You have been tasked with deploying a NAC solution. Unfortunately, IT leaders taking on this endeavor often find themselves confronted with some ugly truths about their network infrastructure and the bandwidth of their internal resources. ADAPTURE Cisco ISE expert Andy Thompson addresses four common questions utilizing his experiences with the industry-leading NAC solution Cisco ISE.
Question: What Can I Expect While Deploying a NAC Solution?
Answer: Expect the Unexpected.
Know that you will learn more about your network than you ever dreamed possible. When a NAC solution is deployed, it will require extreme diligence and will need almost every facet of an IT infrastructure team’s knowledge and skillsets. These are just a few of the things you will encounter:
- End of Life devices
- Outdated software
- Security vulnerabilities
- Incorrect configurations
- Lack of knowledge
- Unknown devices
- Device Recognition issues
- Endpoint weaknesses
If your team struggles with bandwidth issues, you’ll need to be aware of the commitment it will take to deploy your NAC solution.
Question: Where Do We Start When We Require ALL Components of a NAC Deployment?
High availability wired, wireless, profiling, posturing, device administration, BYOD, guest access, multi-factor authentication… Some companies need all of these−and more−for every device that connects.
Answer: Decide Priorities
Step back, prioritize what of the list above is truly a requirement, right now. The cost of such a large endeavor will rapidly strain your budget. Each item listed will have a cost associated with it. Some are nominal, others can quickly become very expensive. The licensing structure within Cisco ISE, for example, is very broad and will consume a great deal of your budget. More often than not, clients start with wanting everything a solution like Cisco ISE can do, but the majority trim those demands down significantly during the design phase simply due to costs.
Question: Our Infrastructure was Upgraded Recently; Shouldn’t that Make It Easier?
Answer: Your Network Design Might Still Need Work
This is sometimes the most technically shocking aspect of an ISE deployment. Your investment may require modifications on either the software or licensing components with ISE. Each device that will connect to ISE must meet minimum requirements to be fully compatible. Sometimes it’s as simple as a code upgrade, sometimes it’s enabling licensing entitlements. Sometimes, it’s a complete rip and replace. When you engage a partner to assist with your project, keep in mind that you may hear things that you weren’t planning to hear. Your baby might not be ugly, but it also might not be able to grow into what you need. So, you need to be ready to listen to your network design being dissected. It doesn’t mean you did anything wrong−NAC deployments are just demanding and fairly unforgiving.
Consideration: How Steep of a Learning Curve Will My Support Staff Be Exposed to?
Answer: This will vary depending on the modules you choose to deploy.
You still want the full list from above? That means Subject Matter Experts for Route Switch, Firewalls, Wireless, Operating Systems, Active Directory, Endpoint protection, BYOD, Radius, Certificates, TrustSec, Hybrid integration, troubleshooting, etc. Put plainly, you will need expertise to cover everything. Do you and your staff have the expertise to cover these? And, equally as important, do you have time to devote to keeping your NAC environment healthy?
Unfortunately, sending your engineers off to hands on training may not be enough. That will give them a foundation to build upon. If you had a partner help in the deployment, they should have provided you with an accurate runbook of your deployment. Even with all of that, however, your team will be strained to become truly knowledgeable of the design.
Deploying a NAC Solution Successfully with ADAPTURE Managed Cisco ISE Services
The truth of the matter is simply that ISE is an enormous undertaking. It spreads its tentacles throughout your entire environment. Small mistakes can lead to very costly consequences. Designing, testing, deploying, and supporting such a solution is daunting; for those who are not prepared nor truly understanding of the far-reaching impact of putting ISE into your infrastructure, they will quickly find themselves in over their heads and simply trying to survive.
Most managed service solutions are capable and excel at standard network deployments. However, until recently, no one has been able to produce a service that can handle the broad range of scenarios with Cisco ISE.
ADAPTURE has created a unique, one-of-a-kind solution that not only makes ownership of an ISE deployment a less stressful part of your network strategy, but also a more effective, thriving solution.
With the ADAPTURE ISE Management solution, we provide automation components that take away the fear of making mistakes, the uncertainty that perhaps you aren’t doing certain daily ISE actions correctly. And, most importantly, it gives you decades of subject matter expertise in a few clicks.
Schedule a demo with one of our Solution Architects today to see how ADAPTURE can successfully deploy a robust NAC solution for your company.
