Please share with the community what you think needs improvement with Cisco ISE (Identity Services Engine).
What are its weaknesses? What would you like to see changed in a future version?
I'd like to see an easier way to upgrade to larger versions, as well as more best practices that are easier to locate on their support page.
An area that could be improved is the agent. The challenge now is that agent and most of the computers have changed. They could think about agent-less deployment. Also, I've not explored MDM but if it should be integrated.
The stability of this solution needs to be improved. It should not be necessary to go to each individual set of alarms and acknowledge them in order for them to go away. There should be a single button that can be pressed to dismiss all of the alarms at once.
Cisco ISE is complex. The deployment and design of networks with it is so complex. If it could change it would be better. It needs a better solution for reduced complexity. I think to add more people to four-thousand users is going to be hard. Cisco needs to make it easier to add more people.
So far we have had no complaints from customers. No major complaints in terms of ISE. They do complain obviously if the ISE service stops working. Normally that happens if there's a server flaw or some problem at the data center somewhere. There can more integration between the wireless controller management and ISE. Consolidation or integration of the controller and ISE dashboards would be great. It's not that bad but would make for simplified support if it could be combined into one dashboard.
There should be an easier way to do the upgrades. Customers were having issues going from one version to the next. There are a lot of steps to get to the next version from the previous version which ends up being a bit of the headache with the upgrade.
There are issues with respect to the posture assessment function. It's been observed that customers are not receiving total access to the network because the assessment agent is glitchy and malfunctions from time-to-time. I would like to see refining of the compliance assessment and adding more detailed compliance of endpoints on the user end. We have also had to deal with some cache update issues in conjunction with Cisco's tech support team. Unfortunately, they had trouble providing suitable solutions within specific and desirable time frames. The next release should offer more inter-operability, increased cross-integration functionality.
It has many complications from the administration perspective, it's not easy to learn. Not like other solutions that are very friendly and easy to go through. It needs to be more user-friendly. We'll see the same name on more than one tab so we need to realize why that name is there or why only the main tab is not like the other. I cannot believe that Cisco is the best case of security integration however it is easier to implement. They are good at integration, I do not expect more from them in that regard. They could think about developing VXLAN. They have LDN switches, we need to get into contextual switches, not catalyst switches. Normal switches. I wish they could explore developing more VXLAN options.
Support and integration for the active devices needs to be worked on. Their features mainly work well with Mac devices. If we use an HP the Mac functionalities may no longer be able to deliver.
Since we have started, we struggled a lot to implement this solution into our network, and we opened a case a couple of times. Up until this point, nothing else needs to be improved with this product.
They should improve the upgrades. It's not easy to upgrade the solution.
The compliance and posture don't always work. They should make it more stable. With each upgrade, we lose some functionality. We have to wait for another upgrade. I would like to see them develop some type of device management, like an iPad feature, just to be able to give security access to certain devices for management. Mainly for the suppliers and the third parties. Another feature I would like to see would be for them to create the ability to integrate with other products from the start. We always search for products that integrate with us and so it would ease the management and then everybody would be entered.
I would like for them to improve the reporting.