MobileIron adds Cisco ISE (Identity Services Engine) API Session 1

Recently I attended a very informative session by the MobileIron team regarding their collaboration with Cisco for the infamous NAC solution, Identity Services Engine.


Cisco Identity Services Engine (ISE) is a next-generation identity and access control policy platform that enables enterprises to enforce compliance, enhance infrastructure security, and streamline their service operations. 
The unique architecture of Cisco ISE allows enterprises to gather real-time contextual information from networks, users, and devices. The administrator can then use that information to make proactive governance decisions by tying identity to various network elements including access switches, wireless LAN controllers (WLCs), virtual private network (VPN) gateways, and data center switches. 

The API as of now is not bidirectional and sync takes place only  from ISE and you have an option in the ISE console to define the polling interval. Also, the ISE API is license based and it needs to be purchased separately.

MobileIron as per Gartner report stands in the Leaders Quadrant and with this solution should have an upper hand in the market. We wont delve into much of MobileIron MDM but the diagram shown below should clarify the product and its functioning.




So why did MobileIron require a NAC Solution?

Cisco ISE API integrates,
  • Automated BYOD Device Onboarding - New devices connected to corporate network are automatically directed and forwarded for MDM Enrollment
  • Network Access based on Device posture: i.e rooted/jailbroken devices will be not entertained by the network itself
  • Also giving an ease of access to end users who now don't have to remember any URL's or check mail instructions to register their device as its handled automatically for every device that enters the network.

 In the next post we will delve more into ISE and the API and integration with MobileIron MDM.

Comments