I am often asked about support for “Realm Stripping”, albeit mostly by those in the University Space.  It’s an interesting concept, certainly.  The idea is that someone will issue an identity that includes some “routing” information within the identity.  For example, a user may issue a username of: johndoe@somedomain.com.  From that username, the RADIUS server … Continue reading Realm Stripping →

What is DogTag and Why Use It? Dog Tag is an Enterprise-class open source Certificate Authority that Red Hat purchased from AOL back in 2004.  Red Hat opened it up to the open source community in 2008.  Dog Tag supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management, and much … Continue reading Using the DogTag CA with ISE 1.2 →

A little less than 1/2 of all Identity Service Engine installations are on VMWare.  Yes it's true.  About 45% of all ISE nodes deployed in this world are Virtual.  What I don't know is:  how many are in production and how many are in a lab. Let me give you another statistic (my own).  When … Continue reading Using VNC for Console Access to ISE (and other) VM’s →

What is a Wildcard Certificate? A wildcard certificate is one that uses a wildcard notation (an asterisk and period before the domain name) and allows the certificate to be shared across multiple hosts in an organization.  An example CN value for a wildcard certificate’s Subject Name would look like the following:  *.company.local If you configure … Continue reading What are WildCard Certificates? And how do I use them with Cisco’s ISE →

Hi all! Back again. In my last blog (which admittedly was a bit long, and verbose) I discussed the changing landscape of Identity Networking. With Identity Networking there are many different ways of controlling network access based on the context of a user and device. There is: VLAN assignment, in which access is controlled at … Continue reading Security Group Tagging Basics →

I was asked to travel to the 2013 InfoSec security conference in Europe this year, and speak about the trends I am seeing in the identity networking game, and possibly speculate on the future of identity in networking as I see it.  So I thought to myself: “what a great blog post this could make”. … Continue reading The Changing Landscape of Identity Networking →

I just got back from a few weeks traveling around Europe, presenting at Cisco Live Europe, and meeting with customers & partners…  It is obvious that this blog is very much needed for a lot of the deployments that we discussed, so as promised in the Load Balancing Blog, I am following up with a … Continue reading How to hack the certificate for a Cisco Identity Services Engine node →

The more interaction I have with customers who are getting started with Identity projects, the more I realize that a simple explanation & comparison of the differences between EAP types is needed. For example, the general opinion that I get from customers is that EAP-TLS is the most secure EAP type to use, since it … Continue reading EAP Primer →

So, this is my first blog post on here.  Hope it goes well. One of the most commonly asked questions of late is how to properly use a load-balancer with Cisco's Identity Services Engine.  Here are some basic guidelines to use when configuring a Load Balancer for the ISE Policy Services Nodes (PSNs). Understanding terms: … Continue reading How to properly use a Load-Balancer in Cisco’s Identity Services Engine →