Руководство По Настройке для Cisco Cisco Identity Services Engine 1.0.4
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks.
Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
At-A-Glance
Overview
The age of information has created the need for even more information. This is
especially true in today’s IT infrastructure, where keeping a network and its connected
devices secured and operating smoothly requires numerous IT tools and platforms,
many of which create “silos” of information that aren’t shared. These tools and
platforms are effective within their specific domains, but the information is generally
needed by other siloed platforms to help operate and secure the environment. The
industry has historically addressed information sharing between platforms via specific,
single-purpose APIs. But in today’s IT infrastructures, the number of platforms to share
among is too great for one-off, platform-specific APIs to address alone.
Cisco® Platform Exchange Grid (pxGrid) enables multivendor, cross-platform network
system collaboration among parts of the IT infrastructure such as security monitoring
and detection systems, network policy platforms, asset and configuration management,
identity and access management platforms, and virtually any other IT operations
platform. When business or operational needs arise, ecosystem partners can use
pxGrid to share contextual information with Cisco platforms that use pxGrid as well as
any ecosystem partner system that uses pxGrid.
Cisco pxGrid provides a unified framework that enables ecosystem partners to
integrate to pxGrid once, then share context bidirectionally with many platforms without
the need to adopt platform-specific APIs. pxGrid is fully secured and customizable,
enabling partners to share only what they want to share and consume only context
relevant to their platform. This level of customizability ensures scalability when
integrating with one or multiple systems. Furthermore, pxGrid enables ecosystem
partner platforms to execute network actions with the Cisco network infrastructure.
This suite of context sharing and network control capabilities enables IT infrastructure
providers to address more use cases, undertake their functions more effectively, and
extend their reach into the network infrastructure.
especially true in today’s IT infrastructure, where keeping a network and its connected
devices secured and operating smoothly requires numerous IT tools and platforms,
many of which create “silos” of information that aren’t shared. These tools and
platforms are effective within their specific domains, but the information is generally
needed by other siloed platforms to help operate and secure the environment. The
industry has historically addressed information sharing between platforms via specific,
single-purpose APIs. But in today’s IT infrastructures, the number of platforms to share
among is too great for one-off, platform-specific APIs to address alone.
Cisco® Platform Exchange Grid (pxGrid) enables multivendor, cross-platform network
system collaboration among parts of the IT infrastructure such as security monitoring
and detection systems, network policy platforms, asset and configuration management,
identity and access management platforms, and virtually any other IT operations
platform. When business or operational needs arise, ecosystem partners can use
pxGrid to share contextual information with Cisco platforms that use pxGrid as well as
any ecosystem partner system that uses pxGrid.
Cisco pxGrid provides a unified framework that enables ecosystem partners to
integrate to pxGrid once, then share context bidirectionally with many platforms without
the need to adopt platform-specific APIs. pxGrid is fully secured and customizable,
enabling partners to share only what they want to share and consume only context
relevant to their platform. This level of customizability ensures scalability when
integrating with one or multiple systems. Furthermore, pxGrid enables ecosystem
partner platforms to execute network actions with the Cisco network infrastructure.
This suite of context sharing and network control capabilities enables IT infrastructure
providers to address more use cases, undertake their functions more effectively, and
extend their reach into the network infrastructure.
Highlights and Components
The pxGrid framework is composed of:
• pxGrid controller: The controller orchestrates connections between platforms and
• pxGrid controller: The controller orchestrates connections between platforms and
authorizes what contextual information gets shared between those platforms. This
control function is provided by Cisco Identity Services Engine (ISE).
control function is provided by Cisco Identity Services Engine (ISE).
• pxGrid connection agent: A Cisco-provided connection agent is integrated
in the ecosystem partner platform. This agent enables the partner platform to
communicate with the pxGrid controller and configure what information to share and
with which partner platforms.
communicate with the pxGrid controller and configure what information to share and
with which partner platforms.
Key capabilities of pxGrid include:
• A single interface for multiple systems and all context. Connect to other pxGrid
• A single interface for multiple systems and all context. Connect to other pxGrid
adoption platforms to share relevant contextual information such as real-time
operation status, historical event information, operational telemetry, usage statistics,
or any other information an IT platform has to share or needs to consume.
operation status, historical event information, operational telemetry, usage statistics,
or any other information an IT platform has to share or needs to consume.
• Ability to control what context is shared and with which platforms – Because pxGrid
is customizable, partners can “publish” only the specific contextual information they
want to share and can control the partner platform that information gets shared with.
want to share and can control the partner platform that information gets shared with.
• Bidirectional context sharing – pxGrid enables platforms to both share or publish
context as well as consume or “subscribe to” context from specific platforms. These
features are orchestrated and secured by the pxGrid controller.
features are orchestrated and secured by the pxGrid controller.
• Ability to share context data in native formats – Contextual information shared via
pxGrid is done in each platform’s native data format.
• Ability to connect to multiple platforms simultaneously – pxGrid enables platforms
to publish only the context data relevant to partner platforms. Numerous context
“topics” may be customized for a variety of partner platforms, yet always shared
via the same reusable pxGrid framework. Furthermore, only sharing relevant data
enables both publishing and subscribing platforms to scale their context sharing by
eliminating excess, irrelevant data.
“topics” may be customized for a variety of partner platforms, yet always shared
via the same reusable pxGrid framework. Furthermore, only sharing relevant data
enables both publishing and subscribing platforms to scale their context sharing by
eliminating excess, irrelevant data.
• Integration with Cisco platforms – pxGrid provides a unified method of publishing or
subscribing to relevant context with Cisco platforms that utilize pxGrid for 3
rd
party
integrations.
• Collaboration with Cisco network infrastructure and Cisco Open Network
Environment (ONE) for network actions – pxGrid provides a conduit for ecosystem
partner platforms to execute network actions within the Cisco network infrastructure
on users and devices via Cisco ISE.
partner platforms to execute network actions within the Cisco network infrastructure
on users and devices via Cisco ISE.