Managing a network that requires workers and guests to connect to routers and wireless access points at their convenience requires a multi-faceted approach. Special considerations regarding BYOD policies, endpoint protection, and quick & efficient network maintenance must be taken to sustain the continuity of your network’s integrity and performance.
Cisco Identity Services Engine (ISE) is one of the leading Network Access Control (NAC) solutions that help IT admins effective manage and protect their complex networks. At its core, Cisco ISE gives IT admins the power to create granular network access policies based on a set of uniquely-defined identifiers including but not limited to:
- Device type
- Job role of the person logging into the network
- Physical location of the device
- OS versions and patches
- Presence of anti-virus software
Although Cisco ISE streamlines network access and policy management tasks, configuring Cisco ISE to work properly in a production environment can pose challenges for even the most seasoned architects and engineers. Because of this, external consultants that specialize in ISE deployments are often brought in to help when specific Cisco ISE experience is scarce.
How To Vet Cisco ISE Engineers
In enterprise deployments, especially those in finance, defense, or health care settings, ISE engineers may be limited on the number of details they can share about their previous experience in ISE due to organizational privacy and/or non-disclosure agreements. Rest assured, however, that there is still a way to conduct your due diligence when hiring an external Cisco ISE consultant.
The following ten questions serve as a list of the top ten questions that any experienced ISE consultant should be able to answer thoroughly. Note that none of these interview topics explore what the engineer has done in the past. Instead, these questions are designed to elicit a response that requires a fundamental understanding of Cisco ISE from an architectural, functional, and security perspective.
- How can an ISE deployment protect my infrastructure from cyber threats?
- How can an ISE implementation make better use of my current resources?
- Can an appropriate level of security be implemented with only Base (Permanent) Licenses?
- What are the pros and cons of using regional portals for Guest/BYOD?
- What is the benefit of implementing TrustSec in an ISE deployment?
- Why is Cisco ISE better than Microsoft NPS for my organization?
- How does integrating ISE with Cisco Prime help my organization?
- Why should I embrace the BYOD revolution within my organization?
- Single cluster or ISE cubes?
- What skills are necessary to support all the features I want to use within ISE?
The previously listed questions help explore the engineer’s applicable knowledge of Cisco ISE. Questions (3), (4), (9), and (10) require ISE-specific knowledge that demonstrates the consultants understanding of Cisco ISE’s core features. For example, there three other licenses available outside of the Cisco ISE Base license, and each of the other licenses have features not present in just the Base license alone.
Questions (1), (2), and (8) command answers that delve into the engineer’s “big picture” design knowledge regarding important objectives like security, BYOD, and the resources available to your organization, which includes internal team members. Knowing how to make the best of your network’s existing hardware, software, and people after an ISE implementation can save a lot of time and headaches later on down the road.
Questions (5), (6), and (7) require knowledge of external elements that are quite often integrated with Cisco ISE. TrustSec, although not required, allows organizations to take advantage a security architecture that offers more advanced network access policy enforcement. Cisco ISE can essentially replace Microsoft NPS, and Cisco PRIME is a great compliment to ISE for organizations that need both an NAC solution and network management solution for their converged wired and wireless networks.
Still Searching For A Qualified Cisco ISE Engineer?
CTC Technologies has helped design, implement, and support Cisco ISE-based networks for mid market and enterprise companies from all across the United States. Our ISE engineers regularly fly on-site to work side-by-side with IT admins who need to implement CIsco ISE into their network and train their employees on the best practices with ISE – all while making sure your existing IT infrastructure remains in tip-top shape.