ISE pxGrid Direct with CMDBs
ISE TME Thomas Howard shows how to use Configuration Management Databases with ISE for authorization rules and profiles.
Topics:
00:00 Intro & Agenda
00:48 ISE User Endpoint Custom Attributes Webinar: • ISE Custom User & Endpoint Attributes
01:08 Why Custom Attributes?
02:38 ISE Endpoint Custom Attributes
03:14 Configuration Management Databases (CMDBs) and Configuration Items (CIs)
06:16 Cisco IT Device Registration Example
08:25 Poll: What CMDBs do you have that you want to integrate with ISE?
09:31 Service Now CMDB JSON Data Example
11:16 ISE 3.2 pxGrid Direct Feature Overview and Controlled Introduction
14:24 Demo: ISE pxGrid Direct in ISE 3.3
15:20 Demo: Create a pxGrid Direct Connector for a CMDB
18:55 Demo: CMDB as an ISE Data Dictionary
20:18 Demo: Context Visibility - pxGrid Direct Endpoints for CMDB CIs
21:28 Demo: ISE Authorization Profiles using CMDB Attributes for iPSK values
22:22 Demo: ISE Authorization Rules using CMDB Attributes
23:52 Demo: IOT MAB authentication of IOT endpoint in iPSK CMDB using EAPTest
26:46 Demo: ISE Configuration Change Audit Report for CMDBs
27:23 Demo: Live updates of Context Visibility - pxGrid Direct Endpoints for CMDB_100K
28:33 pxGrid Direct Scale
30:57 Internal vs External Databases Comparison for Custom Attributes
32:20 pxGrid Direct Connector REST API: https://cs.co/ise-api
32:48 Demo: ISE 3.2 Patch 2 importing 1 million Configuration Items
ISE 3.2 Patch 2 is available @ https://cs.co/ise-software
36:36 Question: What if a MAC address already added to the Unknown Endpoint Group? It depends on your policy sets and rule order.
37:48 Question: Will we get any alert or alarm if the CMDB did not import correctly? No alarm but it is recorded in the Audit Log.
39:36 Question: How is the attribute conflict handled with multiple CMDBs? Each CMDB is a separate, independent dictionary.
43:03 Question: If we purge the endpoints, should we exclude those from the CMDB? No, there is no exclusion for CMDB
45:06 Question: Are there any conditions that can be used to only pull certain endpoints into the local CMDB? No, you pull the entire table.
47:34 Question: Do we expect many devices could be deleted in ISE or is it tracking only devices learned from the connector? ISE tracks all devices requesting network access. The CMDB is a reference for correlating known endpoint data.
49:53 Question: Can we search by CMDB fields in LiveLogs? No, not today in LiveLogs or Search.
Watch video ISE pxGrid Direct with CMDBs online without registration, duration hours minute second in high quality. This video was added by user Cisco ISE - Identity Services Engine 08 May 2023, don't forget to share it with your friends and acquaintances, it has been viewed on our site 3,36 once and liked it 2 people.