Руководство Пользователя для Cisco Cisco Web Security Appliance S170
C H A P T E R
8-1
AsyncOS 9.0 for Cisco Web Security Appliances User Guide
8
Integrate the Cisco Identity Services Engine
•
•
•
•
•
Overview of the Identity Services Engine Service
Cisco’s Identity Services Engine (ISE) is an application that runs on separate servers in your network to
provide enhanced identity management. AsyncOS can access user-identity information from an ISE
server. If configured, user names and associated Secure Group Tags will be obtained from the Identity
Services Engine for appropriately configured Identification Profiles, to allow transparent user
identification in policies configured to use those profiles.
provide enhanced identity management. AsyncOS can access user-identity information from an ISE
server. If configured, user names and associated Secure Group Tags will be obtained from the Identity
Services Engine for appropriately configured Identification Profiles, to allow transparent user
identification in policies configured to use those profiles.
Note
The ISE service is not available in Connector mode.
About pxGrid
Cisco’s Platform Exchange Grid (pxGrid) enables collaboration between components of the network
infrastructure, including security-monitoring and network-detection systems, identity and access
management platforms, and so on. These components can use pxGrid to exchange information via a
publish/subscribe method.
infrastructure, including security-monitoring and network-detection systems, identity and access
management platforms, and so on. These components can use pxGrid to exchange information via a
publish/subscribe method.
There are essentially three pxGrid components: the pxGrid publisher, the pxGrid client, and the
pxGrid controller.
pxGrid controller.
•
pxGrid publisher – Provides information for the pxGrid client(s).
•
pxGrid client – Any system, such as the Web Security appliance, that subscribes to published
information; in this case, Security Group Tag (SGT) and user-group and profiling information.
information; in this case, Security Group Tag (SGT) and user-group and profiling information.
•
pxGrid controller – In this case, the ISE pxGrid node that controls the client registration/management
and topic/subscription processes.
and topic/subscription processes.
Trusted certificates are required for each component, and these must be installed on each host platform.