Cisco Cisco Identity Services Engine 1.0.4 入门指南
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks.
Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
C45-728420-00 06/13
At-A-Glance
Common Use Cases
• Share context between multiple systems to decipher relevance of network
events – Many IT operations systems provide only basic information associated
with a security, performance, or other type of alarm (IP address, for example).
This requires operators to look at multiple operational consoles to piece together
information needed to understand the relevance of an alarm and determine if any
action is required. pxGrid provides a framework for sharing relevant contextual
information between operations platforms so it is readily accessible.
with a security, performance, or other type of alarm (IP address, for example).
This requires operators to look at multiple operational consoles to piece together
information needed to understand the relevance of an alarm and determine if any
action is required. pxGrid provides a framework for sharing relevant contextual
information between operations platforms so it is readily accessible.
• Access user and device context from Cisco ISE – Ecosystem partner platform
integration with ISE gives IT organizations a consistent method of making their IT
platforms identity-, device-, and policy-aware. ISE can provide accurate, real-time
user, endpoint device-type, security posture, and network access policy context to
ecosystem partner platforms in many areas of networking. This awareness enables
partners to address more use cases and undertake their functions more effectively.
platforms identity-, device-, and policy-aware. ISE can provide accurate, real-time
user, endpoint device-type, security posture, and network access policy context to
ecosystem partner platforms in many areas of networking. This awareness enables
partners to address more use cases and undertake their functions more effectively.
• Share context for use in network access policy on Cisco ISE – Ecosystem partners
can share context relevant to their user or device network access policy. ISE
uses this context in conjunction with native ISE policies to make network access
decisions, such as what network resources a user or device has access to.
uses this context in conjunction with native ISE policies to make network access
decisions, such as what network resources a user or device has access to.
Benefits
• The pxGrid agent only has to be integrated once to then be able to interface with
many platforms simultaneously.
• Context shared can be customized based on relevance to specific use cases and
platforms.
• Customizing what context is shared enables scalability.
• Integrated authorization and security ensures only appropriate context is shared
• Integrated authorization and security ensures only appropriate context is shared
with the right integration partners.
• pxGrid enables access to a growing ecosystem – Cisco and beyond.
Industry Standards
Cisco will work with relevant industry organizations to drive context-sharing
standards applicable to pxGrid. Cisco is committed to open standards that facilitate
platform-to-platform communications to enable more efficient and effective network
and IT operations.
standards applicable to pxGrid. Cisco is committed to open standards that facilitate
platform-to-platform communications to enable more efficient and effective network
and IT operations.
Availability
pxGrid is available today for select ecosystem partners. Integration between ISE and
ecosystem partners is accomplished by either ISE sharing its real-time user/device
and policy context with the partner, the partner sharing its context with ISE for use in
network access policy, or both. In either case, ISE network response capabilities give
partner platforms the ability to reach into the Cisco network infrastructure to execute
network actions on users and devices — such as quarantine and blocking access — via
pxGrid and collaboration with Cisco ONE.
ecosystem partners is accomplished by either ISE sharing its real-time user/device
and policy context with the partner, the partner sharing its context with ISE for use in
network access policy, or both. In either case, ISE network response capabilities give
partner platforms the ability to reach into the Cisco network infrastructure to execute
network actions on users and devices — such as quarantine and blocking access — via
pxGrid and collaboration with Cisco ONE.
Throughout 2014, additional Cisco platforms will adopt pxGrid, providing additional
integration opportunities in the Cisco portfolio.
integration opportunities in the Cisco portfolio.
Figure 1. Platform Exchange Grid Framework
SIO
I have reputation info!
I need threat data...
I have sec events!
I need reputation...
I have NetFlow!
I need entitlement...
I have threat data!
I need reputation...
I have firewall logs!
I need identity...
I have application info!
I need location & auth-group...
I have NBAR info!
I need identity...
I have location!
I need identity...
I have MDM info!
I need location...
I have app inventory info!
I need posture...
I have identity & device-type!
I need app inventory & vulnerability...
pxGrid Context
Sharing
Single Framework
Direct, Secured
Interfaces
For More Information
Inquiries regarding joining the pxGrid ecosystem may be sent to