © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
