The Cisco Identity Services Engine (ISE), a policy engine, enables contextual network access control across wired, wireless networks and remote access VPN. ISE extends to mobile connectivity as well (Bring Your Own Device, or BYOD). This advanced session will focus on the advanced services of ISE, successful deployment strategies, integration with Cisco as well as third party network infrastructure, as well as deployment tips and tricks. We will examine best practices for Bring Your Own Device (BYOD) deployments with the most common mobile platforms, including multiple tiers of registered devices. We will perform a detailed examination of certificate usage including integration of ISE with your enterprise certificate authority (CA), endpoint certificate usage, and wildcard certificates. There will be a detailed examination of advanced topics such as configurations for certificate renewal. Lastly, attendees will be introduced to troubleshooting and serviceability tips. Attendees will also benefit from the following related sessions: BRKSEC-3699 Designing ISE for Scale and High Availability, BRKSEC 2698 Building an Enterprise Access Control Architecture using ISE and TrustSec.