Collapse & Return to Top
The Cisco Identity Services Engine has a fourth role/service type, the posture enforcement service, but this service has to run as a standalone service on an Identity Services Engine physical appliance. The posture enforcement service is only needed in posture uses cases where the network access device does not support the necessary advanced RADIUS control features, such as change of authorization (CoA). The service would be typically positioned behind network access devices such as VPN concentrators on the network. The service can be configured for high availability with an active-standby pair.
The Cisco Identity Services Engine has a highly available and scalable architecture that supports standalone, centralized, and/or distributed deployments. In a distributed environment, you can have one primary node and a number of secondary nodes, with individual services having separate high-availability configuration options. Typical high-availability configurations would split primary and secondary nodes across separate physical or virtual appliances.