cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

113
Views
5
Helpful
2
Replies
Highlighted
Beginner

Standalone ISE deployment license requirment

Hi, 

 

Please suggest me, what are the license required to deploy standalone mode ISE in production environment and we have 900 users volume in my office.

 

How the license will be utilized in ISE.

 

Also what are all the Nodes can be run in standalone mode deployment.

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advisor

Re: Standalone ISE deployment license requirment

There is a very thorough licensing guide for ISE available here.
https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf

I would recommend you work with your Cisco partner, as the scoping and buying ISE is usually done by the VAR.

Now that we have that out of the way, here are some things you need to think about that impact licensing when deploying ISE.
1. Will the ISE nodes be virtual or SNS hardware appliances. You need to buy ISE VM licenses for every node you deploy, not the case for physical.
2. I would recommend HA, run at least two ISE nodes. You can deploy all functions of ISE with a single node, but you have no HA. For the scale you are talking about, two small nodes would be fine.
3. Licensing is not done on a user count, but rather an active device count. Each unique active mac address results in at least one base license being consumed. If you are leveraging profiling or posture then you could use a second higher level license per mac on top of the base.
4. A single endpoint can potentially use more than one base license. Back to a single active mac = a license used, a laptop connected to both wired and wireless would use at least two base licenses.
5. Will you use profiling or posture and their associated licenses. The usual answer is yes, profiling is a very commonly leveraged feature, posture is highly business use case dependent.

So by no means a complete list but just some things to think about. For the uninitiated joining the ISE playing field, ordering and licensing is a complicated and important piece. I'll still recommend customers work with a partner to order ISE and the communities group would happily sanity check a potential bill of materials.

View solution in original post

2 REPLIES 2
Highlighted
VIP Advisor

Re: Standalone ISE deployment license requirment

There is a very thorough licensing guide for ISE available here.
https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf

I would recommend you work with your Cisco partner, as the scoping and buying ISE is usually done by the VAR.

Now that we have that out of the way, here are some things you need to think about that impact licensing when deploying ISE.
1. Will the ISE nodes be virtual or SNS hardware appliances. You need to buy ISE VM licenses for every node you deploy, not the case for physical.
2. I would recommend HA, run at least two ISE nodes. You can deploy all functions of ISE with a single node, but you have no HA. For the scale you are talking about, two small nodes would be fine.
3. Licensing is not done on a user count, but rather an active device count. Each unique active mac address results in at least one base license being consumed. If you are leveraging profiling or posture then you could use a second higher level license per mac on top of the base.
4. A single endpoint can potentially use more than one base license. Back to a single active mac = a license used, a laptop connected to both wired and wireless would use at least two base licenses.
5. Will you use profiling or posture and their associated licenses. The usual answer is yes, profiling is a very commonly leveraged feature, posture is highly business use case dependent.

So by no means a complete list but just some things to think about. For the uninitiated joining the ISE playing field, ordering and licensing is a complicated and important piece. I'll still recommend customers work with a partner to order ISE and the communities group would happily sanity check a potential bill of materials.

View solution in original post

Highlighted
Beginner

Re: Standalone ISE deployment license requirment

Dear Sir,

 

Please help me with the following queries.

 

Will I get all below features in Cisco ISE and if yes, then what are all services I need to enable in ISE  like SNMP, RADIUS etc.

 

1. This CISCO ISE we are deploying as our primary network tool, hence we need the following functionality :

      a. It will monitor all our links and incase any link down it should trigger a notification as “Link Down

      b. It will check all the devices (specifically all the Network Devices) hardware condition and incase there is any                  abnormality it will trigger an alert.

      c. It will also check the routing protocols (OSPF, BGP etc.) and incase any neighbourship down, it should trigger              an  alert.

2. It should have automatic backup facility which we can schedule as per our need.

3. It should have show the latest conf. or any command output and also we can compare the output pre and post of        any change implementation.

4. We should be able to find from the log who logged in and what command he had done in his last login.

 

If not, does i need to use any third part tools to achieve the same along with ISE.

 

ISE version is 2.4, Please help me with your comments.

 

Please help with documents if any links available to achieve the above task.

 

Thanks in Advance..!