Implementing and Configuring Cisco Identity Services Engine (SISE)

Implementing and Configuring Cisco Identity Services Engine v2.1 (SISE) is an identity and access control policy platform that provides a single policy plane across the entire organization, combining multiple services into a single context-aware identity-based platform. You will learn how to configure and administer many of the services, including authentication, authorization and accounting (AAA), posture, profiling, device on-boarding and guest management. You will also learn the knowledge and skills to enforce security posture compliance for wired and wireless endpoints and enhance infrastructure security using the Cisco ISE.

• ISE Administrators/Engineers
• Wireless Administrators/Engineers
• Consulting Systems Engineers
• Technical/Wireless/BYOD/Security Solutions Architects
• ATP partner systems and field engineers
• Systems integrators who install and implement the Cisco Identity Service Engine version 1.3

• CCNA or equivalent level of experience with Cisco infrastructures. The Course Interconnecting Cisco Network Devices Part 2 (ICND2) provides the prerequisite knowledge
• CCNA Security or equivalent level of experience with Cisco infrastructures. The course Implementing Cisco Network Security v3.0 (IINS) provides the prerequisite knowledge
• Familiarity with Microsoft Windows Administering Windows Server 2012 (20411) will provide the prerequisite knowledge
• Familiarity with 802.1X. The course Introduction to 802.1X Operations for Cisco Security Professionals (802.1X) provides the prerequisite knowledge

• Describe Cisco ISE architecture, installation, and distributed deployment options
• Configure Network Access Devices (NADs), policy components, and basic authentication and authorization policies in Cisco ISE - Implement Cisco ISE web authentication and guest services
• Deploy Cisco ISE profiling, posture and client provisioning services
• Describe administration, monitoring, troubleshooting, and TrustSec SGA security
• Configure device administration using TACACS+ in Cisco ISE

• Implementing Cisco IP Routing v2.0 (ROUTE)
• Implementing Cisco Edge Network Security Solutions (SENSS)
• Implementing Cisco Secure Mobility Solutions (SIMOS)
• Implementing Cisco Secure Access Solutions (SISAS)
• Implementing Cisco Threat Control Solutions (SITCS)

Module 1: Introducing Cisco ISE Architecture and Deployment

• Security challenges
• Cisco ISE solutions Use Cases
  • Guest use
  • BYOD
  • Profiling
  • Compliance
  • Security group access
• Secure Access Control
• ISE function
• ISE deployment components
  • Admin node
  • Policy service node
  • Monitoring node
  • pxGrid Services
  • Policy synchronization
  • Deployment options
• Context visibility
  • Benefits
  • Wizard
  • Streamline wizard

Module 2: Cisco ISE Policy Enforcement

• IEEE 802.1X primeer
• MAC authentication bypass
• 802.1X and MAB
• Identity sources
• Multi-AD overview and configuration
• Lightweight directory access protocol
• RADIUS
• SAMLv2
• Identity source sequence
• Certification authority services
• Authentication and authorization process
• Exception policies and policy sets
• Global vs local exception processing
• Third-party NAD support
• Cisco TrustSec
• Easy connect
  • Overview
  • Modes and flows
  • Configuration

Module 3: Web Auth & Guest Services

• Web authentication overview
• Guest access services overview
• Guest access settings
• ISE sponsor components and configuration

Module 4: Cisco ISE Profiler

• Profiler service and policies
  • Configure
  • Prepare
  • Enable
  • Probe configuration
  • Feed service
  • Settings
  • Profiling parameters
• NMAP scan action

Module 5: Cisco ISE BYOD

• Problem and solutions
• Design
• Portal selection process
• Device portal configuration
• ISE CA server and local certificates

Module 6: Cisco ISE Endpoint Compliance Services

• Posture service
  • Conditions
  • Compliance module
  • Flow
  • Agents
  • Deployment and licensing
• Client provisioning
• Posture general settings
• Client provisioning portal and policy

Module 7: Cisco ISE with AMP and VPN-Based Services

• AAA – external authentication
• Cisco ASA for VPN authentication
• Threat centric NAC

Module 8: Cisco ISE Integrated Solutions with APIs

• Location-based authorization
• pxGrid framework

Module 9: Working with Network Access Devices

• TACACS+
  • Device administration
  • Configuration
  • Guidelines
  • Best practices
• Migrating Cisco ACS to ISE

Module 10: Cisco ISE Design (Self-Study)

• ISE planning and Pre-deployment
• ISE sizing and scaling practices
• Deployment best practices
• Web portals best practices
• PSN HA or load sharing
• Deploying monitoring personas
• Network infrastructure preparation

Module 11: Configuring Thrid Party NAD Support (optional/Self-Study/Reference)

• Third-party NAD support configuration

Labs:

• Initial Configuration of Cisco ISE
• Complete Cisco ISE GUI Setup
• Integrate Cisco ISE with Active Directory
• Integrating Cisco ISE with a second Microsoft Active Directory
• Basic Policy Configuration
• Configure Guest Access
• Guest Access Operations
• Guest Reports
• Configuring Profiling
• Customizing the Cisco ISE Profiling Configuration
• ISE Profiling Reports
• BYOD Configuration
• Device Blacklisting
• Compliance
• Configuring Client Provisioning
• Configuring Posture Policies
• Testing and Monitoring Compliance Based Access
• Compliance Policy Testing
• MDM Integration with Cisco ISE
• MDM Access and Configuration
• Client Access with MDM
• Using Cisco ISE for VPN Access
• Configuring Backups and Patching
• Configuring Administrative Access
• Review of General Tools
• Report Operations