Cisco ISE (Identity Services Engine) Reviews

We use ISE for authentication, authorization, and access control. We use it to integrate and manage a lot of the access controls between our switches, routers, and pretty much all of our network infrastructure. We use ISE on-prem instead to manage all of our infrastructure.

One of the benefits of ISE for us in our organization is the fact that, because we're a very large entity with employees of over 10,000 people, we have over 2,000 pieces of equipment. So, rather than individual programming or managing everyone's credentials on each piece of equipment, using ISE to manage all of that and giving everybody just one Active Directory login simplifies that process for us.

ISE as a platform has been able to free up time, even for me personally, in terms of having to constantly remember credentials, passwords, and all these password complexities. Using ISE to integrate into all of our core infrastructure, frees up so much time for me to do other things. Even down to the configuration, when we are building config for the scripts as well as for our switches and routers, being able to eliminate a lot of those redundant credentials within the configuration itself is a massive time saver for us. In terms of time savings with using ISE itself, we see the savings every day because we have to constantly interact or interface with tons of network equipment. So every single time I have to log into a switch, I am literally realizing I'm saving time in that moment. It's always a constant; I'll say at least three to five minutes for every login.

ISE, we use it strictly for authentication and authorization. For consolidation, not so much, because it just serves one dedicated purpose, which is basically that access control.

In terms of cybersecurity, I would say ISE helps in a way, but we do have other platforms and tools that are specifically designed for that purpose because we try to choose tools that are very specific in their functions.

For us, because we are mostly a Cisco shop, all of our equipment is Cisco. So integrating Cisco ISE into our environment wasn't too complicated, because a lot of our equipment, again, are Cisco-related products. Thus, they were all able to integrate nicely within that ecosystem.

The authorization and accounts inside of ISE are very useful for us. In the sense that we can actually go back and track and look at all of the things that access controls or people have made changes in the past. And I think the biggest part of ISE for me is that authentication as well. The fact that we can connect it to Active Directory and use it to manage access control to all of our infrastructure devices.

As software, in general, ISE is actually a fantastic product. I just think that, overall, it's just the software control, the bugs, and the fixes. We do tend to run into a lot of issues with ISE when it comes to bugs. I would like to see a lot more testing prior to the rollout of some of these software updates.

I have been using Cisco ISE for over eight years.

When it comes to the stability of the product, for the most part, it is stable. But when it breaks, it breaks on a grand scale as well. And that's why, for us, most of the time, we don't always jump to the latest and the greatest when it comes to software updates because we wanna make sure that the software goes through our internal change control and make sure that a lot of bugs have been ironed out and straightened out before we update. But even then, we are still running into unforeseen bugs and unexpected situations. But I'd say, overall, it's relatively stable.

So when it comes to the scalability of ISE, we are a massive organization with offices ranging from two people to hospitals with over 10,000 people. We are able to rapidly deploy products. Sometimes, we have mobile sites that we just spin up—especially during COVID. For example, we had to deploy a lot of COVID assessment centers. We were also able to rapidly deploy a lot of these instances. Even when we had to integrate Meraki products for some of our smaller sites, scalability-wise, it's really flexible and very scalable. If an organization of our size can easily use it to adapt, I don't see any reason why it would be an issue for anybody to scale this product.

Cisco support is actually fantastic, especially in being able to use the tech support. At least, I personally use it all the time. Being able to actually just pick up the phone and quickly get in touch with a Cisco rep, because we definitely always run into some of those issues where it's unforeseen and we're not really sure what's going on. So, it's nice to be able to have that support on standby; it comes in handy a lot of the time and it actually saves us a lot as well in terms of time, money, and headaches when it comes to managing the network. Because we all know when the network goes down, everybody starts to look for you. Being able to have that rep to assist you right away and kinda solve that problem is something that everyone should have - that tech support.

When it comes to rating tech support, nothing is perfect. So, I'll say seven. But overall, that's because of the speed, the urgency, and now the ticket seriousness. So there's always room for improvement, but I think overall, I'll say we're getting a good bang for our buck.

Neutral

We have actually always been a Cisco shop right from the start, and ISE has always been our AAA authentication tool right from the start. As far as the evaluation and selection process goes, because we're a Cisco shop, it kinda just made sense to choose a product or a tool that neatly integrates with the rest of our products. We use a lot of Cisco products in terms of our wireless control, network management, and legal firewall. So, it was just a natural fit to choose Cisco ISE and use it as part of that existing ecosystem.

When it comes to deployment of the Cisco ISE, we actually did it in-house. However, we also have a Cisco rep that we work with directly within Cisco's organization, who actually works directly with our company. As a result, the Cisco rep and the on-premises internal IT team were able to deploy it.

In terms of return on investment, I would like to think that we've seen a significant return on investment with Cisco ISE. Just looking at it purely from my perspective, in terms of time-saving, if we consider this impact on a single person and then scale it over two to three thousand employees when you multiply that data on a day-to-day basis, the time-saving is tremendous. Moreover, in terms of solutions, having the ability to keep things integrated and manage them through a single pane of view adds to the benefits. I believe the return on investment goes beyond just the financial aspect. It extends to mental well-being, reduction in stress, and as employees. It's really great.

When it comes to licensing costs and Cisco's more than one pricing, I think that's one of the areas where I actually have one of the biggest problems. I just think that Cisco is trying to move towards squeezing more money out of us as customers. They're constantly trying to change many features that used to be part of the original bundle. Now, Cisco has actually transitioned to a lot of subscription models, fees, and licenses. As a result, the cost has gone up, and I foresee it continuing to rise, which is why I have a problem with it now.

Cisco ISE, on a scale of one to ten, I'll say it's about a six. I'm giving it that score because, first of all, the ease of deployment is one of the biggest things for us. Also, the ease of use. The reason why I'm not really giving it a ten is when it comes to the licensing model and all the subscription fees – that's the big issue for me with Cisco licenses. Additionally, when it breaks, it could potentially break big as well.

I'm a network analyst for one of the largest healthcare entities in Canada, and we have over twenty thousand employees.

We're just using it for authentication to our network switches.

We have more visibility and control with the tool. It has helped us improve our cybersecurity resilience.

The authentication piece was a big deal, especially because we're able to roll it out so quickly. Once we start using it to its full potential by using NAC, we can automate a lot of things that we're doing manually. MAC lockdown is one of the big things we have an issue with because I work on the classified network, so we're locking down every end device. It takes up a lot of time. That's one of the biggest things that we're rolling out. I'm not sure what other features we're going to use out of it, but I know that once we get started on it, we'll be a lot more involved with the things that we're going to roll out.

It's really easy in terms of the authentication piece. It's a big help. We've other parts of the network that are not using any authentication at all, which is scary. We've so many separate companies, and I'm hoping that we can start using this for those networks as well.

It has saved us time. We've control on our side, and we're able to add new devices as we deploy them for new buildings and things like that. We're able to give different types of access that our users need to have, which is nice. It has been huge, and then once we start deploying NAC or something like that, that's going to be a game changer for us because that'll free up a lot of time for us. It probably saves at least ten hours a week because especially right now, we're in the phase where we're getting so many new buildings. We're not only turning up new buildings; there are also all the users. So, for every single device, you have to do a MAC lockdown. Sometimes we get spreadsheets listing a ton of PCs that we've to lock down. That just takes forever, especially if you get it wrong or someone has fat fingers and things like that. It'll hopefully eliminate a lot of that too. We won't have the back and forth with other groups for that.

It has helped consolidate tools. We don't have to go outside our own group for the authentication piece. That control is a big deal. On top of that, once we start integrating NAC and other things, it's going to eliminate a lot of manual work.

Having access and being able to add people or change authentication yourself is nice. In the past, we've used other group authentication services, and we always had to go to them and get permissions. Having that control is key. 

Adding new devices was a little cumbersome. I haven't done it that many times, but I remember that adding new devices to the authentication piece of it was a little cumbersome. The way I was shown to do it, I thought it was odd because we had to go into the active device, copy the file down, export it, make some changes to it, and then reimport it as opposed to being able to click it and having a template to fill out. It was a little more cumbersome than I thought.

I've been using Cisco ISE for about a year.

For the times that I have interacted with them, they've been pretty good, but I've heard of other stories. Overall, I'd rate them an eight out of ten.

Positive

We were using regular TACACS, RSA, etc. I can't remember what they were using on their side because it was more of the infrastructure team that was using this. We would just basically go to them and give them requests. Having control through Cisco ISE is much better.

The reasons for going for Cisco ISE were having that control and having a relationship with Cisco. All of our gears are Cisco. It just made it easier and more compatible. I know there are a lot of other tools that we can take advantage of such as NAC and things like that. We're hoping to do that in the future.

As far as I know, it was fairly easy. We didn't have a lot of problems with it. One of our other guys deployed it. I wasn't with him, but I didn't hear that there were a lot of problems with it, so it was fairly easy. The same guy had deployed it on the unclassified networks, so he had experience with it.

Overall, I'd rate Cisco ISE a seven out of ten.

I often use Cisco ISE for guest portals to onboard devices. For example, if a company wants to allow their employees to bring their own devices, there's a large security risk. Cisco ISE can help with onboarding those devices and check whether they're up-to-date with security patches and whether they fit the criteria to join the network.

There's so much stress involved with the pressures of trying to make it easy for customers to use the product without constantly having to jump over security hurdles. On the other hand, there is the constant threat of cyber attacks. Balancing the two can be quite stressful for developers, engineers, and consultants.

Our main goal, as an intermediary between Cisco and our clients, is to help IT managers, IT engineers, and administrators have better days. There is a lot of pressure on IT staff, and by giving them the right tools and solutions, we can help them feel more empowered to do their job much more effectively and, therefore, feel proud of their work.

In terms of features, the best feedback I've received has to do with guest portals. The guest portals and sponsor portals are where a company can customize their appearance. As people join the guest network, they're presented with the branding of the company that they're in.

A lot of customers use a third party to manage their guest Wi-Fi. Cisco ISE presents the ability to bring that in-house so that customers can have full control over it, change the branding, and get extra telemetry from it and the user data. It works really well for our customers.

I first started working with ISE at version 1.2, which was quite a few years ago. Over the years, the user interface has become a lot easier. The way the different parts of ISE come together and the connections between the different sections are a lot easier to follow. The interface gives you a much clearer picture of how the different policies and standards that you are building are brought together.

I don't see as many customers as I should adopting the onboarding feature. I think Cisco should make that process a lot easier and less intrusive on the end users' devices.

I've worked with Cisco solutions since 2007.

We offer the entire suite, with SecureX, Umbrella, and Cisco ISE being the main headlines. We work a lot in developing the orchestration and automation of new security systems in line with Cisco.

When it's time to generate a TAC case, it means that things have gone very wrong and that my colleagues and I have run out of ideas and are desperate. Cisco's technical support staff are very much aware of that and know that by the time an issue comes to them that all the obvious roots of troubleshooting have already been explored. It's great that they comprehend this and that they understand the urgency as well. 

I'm always thankful for their help and would rate technical support at ten out of ten.

Positive

A benefit to using Cisco ISE as far as deployments are concerned is the fact that because it's software-based, everything can be tested before deployment. You can then be confident that everything is going to work when it's deployed in the real world.

Our ROI is that once clients have a Cisco system installed, they tend to stick with Cisco. They'll upgrade to the latest Cisco product rather than looking at any other vendors.

In general, licensing can be quite complex with Cisco products. It would be nice if it was a bit more intuitive and had fewer "gotchas" in there.

I've worked with customers who have used Purple Portal, for example, for their guest wireless access. In comparison to using Cisco ISE, Purple Portal adds an extra layer of complexity on all their guest networks running through a third party. This means that the customer will not have as much visibility into their guest users or control over what their guests see when they join the Wi-Fi network.

With Cisco ISE and the way the policies are built, it gives you a lot of freedom. It covers a wide range of potential solutions. Because each bit can be built together modularly, you can build anything with it. Therefore, Cisco ISE applies to so many different applications.

On a scale from one to ten, I would rate Cisco ISE at eight because it is a complex product and requires more technical ability to deploy it, though it fits many more solution requirements.

Cisco is the main player in networking and security. Having that backing behind our company gives us credence. We're proud to sell the products and to recommend them. Cisco's portfolio is what I would sell by choice. It just makes my job a lot easier.

We utilize Cisco ISE for authentication by employing the AnyConnect Posture model to address vulnerabilities on the workstations. Additionally, we make use of TACACS.

It is a mature solution and it grows with our needs.

Cisco ISE has helped consolidate DNA Center.

Cisco ISE helps our cybersecurity resilience by enforcing security over the workstations.

The most valuable feature is AnyConnect Posture because it scans all the programs on the workstation and checks if the antivirus is up to date, as well as the cryptographic keys on our SSD. It also enforces data loss prevention on our workstation, which is usually the main vulnerability for network entry.

Cisco ISE has numerous features that are impractical, and I won't utilize them since they require payment.

I have been using Cisco ISE for around four years.

We encountered a few bugs that were resolved using the SMUs. However, when the solution is built properly, there are no performance issues.

We can scale Cisco ISE up using VMs.

The technical support is excellent, and we rely on their services frequently.

Positive

We previously used Cisco ACS but transitioned to Cisco ISE because it reached its end-of-life status, and we needed to progress.

We have observed a return on investment from the tasks performed by Cisco ISE for our organization.

Cisco ISE is not inexpensive, but the solution is well-built and worth the expense.

We evaluated Aruba ClearPass but ultimately chose Cisco ISE due to budgetary constraints. We were able to secure a favorable discount with Cisco.

I would rate Cisco ISE a nine out of ten. Despite the fact that the solution offers numerous features, it is challenging to use.

We do not rely solely on Cisco ISE to secure our infrastructure from end to end. Instead, we utilize various tools such as McAfee, DLP, and Endpoint Security. Additionally, we have the Domain client to check for any breaches. On our Internet edges, we perform SSL offload to enhance the performance of security projects like WAF and IPS, as well as conduct full packet scans. Furthermore, we have NGFW and NG Networks in place.

Cisco ISE is an important component in protecting our environment because it enforces security against the main point of vulnerability, which is accessing workstations. Ransomware infiltrates a network through workstations. The policies implemented are based on the posture model, ensuring that we use the necessary products on our network to mitigate such risks.

I was not involved in the initial setup, but testing the implementation of a new feature is always challenging. We need to allocate time to test it with the security team and the network team. Additionally, we need to create a separate environment to gain a better understanding of how we can improve the performance of the solution within our network. 

For organizations that do not have the funds to purchase Cisco ISE, there are good open-source solutions available. These include TACACS servers, OpenLDAP, and FreeRADIUS. However, Cisco ISE is an excellent tool for enhancing all the existing tools within an organization.

We use it for access control in our organization for network control and the guest portal of the guest users who access the wireless network.

Cisco ISE has improved our security. It's very important to us since we are a banking entity. Security is one of the most important aspects of our architecture.

The most valuable feature is the provisioning of the device so as to ensure that they are compliant with the security policy that we need to have.

I believe that Cisco can improve the way its policies are built because they're a little complex. If the operation teams do not have not a very good understanding of the solutions, they can break something because it's not so easy to view their policies through their eyes.

I have been using Cisco Identity Services Engine for six years.

Cisco's support team does a good job. Sometimes they take a long time to solve a problem, so it's difficult for us. But in general, it's a good solution with good tech support. I rate the technical support an eight out of ten.

Positive

We are using Juniper. We are also using Cisco, which is the main vendor. Before, a solution for web portal access was deployed by our internal team, and we moved it back to Cisco. We chose Cisco because, as a NAC solution, it made sense to us since it keeps things together in the last single tool.

The product's implementation was done by my team, along with handling virtual operations too. The setup is simple to do. However, the policies of the solution are a bit complex.

Regarding how the solution helps me secure my infrastructure from end to end, I would say that it is a good solution for us. We are also using all the features Cisco ISE has.

I don't believe it does save my IT staff any time because we need to build the policies and follow the configuration, then follow the user access.

After getting rid of other products, my company was able to save some money.

Regarding the solution's ability to consolidate tools and add to my security infrastructure, I would say that because Cisco ISE (Identity Services Engine) was able to get rid of those other products, it did help secure my infrastructure.

It did improve my company's cybersecurity resilience because we have deployed the solution as a high-availability solution. So if we lose one of the boxes, the other one, we all remain to stay in the job.

I would absolutely recommend the solution since it helped us a lot to improve our security and put some tools together in a single pane of glass to support and troubleshoot it. So it's easier to do that.

Regarding if the solution was able to integrate well with other solutions, I do not think we have any integrations at this moment, but I know that Cisco ISE (Identity Services Engine) has a lot of integrations.

I rate the overall solution a nine out of ten.

The company's use case for Cisco ISE is switch access. I'm from the high-performance compute side. I'm not the back office IT. I'm what they call GSIT. Their use cases are different but very similar.

On our side, Cisco ISE has improved cybersecurity resilience. The company uses it for global WAN and other things. We haven't had any issues.

For me, the TACACS feature is the most valuable. I have also used Cisco ISE with LDAP, not with Active Directory. That works for me because I prefer LDAP versus Active Directory.

The templates could be better. When you have to do certs, especially with X.500 certs, it isn't very intuitive.

I've been using Cisco ISE since 2011.

After I set it and forget it, upgrading Cisco ISE is the only thing to do.

I've never had a problem with Cisco. Cisco has always scaled well, so it's pretty good.

Initially, it wasn't good, but once I found the right TAC person, it was fine. I had to probably get level three or above, and then I had to get a software developer because the certs didn't initially work properly to give you a special code. I'd rate their support a nine out of ten.

Positive

I used OpenRADIUS before. That was open source. I switched because I'm the support for everything. It was easy to support with Cisco ISE.

Role-based access is easy to do with Cisco ISE versus OpenRADIUS. That's because OpenRADIUS is something you have to manage yourself. You have to manage the certs and other things. You have to define the roles yourself for special read access and for certain groups and multi-groups.

The only thing I didn't like at the beginning was that Cisco ISE was limited to how many groups you could use. That problem has been fixed. I haven't run into that problem.

The initial setup was complex. The main part was the certs, especially the X.500 certs with LDAP. Azure Directory is a little bit smoother, but I prefer LDAP.

It's deployed for internal switch access. It's purely for switch access and role-based access.

I deployed it myself.

We've seen an ROI.

I get very good pricing from Cisco, so I don't have a problem with that. I also don't have a problem with licensing because we get enterprise or global licensing.

It hasn't helped to free up our IT staff. Our IT staff is already very limited anyway. We've always worked smart and don't work where we don't have to work. For example, in 2019, we were more than 60. There are 14 of us now, and we still do the same amount of work. Cisco ISE hasn't contributed to less workload. We do it with automation. We have a lot of Linux, so we do automation on all of our stuff. 

Overall, I'd rate Cisco ISE an eight out of ten.

When it comes to ISE, the main challenge that we were trying to address is with our retail environments. We don't have control over the physical access to all the ports and we didn't really have any network access control.

ISE has, and will continue to allow us to secure our edge environment at the retail stores. It's also going to provide more security as we are rolling out more wireless access.

We're expanding our footprint to just outside of the retail environment. For example, we're implementing wireless service in our lumber yards. As we progress, we really need to be focused on securing that, and ISE is going to allow us to do that.

The main way that ISE is improving our organization is by acting as an added layer of security. It's a physical layer at the actual network jacks in our retail environments.

This is also true for our corporate office in conference rooms. We've now got the ability to allow those ports to be hot for a vendor to come in and plug in, and we're not having to rush and go make it hot for them. At the same time, we can still control what access they have without having to be hands-on all of the time.

The other thing with vendors is that in our stores, a lot of times we have some older technology from vendors that is not wireless. Until now, we haven't been able to push those devices onto a guest network. But now with ISE, we are able to dynamically assign those types of devices to a wired guest network.

The fact that Cisco ISE establishes trust, regardless of where requests come from, has helped us come to realize what was on our network. We thought we knew what was on our network, and we thought we had control over devices, but there's a lot out there that can't keep track of, day to day. For example, if a different department adds a computer that handles paint and we didn't know about it, suddenly it's on our network.

Now that we've got ISE, I feel like it's a big step in the right direction in terms of increasing the trust in our network. Not having to trust devices and being able to set those levels of trust and more finely control our network is a benefit.

ISE has really helped us in supporting our distributed network because we are geographically diverse with remote sites in Texas and five surrounding states. This means that we can't always be out there, hands-on.

With retail environments, we can't rely on our employees in the stores to be technically minded all the time. As such, it really helps us not to have to worry about that. We don't have to try and train people that aren't meant to be doing that kind of work, because their job is selling lumber. It's not always being there on top of the security of the network.

The most valuable feature for us with ISE is the network access control. It provides both security and visibility to what is on our network.

The control ISE gives us with those devices, whether they're company-owned or BYOD, anything on our network, we now have a little bit more visibility into and more control over how it performs and what access it has on our network.

When it comes to improvements with ISE, even though we've been using it, there's still a lot to learn because it's such a robust product. I think that Cisco could do something to counteract the stigma that ISE is cumbersome and hard to use.

There was a big pushback against us implementing this product because as VPs and executives start to talk, they want to talk about everything they've heard, and they had it in their minds that things are the way they are. To proceed with implementing ISE, we had to push against that.

The UI is not as intuitive as some other products, even products inside of Cisco's wheelhouse. To an extent, some of it feels like it's legacy and could be improved upon.

One thing with Cisco is that we haven't ever had issues with stability, and ISE lines right up with that. We're using the virtual appliance and we're using VMs. We haven't had any issues there, as long as you know the caveats that go along with their setup.

There have been no issues as far as performance or uptime.

Scalability with ISE goes back to the setup, and that initial planning phase. You have to identify your networks and your devices and what you want to do.

Once you get it set up, then scalability is not an issue. Definitely, the more complex your network, the more time you're going to spend on the pre-setup stage.

I really like Cisco's products. Sometimes, however, I have trouble with the support because you're getting someone that doesn't know your environment. This is something that's just going to happen.

Another frustrating point is that you sometimes get a person that doesn't realize that you might know what you're doing. You've already turned it off and back on, but they've got to walk you through those steps no matter what you tell them.

You feel like it's a battle to get to the point where you actually start to work on the solution. It's not the same with everyone but when we do have to work with Cisco, it's usually a bigger problem that necessitates engaging TAC.

At that point, it's hit or miss. Sometimes they're great and just click and get the problem fixed, whereas other times it's an uphill battle back and forth where you can't get on the same page.

I would rate the technical support a six and a half out of ten.

However, our account team from Cisco, who are the systems engineers that support us, I would rate about a nine. They are always there and are great to work with. 

Neutral

This is our first solution for network access control and that level of visibility.

For visibility, we do have CrowdStrike. That gives us visibility into our network, but it only acts on the agent and it uses an ARP request to discover devices that it didn't already know about. You can't really trust that, because if someone gets on maliciously, they're going to know enough to not just be blatantly, obviously there. You want to have a little bit more security in place when they first connect.

The deployment of ISE is definitely more complex than other things, but it's inherent because there's a lot of prep and planning to set up how you're going to handle certain types of devices.

You start realizing that you hadn't even thought of some things and accounted for other things. Definitely, it's a big exercise in prep work. It involves filling out questionnaires and keeping spreadsheets on everything on your network. That said, it was eye-opening and a good experience, but there's definitely quite a bit of work to set up ISE.

We're juggling a lot of things at one time, so it took six months to deploy. A lot of that was not dedicated to ISE, and we were still doing the other parts of our job throughout the process.

We received help setting it up from our reseller, who was Accudata, but they were recently purchased by Converge Technology Solutions. We've got a great relationship with them; they've always got great resources and great account teams.

If I were to comment on the return of investment on ISE, I don't really know where to begin because it was something we never did before. It was somewhere where we were lacking. We just didn't have the time or the manpower to do what ISE will do for us.

I'm sure someone out there can crunch the numbers and quantify the ROI on stopping an attack or a breach, but I don't have those numbers and thankfully, we haven't had one yet.

For us, we didn't have the manpower to do it right. Implementing ISE has saved us the need to invest in that manpower.

When it comes to licensing, I'm hoping Cisco is improving that because that's always been a pain point. I usually rely on our account team, which thankfully we have one, to help with the licensing.

Over the years, licensing has been confusing and complicated because there are so many different licenses for each different product and each different iteration of the product.

In terms of advice for anybody who is looking into Cisco ISE, I wouldn't suggest just jumping in and buying ISE. I'm not trying to talk badly about anything, but I would say, do your due diligence and understand your network and what's going to work for you.

Definitely understand that you're getting into a lot with ISE. There's a lot of capability, but I don't feel like just one person working on a hundred networks should be taking that on and trying to manage it themselves.

Overall, this is a good product but there's definitely room for improvement. Also, we're not using everything we could within the product.

I would rate this solution a seven out of ten. 

We use ISE primarily for RADIUS authentications on our wireless networks and VLAN segmentation for those users.

ISE makes things easier because we all work on one system and we all have the same views, so one person is not looking at a different system. We can all look at the same system and say, "Okay, go to this link." Also, you can integrate it with DNAC (Cisco DNA Center), which is something I am very into. It helps us troubleshoot from the client all the way down to the packet. DNAC can tell us, within ISE, when they're integrated, "This is the issue they're having," and we can report back.

It's great across a distributed network for securing access to all our apps and the network. We don't have to worry about which system is going through which access layer or which security system. We can just put everything into ISE. We don't have to separate the switches from the routers to the wireless. It's all just "one-stop, go." It used to be that our switches were in a separate system for authentication routers and the wireless was all on EAP. It was confusing. ISE consolidated all that.

For my use cases, the in-depth troubleshooting into why a client can't connect or why they failed, is very valuable. I can go back to someone and say, "Hey, it's not my network. It's their certificates or user error," or something else. For my coworkers the VLAN segmentation means a client got in, it dropped them into this VLAN, and that's where they belong. They can't get out. It makes things more efficient.

Also, the fact that ISE considers all resources to be external is very important. We use ISE in our retail environments for our payment sleds. We want our payment system to be secure. Zero Trust is our whole thing. It's great that everything is external to ISE and then everything has to go through the system.

The opinion of my coworkers, and it's mine as well, is that the user interface could use some tender loving care. It seems counterintuitive sometimes. If you go to the logs, it's hard to figure out which one you need to look at. My ISE admin probably has different ideas, but for us, that's the main complaint.

I've been using Cisco ISE (Identity Services Engine) for about 15 years.

Uptime is great. I don't have a complaint with ISE with uptime. It's been a rockstar. As far as I'm aware, we have probably had 95 percent uptime, or even 99 percent. Nothing is 100 percent. When there's an issue, it's usually not ISE.

Scalability is our issue: keeping up with the number of licenses we need for customers and clients. That's our main concern right now. Part of that is on us and part of that is on ISE.

For us, ISE is global between retail stores, warehouses, and world headquarters. Our entire wireless network of over 30,000 devices uses it. In North America alone, we have 13,000 access points and usually around 60,000 clients.

We've had some issues with support. We usually just get our account manager involved and they get the BU online.

It depends on the role of the dice and your TAC engineer and how well they understand the issue. We've had numerous cases where we decided to say, "Okay, escalate."

Neutral

We had ClearPass but we found some difficulties with it and those were things that ISE was better at, such as EAP authentication. We had some issues with how ClearPass interacted with the Cisco wireless environment. The merging of the two technologies was hard.

We have jumped around. We were Juniper, Aruba, and then a Cisco corporate environment, and then a mixed environment. We finally consolidated those between retail, warehouses, and our world headquarters, into a unified Cisco environment with ISE as our RADIUS backbone. ISE gave us what we needed to unify all of them. We finally shut down our last ClearPass server a couple of years ago.

Being fully honest, the Cisco licensing model right now is really confusing. We don't know what licenses we have where. We have Smart licensing, but the different levels are way confusing.

There are different levels for different accesses. We have an enterprise license agreement with Cisco, but all the details of what we have with those licenses get confused in the massive amount of licenses we have, or in the different license levels we have for different geos, et cetera. The Smart license portal is there, but right now, we just don't have the time or manpower to put into that.

I give it an eight out of 10 mostly because when you get in to start configuring the details, it's hard to find some stuff. Otherwise, it's a great platform.