Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1091
Views
0
Helpful
1
Replies

ISE and SGT for segmentation in public cloud

vmadriga
Cisco Employee
Cisco Employee

‎03-01-2019 06:05 AM

Hi All,

Is it possible to use ISE and Trustsec to implement micro-segmentation on workloads in public clouds like AWS? I know we can use ISE+DNA Center to control access at the perimeter of the public cloud. The DNA Center can dynamically map a workload with an SGT and push it into ISE, then ISE will publish this information to a perimeter device like ASAv and enforce the policy at the perimeter. Can something similar be done to control traffic between workloads inside the same VPC (micro-segmentation) in AWS?

 

Any comments are really appreciated.

 

3 people had this problem
0 Helpful
1 Reply 1

Arne Bier
VIP
VIP

‎03-02-2019 04:43 AM

I What kind of networking infrastructure would that be implemented on (CSR1Kv and ASAv ?) - I would think you don't need ISE because I reckon that all of the cloud workloads are servers - and not user authentication. So you could nail up all the SGT's statically.  Maybe I don't quite get the use case.  Can you expand a bit more on how you would see this might pan out?  And what is the benefit of running TrustSec inside of a VPC?  Sounds interesting.

 

Having a public cloud native version of ISE would be nice though.  That might probably solve your requirement.

0 Helpful
Customers Also Viewed These Support Documents