| Network engineer OR Cisco ISE (Identity Service Engine) : Remote: USC, GC and EAD : Must have 10 years of expereince with Cisco technologies and ISE in particular. at Cisco, Illinois, USA |
| Email: [email protected] |
| From: Suryangi, RCI [email protected] Reply to: [email protected] Role: Cisco ISE (Identity Service Engine) Location: Remote Duration: 6+month Cisco Identity Service Engine Hands on SME resource who can lead and guide the client towards production deployment. The project encompasses ISE(wired and wireless .1X/TEAP). THE SCOPE OF SERVICE the candidate must be able to lead and hold hands of the client from gathernig requirements towards production deployment. Cisco Identity Service Engine Hands on SME resource. The project encompasses ISE(wired and wireless .1X/TEAP). Must have 10 years of expereince with Cisco technologies and ISE in particular. FOLLOWING IS THE SCOPE OF SERVICE the candidate must be able to lead and hold hands of the client from gathernig requirements towards production deployment. Exhibit Cisco ISE 802.1X Services 1.1. Service Description The following is a high-level description of the Services Insight will provide: Enable network access control at the MNIT Revenue Building Deploy ISE wired authentication and profiling services in a monitor mode state while providing reporting on endpoints that require additional identification and/or remediation Deploy ISE wireless authentication Deploy domain workstation 802.1X authentication method to EAP-TLS (Cert-based) 1.2. Scope and Approach Insight will perform the following Services: Review Network Security Review business requirements and technical architecture Gather and review current logical and physical network documentation to confirm the current network infrastructure and the applications utilizing the network Confirm number of anticipated change windows, testing scenarios, and phase timelines Gain consensus with Client management on phase planning efforts Perform a discovery of Clients business requirements by meeting with key stakeholders to understand their business processes ISE Production Deployment Review and assess the current state network design as it pertains to the network's ability to support identity services Review and assess the network components and software versions currently deployed for ISE feature compatibility and support Review and assess Windows native supplicant requirements for 802.1X authentication Review up to 10 ISE use cases based on endpoint device scenarios o Identify endpoints capable of 802.1X EAP-TLS o Identify devices requiring MAC Authentication Bypass (MAB) o Identify devices capable of 802.1X EAP-TEAP Plan Network Security Develop implementation, testing, and fallback plans that mitigate impact to production Services and clearly communicate steps to Client Assist Client with the completion of required change control forms and documentation for required change windows (if required) Update project timeline based on review and plan for milestones ISE Production Deployment Develop project success criteria with input from key stakeholders o Review success criteria and gain Client sign off Recommend software versions for lab network components to optimize ISE functionality for the limited production deployment Identify EAP types to be used Develop certificate requirements for ISE nodes Develop web authentication page requirements Plan external identity sources o Identify criteria for Active Directory integration o Identify criteria for Certificate Authority integration Develop an implementation plan for ISE wired authentication deployment Create a phased deployment strategy for wired access o Develop a plan for initial monitor mode deployment o Develop a plan to report on endpoints needing additional identification and/or remediation o Develop a plan to transition to wired enforcement mode after a successful monitor mode phase (to be completed during the Phase II future project effort) Develop a test plan to validate the limited production deployment solution o Test ISE policies developed o Test failure state behavior o Review test plan and gain Client sign off Develop a plan for NAD integration to enable solution testing o Up to 2 types of switches Develop a limited production deployment roll-out plan o Roll out ISE authentication and integrate with 6 wired NADs o Develop deployment endpoint test plan for up to 10 endpoints Implement Network Security ISE Production Deployment Configure ISE application o Enable necessary profiler probes o Configure internal identities and groups o Configure 2 external identity stores Integrate with active directory o Create network access device configuration templates for ISE integration 2 switch types o Create policy conditions and results o Create authentication, authorization, and profiling policies Up to 4 authentication policies (e.g., 802.1X/MAB) Up to 10 wired authorization policies Customize up to 10 profiling policies and integrate with authorization o Create policy for monitor-mode and enforcement-mode for wired authentication Install and configure supplicant for 802.1X authentication on up to 10 endpoint devices for testing, demonstration, and pilot Execute test plan to confirm policy function across defined use cases o Test a representative subset of switches o Test a representative subset of SSIDs 1 802.1X SSID 1 PSK 1 guest Operate Network Security Assist with post-migration support for any issues experienced after the change window(s) Finalize As-built documentation with logical and physical diagrams Schedule and facilitate a knowledge transfer with impacted Client team Conduct high-level knowledge transfer of security implementation (not to exceed 8 hours) Provide 24 hours of solution testing to confirm function and stability ISE Production Deployment Configure 6 wired NADs for ISE integration in monitor mode o Provide list of endpoints failing monitor-mode authentication for remediation o Transition 6 wired NADs from monitor mode to enforcement mode after endpoints are remediated (to be completed in future Phase III project) Confirm function on up to 10 key devices throughout deployment 1.2.1. Out of Scope 1. The following are considered out-of-scope and are not part of the Services: a. VPN access control b. Posture assessment c. ISE upgrades after initial installation and patching d. Electrical or cabling services e. Formal user training 2. Services and Deliverable items not expressly described in the Scope and Approach section are considered to be out of scope. Any out-of-scope items must be pre-authorized and verified by Insight in writing through the Change Request Form process. 1.3. Deliverables Overall Project Network Security Cisco ISE Limited Production Deployment ISE use case summary, testing, implementation plan, and playbook Deployment lessons learned and next step recommendations documents ISE configuration guide Regards _______________________________ Suryangi Resource Consultings Services Inc. Parsippany, NJ Email: [email protected] www.rconsultinginc.com Keywords: information technology New Jersey Network engineer OR Cisco ISE (Identity Service Engine) : Remote: USC, GC and EAD : Must have 10 years of expereince with Cisco technologies and ISE in particular. [email protected] |
| [email protected] View all |
| Tue Jun 04 01:55:00 UTC 2024 |