https://community.cisco.com/t5/network-access-control/ise-for-securing-vdi-and-laptop-user-environment/m-p/3457971#M519538 <HTML><HEAD></HEAD><BODY><P>Sure Jason! Will lab it up.</P></BODY></HTML> Tue, 28 Nov 2017 16:25:36 GMT p.s.arun2020 2017-11-28T16:25:36Z https://community.cisco.com/t5/network-access-control/ise-for-securing-vdi-and-laptop-user-environment/m-p/3457967#M519528 <HTML><HEAD></HEAD><BODY><P>Hi All,</P><P></P><P>We have a customer requirement where they have VDI as well as laptop users who connect to random ports. Please advise what is the best way to securely deploy ISE in such an environment. I was thinking of having MAB for VDI and dot1X for laptop users and Also was wondering if we can have easyconnect for vdi and dot1x for laptop users. please advise.</P></BODY></HTML> Sun, 26 Nov 2017 09:44:07 GMT https://community.cisco.com/t5/network-access-control/ise-for-securing-vdi-and-laptop-user-environment/m-p/3457967#M519528 p.s.arun2020 2017-11-26T09:44:07Z https://community.cisco.com/t5/network-access-control/ise-for-securing-vdi-and-laptop-user-environment/m-p/3457968#M519529 <HTML><HEAD></HEAD><BODY><P>Hi Arun,</P><P>I dont think there is really a straight answer here as different types of methods can be used , however keep in mind easyconnect relies on kerebos authentications.</P><P>An example for MAB would be to Whitelist or Blacklist based on Profiles.</P><P>Dot1x needs a bit more "fine tuning" if Certs are being used and Network Device configurations , but is considered one of the most secured methods.</P><P>If your laptops are windows based then easyconnect could be a more simpler solution .</P><P></P><P>Thanks,</P><P>Danny</P></BODY></HTML> Sun, 26 Nov 2017 13:12:53 GMT https://community.cisco.com/t5/network-access-control/ise-for-securing-vdi-and-laptop-user-environment/m-p/3457968#M519529 ldanny 2017-11-26T13:12:53Z https://community.cisco.com/t5/network-access-control/ise-for-securing-vdi-and-laptop-user-environment/m-p/3457969#M519532 <HTML><HEAD></HEAD><BODY><P>This should work fine</P><P></P><P>I’m not quite sure how your VDI use case will work, if the vdi client machine doesn’t support Dot1x but it does login to the domain so that IP address of local client is mapped to a domain user then that might work as well</P><P></P><P>Please lab it up</P></BODY></HTML> Mon, 27 Nov 2017 12:30:51 GMT https://community.cisco.com/t5/network-access-control/ise-for-securing-vdi-and-laptop-user-environment/m-p/3457969#M519532 Jason Kunst 2017-11-27T12:30:51Z https://community.cisco.com/t5/network-access-control/ise-for-securing-vdi-and-laptop-user-environment/m-p/3457970#M519534 <HTML><HEAD></HEAD><BODY><P>Thanks Danny for your response! will try your suggestions. Was wondering if you have any use case for VDI thin client users.</P></BODY></HTML> Tue, 28 Nov 2017 04:50:52 GMT https://community.cisco.com/t5/network-access-control/ise-for-securing-vdi-and-laptop-user-environment/m-p/3457970#M519534 p.s.arun2020 2017-11-28T04:50:52Z https://community.cisco.com/t5/network-access-control/ise-for-securing-vdi-and-laptop-user-environment/m-p/3457971#M519538 <HTML><HEAD></HEAD><BODY><P>Sure Jason! Will lab it up.</P></BODY></HTML> Tue, 28 Nov 2017 16:25:36 GMT https://community.cisco.com/t5/network-access-control/ise-for-securing-vdi-and-laptop-user-environment/m-p/3457971#M519538 p.s.arun2020 2017-11-28T16:25:36Z