Cisco Cisco Web Security Appliance S670 User Guide

Cisco’s Identity Services Engine (ISE) is an application that runs on separate servers in your network to 
provide enhanced identity management. AsyncOS can access user-identity information from an ISE 
version 1.3 server. If configured, user names and associated Secure Group Tags will be obtained from 
the Identity Services Engine for appropriately configured Identification Profiles, to allow transparent 
user identification in policies configured to use those profiles.

The ISE service is not available in Connector mode.

Cisco’s Platform Exchange Grid (pxGrid) enables collaboration between components of the network 
infrastructure, including security-monitoring and network-detection systems, identity and access 
management platforms, and so on. These components can use pxGrid to exchange information via a 
publish/subscribe method.

There are essentially three pxGrid components: the pxGrid publisher, the pxGrid client, and the 
pxGrid controller.

pxGrid publisher – Provides information for the pxGrid client(s). 

pxGrid client – Any system, such as the Web Security appliance, that subscribes to published 
information; in this case, Security Group Tag (SGT) and user-group and profiling information.

pxGrid controller – In this case, the ISE pxGrid node that controls the client registration/management 
and topic/subscription processes.

Trusted certificates are required for each component, and these must be installed on each host platform.