cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

944
Views
0
Helpful
2
Replies
joplant
Cisco Employee

ISE VM Segmentation / VDI

Hey All,

I was digging for info on integrating ISE policy into VDI environment to extend the same segmentation/protection to virutal machines.

This thread has a great design guide based on N1Kv  -Does anyone have information on leveraging ISE in a VDI environment?

However, it is my understanding that going forward, the N1Kv isn't applicable due to changes to third party switch support by VMWare.  That means that design guide is really no longer relevant.

Are there any updated plans or options for VM segmentation or integrations between ISE and VMWare switches?

1 ACCEPTED SOLUTION

Accepted Solutions
kthumula
Cisco Employee

John, N1Kv is still relevant going forward for VDI. I am not sure if you are aware but today with the latest version of N1Kv 5.2(1)SV3(4.1) we can do 802.1x authentication for the VDI clients connected to N1Kv and assign SGTs dynamically through ISE.

We have a long term solution in place for N1Kv due to lack of VMware support on third-party switches. You will know very shortly.

Today you can use the 802.1x solution and it should solve the segmentation challenges in the VDI environments.

View solution in original post

2 REPLIES 2
kthumula
Cisco Employee

John, N1Kv is still relevant going forward for VDI. I am not sure if you are aware but today with the latest version of N1Kv 5.2(1)SV3(4.1) we can do 802.1x authentication for the VDI clients connected to N1Kv and assign SGTs dynamically through ISE.

We have a long term solution in place for N1Kv due to lack of VMware support on third-party switches. You will know very shortly.

Today you can use the 802.1x solution and it should solve the segmentation challenges in the VDI environments.

Thanks for the info!  Do we have any design guides or reference material going into detail on the VDI Trustsec design?  I could not find reference to 802.1x capabilities in the 1000V configuration guide, and "Dynamic Classification" seems to be missing in the latest Trustsec Compatibility Matrix as well.  Is this a new capability?  Does the VDI native supplicant work, or do we need to leverage Anyconnect?

 

Thanks!

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube