Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
578
Views
5
Helpful
2
Replies

Standalone ISE deployment license requirment

Go to solution
CHNC
Level 1
Level 1

‎01-24-2019 09:11 PM

Hi, 

 

Please suggest me, what are the license required to deploy standalone mode ISE in production environment and we have 900 users volume in my office.

 

How the license will be utilized in ISE.

 

Also what are all the Nodes can be run in standalone mode deployment.

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎01-24-2019 11:02 PM

There is a very thorough licensing guide for ISE available here.
https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf

I would recommend you work with your Cisco partner, as the scoping and buying ISE is usually done by the VAR.

Now that we have that out of the way, here are some things you need to think about that impact licensing when deploying ISE.
1. Will the ISE nodes be virtual or SNS hardware appliances. You need to buy ISE VM licenses for every node you deploy, not the case for physical.
2. I would recommend HA, run at least two ISE nodes. You can deploy all functions of ISE with a single node, but you have no HA. For the scale you are talking about, two small nodes would be fine.
3. Licensing is not done on a user count, but rather an active device count. Each unique active mac address results in at least one base license being consumed. If you are leveraging profiling or posture then you could use a second higher level license per mac on top of the base.
4. A single endpoint can potentially use more than one base license. Back to a single active mac = a license used, a laptop connected to both wired and wireless would use at least two base licenses.
5. Will you use profiling or posture and their associated licenses. The usual answer is yes, profiling is a very commonly leveraged feature, posture is highly business use case dependent.

So by no means a complete list but just some things to think about. For the uninitiated joining the ISE playing field, ordering and licensing is a complicated and important piece. I'll still recommend customers work with a partner to order ISE and the communities group would happily sanity check a potential bill of materials.

View solution in original post

2 Replies 2

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎01-24-2019 11:02 PM

There is a very thorough licensing guide for ISE available here.
https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf

I would recommend you work with your Cisco partner, as the scoping and buying ISE is usually done by the VAR.

Now that we have that out of the way, here are some things you need to think about that impact licensing when deploying ISE.
1. Will the ISE nodes be virtual or SNS hardware appliances. You need to buy ISE VM licenses for every node you deploy, not the case for physical.
2. I would recommend HA, run at least two ISE nodes. You can deploy all functions of ISE with a single node, but you have no HA. For the scale you are talking about, two small nodes would be fine.
3. Licensing is not done on a user count, but rather an active device count. Each unique active mac address results in at least one base license being consumed. If you are leveraging profiling or posture then you could use a second higher level license per mac on top of the base.
4. A single endpoint can potentially use more than one base license. Back to a single active mac = a license used, a laptop connected to both wired and wireless would use at least two base licenses.
5. Will you use profiling or posture and their associated licenses. The usual answer is yes, profiling is a very commonly leveraged feature, posture is highly business use case dependent.

So by no means a complete list but just some things to think about. For the uninitiated joining the ISE playing field, ordering and licensing is a complicated and important piece. I'll still recommend customers work with a partner to order ISE and the communities group would happily sanity check a potential bill of materials.

Go to solution
CHNC
Level 1
Level 1
In response to Damien Miller

‎02-07-2019 06:30 AM

Dear Sir,

 

Please help me with the following queries.

 

Will I get all below features in Cisco ISE and if yes, then what are all services I need to enable in ISE  like SNMP, RADIUS etc.

 

1. This CISCO ISE we are deploying as our primary network tool, hence we need the following functionality :

      a. It will monitor all our links and incase any link down it should trigger a notification as “Link Down

      b. It will check all the devices (specifically all the Network Devices) hardware condition and incase there is any                  abnormality it will trigger an alert.

      c. It will also check the routing protocols (OSPF, BGP etc.) and incase any neighbourship down, it should trigger              an  alert.

2. It should have automatic backup facility which we can schedule as per our need.

3. It should have show the latest conf. or any command output and also we can compare the output pre and post of        any change implementation.

4. We should be able to find from the log who logged in and what command he had done in his last login.

 

If not, does i need to use any third part tools to achieve the same along with ISE.

 

ISE version is 2.4, Please help me with your comments.

 

Please help with documents if any links available to achieve the above task.

 

Thanks in Advance..!

0 Helpful
Customers Also Viewed These Support Documents