Cisco ISE 1.3 is finally out, after many software patch releases for ISE 1.2 and 1.2.1. There are a ton of feature improvements and additions including guest enhancements, pxGrid, and others–but this post focuses on the manageability/serviceability side of ISE for those who actually install and administer the appliances. Note, these are not in any particular order of precedence.
1. OVAs for Installation and VM Resource Checks
While not a “WOW” feature for those of us who actually RTFM, pre-packaged OVA installations should save us the pain of decommissioning and rebuilding improperly sized ISE nodes.
I have seen more than one ISE node implode due to improperly sized disks and multiple others complaining about the lack of VM resources which can impact authentication latency and performance, not to mention cause some weird and intermittent issues that are very difficult to troubleshoot.
Another added benefit of the ISE 1.3 upgrade software is that it performs a preliminary verification of the VM’s hardware and stops the installation without making any changes if your resources aren’t up to snuff.
2. Export Policy Configuration
This is a big feature for those of us who deploy, support, or maintain Cisco ISE. This feature allows you to export the entire authentication and authorization configuration in an XML format for offline review.
With this feature, both your Cisco solution provider and Cisco TAC can review the configuration to check for any obvious anomalies or configuration errors–all without live access to your ISE environment.
3. Test/Preview Portal Feature
Finally! Make a change to a portal template and want to know what it looks like directly from ISE? ISE 1.3 gives you the ability to test the portals with a portal test URL and adds a WYSIWYG portal customization page to show you a live preview of the changes you are making on a mobile or desktop device.
4. Regex and Right Click in Live Authentication View
Regular expressions are invaluable with larger deployments where you may have hundreds or thousands of authentications in a very short period of time in the live authentications page.
Having the ability to right-click on a specific authentication session gives you the ability to open the debug tool for the specific session–you can also modify collection filters or bypass suppression filtering.
With the advent of regular expressions in basically all versions of Cisco’s operating systems and the imminent influx of SDN, knowing how to craft regular expressions and coding in general are becoming very useful assets in the IT space.
5. AnyConnect 4.0 Unified Agent for Posture
Using posture to verify your endpoints are up to snuff? You no longer have to deploy a separate NAC agent for more advanced posture policies.
AnyConnect 4.0 integrates the NAC agent functionality as a module–just like NAM or VPN–and allows you to add it on as another supported module. Less management, less hassle.
—
Cisco has come a long way since ISE 1.0 and these features are but a few of the many that will be consolidated and expanded upon in ISE 2.0 (Everyone cross your fingers for TACACS+!).
Soon to come is an article on the guest improvements in 1.3 and my thoughts on pxGrid which was also introduced in ISE Version 1.3.
What’s your favorite feature of ISE 1.3? Comment below.