Белая книга для Cisco Cisco Identity Services Engine 1.0.4
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 2 of 13
In the first place, those APIs just don’t exist. The on-going development effort for vendors to maintain dozens of
single-purpose APIs, and to retest all of them for every minor software update, would be enormous. And even if
they were able to do so, businesses would quickly be overwhelmed with information. APIs work on a basic polling
model, just sending requests for information over and over again. This type of communication might be fine for one
or two systems communicating this way. But 20 systems doing that at the same time would create a huge
performance and scalability problem.
APIs are also usually not secure. Often, they rely on simple (and relatively weak) username-and-password
authentication. They typically don’t offer authorization capabilities over how that data is used. Once an API opens a
authentication. They typically don’t offer authorization capabilities over how that data is used. Once an API opens a
doorway into a system, other systems can get access to that information and do what they want with it.
Businesses are left with a difficult security operations challenge that they can’t afford to lose, and no easy way to
address it. Wouldn’t it be better if all the diverse tools in the IT environment could talk to each other? What if
address it. Wouldn’t it be better if all the diverse tools in the IT environment could talk to each other? What if
platform vendors could draw contextual information and capabilities from the other systems in the environment and
give the operations staff everything they need to solve real-world problems and respond to threats faster?
That’s exactly what Cisco pxGrid provides.
Introducing pxGrid
pxGrid provides a common transport language between the various network and security systems in the IT
environment. Instead of each system having to rely on single-purpose APIs, they can all be integrated once with
pxGrid to share contextual information with each other. Intersystem communications can now happen automatically
and immediately, with no manual intervention required.
pxGrid enables multivendor, cross-platform network system collaboration among multiple parts of the IT
infrastructure. These can include security monitoring and detection systems, network-policy platforms, asset and
configuration management, identity and access management platforms, and virtually any other IT operations
platform. IT and security vendors can use pxGrid to share context with Cisco platforms that use pxGrid, as well as
with systems from any other pxGrid ecosystem partner. With this unified framework, they can share context
bidirectionally with many other platforms without the need for platform-specific APIs. And they can implement
pxGrid once, and then use it again and again to integrate any pxGrid-enabled platform.
pxGrid is fully secured and customizable. Partners can share only what they want to share and consume only the
information from other platforms on the grid that is relevant to them. This level of customizability, along with the
pxGrid publish-subscribe-query architecture, makes it easy to scale this context sharing, even when
communicating with multiple systems. Furthermore, pxGrid enables ecosystem partner platforms to execute
network actions with Cisco network infrastructure. Not only can security operations teams gather the relevant threat
information faster, but they can also take responsive action immediately.
pxGrid is information model and data format agnostic, as it focuses on transport of security context data. As a
result, it is flexible and can work with a variety of data types as needed to suit a wide range of use cases.
Ultimately, these context-sharing and network-control capabilities make it possible for IT infrastructure providers to
address more use cases, undertake their functions more effectively, and extend their reach deeper into the network
infrastructure.