You have been tasked with deploying a NAC solution. Unfortunately, IT leaders taking on this endeavor often find themselves confronted with some ugly truths about their network infrastructure and the bandwidth of their internal resources. ADAPTURE Cisco ISE expert Andy Thompson addresses four common questions utilizing his experiences with the industry-leading NAC solution Cisco ISE 

Question: What Can I Expect While Deploying a NAC Solution? 

Answer: Expect the Unexpected.   

Know that you will learn more about your network than you ever dreamed possible.  When a NAC solution is deployedit will require extreme diligence and will need almost every facet of an IT infrastructure teams knowledge and skillsets. These are just a few of the things you will encounter: 

  • End of Life devices 
  • Outdated software 
  • Security vulnerabilities 
  • Incorrect configurations 
  • Lack of knowledge 
  • Unknown devices 
  • Device Recognition issues 
  • Endpoint weaknesses 

If your team struggles with bandwidth issues, you’ll need to be aware of the commitment it will take to deploy your NAC solution. 

QuestionWhere Do We Start When We Require ALL Components of a NAC Deployment? 

High availability wired, wireless, profiling, posturing, device administration, BYOD, guest access, multi-factor authentication…  Some companies need all of theseand morefor every device that connects. 

AnswerDecide Priorities 

Step back, prioritize what of the list above is truly a requirement, right now.  The cost of such a large endeavor will rapidly strain your budget.  Each item listed will have a cost associated with it.  Some are nominal, others can quickly become very expensive.  The licensing structure within Cisco ISE, for example, is very broad and will consume a great deal of your budget.  More often than notclients start with wanting everything a solution like Cisco ISE can do, but the majority trim those demands down significantly during the design phase simply due to costs. 

QuestionOur Infrastructure was Upgraded Recently; Shouldn’t that Make It Easier? 

Answer:  Your Network Design Might Still Need Work 

This is sometimes the most technically shocking aspect of an ISE deployment.  Your investment may require modifications on either the software or licensing components with ISE.  Each device that will connect to ISE must meet minimum requirements to be fully compatible.  Sometimes it’s as simple as a code upgrade, sometimes it’s enabling licensing entitlements. Sometimes, it’s a complete rip and replace.  When you engage a partner to assist with your project, keep in mind that you may hear things that you weren’t planning to hear.  Your baby might not be ugly, but it also might not be able to grow into what you need.  So, you need to be ready to listen to your network design being dissected.  It doesn’t mean you did anything wrongNAC deployments are just demanding and fairly unforgiving. 

Consideration: How Steep of a Learning Curve Will My Support Staff BExposed to? 

Answer: This will vary depending on the modules you choose to deploy.   

You still want the full list from above?  That means Subject Matter Experts for Route Switch, Firewalls, Wireless, Operating Systems, Active Directory, Endpoint protection, BYOD, Radius, Certificates, TrustSec, Hybrid integration, troubleshooting, etc. Put plainly, you will need expertise to cover everythingDo you and your staff have the expertise to cover these?  Andequally as important, do you have time to devote to keeping your NAC environment healthy? 

Unfortunately, sending your engineers off to hands on training may not be enough.  That will give them a foundation to build upon.  If you had a partner help in the deployment, they should have provided you with an accurate runbook of your deployment.  Even with all of that, however, your team will be strained to become truly knowledgeable of the design. 

Deploying a NAC Solution Successfully with ADAPTURE Managed Cisco ISE Services 

The truth of the matter is simply that ISE is an enormous undertaking.  It spreads its tentacles throughout your entire environment.  Small mistakes can lead to very costly consequences.  Designing, testing, deploying, and supporting such a solution is dauntingfor those who are not prepared nor truly understanding of the far-reaching impact of putting ISE into your infrastructure, they will quickly find themselves in over their heads and simply trying to survive. 

Most managed service solutions are capable and excel at standard network deployments. However, until recently, no one has been able to produce a service that can handle the broad range of scenarios with Cisco ISE.   

ADAPTURE has created a unique, one-of-a-kind solution that not only makes ownership of an ISE deployment a less stressful part of your network strategy, but also a more effective, thriving solution. 

With the ADAPTURE ISE Management solution, we provide automation components that take away the fear of making mistakes, the uncertainty that perhaps you aren’t doing certain daily ISE actions correctly.  And, most importantly, it gives you decades of subject matter expertise in a few clicks. 

Schedule a demo with one of our Solution Architects today to see how ADAPTURE can successfully deploy a robust NAC solution for your company.