Cloud is an essential element of a digital enterprise, and the pandemic has made this fact indisputable. Gartner predicts businesses to spend a total of $480 billion on public cloud services in 2022, a 21% increase compared to 2021.
Besides accelerating the speed of innovation, cloud technologies enhance employee experience by efficient delivery of software services.
Cisco Identity Services Engine (ISE), being a security software product, had been in the center of the cloud conversations for a while, and with the 3.1 version, Cisco ISE is now available in the AWS marketplace.
Having Cisco ISE on Amazon Web Services (AWS) doesn’t just mean installing the software on another virtual platform; it entails much more. Here are the five things you should know about the new cloud offer for ISE:
1. Cisco ISE Can Now be Deployed on AWS’ Global Infrastructure
Cisco ISE is available in the AWS commercial, GovCloud (US East and West), U.S. Intelligence Community (IC) and China marketplaces. Through the commercial marketplace, you can deploy Cisco ISE nodes in most of the locations supported by AWS. As more regions get added to the AWS offering, we intend to support ISE where the compatible instance types are available.
This ubiquitous availability allows you to deploy ISE at remote branch offices without the need for a physical data center. Your ISE nodes can be instantiated quickly, and your organization’s network access policies can be easily extended to a remote location.
2. AWS Network Load Balancer (NLB) to Load Balance Traffic to Cisco ISE
Cisco ISE is undoubtedly the most scalable Network Access Control (NAC) solution in the market, serving businesses with millions of endpoints today. ISE’s multi-node architecture makes scaling the access control services possible and easy.
When it comes to implementing distributed ISE deployments, it has always been our recommendation to use load balancers along with the ISE Policy Services Nodes (PSN). The load balancers not only optimize the traffic between ISE nodes and network devices; their use also greatly simplifies configurations on switches and wireless devices, as you only require a few addresses for the policy servers rather than all the PSNs.
Using open standards, ISE can practically interoperate with any load balancer. AWS offers a variety of load balancers to distribute traffic to various targets, such as Amazon Elastic Compute Cloud (EC2) and other services. And as you operationalize ISE on AWS, you have the option to load balance RADIUS, TACACS+, and other traffic to the ISE EC2 instances via the AWS NLB.
3. Amazon Simple Storage Service (S3) to Backup and Restore Cisco ISE Data
Backups help you restore lost data to your ISE deployments. Regular ISE configuration and operational data backups help you to reinstate NAC services during a disaster. They are also essential for you to upgrade ISE software images in public cloud environments.
Backups need repositories, and operating ISE on the AWS platform gives you an option to use the Amazon S3 buckets for storing your ISE data. ISE is cloud-ready, not only to enforce your organization’s zero-trust policies, but it is also cloud-enabled for your critical operational needs such as data backup and restore.
4. A New Common VM License to Ease Migration
Along with the flexibility of deploying ISE on the platform of your choice, we now offer a simplified Virtual Machine (VM) license to smoothly move the workloads across the on-premise and cloud virtual platforms.
Unlike the traditional Small, Medium, and Large VM licenses, ISE 3.1 only requires a “Common” VM license for all supported VM sizes. You can now set up your ISE VMs peacefully in any size and on any platform without worrying about the underlying configuration-specific license compliance requirements.
5. Cisco ISE is “Reviewed by AWS”
Cisco ISE is currently the only NAC product to be reviewed by the AWS Partner Network (APN).
Through the AWS Foundational Technical Review (FTR), Cisco ISE complies with the cloud architecture based on AWS best practices. ISE being an FTR-approved product on AWS, should boost your confidence to deploy it for production use. Complying with the best practices means ISE is subjected to reduced risks in terms of security, reliability, and operational excellence, as defined by the AWS Well-Architected Framework.
Bonus Point: Ansible and Terraform to Deploy ISE on AWS
Most cloud operations teams within IT organizations accelerate innovation through automation. These cloud teams write programs using Infrastructure-as-code (IaC) tools such as Ansible, Terraform and others, to perform virtually every aspect of operations in the cloud platforms.
As the cloud infrastructure operations teams start owning responsibilities to deploy clusters of ISE instances, understanding the intricacies of the ISE system becomes critical. To ease this endeavor and enable these IT teams to deploy ISE with speed, we have developed and open-sourced a library of reference Ansible playbooks and Terraform providers. Using these resources, anyone with little or no knowledge of how the ISE system functions can deploy ISE in minutes.
Summary
Having Cisco ISE on a public cloud platform opens a whole new world of opportunities for IT organizations. Beyond the deployment flexibility, ISE on AWS can enable exceptional IT experience through the interoperation of powerful cloud-native technologies.
Get started. To learn more, visit:
- ISE 3.1 Simplifies the Transition to Cloud
- Cisco ISE on AWS Expands Zero-Trust to the Edge
- Webinar: Cisco ISE on AWS
- Webinar: Cisco ISE on AWS with Ansible Automation
- Configure ISE 3.1 Through AWS Marketplace
Check out our Cisco Networking video channel
Subscribe to the Networking blog
CONNECT WITH US