Cisco Logo


Channels

Your Questions: Answered

This post is the first in a new series we’ll be featuring called Your Questions: Answered. In this series, we track down the answers to partners’ toughest technical questions. You can submit your questions here, post on the Cisco Channels Facebook page, or drop us a note on Twitter.

When Cisco recently introduced the Identity Services Engine (ISE), you likely started fielding questions, with many customers concerned about whether Cisco Network Admission Control (NAC) and Cisco Access Control System (ACS) will cease to be supported or become end-of-life. (Kind of like how I felt when the iPhone 4 came out and I was stuck with the iPhone 3G).

To help you address customer questions, I went out looking for answers on what’s up with ISE, NAC, and ACS. First up, a little about ISE: It has similar functionality to NAC and ACS, combining the functionality of those two existing products onto a new platform. Your customers can gather information from users, devices, infrastructure, and network services to enable organizations to enforce contextual-based business policies across the network, create and enforce consistent policy from the head office to the branch office, and combine authentication, authorization, and accounting (AAA), posture, profiling, and guest management with this single product. And that’s just the beginning--I’ll share details on how to find out more about ISE later in this blog.

Back to the issue at hand — I chatted with Brian Sak, Cisco’s Consulting Systems Engineer and expert on Borderless Networks Security products. He filled me in on the most frequently asked questions that he’s been getting from partners around ISE.

Are NAC and ACS being replaced by ISE?
No, both NAC and ACS have ongoing roadmaps, developments, and new releases planned. If ISE does not meet your customer’s current needs, your customers can still use NAC or ACS. Cisco will not stop innovations on NAC and ACS anytime in the near future.

Should I encourage my NAC and ACS customers to migrate to ISE now?
The answer varies based on your customers and their requirements. Check out this handy chart in the Partner Community Discussion Forum (log in required) to help you determine if ISE is the right fit, right now for your customers.

What is the migration path for NAC and ACS?
Migration SKUs are available for existing NAC and ACS customers. This means your customers can potentially be offered a reduced cost or free migration from one platform to another. You can get up to speed quickly on how to migrate to ISE using the Cisco ISE Migration At-a-Glance (PDF).

Is there a NAC roadmap available?
Yes, you can find the NAC roadmap along with other partner training information by logging into the Partner Community.

Who can sell ISE?
Initially, ISE will not be generally available for all partners to resell. Only Cisco Authorized Technology Provider (ATP) partners who meet a set of requirements and have been trained on the product will be able to position and sell ISE. For more information on the ATP program and process, check out the end of this Q&A (log in required).

Hopefully this FAQ has provided you with all of the information you need to answer your customer’s questions about ISE. For additional information, please visit these key links:

Got any other questions around ISE that you didn’t see covered in this blog post? Or do you have technical questions on another topic? Please share them in the comments below, on our Facebook page, or send us a tweet, we may answer your technical question in our next blog post.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 90 days. Please visit the Cisco Blogs hub page for the latest content.

4 Comments.


  1. Thiago Cardoso Luiz

    Is possible to install NAC agent on windows server 2008 r2?

    Ty

       0 likes

  2. Hello Anna, I currently have some questions about it:

    1 . Where can we find a list of official ATP partners who sell this and other products.

    2. Cisco says that ACS and NAC still have ongoing roadmaps and this product is not to replace them, however I suppose that customer are going to prefer this product rather than the NAC solution because of its multiple benefits compared to NAC…so my question is, does the ISE cannot do something that the NAC platform actually does (I meant a NAC platforma with all its products, Profiler, Guest, NAS, NAM, NAC Module, etc).

    3. Is Cisco going to add Active Directory SSO in the near future to the ISE?

    4. Is this platform still going to use a suplicant agent to perform Posture Assesment or will this be made by using 802.1x?

    Thanks a lot.

       1 like

    • Hi Dennis,

      Here are the answers to your questions:

      1 . Where can we find a list of official ATP partners who sell this and other products.

      –The ATP does not officially launch until Sept. To check which partners have been participating in the pilot-ATP and are authorized to sell ISE contact your local CAM or direct sales team.

      2. Cisco says that ACS and NAC still have ongoing roadmaps and this product is not to replace them, however I suppose that customer are going to prefer this product rather than the NAC solution because of its multiple benefits compared to NAC…so my question is, does the ISE cannot do something that the NAC platform actually does (I meant a NAC platforma with all its products, Profiler, Guest, NAS, NAM, NAC Module, etc).

      –NAC can perform inline posture assessment and authentication without the endpoint being configured for 802.1X. ISE relies on a 802.1X configured network access device. NAC is also deployed in an overlay fashion where ISE provide enforcement in the infrastructure.

      3. Is Cisco going to add Active Directory SSO in the near future to the ISE?

      –ISE utilizes industry standard RADIUS for authentication and supports single sign to AD through the supplicant. As long as the EAP type that you choose provides SSO support then ISE supports it.
      http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/secwlandg20/ch3_2_SPMb.html See Table 3-2, for example EAP types that support AD SSO.

      4. Is this platform still going to use a suplicant agent to perform Posture Assesment or will this be made by using 802.1x?

      –Yes, ISE utilizes the NAC 4.9 agent to preform posture assessment on the endpoint.

      Please let us know if you have more questions!

         1 like

  1. Return to Countries/Regions
  2. Return to Home
  1. All Channels
  2. Return to Home