Cloud is a necessary aspect of a digital enterprise, and the pandemic has made this truth indeniable. Gartner predicts companies to spend a complete of $480 billion on public cloud providers in 2022, a 21% improve in comparison with 2021.
Apart from accelerating the pace of innovation, cloud applied sciences improve worker expertise by environment friendly supply of software program providers.
Cisco Identification Companies Engine (ISE), being a safety software program product, had been within the heart of the cloud conversations for some time, and with the three.1 model, Cisco ISE is now out there within the AWS market.
Having Cisco ISE on Amazon Internet Companies (AWS) doesn’t simply imply putting in the software program on one other digital platform; it entails far more. Listed below are the 5 issues you need to know in regards to the new cloud supply for ISE:
1. Cisco ISE Can Now be Deployed on AWS’ International Infrastructure
Cisco ISE is accessible within the AWS industrial, GovCloud (US East and West), U.S. Intelligence Neighborhood (IC) and China marketplaces. By means of the industrial market, you’ll be able to deploy Cisco ISE nodes in many of the places supported by AWS. As extra areas get added to the AWS providing, we intend to assist ISE the place the suitable occasion varieties can be found.
This ubiquitous availability means that you can deploy ISE at distant department places of work with out the necessity for a bodily information heart. Your ISE nodes may be instantiated rapidly, and your group’s community entry insurance policies may be simply prolonged to a distant location.
2. AWS Community Load Balancer (NLB) to Load Steadiness Visitors to Cisco ISE
Cisco ISE is undoubtedly the most scalable Community Entry Management (NAC) resolution available in the market, serving companies with tens of millions of endpoints at present. ISE’s multi-node structure makes scaling the entry management providers doable and straightforward.
With regards to implementing distributed ISE deployments, it has all the time been our advice to make use of load balancers together with the ISE Coverage Companies Nodes (PSN). The load balancers not solely optimize the site visitors between ISE nodes and community gadgets; their use additionally tremendously simplifies configurations on switches and wi-fi gadgets, as you solely require a number of addresses for the coverage servers somewhat than all of the PSNs.
Utilizing open requirements, ISE can virtually interoperate with any load balancer. AWS gives a wide range of load balancers to distribute site visitors to numerous targets, equivalent to Amazon Elastic Compute Cloud (EC2) and different providers. And as you operationalize ISE on AWS, you’ve got the choice to load steadiness RADIUS, TACACS+, and different site visitors to the ISE EC2 cases by way of the AWS NLB.
3. Amazon Easy Storage Service (S3) to Backup and Restore Cisco ISE Knowledge
Backups make it easier to restore misplaced information to your ISE deployments. Common ISE configuration and operational information backups make it easier to to reinstate NAC providers throughout a catastrophe. They’re additionally important so that you can improve ISE software program photographs in public cloud environments.
Backups want repositories, and working ISE on the AWS platform offers you an choice to make use of the Amazon S3 buckets for storing your ISE information. ISE is cloud-ready, not solely to implement your group’s zero-trust insurance policies, however it’s also cloud-enabled in your crucial operational wants equivalent to information backup and restore.
4. A New Widespread VM License to Ease Migration
Together with the pliability of deploying ISE on the platform of your selection, we now supply a simplified Digital Machine (VM) license to easily transfer the workloads throughout the on-premise and cloud digital platforms.
In contrast to the normal Small, Medium, and Massive VM licenses, ISE 3.1 solely requires a “Widespread” VM license for all supported VM sizes. Now you can arrange your ISE VMs peacefully in any measurement and on any platform with out worrying in regards to the underlying configuration-specific license compliance necessities.
5. Cisco ISE is “Reviewed by AWS”
Cisco ISE is at present the one NAC product to be reviewed by the AWS Companion Community (APN).
By means of the AWS Foundational Technical Overview (FTR), Cisco ISE complies with the cloud structure primarily based on AWS greatest practices. ISE being an FTR-approved product on AWS, ought to increase your confidence to deploy it for manufacturing use. Complying with the very best practices means ISE is subjected to diminished dangers by way of safety, reliability, and operational excellence, as outlined by the AWS Properly-Architected Framework.
Bonus Level: Ansible and Terraform to Deploy ISE on AWS
Most cloud operations groups inside IT organizations speed up innovation by means of automation. These cloud groups write applications utilizing Infrastructure-as-code (IaC) instruments equivalent to Ansible, Terraform and others, to carry out just about each facet of operations within the cloud platforms.
Because the cloud infrastructure operations groups begin proudly owning duties to deploy clusters of ISE cases, understanding the intricacies of the ISE system turns into crucial. To ease this endeavor and allow these IT groups to deploy ISE with pace, we now have developed and open-sourced a library of reference Ansible playbooks and Terraform suppliers. Utilizing these assets, anybody with little or no information of how the ISE system features can deploy ISE in minutes.
Abstract
Having Cisco ISE on a public cloud platform opens a complete new world of alternatives for IT organizations. Past the deployment flexibility, ISE on AWS can allow distinctive IT expertise by means of the interoperation of highly effective cloud-native applied sciences.
Get began. To study extra, go to:
Take a look at our Cisco Networking video channel
Subscribe to the Networking weblog
Share: