Cisco ISE (Identity Services Engine) Reviews

We use this solution for both wired and wireless network access control. We have deployed it in a bank, government offices, and some universities.

I have found that all of the features are valuable.

It is very easy to deploy because we are able to port users directly from Active Directory (AD) and LDAP.

In an upcoming release, the solution needs to be more agentless and more independent. Additionally, there could be improved integration with other next-generation solutions, such as Palo Alto, Fortinet, or Check Point.

I have been using this solution for approximately nine years.

The solution takes a while to get up and running before it becomes stable. There is a lot of fine-tuning that needs to be done to make sure that users are authenticated properly and not denied access. I have had the experience of redeploying the ISE several times because of false denial of services or access to services but once it is configured correctly the stability is fine.

I have found this solution is scalable, especially the latest versions. The older versions, have to have some additions in order to make them scalable. However, I think they have resolved this issue.

We have had customers of all business sizes using this solution, from small to enterprise companies.

The community support is satisfactory, it is very easy to get support. You can find any documentation and support within the community. 

The deployment takes a long time. Additionally, if you want to integrate the solution with AD and LDAP you will need someone that is very experienced. It is a good feature to have but it is complex to integrate.

We have had experience deploying this solution to small, medium, and enterprise size companies.

This solution requires an annual license and it is a bit expensive than competitors.

I rate Cisco ISE (Identity Services Engine) an eight out of ten.

This solution ties into our Cisco Duo and Cisco AnyConnect connections to help us authenticate against the active directory and Cisco Duo multifactor authentication. It takes metrics about the connections that are connecting it and allows us to set up a rule against them. For instance, if a Windows device is not all the way up to date, we can put a message up that says, "Before you're able to connect, please do your Windows updates as they haven't been done in six months."

As this solution allows AnyConnect to authenticate with the active directory in the backend, the users won't directly use it. Still, it will be in use throughout the login process into Cisco AnyConnect as a source of authentication.

With this solution, we don't require anyone for maintenance.

The ability to integrate our Cisco AnyConnect connections to the active directory has been great. Also, as a source of authentication during the process of logging into Cisco AnyConnect has been very useful for us. 

It perfectly does everything we have been looking for it to do. I have not discovered any feature sets or items that are lacking. It's a much more functional product than the old Cisco ACS that it replaced. 

That being said, during deployment, they shipped us the Cisco ISE with the 3.1 operating system, which was incompatible with the license that we had purchased, which would only allow us to go up to version 2.9. Because of this, we actually had to do a factory reset and a reload to the operating system — to an older version of the operating system. This required a very extensive process. We had to take out the Cisco ISE and put it into a factory reset mode to get it to roll back to the old operating system. If we were doing an upgrade, this would have been very simple, but as we were doing a downgrade, it was extremely complex and very labor-intensive. I was crawling through the server room, through wires, to plug things in, to get it to connect in the way that it needed to be connected with an external device in order to actually get it to roll back.

I don't like that the licensing structure doesn't allow us to have the 3.1 operating system — it forces us to use version 2.9. If you don't want to pay a monthly or a yearly subscription fee, either that device should have come automatically with the 2.9 version operating system, or it should have been much easier to actually roll it back. Additionally, support should have realized that our license requires us to have the 2.9 operating system instead of the 3.1 operating system, which would have saved us a lot of time. 

It would be nice if it could be configured easily by default. If you're configuring a Cisco device, you pretty much need the support of a CCNA-level technician to be able to do it. It would be nice if there was a default or a more simple way to do it. It's not really a requirement to use the device because you can purchase the premium support or you could get a CCNA in-house to do it. Just having that ability to say, "Hey, we want to set this up" without too many complications or without having to bring in support would be nice. 

We've only been using this solution for the past three months. 

The scalability reports that we could easily handle a million users. 

I have been extensively involved with their technical support; their technical support is very good. They're more than willing to just jump on and do things for you. My only complaint is that at one point, we were trying to configure our single channel for Cisco Duo to be able to perform a password reset. Whenever we needed to look closely at another device, the support technician would say, "Hold on, let me bring in my expert on VPN; hold on, let me bring in my expert on Cisco ASA." We basically had to wait until we were able to get the Cisco Duo support agent, the Cisco ASA support agent, the Cisco VPN support agent, and the Cisco ISE support agent — all in the WebEx meeting at the same time.

As far as I'm to understand, there are CCNAs that should have been able to do it, but they brought in the experts from each item instead of just directly doing it themselves — this made the whole process take longer. Still, they were able to do everything in a way that did not affect our live environment, even though it was on the same device. That was actually very nice because it meant that we could do it in the middle of the day instead of having to do things in the middle of the night.

The initial setup was very simple. Everything was set up within an hour thanks to assistance from the onboarding teams from Duo and Cisco, and our network administrator. They got it set up and reviewed a bunch of options with us. It was a very easy and nice process.

Implementation was achieved with in-house resources and premium onboarding support. The entire process only took an hour.

We are running version 2.9 because version 2.9 of the ISE has a persistent license —it's a one-time payment. The latest version (3.1) is only available if you do a yearly subscription.

It's a licensed physical device; there is no subscription. If you want the latest operating system, then you'll need to get an annual license.

If you're planning on using this solution, my advice is to be sure you review the full feature set available and select what is important to your users. This way you'll be able to ensure that you'll have everything you want and need.

Overall, on a scale from one to ten, I would definitely give this solution a rating of nine. 

Our use cases are based around dot1x. Basically wired and wireless authentication, authorization, and accounting. 

In terms of administration, only our networking team uses this solution. Probably five to ten administrators manage the whole product. Their role pretty much is to make sure that we configure the use cases that we use ISE for — pretty much for authenticating users to the wired and wireless networks. We might have certain other advanced use cases depending on certain other business requirements, but their job is pretty much to make sure all the use cases work. If there are issues, if users are complaining, they log into ISE to troubleshoot those issues and have a look at the logs. They basically expand ISE to the rest of the network. There is ongoing activity there as well. The usage is administrative in nature, making sure the configurations are okay, deploying new use cases, and troubleshooting issues.

This solution has definitely improved the way our organization functions.

In terms of features, I think they've done a lot of improvement on the graphical user interface — it looks really good right now. ISE is always very complicated to deploy because it's GUI-based. So they came up with this feature called work centers, that kind of streamlines that process. That's a good feature in the product right now.

An issue with the product is it tends to have a lot of bugs whenever they release a new release.

We've always found ourselves battling out one bug or another. I think, overall they need to form a quality assurance standpoint. ISE has always had this issue with bugs. Even if you go to a Cisco website and you type all the bug releases for ISE, you'll find a lot of bugs. Because the product is kind of intrusive, right? It's in the network. Whenever you have a bug, if something doesn't work, that always creates a lot of noise. I would say that the biggest issue we're having is with all the product bugs.

Also, the graphical user interface is very heavy. By heavy, I mean it's quite fancy. It's equipped with a lot of features and animations that sometimes slow down the user interface.

It's a technical product — I don't think a lot of engineers really need fancy GUIs. We pretty much look for functionality, but I think Cisco, for some reason, is putting an emphasis on its GUIs looking better. We always look for functionality over fancy features.

We've had issues with different browsers, and sometimes it's really slow. From a functionality standpoint, we would rather the GUI was light and faster to navigate.

ISE has a very good logging capability but because their GUI is so slow, we feel it's not as flexible or user-friendly as we would like it to be, especially when it comes to monitoring and logging. At the end of the day, we're implementing ISE for security. And that means visibility.

Of course, you can export the data into other products to get that visibility, but we would like to have a better type of monitoring, maybe better dashboards, and better analytics capabilities within the product.

Analytics is one thing that's really lacking. Even if you're to extract a report, it just takes a lot of time. So, again, that comes down to product design, but that's definitely an area for improvement. I think it does the job well, but they can definitely improve on the monitoring and analytics side.

I have been using this solution since they released the first version over ten years ago.

Scalability is pretty good, provided that you design it properly from the get-go. There are design limitations, depending on the platforms, especially the hardware platforms that you select. On the scalability front, it's not a product that can be virtualized very well — that's an issue. Because in the world of virtualization, customers are always looking for products that they can put in their virtual environments. But ISE is not a truly virtualized product, as in it doesn't do a lot of resource sharing.

As a result, it's not truly virtualized. Although they do have the VM offering, it's not virtualization in the proper sense of the word. That's one limitation of the product. It's very resource-intensive. As a result, you always end up purchasing additional hardware, actual ISE physical servers. Whereas, we would like to have it deployed in virtual machines if it was better designed. I think when it comes to resource utilization, it probably isn't optimized very well. Ideally, we would like to have a better-virtualized platform.

Tech support tends to be pretty good for ISE. We do use it extensively because of all of the bugs we encounter. 

Mostly it's at the beginning of setting the whole environment up. Typically, once it's set up properly, it tends to work. But it's just that the product itself integrates with a lot of other products in the network. It integrates with your switches, with your APs, etc. So, it's a part of an ecosystem. What happens is, if those products experience bugs, then it kind of affects the overall ISE solution as well — that is a bit of a dependency. The ISE use cases are dependent on your network access devices, but that's just the nature of it. The only issue with support is you might have to open a ticket with the ISE team, but if you're looking at issues in your wireless network or switches, you might have to open another ticket with their tech team for switches. 

For customers using Cisco, end-to-end, they should improve the integration and providing a seamless experience to the customer. But right now, they have to refer to other experts. They come in the call, but the whole process just takes some time.

That's an area that they can improve on. But typically, I would say that the support has been good. We've been able to resolve issues. They are responsive. They've been good.

Overall, I would give the support a rating of eight.

The setup is not straightforward. It's complex. You need to have a high level of expertise.

It's an expensive solution when compared to other vendors. It's definitely more expensive than ClearPass. It's expensive, but the issue, again, comes down to scalability. Because you can't virtualize the product, there's a lot of investment when it comes to your hardware resources. Your CapEx is one of the biggest issues here. That's something Cisco needs to improve because organizations are looking at reducing their hardware footprint. It's unfortunate that ISE is such a resource-intensive application to begin with. As it's not a properly virtualized application, you need to rely on physical hardware to get the best performance.

The CapEx cost is high. When it comes to operational expenditure, it all depends on the features you're using. They have their tiers, and it all depends on the features you're using. The basic tier, which is where most of the functionality is, is relatively quite cheap. But if you're using some advanced use cases, you need to go to their higher tiers. So, I'm not too worried about operations costs. You need to buy support for the hardware: you need space, power, and cooling for the hardware-side. All of that adds up. So, that all comes down to the product design and they need to make sure it's properly scalable and it's truly virtualized going forward.

We've evaluated other products, for example, Aruba ClearPass. There's another product, Forescout, but the use case is a bit different.

When it comes to dot1x authentication, I think it's ISE and Aruba ClearPass. Forescout also comes into the next space, but the use case is a bit different.

We prefer ISE because, I think if you're using Cisco devices, it really kind of integrates your ecosystem — that's why we prefer ISE. When it comes to NAC or dot1x products, from a feature standpoint, ISE has had that development now for 10 to 11 years. So, we've seen the product mature over time. And right now it's a pretty stable and functional product. It has a lot of features as well. So, I think the decision is mainly kind of driven by the fact that the rest of the ecosystem is Cisco as well. From a uniform figure standpoint, the other product is probably the industry leader at this point in time for network admission control.

The main advice would be in terms of upfront design — this is where a lot of people get it very wrong. Depending on the platforms you choose, there are restrictions and limitations on how many users. We've got various nodes, so how many nodes you can implement, etc. Also, latency considerations must be taken into account; especially if you're deploying it across geographically dispersed regions. The main advice would be to get the design right. Because given that directly interferes with the network, if you don't get your design right it could be disruptive to the network. Once you've got the proper design in place and that translates into a bit of material, the implementation, you can always figure it out. Getting it right, upfront, is the most important thing.

Overall, I would give ISE a rating of eight out of ten. I don't want to give it a 10 out of 10 because of all the design issues. There is definitely room for improvement, but overall out there in the market, I think it's one of the best products. It has a good ecosystem. It integrates well with Cisco devices, but it also integrates with third-party solutions if you have to do that. It's based on open standards, and we've seen the ecosystem grow over the years. So, they're doing a good job in terms of growing the ecosystem and making sure ISE can work with other products, but there's definitely room for improvement on the product design itself — on monitoring, on analytics. 

The way we can trust this solution is the most valuable. We have no issue with this product. It is a competitive product. You need to have a very good and deep knowledge of the product to take the full benefits of all the features, but it is a good product.

It is too complex. It should be easy to use. We are not such a big team. We only have three engineers to work with this, and we don't use all of the functionality of the product. Its range of functionality is too wide for us, and this is the reason why we are thinking of switching to a more simple product. We have shortlisted a Microsoft solution. We have a big footprint for Microsoft products, especially in security. As a global strategy, we try to leverage to the maximum what is possible around Microsoft.

This product was installed before I joined this company. It would be six years or something like that. We are probably two versions behind the latest one.

It is stable.

Their technical support is good. Cisco support is good.

I was not there, but I think the company had a services company that helped them in implementing it. It was easy because we only had to give them the requirements and their engineers did it for us. After they finished their mission, we started to deal with this solution, but it is too complex for a company of our size.

Its price is probably good if you use all of its features and functionalities to protect your environment. If you use only a part of the functionality, its price is too high. It is just a question of value and the functionality you use.

I would advise others to make sure that you have the knowledge of this solution to get the full benefits of all the features, and you are able to use it on a daily basis.

I would rate Cisco ISE a six out of ten. Its functionality is too wide for our company. 

The primary use case is to have network access control and automation to integrate with the enterprise network. It also helps provide a method to make segmentations between users and enable access control.

Cisco ISE has provided more mobility for the organization while controlling access no matter how the users connect to the network.

I like the guest access feature, which has been important for us. The BYOD feature is also good. 

Segmentation can be improved. They can also improve security policies for each group of users, and automation can also be better. The software interface could be better. They should make it easier for users to find features.

I have been working with Cisco ISE for more than three years, but in general, I have more than 20 years of experience working with Cisco.

Cisco ISE is a stable solution.

Cisco ISE is very scalable.

Cisco technical support is very good.

The initial setup is complex, and you can't easily find the features you want.

If we're talking about a medium enterprise and there is a greenfield, it can take between one or two weeks.

I think the price is okay.

I advise new users to go through the admin guides for implementation and follow the script very carefully.

On a scale from one to ten, I would give Cisco ISE an eight.

We use ISE for security group tagging in terms of guests and visitors who access the network to make sure that they actually go through this to control their privilege access to ensure they don't actually access the internal network, etc. 

Our clients use ISE as a form of security policy management so that users and devices between the wired, wireless, and VPN connections to the corporate network, can be managed accordingly.

Take a house for example. Sometimes you need to access a room via a certain keyhole, so you use a key that is unique to that door. With ISE, you can segment this process in terms of policy management based on the security tag. You actually grant the user access based on the tagging.

That's the IT trend — saving a lot on operating costs to manage the different users and access methods.

Within our company, we have roughly 200 employees using this solution.

My clients are always talking about the segregation capabilities. Segmentation refers to how you can actually segregate employee and non-employee client access. 

They have recently made a lot of improvements. My clients don't have much to complain about — it's a one-stop-shop.

It should be virtualized because many people have begun migrating to the cloud. They should offer a hybrid version. 

It's stable but there's a limitation of up to 200,000 users. If you have a big number of users, then you have to customize the installation process. 

It's only scalable up to 20,000 users. 

I would say Cisco's support has been getting worse. I think they outsource a lot of skillsets.

The initial setup is pretty straightforward. They actually provide a lot of help to IT administrators which makes setting it up rather easy.

The whole setup takes about three days because you need to basically configure the network, test the configuration, and then you need to cut over to production. 

Our customers definitely see a return on their investment with this solution.

I think licensing costs roughly $2,000 a year. ISE is more expensive than Network Access Control.

If you wish to use ISE, you must have a deep understanding of IT. If you don't, setting it up properly will be very complex.

Overall, on a scale from one to ten, I would give this solution a rating of nine.

We primarily use the solution for user authentication and wireless segmentation of users for actual radius purposes.

The actual radius is the most valuable aspect of the solution. We need to have a centric solution either on MarTech X and for the wireless user authentication. We were mainly on Cisco and we continue to use them. However, this is the time period for a refresh as the five-year lifespan is completed. We may look for other options.

Technical support is okay.

The solution is not so user-friendly. It's very difficult to navigate through different manuals. The documentation should be simplified so that it is easier to understand.

It would take time for a beginner to understand and familiarize themselves with the solution. There's a bit of a learning curve.

Cisco ISE is not very stable. They could work on that aspect. 

We'd like the pricing to be better.

The product is not easily scalable.

Currently, if you want to do something with authentication, you need to have an additional document agent, however, these are short on all Microsoft endpoints. We then need to come up with some alternate options so that I don't have to modify any native applications on it. By default, Windows should be able to support and onboard the devices. Right now I need to have a Cisco AnyConnect as an agent to be deployed for authentication.

I've been using the solution for over five years at this point. It's been a while.

The stability of the solution needs to be improved. It's not ideal. It's lacking overall. If we have five or six items activated, the box shakes and we're scared to touch anything. When we do have to reconfigure things, it's a nightmare as it can go down and it can take us a day or two to sort things out.

In terms of scalability, it needs to be reactivated, which means that I need to add more nodes. It's got its own design limitations. We had only a two-node deployment in it. We need to add more hardware and we need to reduce so many things. It's not an easy option to scale this hardware. Scaling, in general, is very difficult.

We have roughly 9,000 users on this product currently.

Technical support is fine. However, we may need to depend on support to resolve some of our many issues. We need to spend an enormous amount of time with them and to explain so much stuff. It would be easier if we could troubleshoot the issue ourselves or if the solution was more reliable.

I don't know about other alternative products. I don't have any experience with other alternative products. I've only ever used Cisco ISE.

The solution's initial setup can be a bit complex as there are so many features that are available. It all depends, however, upon which one you want to activate. In our case, we have five or six activated and the box always shakes. It's not stable. So my colleagues are always afraid to touch the box. If it is working well and good, you don't touch it, and we don't reconfigure it. In cases where we encounter any issues, it's a nightmare and we need to spend a minimum of twenty-four to forty-eight hours to recover everything.

We pay a fee based on a subscription model.

The pricing could always be better.

I've been looking at evaluating Aruba's Clearpass as a potential replacement option for this solution. I haven't gotten too far into my research, however. I'm looking for a solution that's scalable and easy to use.

My advice to Cisco would be to simplify as much as possible so that a normal IT guy can understand the CCD and set it up. If they can simplify the manuals, navigation, and documentation, it would be nice. It will always be difficult for a beginner, however, to, rearrange or design the network.

I would rate the solution five out of ten.

Mainly the use case of the solution is for ensuring that the corporate staff gets access to their authorized systems. 

Another use case is for contractors to get access to the authorized systems. Those are the ones that hope to assist in the maintenance or for authorized admissions to the network.

We do also use it for remote access, for example, VPN's and also for wired and wireless access to the network.

The posturing is the solution's most important aspect. When a user connects his or her machine to the network, the first is for ISE to check whether that machine is authorized, check that that machine is compliant with respect to antiviruses, whether it complies with respect to Windows updates, et cetera. If not, a feature is on auto-remediation, so that the proper antivirus and Windows updates can be pushed to the machine.

At the moment, ISE seems to integrate very well with a number of other technologies. It integrates well with Microsoft and integrates well with other wireless systems.

In terms of the improvements I need, they've already, according to my research, done those improvements with their new versions. The features have already improved on their newer version, and that's why we need to update to that new version.

What is required is that Cisco needs to be doing health checks and following up with the customer to ensure that their Cisco partners have done the deployment right. That's something that has really helped us.

Whenever a partner comes and does any deployment, we would, later on, engage Cisco for a health check, so that Cisco could assist with their products. They would check whether it has been deployed following the best practices - or they would just alert us on which features that we have paid for and we are not taking advantage of that. 

Cisco needs to continue with that health check. That engagement with their customers to reconfirm everything is like a quality assurance that the Cisco partners have given the right stuff to their customers.

This product doesn't work in isolation. For example, when we talk of posturing the Microsoft updates, the system that does automatic updates for Microsoft needs to work in an ideal fashion. The antivirus needs to work. OF course, the antivirus is not Cisco. Those products need to work as they should so that integration of the ISE product will work as well. When all factors are held constant, Cisco works well. 

We have been using the solution for six years now.

We have been using it, especially during alternative working arrangements (due to the COVID-19). Using it, it's been stable. We have not had any issues. The only reason we are looking to upgrade is we didn't know the benefits that the newer version offered. When we checked with Cisco, they advised us that we were missing a few items that actually gaps caused by the partner's setup which we realized we missed during the health check.

We haven't had bugs or glitches. It doesn't crash or freeze. It's good.

Everyone in our company is using Cisco. In terms of users, we have about 1,500, however, in terms of endpoints we have, that would be closer to about 3,000 to 4,000 endpoints, including wireless gadgets, switches, laptops, phones, and all that. We use it on a daily basis.

Scalability probably might be an issue. Before we bought ISE, we did sizing for each. We looked at the number of users in the organization, 1,500,  and then we used a factor to look at the uppermost band. We decided we would have to go for 4,000 licenses or 4,500 licenses. We multiplied by three. Based on that, we went for a certain hardware model.

This time, the hardware model we are going for supports up to or has the capability to support up to 10,000 users or endpoints. When we go for that, we will have used even less than 50% of what their hardware is capable of. Above 10,000, there's another hardware model that we're generally expected to go for. 

Basically, when you get the right model, when you do the right scaling, it will be very scalable. However, from the onset, you need to write hardware for USI.

The solution is more meant for enterprise-level organizations. It's not really for small companies, however, that has more to do with the pricing.

We're dealt with technical support in the past. Their support is excellent, except for Umbrella. There is a technology called Cisco Umbrella, and they're a bit slow, however, the technical support in general, depending on the severity of the issue, is very prompt. I would say we are quite satisfied with their level of service.

I've only ever used Cisco. I used to use NAC, however, they changed to ISE. I've never used any other product.

We had a partner set up the solution, and we're not sure if they set it up correctly. The partners come straight to us, and do the deployment. Cisco only is there to be the third eye to come and check that the deployment has been done okay.

You have to make sure that other items connected to ISE are correctly implemented and updated as well (such as the antivirus), otherwise, it won't work as you need it to. There's a lot of configuration that needs to be done at the outset.

I'm not sure how long the deployment takes, as I wasn't at the company when it was set up. However, it's my understanding that it shouldn't take too long so long as everything surrounding it is correctly aligned.

Any maintenance that needs to be done is handled by a third party. That includes patching, et cetera. We have an SLA with a Cisco recognized partner.

We worked with a partner that assisted with the setup.

Afterward, Cisco will also come in to do a "health check" to make sure the setup is correct and they can direct users to features they should use or are not using.

Cisco does not sell directly. They have authorized partners you need to buy through.

I don't deal directly with the licensing and therefore do not have any idea what the pricing of the product is. It's not part of my responsibilities.

It is my understanding, however, that it would be expensive for smaller organizations. Startups may not be able to afford these products.

We don't really worry about pricing, as cheap might be expensive in the long run if you don't get a product that is right for your organization, or is more likely to break down over time.

We are in the process of doing a refresh and I have compared other technologies to see how they stack up. I've looked at Fortinet, for example.

I wouldn't say we are switching from Cisco. What we are doing is we were exploring other technologies that offer similar functions. Sometimes it's good to look outside as you might think you have the best and yet you don't. We are just looking for other solutions to get to know what they offer. If we feel that there is something unique that is on offer somewhere else, then we would want to check that in Cisco and see, where is this offered in Cisco's product? 

We haven't concluded that we are switching. In any case, from what I have seen so far, it is likely we won't switch. 

We're just a customer. We buy their products for our security and our connectivity.

We're not using the latest version. We're actually using a few versions. We have ISE, which is version 2.3. We're supposed to up to version 2.7, and that requires a refresh of the hardware.

That's why we are saying, "Should we try to look for a different solution?" That's why I have been looking for comparisons. We haven't dedicated a lot of time to that yet. From my assessments so far, however, ISE still wins the show and it's likely that the partner that was doing the deployment originally on behalf of Cisco probably missed out on a number of things. It's really about the engineers who are doing the deployment. You need to make sure you have some good ones.

I would recommend this solution to others, especially mature organizations as the smaller organizations may not be able to afford this. 

On a scale from one to ten, I would rate the product at an eight

We are a solution provider and we provide Cisco products, including ISE, to our customers.

This product is used to facilitate the connection of a local network to wireless access. This allows us to restrict users and their access.

This product allows them to see the traffic that is going through the network.

It is stable and easy to use.

The user interface can be improved.

I have been using Cisco ISE for approximately three years.

Cisco ISE is stable.

This is a scalable solution. There are more than 500 users in my client's organization.

The technical support from Cisco is very good

ISE is very easy to configure, although it takes time because we have to take input from the customer. It will take about two days to implement and deploy.

We have a consultant to assist with deployment. A team of four engineers is required for deployment and maintenance.

The price is okay.

As of now, this product is working fine.

I would rate this solution a ten out of ten.

The company implemented the solution to keep track of wired and wireless devices.

One of the most important features is the authentication security for the individual connection to the network through their computer or laptop. The solution is very complete overall.

There should be better documentation on the implementation of the solution. I learned how to implement it from watching videos. I felt the documentation was too complicated and I also learn better from watching videos.

In my experience, there needs to be better documentation for firewall integration as well, we had some trouble early on.

I have been using the solution over the last year.

A co-worker of mine had some issues with the solution crashing unexpectantly or some processes went down. 

We are using the solution with around 200 people and we had no problems with scalability. Most of our clients are small businesses.

The customer server was great but it would have been better for me if they had support in other languages such as Spanish. It was difficult for me to communicate in English.

The setup was easy for this solution.

We implemented the solution.

There are other cheaper options available.

We did evaluate Aruba ClearPass before the client picked Cisco ISE. I had suggested ClearPass because it was cheaper but the client decided to go with Cisco regardless.

Our clients and my company plan to continue the use of the solution in the future.

I rate Cisco ISE (Identity Services Engine) a ten out of ten.

One of the use cases was the certificate-based authentication for the endpoints. All the laptops and mobiles are embedded with certificates and once they get authenticated, then only they would be able to connect to the LAN. 

The other use case was the NAC use case wherein the integrity of the laptops and mobile and such were checked before the scan. They fulfill the policy requirements and then they are able to connect to the network.

The third use case was the consolidated access control management for all the network devices and security devices. 

It's flexible and stable. It's been good as a standard environment to run.

It was implemented in my last organization and we used it for three years. We are evaluating and will be implementing it in a couple of months at my current organization. 

It is stable and scalable. We have 5,000 to 6,000 users. 

Technical support is good because the partner is quite competent so we have all the support that is required.

The initial setup was a little bit complex. It's not that simple because it requires a lot of prerequisites for the solution to get a hold on. So the prerequisites and then onboarding all this like the landscape of endpoints was quite tedious. That was no surprise, because this is something which would be with other products as well. It took a long time for the implementation, but it's been rock stable now.

The deployment took six to seven months. 

We had consultants and we had a partner for the deployment. The system integrator was involved with the roll out.

The management part is much smoother. It takes care of all the costs across branded devices as well, so that it is a single panel we can manage all the end-to-end entry devices as well. That's something would be really good for Cisco ISE product.

I would recommend Cisco ISE. I would rate it an eight out of ten. I would like it to be more stable. 

The interconnection with the ecosystem and the ability to force rules all over the network are the most important features.

It is a good product, but in order to use all of the functions of the product, you must have a good understanding of the product. You must know how to use and manage it. It is a little bit complicated to configure and manage. It must be simplified to make it easy to manage for end users. In the initial stage, we found ISE complicated for end users. It was not easy to manage it or to write authentication and authorization protocol. They must improve its management and make it easy for end users. 

The monitoring and reporting capabilities can be improved because end users want to quickly see what is happening in their network. There were some restrictions in working with other vendors. It should also have a better and easy integration with other vendors. 

I have been using this solution for five or six years.

It is a stable product.

It is scalable.

It has good technical support. We also have local support now, which is better. There is no problem with their technical support. 

People who are experts should deploy such products. In order to preserve the reputation, a product must be set up with the help of a talented or expert person because when you set up, deploy, or install the product in a wrong way, it gives negative feedback to customers.

The price can be lower, especially for subscriptions. It should be a lot cheaper to have a wide range of customers. The price should be comparable to competitive products like Forescout or Fortinet FortiNAC. Forescout is cheaper for customers looking for a cloud solution.

I would rate Cisco ISE an eight out of ten.

We are a system integrator and Cisco ISE is one of the products that we sell and implement at our customers side. I have built ISE's POC and provided training to our customers.

I also used real rent lab which was including; Active Directory integration, network access and core switches, access points, wireless access controller, and end points. (some end points have cisco client - anyconnect, and have not), and Web Server for creating wireless authentication portal solution end to end

The AAA features were awesome and have important attributes, and also the security groups (SGTs) concept to enforce policies for each group of users, regardless they coming via wired or wireless network devices. also i see the guest authentication is very rich and easy tom implement 

Cisco ISE offer one central point to create different policies for different group of users and enforce policies to each entity regardless it connected to network through wired or wireless network devices. it provide in this way more mobility and wireless-wired converged network. Also it integrates very well with network devices to control ports configurations services authentication and authorization. ISE also integrate with DNA center and stealthwatch to enable customer have SDN (Software defined Network) Fabric. 

Combines authentication,authorization,accounting(AAA),posture,and profilerinto one appliance

Provides for comprehensive guest access management for Cisco ISE administrators.

Enforces endpoint compliance by providing comprehensive client provisioning measures and assessing the device posture for all endpoints that access the network,including 802.1X Environments

EmploysadvancedenforcementcapabilitiesincludingTrustsecthroughthe use of SecurityGroup Tags(SGTs) and Security Group Access Control Lists (SGACLs)• Supports scalability to support a number of deployment scenarios from small office to large enterprise environments

The ISE software needs to be improved  in role to be easier to administer. SOftware enhancement required to have easier way to find the featured required to implement and also need enhancement of features sorting. Completing processes can be complex when try to implement some solutions. also steps are complex and the troubleshooting as well. As an example, if you intend to make AAA policy and enforce it on a group of users, you will find the software very confusing................................

I have been using Cisco ISE for three months.

We did not use another similar solution prior to this one.

The initial setup was fine.

The price for Cisco ISE is high.

We did not evaluate other options before adopting this solution.

To be clear, I'm not an expert in networking, so I'm pretty much like a user.

I really like the guest WiFi. Those kinds of features are pretty convenient. When I have a guest in the form of a third party, I can grant access to the guest for a certain period of time and have a dynamic password generated. It's great.

The user experience of the solution is great. It's a very transparent system.

As I treat the system basically as a user would, and am not overly technical, I can't say what features, if any, the solution is missing.

I'm working from China currently and the only real issue is that, within the country, there's some concern around Cisco and its ability to offer the solution for the long term. As the United States has banned the Huawei version in their country, we feel there may be retaliation in ours and Cisco will get banned as a countermeasure from the government. The future of Cisco in China is in question. Our local partners are worried about the situation.

To be perfectly frank, I'm unsure of the exact amount of time we've used the solution. It's been a number of years. I've basically lost count.

The stability, from a users' perspective, is very good. I haven't encountered any issues before, and we've used it for quite a long time. It doesn't freeze. It doesn't crash. There aren't bugs or glitches. It's pretty reliable overall.

I'm not sure how many users are on the solution ultimately. Our reach is pretty global. I'm not with the network team, so I can't speak to the ability for the solution to scale.

As I'm not a member of the network team, I've never had to reach out to technical support. I don't know if they do or how often or how Cisco's technical support ultimately is. I've never dealt with them directly. I can't speak to the quality of their service.

I'm not a member of the network team, so I didn't participate in the implementation process. I can't speak to how straightforward or complex it was.

We're just a customer. We're in the manufacturing industry, not IT. We don't have a business relationship with IBM.

We try to keep up with the latest upgrades, therefore, I believe we are using the latest version of the solution.

From a non-technical user-based standpoint, I'd rate the solution ten out of ten. 

I'd recommend it, however, there is this ongoing concern in China at this time that Cisco could get banned in the ongoing trade war with the United States. That should be a concern for companies here. That may not be so much of a concern abroad.

The .1x authentication schema is the most valuable aspect of the solution. It makes it possible to have multiple policies and it can still adapt to us. We can authenticate and calculate our trajectory and so on. The policy is very easy to put in place. It's got to be easy due to the fact that we have more than 200,000 devices.

The implementation is very simple.

The web interface needs improvement. The new web interface that they have is not as easy to manage and we find it to be very slow.

The solution might require two authentications. They should make a new authentication to authenticate both the device and the users. Right now, we are authenticating the PC, the workstation, but not as a user. A good addition would be to authenticate the user separately to get more information.

I've been using the solution for five years.

The solution is stable. I haven't witnessed bugs or glitches. It doesn't freeze or crash. It's reliable.

The solution is quite scalable.

We started with two clients and we've since scaled up to 20 clients.

Cisco ISE was the first full solution we've used.

The initial setup wasn't complex for us. We found the process of implementing the solution very straightforward.

For our organization, in terms of deployment, the first implementation took one month, and for the global implementation took six months.

For maintenance, a company needs one or two people to handle it, one of which should be full-time.

The pricing is okay. It's reasonable for functionality, however, if you're going to implement it as a full-stack with Cisco Connect, and a work station, and so on, it's very high.

I'd advise other companies to really take care in regards to the network devices that they want to authenticate. 

For most of the cases, the biggest rooms are the easiest to manage, however, the smallest ones require specific implementation in all devices. It is very tricky due to the fact that you are obliged to put in place the rules that are not so secure and that's why it's very important to know what devices are connected on the network.

I'd rate the solution eight out of ten.

We have two servers and they're both VMs. Every network system is issued a certificate and each device coming onto the network has to be on the domain with an active AD user logging into it. It needs an up-to-date AMP, which is our Cisco malware and virus scan product and it also needs to have the most current Microsoft security updates and the three layers that we're using: The core VPN, the Network Access Manager and the ISE profiler. When it goes through all those different things on every port on the switch, there are commands for it to be able to go through an ACL so it knows what users are there, what server, and what devices have been put onto the domain. It can verify all that.

The user can then proceed on to the network. We've set it so that regular users are VLAN'd off and can only see the data network through ISE and are blocked from seeing the rest of the network. Depending on the department needs or other factors, we have cameras for security which are on a different VLAN, and they can see those. We also have something for O&M where the AC guy can see the AC equipment, and we can prevent all the VLAN's from being viewed by everybody.

We are customers of Cisco and I'm the infrastructure and Cyber security manager.

The solution cuts down on the repercussions of getting malware or ransomware which happened to us four years ago. We regularly took very aggressive snapshots and we were able to recover in an hour and 20 minutes without any loss of data.

Because we have a large database and 4,000 network devices, the solution can lag a bit when you're running updates or different things because of the fact that it's so big and it is such a resource hog. But the biggest problem we've encountered is that it finds errors or people are rejected or not authenticated without a clear explanation as to why. A second issue is that we're currently on 2.4 and Cisco's gold standard now is 2.7. They are a little slow with that.

I'd really like the solution to dive down a little deeper when something's not profiling. As it stands now, you have to go through and search what hasn't profiled. Microsoft, for example, gives you a direction to look at and will even be specific sometimes and tell you there is a password error, or the password hasn't been updated, or it's not meeting the policy and that's why it won't let it through. Those are very helpful because you know exactly what's required to solve a problem. 

Cisco is getting better with it, but they fail in some areas because of a network connectivity issue, or it's not getting DCAP quick enough and it fails. Those things would be more helpful to understand when it's going through, so you are able to triage it a little better. I mean, it does point you in a direction, but sometimes you have to dig a lot deeper to find the right direction and figure out what kept it from profiling. One big issue we've discovered is that people are not rebooting their machines or powering them off at night. We're trying to ensure that is done by sticking messages on screens.

I've been using this solution for the past two years. 

ISE is pretty stable. If it does have an issue then you need to call TAC and work through the bug in it. They are very responsive and very quick to help us eliminate the issue and also come up with a plan, such as how to move forward with additional issues or different things that are coming down the pipe with Cisco ISE. When you're talking to them, you feel like they are a partner and not just a disconnected entity.

The technical support is excellent, I would rate them very highly.

The initial setup is very complex. You have to go in and manually add in all the network devices, as far as all the switches, access points are concerned. You have to go port by port and add in codes and conditions and you have to go switch by switch and add in codes and conditions. You start out with a monitor mode and then go to an impact mode and then you go towards total lockdown. Implementation took us about 18 months. We rolled it out in short bursts because we have a very small IT team and we had a consultant company come in and work with us on installing it. A lot of it was knowledge transfer from them to us.

Our consultant was Cycorp, their main focus is network security. They are a sister Cisco partner, and we had one of their CCIE's come out and help implement everything. The gentleman at the top of the CCIE, was a former Cisco employee and a beta tester for ISE. Now that we have it in, I feel it's pretty much a game changer on locking down our network so that we're not penetrated from inside or outside because everything going through the VPN has to meet a certain standard.

We did a five year deal and it was very reasonable. I think for the Avast virus scan, I think we were paying $95 a machine for five years, which nobody else could touch. And that includes all updates, technical support, etc. From the ISE side, I'm not really sure what it costs because it was all encompassed in equipment we were buying and the ISE and the AMP and the open DNS. I know that it was not more expensive than any of the things we had looked at with HP or BMC or other places. It was much more cost effective.

We have looked at other products but we are a Cisco shop so having a Cisco product rides very easy on all our switches, our access points, and our Cisco servers. I believe it's the same for other companies such as HP. It's also a priority for them that the solution works better with HP switches. Given that we weren't going to change our switches, we really needed to focus on something that was going to work well with our environment.

The important thing is to have a good game plan going into it. Prep is key for everything going on with ISE. The more stuff you have prepped and the more understanding that you have upfront of how it goes through and how it behaves, the better off you are.

I would rate this solution a nine out of 10. 

The feature that I most like is that it can notify me whenever someone plugs in their device, which is not allowed. I get notifications for new laptop devices.

I think the user interface looks good compared to previous versions. 

The software is a little bit complicated to understand in the beginning, meaning the implementation. It needs proper documentation so that we can understand the options more easily.

I have only very recently using Cisco ISE, since about one and a half months ago.

We have our own team for the maintenance of this solution.

I am still implementing it. So far it has been one and a half months.

Cisco ISE is a good product, but it requires some technical knowledge and knowledge about network security.

One a scale from one to ten, I would rate Cisco ISE a six.

As I said, I have not implemented it 100%. Maybe once I implement it 100%, and I start using it in production, then I will rate it higher.

We use Cisco ISE for 802.1 network authentication.

ISE integrates well with other Cisco products.

This solution does not provide us with enough visibility into our network. We would like to see additional information that it does not show. In general, the reporting is not very useful.

ISE needs to have better integration with third-party products.

A basic profiling engine would make a good addition because device profiling is very important.

This product requires the use of agents and ideally, I would like an agentless version. I think that they should get rid of them because they are hard to manage and deploy. Also, they are not useful.

The interface is not very user-friendly and it is not simple to use.

I have been using the Cisco Identity Services Engine for six years.

This is a stable product. The features that do work, work well, and we use it on a daily basis.

I would say that this product is scalable because we are using it in our central headquarters, in addition to several branch offices.

We do not pay for Cisco SMARTnet, so we did not contact technical support.

Prior to using ISE, we were using a solution by Trustwave. It is a different product because it uses Name Poisoning methods. It was an interesting solution but we changed because the price of support is too high. We opted to instead purchase a new product.

The initial setup is not simple. I don't consider our deployment to be complete because we were unsuccessful at trying to use the majority of the features. The fact that we can't solve these problems is why we are searching for another solution.

We had assistance from a consultant for the deployment.

Internally, we have a team of five administrators who manage this product.

The SMARTnet technical support is available at an additional cost.

I am currently doing research on Fortinet FortiNAC because I find that Cisco ISE is not a very powerful tool.

My advice for anybody who is considering Cisco ISE is to first run a proof of concept to see that all of the features work well. In my opinion, you have to see all of the features.

I would rate this solution a seven out of ten.

We use this solution to monitor and secure devices on our network.

Using this solution gives us the ability to allow proper access to the network.

The stability of this solution needs to be improved.

It should not be necessary to go to each individual set of alarms and acknowledge them in order for them to go away. There should be a single button that can be pressed to dismiss all of the alarms at once.

This solution has problems in terms of stability. I have had certain things that do not work, and I have called technical support for help. They have sent me a patch, and then it still doesn't work, so we end up living with the problem.

I would rate this solution an eight out of ten.

We use this solution to provide wireless for our residence halls and guest networks. We're also a college that works primarily off of iPads, so we have to be able to keep resident hall activity off of the network so that students can do their homework and class activities. We use the Services Engine to authorize all of them.

The biggest value of ISE is that it can get so granular with gaming systems, versus IoT and BYOD.

I'd like to see an easier way to upgrade to larger versions, as well as more best practices that are easier to locate on their support page.

I have had a very good impression of its stability.

We're actually upgrading right now from a small version to a medium-sized one. It's not as simple as I'd like it to be for scalability, but it's still working well.

We were very late adopters in the education arena of wireless. We didn't adopt until about five years ago. We had a great relationship with our partner and got to see this demo several times. It was really good.

The initial setup was complex.

The name of the company at the time was MSN but they've been recently purchased. The engineers did a really good job. I would have liked a greater share of knowledge at the time, but they did a great job in implementing a complex situation.

Cisco was the only one that we evaluated. There was also Aruba, but Cisco was really the top choice.

My advice to someone considering this solution would be to seek the most comprehensive solution for residence halls.

I would rate this solution as eight out of ten. I would like the flow of authentication and authorization metrics to be easier to see.

We primarily use the solution for network admission control.

Previously, what used to happen is that we use to have anyone - any user, a staff member or a non-staff member, consultant contractors, etc. able to connect to our line without authentication, which I think posed a security risk. We felt that whoever connected to our network should be authenticated. We should know the person. We should have visibility to see who was connecting to our network so that we can detect anomalies. Now, we have different profiles, of different users and staff and for contractors or others. So, depending on the profile, there's control on the access that you can get.

An area that could be improved is the agent. The challenge now is that agent and most of the computers have changed. They could think about agent-less deployment. Also, I've not explored MDM but if it should be integrated. 

In terms of scalability, I think it's scalable. Quite scalable and very intricate. Easy to use and provides good support. 

We've had many issues with technical support but from the local vendor, we do get a lot of support which is good. The fact that we also did some training helped. We normally don't have so much trouble when we rescale. We see that we can fix it and then if there are issues, with the vendors and their help, we can rescale it.

Initially, the setup is a bit complex but that depends on the vendor. Maybe because of the complexities around it. Sometimes I think it's about how the best project team really does it.

The person who was put in place to implement it couldn't. So we got another vendor who was good and was a lot more experienced. It's a very new feature so we're hopeful here in Uganda. My country only has about maybe 2 or 3 clients. Those are the ones I know about, our team being one of them.

The deployment strategy was faster than the pilot. We had to see how it works and then we had to, in a transparent manner, see how it works. Deployment took about six months. But the rollout is on-going because we keep opening branches all the time, so we just keep adding them into the solution. For deployment, we used the front liner support but for documentation, we had professional staff. For deployment and maintenance, we have a small team of maybe about five to ten. 

I would give the solution 5.5 out of 10.

We use Cisco ISE for network management, user access for enterprise clients, and advanced firewall support. We use Cisco ISE on domains and clients jointly with other network software utilities.

We use Cisco ISE as our main controller for the management of clients that need to join our network.

The best feature of the Cisco ISE platform is that it is compatible with Microsoft products. 

Cisco ISE is complex. The deployment and design of networks with it is so complex. If it could change it would be better. 

It needs a better solution for reduced complexity.

I think to add more people to four-thousand users is going to be hard. Cisco needs to make it easier to add more people.

The Cisco ISE platform is stable.

On our network, we use Cisco ISE as a platform utility to support three thousand users.

The initial setup of the Cisco ISE platform was complex and the deployment was also difficult.

On a scale from one to ten, I would rate Cisco ISE an eight because the server is so complex. Cisco needs to re-program or re-issue it and release a new version with more adequate sizing for small businesses. 

Our company doesn't use Cisco ISE internally. We act as the solution reseller. Our business model is set up to provide a network-based approach for adaptable, trusted access to our clients. We provide our clients with intelligent, integrated protection through intent-based policy and compliance solutions.

We found that the most valuable features associated with this tool are posture assessment, policy management, VLAN assignments, guest assignment, and BYOD services. In addition to these services, the Cisco IOS software switch configuration feature is another very valuable aspect of the policy and compliance solution.

There are issues with respect to the posture assessment function. It's been observed that customers are not receiving total access to the network because the assessment agent is glitchy and malfunctions from time-to-time. I would like to see refining of the compliance assessment and adding more detailed compliance of endpoints on the user end.

We have also had to deal with some cache update issues in conjunction with Cisco's tech support team. Unfortunately, they had trouble providing suitable solutions within specific and desirable time frames.

The next release should offer more inter-operability, increased cross-integration functionality. 

We are currently experiencing stability issues with this solution.

Technical support needs improvement. There were times when my engineers had to talk to a number of different Cisco tech engineers explaining things over and over again. If their tech support has to escalate an issue our support staff is required to mediate which of course disturbs workflows.

The setup requires proper planning. We approach every customer interaction strategically taking into account the complete project scope. It's our job to understand the customer's expectations and requirements for deployment.

Initially, the setup is a bit tough with respect to the graphic user interface (GUI) tool. Cisco ISE has proven to be a bit complex as well.

The solution is sufficient and seems to require little to no maintenance from the client side. Maintenance is always in proportion to the client's needs and product deployment. For instance when we are managing two Cisco ISE boxes with two onsite engineers. As capacity grows obviously we need more engineers; it's not a 1-to-1 relationship but we always take a minimum of two certified engineers qualified to manage Cisco ISE.

I would give this solution a rating of 7 out of 10.

We are a reseller of Cisco ISE. 

So far we have had no complaints from customers. No major complaints in terms of ISE. They do complain obviously if the ISE service stops working. Normally that happens if there's a server flaw or some problem at the data center somewhere. 

There can more integration between the wireless controller management and ISE. Consolidation or integration of the controller and ISE dashboards would be great. It's not that bad but would make for simplified support if it could be combined into one dashboard.

It's very stable. We have it in on a big car rental company. We manage and we support the Cisco ISE platform for them. It's very stable and it adds a lot of value to the network.

In terms of scalability, you need to factor in your licenses. With a virtual platform, the scalability is more than sufficient. We have over one thousand users. 

We've got two engineers that look after the ISE environment.

We have emailed tech before and their support has been very good.

The initial setup was straightforward. The time it takes to implement depends from customer to customer. The most time-consuming aspect is sitting with the customer and planning out the policies and how they understand Cisco ISE. On average, with the planning sessions with the customer and the installation of ISE, it takes approximately five days.

The licensing is too expensive. There is more complexity on the wifi environment, especially with Cisco DNA versus Cisco ONE licensing. As far as the ISE licensing is concerned, it's pretty straightforward. We normally follow the ordering guide which is quite detailed, so there's no problem there.

The advice that I would give someone considering this solution is to understand the licensing. From a design perspective, we refer to the ordering guide quite frequently. The most important thing is to have a technical planning session with the customer. A lot of the time the customer doesn't really know what they want and if you don't have that upfront planning and discussion with the customer, the deployment can take much longer.

I would rate it a ten out of ten. 

Our primary use case is to grant access to users, we deploy the bring your own device policy.

Visitors can be granted access to the wifi network using their cellphones, notebooks or tablets in a very easy way. The ease of accessibility that anyone can have to the network is very quick and is a big improvement for our network.

The flexibility to grant anyone access to the network easily and in a secure way is its most valuable feature.

There should be an easier way to do the upgrades. Customers were having issues going from one version to the next. There are a lot of steps to get to the next version from the previous version which ends up being a bit of the headache with the upgrade. 

It's very stable. We have around 200 users and only four people are required for maintenance. 

As Cisco partners, the point is that we provide our own support. We prefer our own engineers to be ready to support the solution to provide the service to our customers.

We have seen ROI from using this solution. 

We plan to increase usage by around 20 to 30%.

It gives people the peace of mind that they have the possibility to grant access to the people that visit their premises and ensures that they are working in a safe environment that is pure and clear when they use the posture services of the solution.

I would rate it a nine out of ten. 

We use this solution to protect the network especially when someone brings their own device and to lock out access to anybody connecting to the network. Also to make sure that the people connect to the correct VLAN. So, mainly for security wifi access so that when people want to connect to our wifi they have to log in using their credentials.

We give guests limited access to the internet when they come in so that access has been useful. Previously, we just used to give them the APN key which they would leave with. Now, we give them credentials to use that are for a limited period of time.

It is stable. Any time we found an issue we would get in touch with the reseller to help fix it. Then they tell us where the problem is and we'll know where to look. 

It is scalable. We have around 350 users. We required two staff members for maintenance but they don't have enough knowledge so we have to reach out externally for more help. 

Their technical support has been good. They have been responsive every time we have an issue. They get logs, check and then give us feedback of which corrections to do.

The initial setup was complex. We had to engage an expert. When we rolled it out we would find challenges and then we would have to find a way of fixing those challenges. Out of  nowhere, it would lock out all users. Then we discovered that no, the password had expired for the service account. We needed to make it none expiry.

Deployment took about a month. We had to do project planning, discuss the plan with the team, and by the end, it was a month.

We used a reseller for the implementation and we had a good experience with them. 

If you go directly with Cisco for the implementation it's very, very expensive.

We also looked at Aruba.

It's a good product but it requires technical support and knowledge otherwise it will be difficult to manage and run it. It requires somebody to be configuring issues. You need protection as you advance in the usage but it's a good product. 

I would rate this solution an eight out of ten. In order to make it a ten, it should be more user-friendly. You need somebody who is knowledgeable about it to use it. It's not easy to use. We have to rely heavily on technical support.

It's a network access manager.

After the product was installed, no one could access the secure connection network. In order for any laptop or any endpoint device to attach to my network, it needs to be authorized or be certified to be connected.

It has many valuable features. 

It has many complications from the administration perspective, it's not easy to learn. Not like other solutions that are very friendly and easy to go through. It needs to be more user-friendly. We'll see the same name on more than one tab so we need to realize why that name is there or why only the main tab is not like the other. I cannot believe that Cisco is the best case of security integration however it is easier to implement.

They are good at integration, I do not expect more from them in that regard. They could think about developing VXLAN. They have LDN switches, we need to get into contextual switches, not catalyst switches. Normal switches. I wish they could explore developing more VXLAN options.

Stability is not something absolute. 

Scalability is good. We have 60,000 users. 

Their technical support isn't good. 

The initial setup took four to six hours to do. The image between six, seven GB, is a huge image, huge process, and it takes too much time. If somebody has a solution of five, four pieces you need to re-image one or you need to incorporate the solution. It will take days to upgrade the solution. It's very complicated. The deployment will take an entire day. And if you have a complication it can take two days because of the complexity. 

We are a big organization and we can arrange for licenses because we are a big customer. We have an agreement for the security license. Licenses aren't an issue for us. We pay for licenses every five years or six years.

I would rate this solution a 7.5 out of ten. To make it a ten they should have more people on tech support. They need to invest more in the product. It's a good product. They should just work on tech support. More support for the customer. It's not that easy to get somebody to understand this product. I have had some issues with tech before for the solution. One of them brought the solution down due to some of his activity. They need to hugely invest in their tech support. 

We use it to aid the tools that we make and to sponsor and get flow.

We distribute internet access to guests. It's the product to our environment.

The profiling option is the most valuable feature. 

They should improve the upgrades. It's not easy to upgrade the solution. 

It's stable. 

It is scalable because we use a network load balancer at the front of the PSN. It can be extended as we want to multiply. It's scalable to our environment. We have around 8,000 users and we are planning to expand it. 

I opened some tickets with them and I had no problems. They are engineers from India and the U.S and they perform well.

The initial setup was complex. The deployment took around one year. 

We used an integrator for the deployment. They didn't know a lot about the solution so we had to learn about it ourselves and helped them.

We have seen ROI from this solution. 

We use a virtual machine so in terms of pricing, we can extend it as much as we need. The licensing; we had to renew twice and in my opinion, it's good.

We also looked at ForeScout but we preferred Cisco ISE. 

I would rate this solution a ten out of ten. 

We use this solution to authenticate the domain users and if someone is not the domain user to make them a guest.

Before, our port would be wide open, anyone could come to the network and put their laptop into the port or any device and they would be able to get the IP. Now, if someone tries to connect to our network through an IU port or internet, they will not be able to access it. Another way this solution has improved our organization is that when we integrate this with our OpenGate server we are able to identify and isolate the machine that is infected, or that is going to be infected.

Plus, we had control on which device we can block in real-time and white list, or according to the MAC address, we can send this device to get an assigned IP from a special VLAN.

The identification with McAfee DHL is the most valuable feature. It gives us full visibility to see if there's any malware or malicious activity going on in the network and will then isolate the device.

Since we have started, we struggled a lot to implement this solution into our network, and we opened a case a couple of times. Up until this point, nothing else needs to be improved with this product.

Stability is very good. We haven't faced any issues and there aren't any bugs. 

We currently have around 400 users and we only need two staff members for maintenance. It is being used extensively because all of the users are dependent on it. If the ISE is down no one will be able to authenticate.

Technical support is very good because, on the user phase, it shows who was on the call with us and who helped us. 

The initial setup was easy. It took around one month. We did the installation part within half an hour to two hours but we found a couple of issues so we raised a case and once everything was resolved it was a month in total. 

We used an integrator. We had a good experience with them because we have already worked with them in the past couple of years

We researched this solution and found that it fulfills all of our requirements so we didn't look into any other solutions.

I would rate this solution a nine out of ten. 

I would advise someone considering this solution not to enable it with MAC. They are going to be in a very bad state after enabling this with MAC because if you do it is going to isolate so many devices which do not comply with the policy.

My primary use case for this solution is as a server for my networking devices.

We have multiple metal devices from different places that use management, so we need to know who would be accessing all those devices and what changes are being done to those metal devices. With Cisco ISE we have visibility of all the changes happening on those devices.

The authorization feature is the most valuable feature. 

Support and integration for the active devices needs to be worked on. Their features mainly work well with Mac devices. If we use an HP the Mac functionalities may no longer be able to deliver.

It's not very stable. Product-wise, in terms of performance and in terms of stability, I don't experience any challenges.

It's highly scalable but it's challenging to scale-up non-Cisco products. We currently have around 50 users and 11 employees monitoring the device. We don't have any plans to increase usage. 

Their technical support is pretty good. They have a good database and knowledge space regarding this solution. You'll get the support that you need. 

We are also currently using ForeScout for another feature but we are facing multiple challenges with ForeScout implementation.

The initial setup was straightforward. The deployment and negotiating time depends on your network infrastructure and what kind of environment you have.

You should have a fair understanding of the kubernetes that have been used in their infrastructure.

I would rate this solution an eight out of ten. 

My primary use case of this solution is for access control for authentication and for the authorization of wireless users.

For device administration, all devices have multifactor authentication in collaboration with IT, so it secures access to all of our devices. For guest and wireless access, it's a matter of a lowly manager who we give access to the portal and he can assign access to the guests, so it's a very simple process now. It keeps IT focusing on their work, and gives the business people the right access. 

Also, with BYOD mobile users can work easier and in a more secure way. For the places in public access we're securing our network socket, so now not everybody can plug in and log into our network due to this feature. It's making it more secure for headquarters.

• BYOD service
• The guest and secure wireless access
• Compliance and posture
• Wireless administration

The compliance and posture don't always work. They should make it more stable. With each upgrade, we lose some functionality. We have to wait for another upgrade.

I would like to see them develop some type of device management, like an iPad feature, just to be able to give security access to certain devices for management. Mainly for the suppliers and the third parties.

Another feature I would like to see would be for them to create the ability to integrate with other products from the start. We always search for products that integrate with us and so it would ease the management and then everybody would be entered. 

It's 99% stable. 

It's scalable. We have more than 500 users. We are planning to use more features and to integrate it with other branches that we have. It's a way to have a global solution across all branches.

Technical support is okay. Sometimes it takes a long time for them to respond. We'll usually end up solving our own issues. The response time should be shorter. 

The initial setup was complex. It took time to have a stable environment but once it stabilized, it was great. Although, we had six to seven months of an unstable system. 

We deployed through a reseller, they were good. We require two staff members for maintenance.

Our ROI is good enough. It's simplifying things for IT and for the business, so it's good for both sides. It solves a lot of issues that without the product would be costly to our organization so we see ROI in that sense. 

Licensing is very complicated and it changes a lot. I know recently it changed since we acquired the solution. It had a different licensing scheme that has changed. 

The cost is high compared to other solutions. Even so, it is better than what's on the market. The licensing model is complicated and the cost is a little bit high.

It's a great product but you should be careful to plan before deploying. Do thorough planning as not to do the same error that we did. We didn't do enough planning before deploying so it took us a long time to have a thorough plan. 

I would rate this solution a nine out of ten. 

My primary use case of this solution is to protect the website from web attacks. 

I use the F5 device on the DMZ zone of the firewall. A record will come to the virtual server on the F5. Then the F5 will upload the encrypted message to the server and decrypt this message. The firewall can see the traffic as unencrypted and we can mitigate the enemy and any attack from F5 and from the firewall.

The most valuable feature would be the protection. 

I would like for them to improve the reporting. 

This solution is stable.

It is scalable. 

I would rate their technical support as an eight. They provide a quick solution and I trust working with them. 

The initial setup was straightforward. 

The price is not very expensive. 

This solution can be used to protect one's application. The server has many features to secure and diagnose.

We are an ISP and we are working on providing ISP solutions for companies. For that reason, we are trying to deploy ISE or other technologies.

The benefit comes from the fact that all of our clients have Cisco products and we are looking for a tool that can integrate all the devices for a secure facility, monitoring, etc.

• MAC - Member Access Control
• Integrating all Cisco wireless, networking, switches, routers, firewalls for our customers.

In a future release, I would like to see network access control. That is something that customers seem to be looking for.

• Wireless Control Solutions
• Physical Port Access Control
• Changing switch configuration records and account controls.

• Currently planning to establish a wireless network environment.
• Expected benefits. 
• Improves switch account management.
• Physical Port Access Control.

• ISE Dynamic VLAN assignment
• ISE Radius and Tacacs+
• External identity sources LDAP, domain, or token.

• The Cisco wireless controller needs to add more than one physical port.
• The Guest Network verification needs to add a QR code option.

Cisco ISE now competes with any other product in the space because of its centralized and unified highly secure access control with ISE. ISE grew out of ACS and in the process has grown up.

The learning curve is steep and the initial setup is complex.

We've had no issues with stability.

We've had no issues with scalability.

Customer Service:

Customer service is good.

Technical Support:

Technical support is very good.

Yes. I am a consultant, so I have used many competing products over the years.

The initial setup is complex, but not if you fully vet the solution and leverage the functionality.

I am the services firm that does this work and the SME for my organization.

It is hard to quantify ROI. It is more easily measured in increased mobility and security.

There are three levels of pricing: basic, plus, and apex. Basic satisfied our needs.

Yes, we used ClearPass.

Not all features are available with base license, plus license allows for profiling and provisioning

It can handle Radius and TACACS+.

Authorisation and Authentication Policy creation is easier. Access right limitation is pretty easy in ISE. Context exchange feature is present.

It is quite complex when it comes to troubleshooting.

2 years

Upgrade was quite a pain. It doesn't exactly go according to the document.

On TACACS side, we see some issues. The rest is all going well.

It's good.

Tech support is still lacking on TACACS troubleshooting on ISE.

We were using ACS and IAS servers for radius and TACACS. ISE is one stop shop for everything with more to offer.

Initially done with a Cisco consultant and started with Radius services. Expertise was excellent.

Smartnet is not so cheap depending on the deployment.

We have deployed this solution and we keep on exploring more and more. It can do wonders for authentication and limiting access with the network.

Profile Sets help organize how AAA is handled by grouping, like traffic into separate subroutines.

We implement this for customers is various verticals. Most of the time oit is in Education. It really helps secure, classify and manage users including guest and BYOD users.

The product has improved with its evolution. The initial setup, though, is extremely complex.

10 years. I have used this since it was Cisco ACS

As the product matures I encounter less and less problems.

The produt scales well.

Excellent. TACis quite knowledgable.

I have used Microsoft IAS/NPS, Funk, and Aruba ClearPass. ClearPass is the only product in the same league as Cisco ISE.

ISE is extremely complex. With the functionality and flexibility it offers that is to be expected.

I am the vendors's partner.

Licensing and pricing is a complicated calculation, so it is best to really understand your customers' needs. Also team up with the right resources at Cisco for help.

Cisco Identity Services Engine (ISE) version 1.3 has improved it's GUI margin and much easier to navigate than the previous versions. 

This technology pride itself with Trust Sec and 802.1x  feature. Trust Sec can be an advantage when an environment is nothing but a Cisco workshop.

This technology is based upon utilizing other Cisco products such as IDS, IPS, ASA and Catalyst switches. It provides the RADIUS feature for Active Directory so that 802.1x (EAP over LAN) is properly utilized for User Authentication.  

It also does MAC Address Bypass (MAB) for MAC Address verification and authentication.  

Cisco will integrate the TACACS+ feature into ISE version 2.0 and enterprises no longer need Cisco ACS for this reason.  

Many organizations and large enterprises are faced with the daunting task of keeping their security issues at bay. They also need to be in compliant with the Cyber Security's strict guidelines and orders.  

While there are many cyber attacks from the outside of the edge routers, cyber attacks can also be implemented within the organization whether it is either intentional or unintentional.  Cisco ISE can mitigate many attacks such as MAC spoofing, VLAN hopping, DHCP Starvation and ARP Snooping.

By implementing ISE, it can lighten the overhead of the Cisco Catalyst Switches by not implementing port security, Dynamic Arp Inspection, DHCP Snooping. This will also improve the switch's performance since the ISE server takes over the duty of posturing with its Policy Service Node persona.  

Cisco ISE has improved performances on Access Switches and closely monitored the daily suspicious or rogue activities within the organization.  

We've had no issues with deployment.

We've had no issues with stability.

We've been able to scale it for our needs.

• I'ts compatibility with 802.1X
• Posture
• Profiling
• Guest Portal

As an integrator, I can tell that this product is mostly used for implementing wireless 802.1X with Active Directory and guest portals. It can be integrated with Active Directory and an external SMS gateway, can be used to track user authentications with Cisco WLC, can be therefore used to completely implement BYOD (considering the tight integration with leading MDM vendors). The product can be bought as a physical appliance as well a virtual appliance.

We are waiting for TACACS integration to completely replace the Cisco ACS line of products.

I've used it for about four years.

Being a product relatively young the product seems incredibly stable and not prone to system outages.

Having a Cisco consolidated experience with this type of products, the product encounters very little of no scalability problem.

Cisco has implemented a special ATC partner program to help partners and customers to have a smooth deployment. As far as I know there is also a dedicated TAC area for this product, Cisco commitment on the ISE line of product is really at a top level. I can say this with an high degree of certainty being a Cisco Gold Partner.

We use this product because we mainly sell this as a premier class NAC solution, compared to other similar products.

The initial setup is very straightforwardly done by following the product’s document guides.

I work for a vendor/system integrator.

The main advice is to seek for an accredited ATC system integrator with a large ISE portfolio.