Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1294
Views
0
Helpful
2
Replies

ISE VM Segmentation / VDI

Go to solution
joplant
Cisco Employee
Cisco Employee

‎07-13-2018 09:16 AM

Hey All,

I was digging for info on integrating ISE policy into VDI environment to extend the same segmentation/protection to virutal machines.

This thread has a great design guide based on N1Kv  -Does anyone have information on leveraging ISE in a VDI environment?

However, it is my understanding that going forward, the N1Kv isn't applicable due to changes to third party switch support by VMWare.  That means that design guide is really no longer relevant.

Are there any updated plans or options for VM segmentation or integrations between ISE and VMWare switches?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
kthumula
Cisco Employee
Cisco Employee

‎07-13-2018 04:26 PM

John, N1Kv is still relevant going forward for VDI. I am not sure if you are aware but today with the latest version of N1Kv 5.2(1)SV3(4.1) we can do 802.1x authentication for the VDI clients connected to N1Kv and assign SGTs dynamically through ISE.

We have a long term solution in place for N1Kv due to lack of VMware support on third-party switches. You will know very shortly.

Today you can use the 802.1x solution and it should solve the segmentation challenges in the VDI environments.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
kthumula
Cisco Employee
Cisco Employee

‎07-13-2018 04:26 PM

John, N1Kv is still relevant going forward for VDI. I am not sure if you are aware but today with the latest version of N1Kv 5.2(1)SV3(4.1) we can do 802.1x authentication for the VDI clients connected to N1Kv and assign SGTs dynamically through ISE.

We have a long term solution in place for N1Kv due to lack of VMware support on third-party switches. You will know very shortly.

Today you can use the 802.1x solution and it should solve the segmentation challenges in the VDI environments.

0 Helpful

Go to solution
David Mitchell
Cisco Employee
Cisco Employee
In response to kthumula

‎09-26-2018 06:26 PM

Thanks for the info!  Do we have any design guides or reference material going into detail on the VDI Trustsec design?  I could not find reference to 802.1x capabilities in the 1000V configuration guide, and "Dynamic Classification" seems to be missing in the latest Trustsec Compatibility Matrix as well.  Is this a new capability?  Does the VDI native supplicant work, or do we need to leverage Anyconnect?

 

Thanks!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents