cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1820
Views
5
Helpful
4
Replies

ISE Management

jrgilkinson
Level 1
Level 1

Any websites or suggestions on who owns and Administers ISE? It seems that network should own it and security get reporting from it, but should security be able to write policy's in in directly? 

4 Replies 4

slicerpro
Level 1
Level 1
The question of who gets to own/control the ISE is totally organizational dependent. I don't think you will find a vendor documentation directing you to one way or the other.

Arne Bier
VIP
VIP

This is probably more of a discussion  than a blog ... but still, in a world where many organisation still operate in a silo'd environment, ISE is probably best placed in the Network team.  To be more specific, Network Operations.  Why?  Because the acronym NAC (Network Access Control) implies that we are controlling access to the network (as opposed to authenticating end user desktops ... that role might be better suited to the Security Team).  But at the end of the day this is an arbitrary decision that makes no difference how the dice fall.  Organizations should work together and stop being so silo'd - and give the job to those engineers who have the appropriate understanding of Radius, TACACS, ACL's, VLAN's, IP addressing.  But most network engineers panic when they have to deal with certificates - that's when they may need to engage the expertise of the Security Team.  But on the whole, most network engineers should feel comfortable working with ISE.

thomas
Cisco Employee
Cisco Employee
This is more of a question than a blog post.

hestert
Level 1
Level 1

It doesn’t matter. I would just make sure the roles are defined. One major plus in ISE can be a major hurdle. Many elements are usable for multiple functions. I would mandate a required naming scheme so all users know who owns or controls an element.  I.e. NDGs are used in both TACACS and Radius functionality. In many organizations the device admin or TACACS administrators are not the same team as the network access team. Just have well defined roles!