Migrating Cisco ACS to Cisco ISE

Migrating From Cisco ACS to Cisco ISE

If you are running Cisco ACS (Access Control Server) you’re probably already aware that Cisco has announced various dates to sunset this product. Cisco ACS is no longer for sale, but more importantly, the latest version Cisco ACS 5.8 will no longer be supported after 31st August 2020 – older Cisco ACS releases have already passed their last support dates.

If this sounds all too familiar, but the thought of migrating your mission critical AAA platform fills you with apprehension, then please read on.

Cisco ISE Replacing Cisco ACS

Cisco ISE (Identity Service Engine) replaces Cisco ACS and offers a raft of new functionality. The product has the same feature set as Cisco ACS and now in its seventh year, Cisco ISE is the Enterprise market leader in Network Access Control. Cisco ACS and Cisco ISE share some common terminology that will ease the migration and perhaps also allow easier adoption. Below is a table that shows the current versions of Cisco ACS and their End of Life dates.

There is no straightforward upgrade path from Cisco ACS to Cisco ISE, since Cisco ISE was rebuilt from the ground up. Cisco does provide a migration tool that might be helpful in some smaller cases to migrate data from Cisco ACS to Cisco ISE. While there is some merit in this tool, it may only get you part of the way to success, since the tool won’t be able to convert complex Cisco ACS policy logic into Cisco ISE Policy Sets. There is no substitute for manual analysis and re-engineering because it will lead to a cleaner and more optimal solution. From past migrations we have found that many of the existing Cisco ACS configurations and policies are historical and would serve no purpose if migrated across.

Cisco ACS was not designed to scale as big as Cisco ISE and another common theme is consolidating multiple Cisco ACS systems into one Cisco ISE deployment. This involves consulting with our customers to achieve a common platform that simplifies management and reduces the application footprint.

As of Cisco ISE 2.4, the SNS-34xx series hardware appliance is no longer a supported platform on which to run Cisco ISE. But Cisco ISE will run on your existing SNS-35xx series platforms and of course on your virtualisation platforms. It is worth noting that Cisco ACS licenses are not transferable to an Cisco ISE system.

Migrating from Cisco ACS to Cisco ISE in Conclusion

If your Enterprise has a Cisco ACS solution diligently working away somewhere in your datacentre, then be mindful of the Cisco end of life dates. Migration to Cisco ISE is within reach and at IPTel we can help you plan and implement a successful migration to ensure that you maintain secure access to your valuable network assets. Email us at sales@iptel.com.au

©IPTel Solutions .