Professional Documents
Culture Documents
Product Overview
The Cisco Identity Services Engine is a next-generation identity and access control policy platform that enables enterprises to enforce compliance, enhance infrastructure security, and streamline service operations. Its unique architecture allows enterprises to gather real-time contextual information from networks, users, and devices to make proactive governance decisions by enforcing policy across the network infrastructure. The Cisco Identity Services Engine is an integral component of the Cisco TrustSec solution that helps secure and govern borderless networks. The Cisco Identity Services Engine provides a highly powerful and flexible attribute-based access control solution that combines authentication, authorization, and accounting (AAA); posture; profiling; and guest management services on a single platform. Administrators can centrally create and manage access control policies for users and endpoints in a consistent fashion, and gain end-to-end visibility into everything that is connected to the network. The Cisco Identity Services Engine automatically discovers and classifies endpoints, provides the right level of access based on identity, and provides the ability to enforce endpoint compliance by checking a devices posture. The Cisco Identity Services Engine also provides advanced enforcement capabilities, including Security Group Access (SGA) through the use of security group tags (SGTs) and security group access control lists (ACLs).
Allows enterprises to authenticate and authorize users and endpoints via wired, wireless, and VPN with consistent policy throughout the enterprise
Prevents unauthorized network access to protect corporate assets Provides complete guest lifecycle management by empowering sponsors to on-board guests, thus reducing IT workload
Discovers, classifies, and controls endpoints connecting to the network to enable the appropriate services per endpoint type
2011 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 1 of 1
Data Sheet
Addresses vulnerabilities on user machines through periodic evaluation and remediation to help proactively mitigate network threats such as viruses, worms, and spyware
Enforces security policies by blocking, isolating, and repairing noncompliant machines in a quarantine area without needing administrator attention
Offers a built-in monitoring, reporting, and troubleshooting console to assist helpdesk operators and administrators streamline operations
The Cisco Identity Services provides several additional key features, described in Table 1.
Table 1.
Feature AAA protocols Authentication protocols
Policy model
Access control
Profiling
Posture
Centralized management
Platform options
Product Specifications
There are three hardware options for the Cisco Identity Services Engine (see Table 2).
Table 2. Cisco Identity Services Engine Hardware Specifications
Cisco Identity Services Engine Appliance 3315 (Small) Processor Memory Hard disk RAID Removable media 1 x QuadCore Intel Core 2 CPU Q9400 @ 2.66 GHz 4 GB 2 x 250-GB SATA HDD No CD/DVD-ROM drive Cisco Identity Services Engine Appliance 3355 (Medium) 1 x QuadCore Intel Xeon CPU E5504 @ 2.00 GHz 4 GB 2 x 300-GB SAS drives Yes (RAID 0) CD/DVD-ROM drive Cisco Identity Services Engine Appliance 3395 (Large) 2 x QuadCore Intel Xeon CPU E5504 @ 2.00 GHz 4 GB 4 x 300-GB SFF SAS drives Yes (RAID 0+1) CD/DVD-ROM drive
2011 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 2 of 4
Data Sheet
Cisco Identity Services Engine Appliance 3315 (Small) Network Connectivity Ethernet NICs 10BASE-T cable support 10/100/1000BASE-TX cable support Secure Sockets Layer (SSL) accelerator card Interfaces Serial ports USB 2.0 ports Video ports External SCSI ports System Unit Form factor Weight Dimensions Power supply Cooling fans BTU rating Rack-mount 1 RU 28 lb (12.7 kg) fully configured 1.69 x 17.32 x 22 in. (43 x 440 x 55.9 mm) 350W 6; non-hot plug, nonredundant 1024 BTU/hr (at 300W) 1 4 (two front, two rear) 1 None x Integrated Gigabit NICs Cat 3, 4, or 5 unshielded twisted pair (UTP) up to 328 ft (100 m) Cat 5 UTP up to 328 ft (100 m) None
4 x Integrated Gigabit NICs Cat 3, 4, or 5 UTP up to 328 ft (100 m) Cat 5 UTP up to 328 ft (100 m) Cavium CN1620-400-NHB-G
4 x Integrated Gigabit NICs Cat 3, 4, or 5 UTP up to 328 ft (100 m) Cat 5 UTP up to 328 ft (100 m) Cavium CN1620-400-NHB-G
Rack-mount 1 RU 35 lb (15.87 kg) fully configured 1.69 x 17.32 x 27.99 in. (43 x 42.62 x 711 mm) Dual 675W (redundant) 9; redundant 2661 BTU/hr (at 120V)
Rack-mount 1 RU 35 lb (15.87 kg) fully configured 1.69 x 17.32 x 27.99 in. (43 x 42.62 x 711 mm) Dual 675W (redundant) 9; redundant 2661 BTU/hr (at 120V)
Cisco Identity Services Engine virtual appliances are supported on VMware ESX/ESXi 4.x and should be run on hardware that equals or exceeds the characteristics of the physical appliances listed in Table 2. At minimum, Cisco Identity Services Engines require the virtual target to have allocated at least 4 GB of memory and at least 200 GB of hard drive space.
System Requirements
The optional Cisco NAC Agent works on range of different systems (see Table 3).
Table 3.
Feature Supported OS
2011 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 3 of 4
Data Sheet
Printed in USA
C78-656174-01
08/11
2011 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 4 of 4