Cisco just released the latest Identity Services Engine (ISE) software today via ISE 2.0. This is a huge release with many new features including the most popular asked … TACTACTS+ support. I haven’t had time to upgrade yet but will provide a first look post next week. Here is a list of the new features that come with ISE 2.0 according to the data sheet found HERE.
- TACACS+ Device Administration – with a additional license, ISE can support the TACACTS+ security protocol to control and audit the configuration of network device. This should remove your need for a ACS solution.
- Third-Party Device Support – More 3rd party device support as shown
- TrustSec Dashboard – Now there is a dedicated dashboard for deploying and monitoring trustsec configuration
- TrustSec Matrix Enhancements – Cisco ISE allows you to create, name, and save the custom views
- TrustSec Work Center – All TrustSec-related options are consolidated under the TrustSec Work Center menu
- Automatic SGT Creation – Cisco ISE allows you to create SGTs automatically while creating the authorization policy rules. The auto created SGTs are named based on the rule attributes.
- Support for SXP – Source Group Tag (SGT) Exchange Protocol (SXP) is used to propagate the SGTs across network devices that do not have hardware support for TrustSec
- Location Based Authorization – Cisco ISE integrates with Cisco Mobility Services Engine (MSE) to introduce physical location-based authorization. Cisco ISE uses information from MSE to provide differentiated network access based on the actual location of the user, as reported by MSE.
- Support for Boolean Attributes – Cisco ISE supports retrieving Boolean attributes from Active Directory and LDAP identity stores.
- Support for EAP-TTLS Protocol – EAP-TTLS is a two-phase protocol that extends the functionality of EAP-TLS protocol. Phase 1 builds the secure tunnel and derives the session keys used in Phase 2 to securely tunnel attributes and inner method data between the server and the client.
- KVM Hypervisor Support – Cisco ISE supports KVM hypervisor on Red Hat Enterprise Linux (RHEL) 7.0.
- Cisco ISE Telemetry – The Cisco ISE Telemetry banner appears as soon as you log in to the Admin portal.
- Certificate Provisioning Portal – The Certificate Provisioning portal allows employees to request certificates for devices that cannot go through the onboarding flow
- Certificate Template Extension – The Cisco ISE Internal CA includes an extension to represent the certificate template that was used to create the endpoint certificate.
- Cisco ISE Internal CA Issues Certificates to ASA VPN Users – The internal ISE CA can issue certificates to client machines that connect over ASA VPN. Cisco ISE uses the Simple Certificate Enrollment Protocol (SCEP) for enrollment and to provision certificates to the client machines
- GUI-Based Upgrade – (This one is pretty awesome. Its SOOO much easier to upgrade post 2.0). Cisco ISE offers a GUI-based centralized upgrade from the Admin portal. The upgrade process is much simplified and the progress of the upgrade and the status of the nodes are displayed on screen.
- Technical Support Tunnel for Advanced Troubleshooting – Cisco ISE uses the Cisco IronPort Tunnel infrastructure to create a secure tunnel for Cisco technical support engineers to connect to an ISE server in your deployment and troubleshoot issues with the system.
- Mobile Device Management Enhancements – Cisco ISE 2.0 allows endpoints that were enrolled on an active MDM server outside of an ISE network to connect to an ISE network without needing to re-enroll with the MDM server.
- Support for Meraki Mobile Device Management – Cisco ISE supports Meraki MDM server.
- pxGrid Enhancements
- Guest Enhancements
- Profiler Enhancements
- Posture Enhancements
- Client Provisioning Enhancements
- FIPS Mode Support
- IPv6 Support