I will start my blogging with the series posts about installing and configuring Cisco Identity Service or Cisco ISE.
Cisco ISE is really cool platform for security management and control. It is primarily used to established secured network and guest access, but it could be also used for device access (routers, switches etc.). Cisco treats ISE as one of the main platform for establish BYOD.
Cisco ISE application runs on top of Cisco ADE-OS. You can do some basic system stuff on that OS, like IP addressing and routing, NTP settings, hostname etc. It can be used to reset admin password for Cisco ISE application as well. To access Cisco ADE-OS you can use SSH with your favorite terminal program.
Cisco ISE could be deployed as a hardware appliance (Cisco ISE 3000 series) or VM. Since I am a big fan of virtualization I prefer VM-based deployment, but it always depends on your requirements. ISE could be deployed in standalone mode or HA mode, in which you can also distribute different services among ISE servers. Since I am currently doing proof-of-concept I will use standalone mode. You can always extend your deployment to HA mode.
Of course to start using Cisco ISE you first need to install your server. The minimum requirements for installation by Cisco is Quad-Core, 4GB RAM and 60GB of disk storage. You must provide 4GB of RAM and 60GB of disk storage at installation. Otherwise the installation process will not let you through. If you just want to do proof-of-concept you can later decrease amount of RAM. You can use 1GB and you should be fine. But of course you need to increase resources to use it in production environment.
You should use iso file for installation. Insert Cisco ISE in your VM and start VM. You have to choose to install ISE and then wait for installation process to get to the login prompt, where you should enter setup mode with setup command.
You can check ise application status or reset application in ADE-OS. All processes should running to access ISE application through browser.
ciscoise/admin# sh application status ise
ISE Database listener is running, PID: 5237
ISE Database is running, number of processes: 27
ISE Application Server is running, PID: 11768
ISE M&T Session Database is running, PID: 4897
ISE M&T Log Collector is running, PID: 7022
ISE M&T Log Processor is running, PID: 7106
ISE M&T Alert Process is running, PID: 6928
% WARNING: ISE DISK SIZE NOT LARGE ENOUGH FOR PRODUCTION USE
% RECOMMENDED DISK SIZE: 200 GB, CURRENT DISK SIZE: 64 GB
You can start, stop, reset application, reset admin password or completely reset configuration to factory default. Commands are listed below.
ciscoise/admin# application ?
configure Configure application
install Install An Application Bundle
remove Uninstall An Application
reset-config Reset application configuration to factory defaults
reset-passwd Reset application password for specified user
start Start an Application
stop Stop an Application
upgrade Upgrade An Application Bundle
To access Cisco ISE via web browser you should only enter http://x.x.x.x and you are automatically redirected to https page. You enter your credentials that were provided during installation and you are ready to use your fresh installation of the Cisco ISE. What is specially cool about ISE is that Cisco provide 90-days evaluation license with all features. So you can use this to build proof-of-concept or to test some functionalities.
No comments:
Post a Comment