Share your experience using MetaAccess

The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.

Use our online form to submit your review. It's quick and you can post anonymously.

Your review helps others learn about this solution
The PeerSpot community is built upon trust and sharing with peers.
It's good for your career
In today's digital world, your review shows you have valuable expertise.
You can influence the market
Vendors read their reviews and make improvements based on your feedback.
Examples of the 83,000+ reviews on PeerSpot:

Brad Davenport - PeerSpot reviewer
VP of Technical Architecture at Logicalis
Video Review
MSP
Offers rich contact sharing, many self-service features, and the ability to categorically list all the endpoints in the infrastructure
Pros and Cons
  • "For us and our clients, the most valuable features of Identity Services Engine are really around the rich contact sharing that ISE gives you."
  • "I think some areas where ISE could be better are perhaps in the number of integrations that they offer from a virtual standpoint, as well as having a better and more comprehensive pathway for the customer to go from a physical environment to a virtual one."

What is our primary use case?

Identity Services Engine for us has an incredible number of use cases, predominantly around identity and contact sharing within the enterprise or Endpoint onboarding for, authentication and authorization. Most recently, in the last few years, we've actually finally added device authentication and device management into that with the TACACS implementation. And now we have a comprehensive set of features to perform enterprise NAC, pure RADIUS authentication, and user authorization.

How has it helped my organization?

Cisco Identity Services Engine has provided two incredibly beneficial outcomes for our clients. First and foremost, they've been able to limit and minimize the number of different discrete platforms they need to use to deliver things such as network admission control, device authorization, and posturing, as well as do device and policy enforcement at the endpoint level. The second one that really is under sung is the ability to comprehensively manage guests in BYOD wireless access. The ability for the enterprise pretty much out of the box to deploy an end-to-end solution to manage guest onboarding, user self-service, as well as bring your own device has been a real boom to network access.

Using ISE to detect and remediate threats is really the hinge pin for pretty much everything in the Cisco security infrastructure. Without identity and without context, you really can't do any enforcement. It's fine to be able to detect a threat with an IPS, with a threat appliance, with anomaly detection, but being able to use things like RADIUS chains of authorization to then blacklist a host or remove a host from a production relay is an incredibly important outcome, not the least of which because that's all automated in ISE. And that's an incredible benefit to IT teams who perhaps don't have a NOC, don't have a SOC that can run out, and respond to a threat immediately. Having those SOAR automation capabilities inherent to the system is a really powerful feature set.

I think it's inevitable when a customer is deploying or using ISE that they're gonna find additional cycles that they can spend their time on. The rich automation and the quick startup out of the box, for instance, ISA has a really rich onboarding wizard. Pretty much out of the box, you can go through a series of steps, input your IP address, your domain names, etcetera. You don't have to do a lot of the upfront planning and design work that was required of previous systems that did network admission control, certainly more so than the old NAC. And so I believe that many customers will find they have extra cycles to go and use that IT talent to do more impactful projects than spending months and months and months deploying admission control.

Identity Services Engine has done a great advantage to our clients in the fact that Cisco has begun to move more capabilities into the platform over time. As they started out with the basic AAA capability, authentication, authorization, and accounting that was present in ACS and the older service architecture, they've now begun to move in, device administration in the form of the TACACS server and other capabilities within ISE. When they previously introduced the pxGrid capability, you now have the ability to bring other enterprise platforms such as your IPS, your threat systems, and your DNS security platforms directly into ISE for performing all those automation. And so it absolutely has consolidated the number of platforms that you need to deploy to achieve that secure outcome.

The effect of the consolidation of all of these functionalities within Identity Services Engine has had on IT is that now you have a single platform with which to maintain. I think sometimes we overlook the fact that security platforms themselves have a lifecycle associated with them. We have to patch these systems. We have to maintain currency on the devices. And over time, those devices like anything else become a little long in the tooth and require refreshing. The flexibility to deploy Identity Services Engine in multiple persona types on hardware or in a virtual machine is a huge advantage to customers who want to consolidate the number of vendors and hardware platforms that they have to support and manage.

Identity Services Engine has helped a lot of our clients as well as Logicalis simplify the way that we approach compliance governance and risk consulting within our own enterprise, being able to have a single source context for when devices were on the network when they were last authenticated, and, of course, that rich user context that we get. We can now share contextual information from Identity Services Engine within an Azure environment, within an AWS environment with our own active directory, and that's an enormous advantage when you're not only threat hunting, but when you're trying to pass those checks and balances that are required for cybersecurity insurance or your own internal compliance auditing.

What is most valuable?

For us and our clients, the most valuable features of Identity Services Engine are really around the rich contact sharing that ISE gives you. The ability to categorically list all the endpoints in the infrastructure, understand where they are, how they made it onto the wire, whether that was through wireless, through a wired engagement, And all of the self-service features that allow you to manage guest access to wired and wireless infrastructure are an incredible number of use cases that our clients are constantly deploying now.

What needs improvement?

I think in any technology infrastructure, you're going to have environments where improvements could occur. I think some areas where ISE could be better are perhaps in the number of integrations that they offer from a virtual standpoint, as well as having a better and more comprehensive pathway for the customer to go from a physical environment to a virtual one. Many of our clients today are hybrid. They have a physical footprint in a data center somewhere, as well as a public cloud instance for things. Today there really isn't an elegant pathway for a client that wants to go 100 percent cloud, and that's an improvement I think that could be along the way.

For how long have I used the solution?

I have been using Cisco ISE for close to ten years.

What do I think about the stability of the solution?

The stability of the Cisco Identity Services Engine has continued to improve over time as the product has matured. Anytime you're dealing with something like a database product that has millions or hundreds of thousands of endpoints and entries in it, inevitably you're going to have performance creep over time. Because of the scale of the Cisco purpose-built UCS appliances, the SNS appliances that predominantly run identity services engine, we've seen an enormous advantage by staying up to date on the most current Cisco SNS appliances. We've also seen an enormous advantage by leveraging ISE in a hybrid capacity. So the ability to deploy PSMs on a hybrid cloud environment, on a public cloud environment, as either additional capacity or as a failover point for that on-premise install base is a really nice advantage to have.

What do I think about the scalability of the solution?

The beauty of Identity Service Engine is the fact that there's really no environment too small. If you have 500 to 1000, maybe up to 2000 endpoints, We're talking laptops, mobile devices, access point switches, etcetera. You're really not too small to deploy Identity Service Engine. The beauty of the multi-persona design of the Identity Service Engine is that you can leverage that capability to split off those PSN personas which is actually the persona within the Identity Service Engine that processes all of that high rate of radius authorization and authentication traffic. So the scalability of ISE is really well thought out. It was really well thought out from the get-go. You can also split off the admin personas and the monitoring and logging personas as well to give you that horizontal scale. I'm not sure today what the exact endpoint count that ISE scales to is, but it is certainly into the hundreds of thousands of endpoints.

How are customer service and support?

Cisco support for Identity Services Engine has been world-class. The guts of ISE are still a RADIUS server. They're still AAA-based functionality. So many folks that have been deploying and supporting the Cisco Secure ACS Server as well as the TACACS server and all of the things that have come along with that, continue to use the same skill set to support and deploy ISE. Really, the differences nowadays in terms of support are bringing about more comprehensive offerings to support the systems that surround ISE. Many things plug into ISE and provide much richer context, and really that's where the complexity tends to creep in. Our support from Cisco both as an end user and a partner has been beyond reproach, and we really appreciate Cisco's continued investment in the TAC, and in all the areas they bring to bear to help you receive that business outcome you're after.

Cisco support is always going to be ranked a strong nine with me, mainly because we know there's always room to improve things. We don't want to give a full passing score, but without a doubt, I don't know how anyone could consume and deploy business outcomes with Cisco technologies without leveraging support. And so Cisco leads the way and continues to invest in that area.

How would you rate customer service and support?

Positive

How was the initial setup?

The deployment experience with ISE in the early stages was without a doubt, very daunting. There is a huge number of things that you need to understand about the existing infrastructure, about the existing customer environment to properly deploy that solution. As time has gone on, however, the designers and the developers of that software have begun to create wizard, have begun to create additional upfront deployment tactics within the tool itself so that essentially a journeyman network engineer or security architect can deploy the minimum level of functionality right out of the box.

What was our ROI?

It's difficult to say whether the clients have seen an immediate ROI with the deployment of the Identity Services Engine. Oftentimes, you have to take on additional technologies in the ISE product family in order to receive that comprehensive benefit. So I think only time will tell what the true ROI is. I can tell you that the value exchange that occurs between a partner and a client when we're talking about everything within the Cisco security portfolio being fully integrated together and working comprehensively has been an enormous advantage to customers who today have a complex act of multi-vendor products. Being able to consolidate on a platform-based solution is an incredibly powerful story to tell, and it's also incredibly powerful from a cost-benefit standpoint as well.

What's my experience with pricing, setup cost, and licensing?

In terms of the licensing and the pricing structure of the Cisco Identity Services Engine, there's been a huge advantage to our clients recently with the advent of the enterprise agreement. You now have an enterprise agreement choice, which now allows you to buy as few as two security products to unlock additional discounting and additional life cycle advantages when you consume that solution for security business outcomes. At Logicalis, we deliver a full life cycle approach to Identity Services Engine when embedded into a Cisco security enterprise agreement. We're able to deliver not only the onboarding and the design guidance that the customer needs to deliver that secure business outcome, but also provide the ancillary services to support all of the other infrastructure that often comes along with deploying a solution like ice.

Which other solutions did I evaluate?

Identity Services Engine compares favorably with many of the other competitor's products that are in that space. I won't mention them now, but I think we know that all of the same industry competitors have been delivering identity solutions and NAC solutions over the last decade or so. Cisco continues to rank in the upper and farther to the right in Gartner Magic Quadrant for those identity solutions, and I think they'll continue on that trajectory. Cisco has long been the number one network vendor in the world, and I think you'll continue to see that growth as the network continues to be important to business.

What other advice do I have?

I rate Cisco Identity Services Engine a ten, on a scale of one to ten. It's a necessary solution to deploy in order to achieve many of the business outcomes such as some of the smart business architectures, certainly anything within the automated campus designs that are out there with DNA Center. It's just an incredibly powerful tool to manage both identity and endpoints within the infrastructure, and it really does become the hub of a hub and spoke comprehensive security architecture.

When Identity Services Engine became the de facto migration path from ACS Access Control Server, we were very early adopting and getting that product into our labs and in the hands of our customers for proofs of concept, proofs of value, and enterprise pilots.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
Chief Information Security Officer at a financial services firm with 1,001-5,000 employees
Real User
Though the base installation is straightforward, the fine-tuning part of the deployment needs improvement
Pros and Cons
  • "If you are looking at the base installation, then it was a very straightforward process, which I would rate an eight or nine out of ten."
  • "If you look at the tool's deployment phase from a fine-tuning perspective, I feel it was very complex."

What is most valuable?

From a pricing perspective, even though the initial procurement was costly, the renewals were not that costly. From an OpEx perspective, considering that the renewals were not that costly, the cost is very much under control. I am not talking about the initial CapEx, but from an OpEx perspective, the tool's cost is very much under control, which is the most important feature. If I don't consider the fine-tuning part and take into consideration the implementation method, I would describe it as something that has a straightforward process. The fine-tuning part takes time.

What needs improvement?

The support offered for the solution has certain concerns, making it an area where improvements are required. Regarding the solution, the integration issues are hardly a problem. It is important to have a good support partner who knows about the solution so that the product's users don't face any integration-related issues. My company's main problem was related to the tool's support.

For how long have I used the solution?

I have been using Aruba ClearPass for a year and a half. My company is a customer of the product.

What do I think about the stability of the solution?

The stability of the solution was okay.

What do I think about the scalability of the solution?

My company has around 1,200 to 1,300 users of the product.

Which solution did I use previously and why did I switch?

I have experience with Fortinet. In terms of the functionalities that my company is able to achieve, Fortinet was much better than Aruba ClearPass. Fortinet also used to provide good support. Though the features provided by Fortinet and Aruba ClearPass were the same, the ease of use and the support provided by the former were important.

How was the initial setup?

It is easy to look at the deployment phase in two parts. If you are looking at the base installation, then it was a very straightforward process, which I would rate an eight or nine out of ten. If you look at the tool's deployment phase from a fine-tuning perspective, I feel it was very complex.

The solution can be deployed in three months. Three to four people in my company were involved in the deployment process.

What's my experience with pricing, setup cost, and licensing?

In terms of your fixed cost, it is much less than a lot of other solutions in the market. The initial cost is very high.

What other advice do I have?

The main reason my company started to look for alternate solutions against Aruba ClearPass was that we faced some issues in terms of the levels of integration that we were able to achieve and the support offered by Aruba.

Speaking about my experience with integrating Aruba ClearPass with some multi-vendor environments, I would say that my company had faced issues in terms of the support that we received for Aruba ClearPass, specifically when it came to the area of the configuration changes or any part involving reimplementation. My company did some reference checks related to Aruba's partners, and we saw that we were not getting very positive feedback regarding how the solution is implemented in some organizations.

I haven't reached the level where I can comment about how the product's guest access functionality has improved visitor management for our business. When my company was involved in the reimplementation phase of the tool, we wanted to implement guest access, Wi-Fi access, and other advanced functionalities but didn't reach that level.

In terms of real-time functionalities, my company was not able to access such features, considering the support-related issues we were facing. My company was not able to make good use of it.

If you plan to use the solution, it is important to ensure that you have very good support in terms of both the OEM product and the partner.

I rate the tool a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate