News & Events

A look at the new Cisco ISE 3.0

  • 9 November, 2020

Article, Cisco, Security

Cisco ISE 3.0 release

Cisco recently announced the third major release of their Identity Services Engine product, ISE 3.0! There have been some improvements to features available in previous versions of the platform and also some big additions and changes, namely relating to the licesning structures. Cisco’s flagship network access control product continues to:

  • Unify policy across campus and branch deployments to enable secure network access and control from the cloud.
  • Give the freedom to choose between an agent or agentless approach to ensure endpoints are compliant with organisational policy, giving teams the agility to deploy security that works as fast as they do.
  • Accelerate business value with a simplified experience to unlock advanced use cases to secure the network and align to business objectives.

ISE 3.0 Licensing changes

The biggest change coming to ISE 3.0 is in its licensing model. In prior versions, licenses at the Base tier that provided entry-level 802.1X and Guest services were permanent licenses that did not require renewal. However, in ISE 3.0 Base licenses also become term-based in the same way as the prior Plus and Apex tiers.

Licensing tiers have also been renamed, in line with the current standard licensing tiers for Enterprise Network products:

  • Base becomes Essentials
  • Plus becomes Advantage
  • Apex becomes Premier

The new licensing model is described by Cisco as using a “nested doll” model – put simply, where previously Apex licenses did not include Plus tier features, licenses now include all features in any below tier. Premier licenses include Advantage and Essentials features, and Advantage licenses include Essentials features.

More information on the new licensing model and conversion can be found here.

We offer Cisco Licensing streamlining services to Cisco customers. Find out more here.

Cisco security cheat sheet free

New user interface

ISE 3.0 also features a new, streamlined User Interface with guided workflows for advanced use cases. In the same vein as the wizards and Work Centres that were added to later 2.x releases, these help users access and deploy some traditionally complex ISE features with ease. 

You can see a screenshot of the new live sustem in ISE 3.0 below.

cisco ise 3.0 user interface

Agentless posture functionality

ISE 3.0 brings Agentless Posture functionality to complement existing Agent-based Posture Assessment features. ISE can be configured to automatically deploy a temporary lightweight posture assessment client to the endpoint that removes itself after assessment, without having to commit to rolling out AnyConnect across their entire install base. 

cisco ise 3.0 agentless posture

Controlled Release support for Azure Active Directory

ISE 3.0 also adds Controlled Release support for Azure Active Directory as an external identity source. Where previously in 2.x Azure AD identities were only accessible via guest flow or with an integrated onpremise Active Directory, Azure AD can now be used directly with 802.1X using OAuth and ROPC. This gives cloud identity only organisations the ability to secure wireless and wired access in the same way as those with an on-premise AD deployment using 802.1X. 

Cisco ise 3.0 active directory