Does your corporate IT like to smartly address secure device identity management for BYOD endpoints ? Does your enterprise like to deploy device policy management solutions that are highly scalable ? Then you are sure to benefit from what we have to offer.
It is a no brainer that the trends of Mobility and workload migrations to Cloud are an added impetus for increased profiling, monitoring and administrative traffic pertaining to devices connecting to the Network. This applies not just at a corporate headquarters site but also at geographically distributed sites, large Branches and Provider-hosted facilities, which get the services delivered out of the provider data center housing identity management solutions. F5 LTM can now be deployed with Cisco Identity Services Engine (ISE), which is a market leading Network access security policy management platform, to load balance identity services traffic
What scenarios need load balancing of Cisco ISE traffic ?
As we look at ways to provision thousands of BYOD endpoints, ISE devices need to be clustered so the policy service nodes (which offer run time network device services such as posturing, profiling, guest web services, AAA) can effectively address up to about 250,000 endpoints.
Identity management is much more than basic RADIUS authentication and includes device profiling, endpoint posturing, administrative activities, monitoring, troubleshooting and data logging. Once basic authentication is complete, these devices - which could be static such as in the case of a video IP surveillance camera or mobile such as in the case of an employee owned smart tablet – need to be continuously postured, policy administered and monitored. The policy service node in the ISE persona handles run time traffic, which increases as the number of endpoints handled increases.
How does F5 LTM specifically help ?
As you cluster the ISE devices, traffic needs to be load-balanced and in cases such as device profiling, flow persistence with the same policy service node needs to be ensured. The F5 BIG-IP LTM enables load-balancing for the ISE policy node clusters and helps with health monitoring of the same ISE servers. Most importantly, customizable F5 iRules can be created to handle ‘persistence traffic’ differently and ‘Persistence profiles’ can be applied across Virtual servers.
What benefits can this Solution provide ?
Customers deploying the F5 LTM and Cisco ISE solution can
•Significantly improve performance, scalability and availability for secure corporate LAN access traffic (ISE RADIUS, Profiling, and Web Service)
•Optimize corporate LAN authentication, profiling, and database replication traffic by ensuring stickiness with same node in the ISE cluster that services requests
•Enable Health monitoring and High availability of ISE servers using F5 load balancer probes
•Simplify configuration for network devices and facilitate addition, changes and removals of the same for centralized servers