Cisco ISE and IaC Overview At-A-Glance

At a Glance

Available Languages

Download Options

  • PDF
    (109.8 KB)
    View with Adobe Reader on a variety of devices
Updated:July 6, 2023

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Available Languages

Download Options

  • PDF
    (109.8 KB)
    View with Adobe Reader on a variety of devices
Updated:July 6, 2023


With ISE in the cloud. IT can now

      Quickly and securely onboard users and devices with zero-touch provisioning of policy

      Automate and accelerate deployments with prebuilt Ansible and Terraform playbooks

      Gain flexibility to help ensure site survivability by offloading management while keeping critical functions on-premises

      Unify zero-trust controls across the distributed network with Network Access and Control (NAC) from the cloud

      Simplify the management of network policy from and within any console through APIs

Speed and agility merge with IaC in the cloud

The rise of DevOps has been in response to the finite nature of time. Time is limited, and businesses run on time. The faster we can move to get to market to provide services, the better equipped we are to compete and stay ahead. Ask any finely tuned athlete what the key to speed is; the answer will be agility. Agility is built on continuous motion. Always be moving, always be ready to spring into action. Any delay within this cycle can cramp an organization and slow it down.

Provisioning new Infrastructure as Code (IaC) is all about speed. We skip all the tedious line-byline steps and just get to the declarative, what we need. I need secure access, and I need it now.

The rise of cloud, like DevOps, is also answering the call of business. And it is business and the need for agility that is driving this megatrend across IT. Cloud enables us to use what we need and discard what we don’t. We are elastic, flexible, fast, and agile. When we look at what it means to be “customer- entric,” nothing highlights this quality more than what we are doing to support each customer’s unique cloud strategy. Cloud isn’t something we are pushing; it is a response to listening to customers and their business needs. And it has become apparent that agility isn’t just something customers want in order to thrive; all businesses require agility to keep running, to survive. To enable an elastic and simplified approach to providing secure access, Cisco® Identity Services Engine (ISE) has jumped into automating deployments in the cloud with ISE 3.1.

We’ve continued with Cisco ISE 3.3 by giving you the flexibility to deploy ISE upgrades when our customers want to. With Split Upgrades, nodes are broken up into two separate groups: the Primary Policy Administration Node (PPAN) and Secondary Policy Administration Node (SPAN). With the nodes split, it allows the network to divide the update and complete the new software revision on the PPAN first before starting on SPAN. While the PPAN updates, the network’s security responsibility shifts to the SPAN. When it comes time for the SPAN to update, it reverts back to the PPAN.

What does this mean? This shortens the upgrade process and becomes more predictable and runs without network interruption. Customers will no longer have to worry about a lack of network functionality when they see an ISE update request. Once installed, their networks will be up-to-date with the latest and greatest in security.

How customers are using ISE from the cloud

      Remote management and deployment: Enable access and management from anywhere and within any consoles through APIs

      Site survivability: Gain flexibility to maintain critical functions onpremises while centralizing administration in the cloud

      Unified zero-trust controls across the distributed network: Extend network access across the distributed network to support lean branch deployments

      Policy management and lifecycle orchestration: DevOps and policy lifecycle management converge with zero-touch provisioning and automated orchestration via APIs

Taking NAC to the cloud

Cisco ISE 3.1. is simplifying the multicloud transition and bringing network access into the IaC conversation. A focus of the ISE 3.1 release was to enable network access workloads to be deployed and managed from the cloud while providing the flexibility required to meet each organization’s unique cloud strategy. Customers will no longer have to deploy virtual machines or appliances on-premises. ISE is now cloud-native on AWS and within the Azure* marketplace to provide the flexibility and choice customers want. ISE 3.1 is equipped with rich APIs to automate policy and lifecycle management that will delight all of IT. Our simplified approach brings ease of deployment and automation to the forefront of network access with zero-touch provision of resources from anywhere. Providing comprehensive, secure access across the distributed network has never been easier, faster, or more flexible.

Answering the call of business with speed and agility

With this radically simple approach to network access and control, deploying ISE to assure zerotrust policy controls across the distributed network has just gotten a whole lot easier. Customers can now provision ISE from anywhere, in a DevOps manner. Deployments are automated with code using prebuilt playbooks in Ansible and Terraform. The organizational policy is automatically extended, so when NetOps automates the onboarding of devices, control is built in. We are not following with security as an afterthought; protection is unified within the deployment. This is how we maintain agility without sacrificing protection. ISE 3.1 is the innovation organizations require to remove the complexity and time barriers that often hinder security. And this innovation is a byproduct of enabling cloud and listening to customers. Cloud is driving innovation, and customers require simplicity to combat threats across the complex distributed network. We heard the call, and we have responded with ISE 3.1.

The power is in the community

Our developer community is made up of thousands of customers who are contributing to these playbooks to automate what is driving their success based on their unique cloud strategy and need. Visit our ISE DevNet page for sandboxes, sample code and to get engaged in the community.

To learn more about ISE, visit:




Learn more