cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4132
Views
15
Helpful
15
Replies

When are the new ISE 26xx going to be announced so I can order one?

William Eckler
Level 1
Level 1

I had been told the new series would be announced this month... is this coming?  I still have an ACS 3415 that's not really worth trying to upgrade at all... there's zero point in buying a 3515 since the new models are coming out.  I got burned before by buying the 3415 at the end right before it went EOS... it's why I'm in this position now.

2 Accepted Solutions

Accepted Solutions

Damien Miller
VIP Alumni
VIP Alumni
There will be a public announcement when they available. Cat got out of the bag a little early.

I usually suggest clients use virtual ISE appliances because it avoids this situation entirely.

View solution in original post

yshchory
Cisco Employee
Cisco Employee

@William Eckler - the SNS-36XX were just announced yesterday and we hope to have them order-able around end of this month or so.

 

By way of introduction, I'm the Sr. PLM for ISE and lead the Product Management team for it.

 

I must say that I'm not in full agreement with @Damien Miller from a physical/VM choice perspective. While I do appreciate the importance of virutal environments, unlike an app or even directory services, ISE is an infrastructural solution and as such, for some of the organizations, requires a different design and regard. Not all organizations know how to / can invest enough to deliver the same level of availability on a PER SERVICE perspective when it comes to virtual environments.

 

While VMs work for some of the organizations, most of our customers actually look at ISE as a service they leave on physical environments (i.e. SNS appliances) to ensure they have full control of it from an availability perspective. We constantly here customers choose physical appliances due to political issues, past issues between system departments and networking, etc.

 

So while @Damien Miller has a great point for specific customers, for most customers I interact with I see different requirements.

 

Yuval

View solution in original post

15 Replies 15

Damien Miller
VIP Alumni
VIP Alumni
There will be a public announcement when they available. Cat got out of the bag a little early.

I usually suggest clients use virtual ISE appliances because it avoids this situation entirely.

I don't disagree normally.  We use virtual ISE for our big enterprise network but this is for a small air gapped network that I would like network auth to work on even if the servers are down.  I also am mandated to use 802.1x.  I'd like to have AD working with 2 factor for network devices in the ISE and have it fall back to local auth from the ISE if AD is down.  I had thought the new ISE would be announced by this time... hopefully it's coming soon because I need one!

No announcement but the datasheet has been updated with the release of ISE 2.6 today. Still can't order the 3600's though, so soon hopefully.

SNS appliance datasheet
https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/data_sheet_c78-726524.pdf

Wow thanks!  That looks like it'll be it though the 3615 in the picture!

ajc
Level 7
Level 7

I just got additional information. IF you are referring to ISE 36XX, you would need version 2.6 which is a recent release (I would not use it), looks like previous versions CANNOT be used on that 36xx. In addition to that, I was told Cisco has improved MNT performance on version 2.4 patch 5 BUT you would need a VM Running ISE with some additional hardware specs in order to get all the benefits. ISE 3595 appliance does not give you all the benefits of the "new" MNT 2.4 version due to hardware limitations.

Lets hope the ISE BU notices the pain this causes us in the field trying to get customers off of 3400 appliances and certifies 2.4 to run on the 3615/3655/3695 appliances.

Replying to:
Lets hope the ISE BU notices the pain this causes us in the field trying to get customers off of 3400 appliances and certifies 2.4 to run on the 3615/3655/3695 appliances.

ANSWER
Please provide http://cs.co/ise-feedback right now i am going through and have the following:
ISE 2.4 supports the 35xx it will not run on the 36xx
ISE 2.6 supports both the 35xx and 36xx.

yshchory
Cisco Employee
Cisco Employee

@William Eckler - the SNS-36XX were just announced yesterday and we hope to have them order-able around end of this month or so.

 

By way of introduction, I'm the Sr. PLM for ISE and lead the Product Management team for it.

 

I must say that I'm not in full agreement with @Damien Miller from a physical/VM choice perspective. While I do appreciate the importance of virutal environments, unlike an app or even directory services, ISE is an infrastructural solution and as such, for some of the organizations, requires a different design and regard. Not all organizations know how to / can invest enough to deliver the same level of availability on a PER SERVICE perspective when it comes to virtual environments.

 

While VMs work for some of the organizations, most of our customers actually look at ISE as a service they leave on physical environments (i.e. SNS appliances) to ensure they have full control of it from an availability perspective. We constantly here customers choose physical appliances due to political issues, past issues between system departments and networking, etc.

 

So while @Damien Miller has a great point for specific customers, for most customers I interact with I see different requirements.

 

Yuval

@yshchory   Thank you.  I completely agree with the appliance versus VM argument.  I want to know that even if my ESXi hosts or servers are down (or storage causes datastore to go belly up) that I still have all of the services that ISE can provide with an SNS.  Even in the event the entire AD isn't available it's nice to know that ISE can fall back and still provide authentication to my network devices and will maintain a posture with port security.  When the AD is functioning it also makes it easier to provide 2FA with tokens to all network devices.  ISE checks many compliance boxes for me... many of which are newer requirements like 802.1x.  For many of us it's no longer "nice to have" but is now an auditable requirement, without which, is a high level finding.

Add to this organizational "Layer 8" (politics, management style, relationships between different departments, etc.) and you're trying to solve a conundrum with a generic solution...

Question: So, Why are we suggested to run a VM MNT on 2.4 because the 3595 is unable to handle the new "DB improvements" on that release?. We were told that MNT 2.4 version with all the "actual" improvements on the DB management, requires additional HW that regular 3595 appliance cannot provide. We have been dealing with the MNT performance issue for a large deployment on 2.2 and moving into 2.4 would not make any difference unless we go with the VM one.

 

 

yshchory
Cisco Employee
Cisco Employee

AJC,

Good question – the answer is that if you have 3595 and you have a giant deployment where MnT can’t handle the load – then the Large VM is your friend. A much better solution (yet slightly more forward looking) – would be to use the 3695 as an MnT node.

Yuval

Not sure if your reply was to me or Damien. In any case, thanks a lot for the advice.

 

I have planned already basic testing in the lab for 2.4 using VM's as usual (in production we have appliances).However, we would have to wait a little bit before moving into 2.6 for our 3595 and purchase the 36xx series because we usually wait at least 6+ months since released.

yshchory
Cisco Employee
Cisco Employee

Yes, sorry, I've edited my reply...