New Features of Cisco ISE 3.0

  New Features of Cisco ISE 3.0
   By: Michael Wood

Last month Cisco announced the release of Identity Services Engine (ISE) 3.0.  This major release has several new features and even has a new look.  This post will cover some of those features and give you a first peek at ISE 3.0

The Licenses -

As you prepare to upgrade/install ISE 3.0, you will need to know that Cisco made yet another licensing change.  Base, Plus, and Apex licenses will be replaced by Essentials, Advantage and Premier licenses.  The new tier-based model is subscription-only and will require Smart Licensing.  The good news is that the higher-tier license will include all lower-tier features.  For example, Premier licenses will include all the features of Essentials and Advantage licenses.

The Look-

If you thought the old ISE GUI was a little too busy, then you will like the new one.  The top line of menu items has been removed and replaced with a hamburger menu in the top-left corner.

You will find all the usual administrative functions have been rolled-up into this menu.  The dark mode is a nice touch and gives us hope that Cisco will build this feature into all menus in the future.

The Help –

There has always been an overview on how to configure some tasks within ISE.  Cisco has taken that one step further to include interactive help along the way.  This feature provides step-by-step workflows to complete those tasks and will help make sure you don’t miss a step.

The Health –

Easily verify the health of your ISE deployment with the new on-demand Health Check.  This provides the working status of all the dependent ISE components.  Any failures of a component will provide recommendations to resolve the issue.

 

 The Troubleshooting-

When the health is not so good, ISE 3.0 now includes a Debug Wizard which provides pre-defined templates to help troubleshoot any issues.  If (when) that TAC case is necessary, debug logs can easily be enabled over multiple nodes within the deployment. You will soon be able to open a TAC case from within ISE as well.

The Rest-

A few of the other new features worth mentioning…

ESXonAWS

 802.1x with Azure AD

Agentless Posture for Windows and macOS

SAML SSO for Multi-Factor Authentication

ODBC Multiple Attributes Lookup

Certificate Pinning for Multiple CAs

Baselines Policies with Microsoft SCCM

New Passive ID

Custom Endpoint scripts

TCP Dump Enhancements

And more……

The Wish –

If ISE 3.0 is missing something not in the list above, they have now included a “Meraki-like” Make a wish button.  My first wish will be dark mode for all menus.

More to come as we explore The Rest of the features.