Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
4132
Views
15
Helpful
15
Replies

When are the new ISE 26xx going to be announced so I can order one?

Go to solution
William Eckler
Level 1
Level 1

ā€Ž02-07-2019 10:00 AM - edited ā€Ž03-11-2019 01:55 AM

I had been told the new series would be announced this month... is this coming?  I still have an ACS 3415 that's not really worth trying to upgrade at all... there's zero point in buying a 3515 since the new models are coming out.  I got burned before by buying the 3415 at the end right before it went EOS... it's why I'm in this position now.

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

ā€Ž02-07-2019 10:07 AM

There will be a public announcement when they available. Cat got out of the bag a little early.

I usually suggest clients use virtual ISE appliances because it avoids this situation entirely.

View solution in original post

0 Helpful

Go to solution
yshchory
Cisco Employee
Cisco Employee

ā€Ž02-20-2019 12:11 PM

@William Eckler - the SNS-36XX were just announced yesterday and we hope to have them order-able around end of this month or so.

 

By way of introduction, I'm the Sr. PLM for ISE and lead the Product Management team for it.

 

I must say that I'm not in full agreement with @Damien Miller from a physical/VM choice perspective. While I do appreciate the importance of virutal environments, unlike an app or even directory services, ISE is an infrastructural solution and as such, for some of the organizations, requires a different design and regard. Not all organizations know how to / can invest enough to deliver the same level of availability on a PER SERVICE perspective when it comes to virtual environments.

 

While VMs work for some of the organizations, most of our customers actually look at ISE as a service they leave on physical environments (i.e. SNS appliances) to ensure they have full control of it from an availability perspective. We constantly here customers choose physical appliances due to political issues, past issues between system departments and networking, etc.

 

So while @Damien Miller has a great point for specific customers, for most customers I interact with I see different requirements.

 

Yuval

View solution in original post

15 Replies 15

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

ā€Ž02-07-2019 10:07 AM

There will be a public announcement when they available. Cat got out of the bag a little early.

I usually suggest clients use virtual ISE appliances because it avoids this situation entirely.
0 Helpful

Go to solution
William Eckler
Level 1
Level 1
In response to Damien Miller

ā€Ž02-18-2019 04:10 AM

I don't disagree normally.  We use virtual ISE for our big enterprise network but this is for a small air gapped network that I would like network auth to work on even if the servers are down.  I also am mandated to use 802.1x.  I'd like to have AD working with 2 factor for network devices in the ISE and have it fall back to local auth from the ISE if AD is down.  I had thought the new ISE would be announced by this time... hopefully it's coming soon because I need one!

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to William Eckler

ā€Ž02-18-2019 08:04 PM

No announcement but the datasheet has been updated with the release of ISE 2.6 today. Still can't order the 3600's though, so soon hopefully.

SNS appliance datasheet
https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/data_sheet_c78-726524.pdf

Go to solution
William Eckler
Level 1
Level 1
In response to Damien Miller

ā€Ž02-19-2019 04:00 AM

Wow thanks!  That looks like it'll be it though the 3615 in the picture!

0 Helpful

Go to solution
ajc
Level 7
Level 7

ā€Ž02-19-2019 12:57 PM - edited ā€Ž02-19-2019 01:00 PM

I just got additional information. IF you are referring to ISE 36XX, you would need version 2.6 which is a recent release (I would not use it), looks like previous versions CANNOT be used on that 36xx. In addition to that, I was told Cisco has improved MNT performance on version 2.4 patch 5 BUT you would need a VM Running ISE with some additional hardware specs in order to get all the benefits. ISE 3595 appliance does not give you all the benefits of the "new" MNT 2.4 version due to hardware limitations.

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to ajc

ā€Ž02-19-2019 01:04 PM

Lets hope the ISE BU notices the pain this causes us in the field trying to get customers off of 3400 appliances and certifies 2.4 to run on the 3615/3655/3695 appliances.
0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Damien Miller

ā€Ž02-19-2019 01:11 PM

Replying to:
Lets hope the ISE BU notices the pain this causes us in the field trying to get customers off of 3400 appliances and certifies 2.4 to run on the 3615/3655/3695 appliances.

ANSWER
Please provide http://cs.co/ise-feedback right now i am going through and have the following:
ISE 2.4 supports the 35xx it will not run on the 36xx
ISE 2.6 supports both the 35xx and 36xx.

Go to solution
yshchory
Cisco Employee
Cisco Employee

ā€Ž02-20-2019 12:11 PM

@William Eckler - the SNS-36XX were just announced yesterday and we hope to have them order-able around end of this month or so.

 

By way of introduction, I'm the Sr. PLM for ISE and lead the Product Management team for it.

 

I must say that I'm not in full agreement with @Damien Miller from a physical/VM choice perspective. While I do appreciate the importance of virutal environments, unlike an app or even directory services, ISE is an infrastructural solution and as such, for some of the organizations, requires a different design and regard. Not all organizations know how to / can invest enough to deliver the same level of availability on a PER SERVICE perspective when it comes to virtual environments.

 

While VMs work for some of the organizations, most of our customers actually look at ISE as a service they leave on physical environments (i.e. SNS appliances) to ensure they have full control of it from an availability perspective. We constantly here customers choose physical appliances due to political issues, past issues between system departments and networking, etc.

 

So while @Damien Miller has a great point for specific customers, for most customers I interact with I see different requirements.

 

Yuval

Go to solution
William Eckler
Level 1
Level 1
In response to yshchory

ā€Ž02-21-2019 04:20 AM - edited ā€Ž02-21-2019 04:26 AM

@yshchory   Thank you.  I completely agree with the appliance versus VM argument.  I want to know that even if my ESXi hosts or servers are down (or storage causes datastore to go belly up) that I still have all of the services that ISE can provide with an SNS.  Even in the event the entire AD isn't available it's nice to know that ISE can fall back and still provide authentication to my network devices and will maintain a posture with port security.  When the AD is functioning it also makes it easier to provide 2FA with tokens to all network devices.  ISE checks many compliance boxes for me... many of which are newer requirements like 802.1x.  For many of us it's no longer "nice to have" but is now an auditable requirement, without which, is a high level finding.

0 Helpful

Go to solution
yshchory
Cisco Employee
Cisco Employee
In response to William Eckler

ā€Ž02-21-2019 10:44 AM

Add to this organizational "Layer 8" (politics, management style, relationships between different departments, etc.) and you're trying to solve a conundrum with a generic solution...

0 Helpful

Go to solution
ajc
Level 7
Level 7
In response to yshchory

ā€Ž02-21-2019 10:54 AM

Question: So, Why are we suggested to run a VM MNT on 2.4 because the 3595 is unable to handle the new "DB improvements" on that release?. We were told that MNT 2.4 version with all the "actual" improvements on the DB management, requires additional HW that regular 3595 appliance cannot provide. We have been dealing with the MNT performance issue for a large deployment on 2.2 and moving into 2.4 would not make any difference unless we go with the VM one.

 

 

0 Helpful

Go to solution
yshchory
Cisco Employee
Cisco Employee
In response to ajc

ā€Ž02-21-2019 11:24 AM - edited ā€Ž02-21-2019 11:57 AM

AJC,

Good question ā€“ the answer is that if you have 3595 and you have a giant deployment where MnT canā€™t handle the load ā€“ then the Large VM is your friend. A much better solution (yet slightly more forward looking) ā€“ would be to use the 3695 as an MnT node.

Yuval

0 Helpful

Go to solution
ajc
Level 7
Level 7
In response to yshchory

ā€Ž02-21-2019 11:40 AM

Not sure if your reply was to me or Damien. In any case, thanks a lot for the advice.

 

I have planned already basic testing in the lab for 2.4 using VM's as usual (in production we have appliances).However, we would have to wait a little bit before moving into 2.6 for our 3595 and purchase the 36xx series because we usually wait at least 6+ months since released.

0 Helpful

Go to solution
yshchory
Cisco Employee
Cisco Employee
In response to ajc

ā€Ž02-21-2019 11:58 AM

Yes, sorry, I've edited my reply...

0 Helpful
Customers Also Viewed These Support Documents