cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1710
Views
0
Helpful
3
Replies
Highlighted
Beginner

Multiple MDM solutions and a single ISE cluster

Hey all,

What the heck is the point of being able to configure multiple MDM solutions in ISE if you can only use ONE at a time?!?

I’m working on an upgrade to ISE 2.1 and for years now we’ve had an issue where we can only use a single MDM for phones/tablets for ISE authentication. We need to upgrade from our old GOOD solution to BES12 and while I can configure BOTH in ISE at the same time I can only have one of them active at any given time. What is the point of this. I was told that ISE 2.X would support multiple MDM and I guess if you want to be pedantic about it it does but come on!!! these are all from this document: ISE 2-1 Admin Guide

You can run multiple active MDM servers on your network, including ones from different vendors. This allows you to route different endpoints to different MDM servers based on device factors such as location or device type.

and


You can configure Cisco ISE to interoperate with one or more external Mobile Device Manager (MDM) servers. By setting up this type of third-party connection, you can leverage the detailed information available in the MDM database.

This sure sounds like I should be able to do what I’m trying to do… but further down the ISE 2.1 admin guide you find this:

Define Mobile Device Management Servers in ISE
You can create one or more Mobile Device Management (MDM) definitions for external MDM servers. Although you can configure multiple MDM server definitions, you can activate only one MDM server with which Cisco ISE interoperates at a time.

What is the POINT?!?

3 REPLIES 3
Highlighted
Cisco Employee

Hi Ben-

You are correct with your findings. While you can define multiple MDM providers only one of them can be active at a time. I also share your frustration as this is something that has been requested from many customers. AFIK it is on the road map of ISE but it has not been committed to an actual version. 

Here is also a post from one of the former TMEs for ISE:

https://communities.cisco.com/thread/61932?start=0&tstart=0

The best thing to do here is to reach out to your local Cisco team and ask them to file a defect/enhancement request (One might be out there already) and see if they can actually provide you with ETA/version release of when this feature will be available. 

I know this is not the answer you were looking for but I figured I would share what I know :)

Thank you for rating helpful posts!

Highlighted

We have the same setup and tried different solutions. But unfortunatly none if them was working as expected (with attributes and multiple AuthZ Policies etc. see also Attachment).

So for my understanding so far, there is no working solutions when try to integrate multple Versions of an MDM System unless the feature will be commited and implemented. True?

Highlighted

See updated reply here: https://communities.cisco.com/message/261796

Content for Community-Ad