on - edited on by
Mariley Reinoso Olivera
Cisco Identity Services Engine v3.x offers major usability benefits across many of its use cases. With better speed and agility, you are able to achieve security resilience with a fully mature zero trust solution while gaining pervasive visibility and dynamic control.
I am Viraj Nagarmunoli, Solutions Architect with Customer Success and together with Security Customer Success Specialist @Yash Kejariwal, I put together the table below summarising some of the key features of ISE 3.x
Feel free to ask us any questions about Cisco ISE upgrades using the 
Start planning your upgrade here.
If you want to stay up to date with our Software Compliance and key feature articles make sure to subscribe to the label 'Software Upgrades'
| Capability | Feature | ISE 2.x | ISE 3.x |
| Cloud Support |
Cloud native ISE |
Previously, ISE could only be deployed on a physical or a virtual appliance. |
Now, you can deploy ISE on public cloud infrastructure including AWS, Azure and Oracle cloud as a native cloud solution. This can help you reduce operational expenses and gives you the ability to scale your deployment on-demand while automating routine tasks. |
|
Policies for Azure AD |
Previously ISE supported Azure AD identity provider using SAML and Oauth authentication protocols but there was limited support for dot1x |
Now, Cisco ISE 3.x supports EAP-TLS and TEAP authentication with Azure AD. This means that you can now create policies using group and attribute information when performing dot1x authentication which allows for differentiated and secure access. |
|
| Automation and APIs |
Open API for system and policy management |
Previously, API only exposed basic ISE infrastructure and session related content |
With Open API support, ISE 3.x brings you a lot more automation capabilities such as policy and system management (like backups) while still supporting the other types of APIs |
|
Zero Touch Provisioning |
The traditional way of deploying ISE had several touch points and was a manual process. It took several hours setting up a large deployment |
Now, the new Zero Touch Provisioning (ZTP) allows you to create a configuration file in which the ISE node can be configured (IP, hostname, DNS, etc.) Likewise, it can automatically install any hot fixes or patches immediately after it is set up. |
|
| Posture and Compliance |
Posture on Linux |
Previously, ISE Posturing could be performed on Windows and OS X machines. |
ISE Posture can now be performed for Linux devices too, along with Windows and OS X. That way, all endpoints on the network can be kept compliant and, if found non-compliant, they can be quarantined and remediated. |
|
Agentless Posture |
Previously you had to have an application installed on the endpoint to perform posture checks |
By popular request, ISE can now be configured to assess the posture of an endpoint without having to roll out client applications across your entire install base. For you this means you gain all the visibility necessary without the need of an additional application. |
Promotion Alert: ISE 3.x offers a streamlined licensing scheme in line with Cisco DNA licensing tiers. Take advantage of the one year free licenses on Cisco limited-time promotion by upgrading your ISE deployment and licenses to version 3.x!
Ask the Experts Recording: Please watch this VoD as our experts walk you through the steps to prepare, perform, and validate a successful ISE upgrade without headaches. Best practices, strategies to minimise downtime and different methods of upgrades for different types of ISE deployments are covered.
Ask the Experts Live: If you would like to ask the questions to one of our ISE experts live in during webinar, please register to one of the Upgrade Planning and Best Practices: Upgrading ISE Ask the Experts sessions.
