ISE Setup and Operations Overview

Feb 1, 2025

Initial ICE Setup and Operations

Presenter Introduction

  • Thomas Howard: Identity Services Engine Technical Marketing Engineer at Cisco.

Overview of Lecture

  • Focus on initial setup and operations of ICE node.
  • Aim: Setup ICE node operationally to start authentications.
  • Demo environment used for live demonstration.
  • Access to Cisco dCloud for virtual wireless controller and ICE.
  • Use of Meraki access points and Microsoft's Active Directory for authentication.

Demo Environment

  • Access to Cisco demo cloud or dCloud.
  • Ability to use Meraki access points globally via Meraki cloud.
  • Integration with Microsoft’s Active Directory for user authentication.
  • Use of Amazon Web Services and Linux for automation (REST APIs, Ansible, Terraform).
  • Availability for Cisco partners and employees in dCloud and Cisco's DevNet.

ICE Installation & Initial Checks

  • Version Check: Running ICE version 3.1 with latest patch.
  • Patch Management: Importance of keeping ICE patched for security (e.g., log4j vulnerability).
  • Standalone Node: Setup of standalone ICE node.
  • Feedback Option: 'Make a Wish' button for feature requests.

Deployment Configuration

  • Node Deployment: Steps for setting up a single or multi-node ICE deployment.
  • Service Enablement: Enabling administration, monitoring, PSN, and device administration services.
  • Security Warning: Encrypt RADIUS/TACACS traffic if running over network or internet.
  • Profiling Configuration: Enable DHCP, HTTP user agent, and DNS probes.

Licensing

  • Licensing Overview: Demo node already licensed.
  • Device Admin Licenses: Consumed upon service enablement.
  • Further Learning: Reference to previous webinars on ICE licensing.

Certificates

  • Current Setup: Certificates provisioned for demo.
  • Future Webinar: Managing digital certificates discussed in upcoming webinar.

Logging and Syslog Configuration

  • Syslog Server Setup: Add TCP syslog server and configure logging categories in ICE.
  • Testing: Attempted RADIUS authentication to check syslog functionality.

Repositories and Patches

  • Repository Setup: Configuration of local disk and FTP server repositories.
  • Patch Upload: Upload log4j vulnerability patch.
  • Data Management: Operational data purging and backups.

Administrative Access Configuration

  • Password Management: Disable password expiration.
  • Role-Based Access Control: Setup different admin roles (e.g., super admin, network device admin).
  • Active Directory Integration: Join ICE to Active Directory for user authentication and role mapping.

Security and System Settings

  • FIPS Mode: For government or strong security requirements.
  • TLS Settings: Disable old protocols for stronger security.
  • Alarm Settings: Configure alarms for monitoring.

Profiling and Protocols

  • Profiling: Enable profiling for connected endpoints.
  • Protocol Optimization: Enable session resume for faster authentications.

System Infrastructure

  • SMTP Configuration: Required for email notifications.
  • Time Settings: Recommend UTC for global deployments.
  • API Enablement: Turn on API settings for automation.

Automation and Patching

  • Patch Automation: Demonstrated using REST API and curl to apply a hotfix.
  • System Tasks: Monitor patch status through API commands.

Conclusion

  • Resources: Encourage exploration of community resources and guides for advanced configurations.
  • Automation Capabilities: Highlight of ICE 3.1 features for automation in deployment and management.