CISCO ISE (Identity Services Engine)

The Cisco Identity Services Engine (ISE) offers a network-based approach for adaptable, trusted access everywhere, based on context. It gives you intelligent, integrated protection through intent-based policy and compliance solutions. And it is all delivered with streamlined, centralized management that lets you scale securely in today's market.

Username is a key element in determining access to a network. Username can also help you alert you users to potentially suspicious activity with their devices. It answers the all-important question of who is connected to your network.

The Cisco Identity Services Engine (ISE) Passive Identity Connector centralizes, consolidates, and distributes identity information, including IP addresses, MAC addresses, and usernames. At the same time it offloads work from key infrastructure such as Microsoft Active Directory.

Many servers on the network are active participants in user authentication. They take user credentials and either verify them or look them up in a dedicated repository such as Active Directory. Rather than being actively involved in user authentication, the Passive Identity Connector listens to the various authentication servers on the network. It centralizes the authentication information, becoming the single source of truth for its subscribers.

The Passive Identity Connector distributes the session identity information to other devices on the network that are natural consumers of such information. These devices include firewalls, web security appliances, and traffic analyzers. Using the Cisco Platform Exchange Grid (pxGrid), the Cisco ISE Passive Identity Connector can support up to 20 subscribers.

Features:

• Centralized information
• Improved performance
• Syslog server support
• Active Directory support
• Kerberos SPAN support
• Endpoint probes
• Active Directory agent
• Support for custom APIs
• Citrix Terminal Server support
• High availability
• Migration support
• Virtual machine support
• Scalability

Benefits:

• Consolidates data from multiple authentication sources, eliminating the need for every system that requires authentication data to interact with every authentication source
• Eliminates the burden on an often-overtaxed infrastructure with a single system that caches data for other authentication data consumers
• Gathers authentication data from systems that support syslog
• Gathers authentication data from Active Directory through the Microsoft Windows Management Interface (WMI)
• Gathers Active Directory authentication data from switches supporting Kerberos SPAN
• Understands when endpoints log off
• Gathers authentication data from up to 10 Microsoft Active Directory domain controllers
• Gathers authentication data from systems that support a custom interface
• Gathers authentication data from Citrix Terminal Server
• Supports active/passive redundancy
• Customers may upgrade from the Cisco ISE Passive Identity Connector to Cisco ISE, adding the Passive Identity Connector node to an existing Cisco ISE cluster.
• Supports KVM, VMware, and Hyper-V
• Tailored to fit your organization with support for 3,000 and 300,000 sessions