Over 45,000 organizations depend on Cisco Identity Services Engine (ISE) to manage access policies as a core requirement to zero trust networking. ISE provides enterprise IT teams with granular control over which endpoints and people can access resources based on centrally managed policies. These policies can be enforced ubiquitously across an organization through a distributed architecture spanning multiple ISE nodes. This configuration is working incredibly well for enterprises of all sizes and business functions.

To increase deployment flexibility and support IT’s journey to public cloud platforms, Cisco ISE 3.1 is now cloud-ready. And to make the transition easy, Cisco ISE Network Access Control (NAC) solution is now available on the AWS Marketplace.

The ability to run ISE on a cloud platform offers many benefits, such as lower total cost of ownership and enhanced experience with augmented cloud-native functions such as load-balancing, auto-scaling, data backup and restore to storage buckets. But more importantly, it enables two new deployment scenarios, which were not easily possible before:

  • The ability to uniformly expand secure access policies as business operations extend geographically with lean branches, when new regional customer opportunities present themselves, or in reaction to black swan events like pandemics and natural disasters.
  • The opportunity for commercial, medium size, and local public sector organizations to have the same level of access security and device protection as do enterprises with the IT staffing and budgets to support on-premises installations of ISE.
Deploying Cisco ISE on AWS
Deploying Cisco ISE on AWS

Cisco ISE Expands Deployment Flexibility for Geographically Distributed Enterprises

Global enterprises rely on experienced IT teams to maintain centralized control of ISE running on-prem data center appliances or virtual machines in clusters that can be adjusted according to business needs. With ISE now available on the AWS Marketplace, enterprises with established ISE deployments can quickly expand ISE instances to remote locations to support new branches, co-location workspaces, and pop-up sites for emergencies.

To secure the opening and staffing of a new branch office that is geographically distant from centralized IT resources, IT can “bring their own licenses” from Cisco for ISE to the AWS Marketplace and setup an ISE instance in a matter of minutes. The global ISE policies automatically extend to the remote site when the new ISE instance activates in the cloud. As the workforce connect with their devices, all the access permissions are in place to maintain a secure zero-trust work environment.

Cisco ISE for Small-Medium Businesses Keeps It Simple

As organizations of all sizes adapt to hybrid workplaces with a changing workforce with many devices, a security shield against malware, ransomware, and exfiltration of privacy data is paramount. ISE on AWS enables organizations to implement enterprise-grade security controls in their environments without needing to invest in on-premises infrastructure. For SMBs with limited IT staff, deploying ISE services on a cloud platform like AWS, is simplified with Cisco-provided turnkey settings defining, configuring, and implementing access policies in ISE. The interactive walkthrough capabilities integrated in ISE guides IT teams through specific steps to implement advanced security use cases.

Deploy ISE Infrastructure as Code with Ansible and Terraform

Beyond the flexibility to deploy ISE on the platform of choice (cloud or on-premise), with ISE 3.1, IT can manage ISE using Infrastructure as Code (IaC) tools. IT teams can quickly spin up and configure ISE instances in AWS and on-premises using pre-configured IaC Ansible Playbooks and Terraform Providers to replicate ISE policies, minimizing repetitive work as well as human errors.

Automated ISE deployment and policy management also enables anyone new to an IT team to create new ISE instances without in-depth knowledge about the settings required for specific virtual machines on the cloud platforms. The result: It takes far less time and training to deploy Cisco ISE and enforce zero trust access policies across the organization.

ISE Everywhere in an Instant

Organizations that rely on Cisco ISE to secure their global networks are eager to take advantage of the ability to install ISE on cloud providers like AWS—practically anywhere, anytime they need it. Merging two offices into one site in a location far away from headquarters? Spin up a new ISE instance in an AWS regional availability zone and quickly expand support for the combined workforce. Closing an office and moving to a different city? Create an instance closest to the new location and destroy—in the language of IaC—the one no longer needed. The new instance is quickly available with all the correct access policies in place.

ISE everywhere provides organizations of all sizes with centralized control of access policies with the organizations that could not justify the IT resources to support enterprise-levels of security can cost-effectively secure their workforce, compute, and IoT devices with ISE on AWS.

For more information on how you can implement ISE on AWS, view these resources:

Simplifying Security Telemetry for Zero-Trust Networking with Cisco Catalyst 9000 Switches

ISE 3.1 Simplifies the Transition to Cloud

Cisco ISE installation on AWS Guide

Installing Cisco ISE on AWS Demo

Configuring AWS Load Balancer for Cisco ISE Demo

Configuring an ISE 3.1 Repository with AWS S3 Demo

DevNet: Deploying ISE on AWS using Ansible

Subscribe to the Networking blog!

Check out our Intent-Based Networking Video Channel 


Anoop Vetteth

VP, Product Management, Enterprise Switching and Software Solutions