Networking

12:39 PM
Amy Arnold
Amy Arnold
Commentary
Connect Directly
LinkedIn
Google+
Twitter
RSS
E-Mail
50%
50%

Book Review: 'Cisco ISE For BYOD And Secure Unified Access'

For a network engineer planning a Cisco Identity Services Engine deployment, this publication provides valuable technical guidance and practical troubleshooting advice.

Like many network engineers, I've been evaluating Cisco Identity Services Engine and planning for an impending implementation. So I welcomed a chance to review "Cisco ISE for BYOD and Secure Unified Access" by Aaron Woland and Jamey Heary.

If you are a management type looking to understand what ISE brings to the table, you'll find this book helpful. Several chapters explain the business case around ISE and the power of the technology. However, you are not the target audience. Cisco ISE for BYOD reads more like a lab manual than anything else, which for a newbie like me looking to get her hands dirty, this works out quite nicely.

The authors start by presenting the building blocks of the product, from the basics of topology design, node functionality, and licensing requirements, but then jump right into configuration fundamentals and demonstrations. Throughout the chapters, readers are presented with a number of technical "how-to'" examples together with pieces of practical "why you would want to" advice.

Woland and Heary assume a basic knowledge of 802.1X authentication and configuration, which ISE builds on extensively. However, the book does cover some fundamentals of the protocol for those who do not have extensive training in this area, and even includes some helpful process flow charts. The book also clearly lays out proper design, goals, and expectations that engineers should have in mind before deploying the ISE product.

The authors point out that ISE is highly customizable and no deployment will look identical to another. For example, PCI-compliant environments will invoke and prioritize different security policies than other businesses. The book even provides some excellent questions and thought processes to get engineers asking the questions that will need to be answered to determine what business policies must accompany the deployment.

[Read about a Cisco Press publication that can help if you're planning to buy Nexus gear or have already deployed it in "Book Review: 'NX-OS and Cisco Nexus Switching'."]

Another aspect of this book engineers will find remarkably helpful is the attention to the many details involving the network hardware with which ISE interacts. The authors not only provide configuration snippets for common devices like 3750s and Nexus 7000s, but they also mention some gotchas that commonly crop up when dealing with mixed environments of old and new gear. For example, they walk you through setting up SG tags on various devices and point out the various intricacies involved, such as a 6500 being able to process SG tags in ingress mode or egress mode, but not both.

My favorite chapter of "Cisco ISE for BYOD" by far is the troubleshooting chapter. The screenshots and process resolution of common issues are reference gold. The methodology laid out for troubleshooting is nothing new, but it's sound. Woland and Heary advise: "Always stay calm, take your time, and think about how the solution works." The text then gives excellent resources to help you do this, including a chart of basic authentication and authorization flows, instructions on how to access the Live log and how to run a TCP dump, as well as an excellent ISE node communications reference sheet.

I would recommend this book to any engineer taking on an ISE deployment, especially if you have a lab environment to play in. Being able to follow along through the chapters in a lab would definitely have enhanced my reading of the text, but if you find yourself lab-less, don't fret -- the book is an excellent primer and definitely worth reading.

Amy Arnold, CCNP/DP/Voice, currently works as an engineer in the public sector with a focus on all things networking. You can follow her on Twitter at @amyengineer View Full Bio
Comment  | 
Print  | 
More Insights
Slideshows
Cartoon
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Twitter Feed