Advanced ISE Architect Design and Scale ISE for your production
Cisco ISE is plays an architectural role for many security solutions and is also one of the main pillars in the overall Cisco's Software defined Access.
DGTL BRKSEC reference
Overview of Cisco ISE
Cisco Identity Services Engine (ISE) is a next-generation identity and access control The unique architecture of Cisco ISE allows enterprises to gather ...
ise overview
Untitled
Today's Security Trends. • Introduction to Cisco Identity Services Engine (ISE). • Positioning ISE. • ISE Architecture. • MDM TrustSec
CP
The Cisco Digital Network Architecture Vision – An Overview
DNA centers around a network infrastructure that is not only fully programmable and open to third–party innovation but can also fully and seamlessly integrates
white paper c
Network Deployments in Cisco ISE
Cisco ISE architecture includes the following components: This guide uses the following terms when discussing Cisco ISE deployment scenarios:.
b ise InstallationGuide chapter
Cisco Zero Trust Architecture
Cisco Zero Trust Architecture. Rob Bleeker. Technical Solution Architect Security ... ISE. AnyConnect. SD-WAN. Email Security. Next-Generation Firewall.
zero trust cisco connect vancouver
Cisco Umbrella Design Guide
Cisco Umbrella is a cloud-delivered security service that brings together essential larger architecture for Internet security. ... HQ network diagram.
umbrella design guide
Cisco SD-WAN Cloud scale architecture
DIAGRAM. Data plane redundancy. Putting it all together. As a result of its architecture the simplified workflow to bring up a Cisco SD-WAN overlay is:.
nb cisco sd wan ebook cte en
Cisco Secure Enclaves Architecture White Paper
2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 23. White Paper. Cisco Secure Enclaves Architecture.
whitepaper c
Network as a Sensor with Stealthwatch and Stealthwatch Learning
Integrating Cisco ISE with Cisco Stealthwatch . used in this guide are examples; you should use addressing that is applicable to your architecture.
CVD NaaS Stealthwatch SLN Threat Visibility Defense Dep Feb
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 23
White Paper
Cisco Secure Enclaves Architecture
Design Guide
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 23
Contents
Introduction .............................................................................................................................................................. 3
Goals of This Document ....................................................................................................................................... 3
Audience ............................................................................................................................................................... 3
Challenges and Objectives ................................................................................................................................... 3
Design Overview ................................................................................................................................................... 4
Business Benefits ................................................................................................................................................. 4
Architectural Overview .......................................................................................................................................... 4
Security Philosophy: The Reference Monitor ........................................................................................................ 9
Design Principles .................................................................................................................................................. 9
The Enclave ........................................................................................................................................................ 10
Host Topology ..................................................................................................................................................... 12
Enclave Topology ............................................................................................................................................... 14
Enclave Management ......................................................................................................................................... 16
Traffic Patterns .................................................................................................................................................... 19
Design Considerations .......................................................................................................................................... 20
Protection ............................................................................................................................................................ 20
Performance ....................................................................................................................................................... 21
Provisioning: Ease of Management .................................................................................................................... 21
High Availability ................................................................................................................................................... 22
Service Assurance .............................................................................................................................................. 22
Conclusion ............................................................................................................................................................. 22
For More Information ............................................................................................................................................. 23
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 23
Introduction
This document discusses the reliable and transparent introduction of Cisco® Services in the data center to create a
more flexible, functional, and secure application environment.Goals of This Document
The purpose of this design document is to propose an IT security framework that conforms to established design
principles and to provide details about solutions arising from this framework, called the Cisco Secure Enclaves
architecture. This document considers both the design and the composition of components to develop a coherent
security model that takes into account both the hardware and software at every level of a Cisco integrated
infrastructure stack. The goal of the design is to provide appropriate security that provides desirable levels of
performance and fault tolerance with ease of management at a competitive price.Audience
This document is intended to provide technical direction to channel partners and end-user customers interested in
making security an integral part of their IT infrastructure. The need for security is even greater when IT resources
are shared among groups of people whose data cannot be shared. This design and future implementations arising
from it address the challenges and requirements of such a shared platform.Challenges and Objectives
Most computing platforms are designed to meet performance and function requirements with little or no attention to
trustworthiness. Furthermore, the movement toward optimal use of IT resources through virtualization has resulted
in an environment in which the true and implied security accorded by physical separation has essentially vanished.
System consolidation efforts have also accelerated the movement toward co-hosting on integrated platforms, and
the likelihood of compromise is increased in a highly shared environment. This situation presents a need for
enhanced security and an opportunity to create a framework and platform that instills trust. Lack of confidence that
such a trust environment can be delivered with ease and maintained with resilient resource management is a major
obstacle to the physical consolidation of applications and adoption of cloud-computing service models.
The Cisco Secure Enclaves architecture helps evolve the current converged infrastructure offerings of Cisco by
simplifying and standardizing the delivery of Cisco application and security services on architecturally consistent
platforms. This approach is a logical extension of these data center building blocks, advancing the benefits of
standardization beyond the infrastructure to the applications and services required. This design provides the
following features that facilitate a uniform approach to IT in the data center: perspectives resources© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 23
Design Overview
Infrastructure as a service (IaaS), from the provider perspective, consists of a set of modular building blocks of
underlying resources assembled systematically based on services requested and overlaid with security. Services
may be introduced either through dedicated appliances or through virtual appliance implementations on shared
general-purpose computing resources. The main design objective is to help ensure that applications in this
environment meet their subscribed service-level agreements (SLAs), including confidentiality requirements, by
using pretested and validated IT infrastructure components to prevent inefficiency and inaccuracy.Business Benefits
Many enterprises and IT service providers are developing cloud service offerings for public and private
consumption. Regardless of whether the focus is on public or private cloud services, these efforts share several
common objectives:One essential characteristic of cloud architecture is the capability to pool resources, and each tenant that
subscribes to computing, networking, and storage resources in a cloud is entitled to a given SLA. The power
savings brought about by consolidation also contributes to reduced total cost of ownership (TCO). Achieving these
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 23
White Paper
Cisco Secure Enclaves Architecture
Design Guide
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 23
Contents
Introduction .............................................................................................................................................................. 3
Goals of This Document ....................................................................................................................................... 3
Audience ............................................................................................................................................................... 3
Challenges and Objectives ................................................................................................................................... 3
Design Overview ................................................................................................................................................... 4
Business Benefits ................................................................................................................................................. 4
Architectural Overview .......................................................................................................................................... 4
Security Philosophy: The Reference Monitor ........................................................................................................ 9
Design Principles .................................................................................................................................................. 9
The Enclave ........................................................................................................................................................ 10
Host Topology ..................................................................................................................................................... 12
Enclave Topology ............................................................................................................................................... 14
Enclave Management ......................................................................................................................................... 16
Traffic Patterns .................................................................................................................................................... 19
Design Considerations .......................................................................................................................................... 20
Protection ............................................................................................................................................................ 20
Performance ....................................................................................................................................................... 21
Provisioning: Ease of Management .................................................................................................................... 21
High Availability ................................................................................................................................................... 22
Service Assurance .............................................................................................................................................. 22
Conclusion ............................................................................................................................................................. 22
For More Information ............................................................................................................................................. 23
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 23
Introduction
This document discusses the reliable and transparent introduction of Cisco® Services in the data center to create a
more flexible, functional, and secure application environment.Goals of This Document
The purpose of this design document is to propose an IT security framework that conforms to established design
principles and to provide details about solutions arising from this framework, called the Cisco Secure Enclaves
architecture. This document considers both the design and the composition of components to develop a coherent
security model that takes into account both the hardware and software at every level of a Cisco integrated
infrastructure stack. The goal of the design is to provide appropriate security that provides desirable levels of
performance and fault tolerance with ease of management at a competitive price.Audience
This document is intended to provide technical direction to channel partners and end-user customers interested in
making security an integral part of their IT infrastructure. The need for security is even greater when IT resources
are shared among groups of people whose data cannot be shared. This design and future implementations arising
from it address the challenges and requirements of such a shared platform.Challenges and Objectives
Most computing platforms are designed to meet performance and function requirements with little or no attention to
trustworthiness. Furthermore, the movement toward optimal use of IT resources through virtualization has resulted
in an environment in which the true and implied security accorded by physical separation has essentially vanished.
System consolidation efforts have also accelerated the movement toward co-hosting on integrated platforms, and
the likelihood of compromise is increased in a highly shared environment. This situation presents a need for
enhanced security and an opportunity to create a framework and platform that instills trust. Lack of confidence that
such a trust environment can be delivered with ease and maintained with resilient resource management is a major
obstacle to the physical consolidation of applications and adoption of cloud-computing service models.
The Cisco Secure Enclaves architecture helps evolve the current converged infrastructure offerings of Cisco by
simplifying and standardizing the delivery of Cisco application and security services on architecturally consistent
platforms. This approach is a logical extension of these data center building blocks, advancing the benefits of
standardization beyond the infrastructure to the applications and services required. This design provides the
following features that facilitate a uniform approach to IT in the data center: perspectives resources© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 23
Design Overview
Infrastructure as a service (IaaS), from the provider perspective, consists of a set of modular building blocks of
underlying resources assembled systematically based on services requested and overlaid with security. Services
may be introduced either through dedicated appliances or through virtual appliance implementations on shared
general-purpose computing resources. The main design objective is to help ensure that applications in this
environment meet their subscribed service-level agreements (SLAs), including confidentiality requirements, by
using pretested and validated IT infrastructure components to prevent inefficiency and inaccuracy.Business Benefits
Many enterprises and IT service providers are developing cloud service offerings for public and private
consumption. Regardless of whether the focus is on public or private cloud services, these efforts share several
common objectives:One essential characteristic of cloud architecture is the capability to pool resources, and each tenant that
subscribes to computing, networking, and storage resources in a cloud is entitled to a given SLA. The power
savings brought about by consolidation also contributes to reduced total cost of ownership (TCO). Achieving these