You can use Cisco pxGrid to share the context-sensitive information from Cisco ISE session directory with other network systems
such as Cisco ISE ecosystem partner systems and other Cisco platforms. The pxGrid framework can also be used to exchange policy
and configuration data between nodes like sharing tags and policy objects between Cisco ISE and third-party vendors, and for
other information exchanges. Cisco pxGrid also allows third-party systems to invoke adaptive network control actions (EPS) to quarantine users or devices or both in response to a network or security event. The Cisco TrustSec information like tag
definition, value, and description can be passed from Cisco ISE via Cisco TrustSec topic to other networks. The endpoint profiles
with Fully Qualified Names (FQNs) can be passed from Cisco ISE to other networks through an endpoint profile meta topic. Cisco
pxGrid also supports bulk download of tags and endpoint profiles.
You can publish and subscribe to SXP bindings (IP-SGT mappings) through Cisco pxGrid. For more information about SXP bindings,
see Security Group Tag Exchange Protocol.
In a high-availability configuration, Cisco pxGrid servers replicate information between the nodes through the PAN. When the
PAN goes down, the Cisco pxGrid server stops handling the client registration and subscription. You need to manually promote
the PAN for the Cisco pxGrid server to become active.
On the active Cisco node that has the pxGrid persona, these processes show as Running. On the standby Cisco pxGrid node, they show as Standby. If the active pxGrid node goes down, the standby pxGrid node detects this, and starts the four pxGrid processes. Within
a few minutes, these processes show as Running, and the standby node becomes the active node. You can verify whether the Cisco pxGrid service is in standby on that node
by running the CLI command show logging application pxgrid/pxgrid.state.
For XMPP (Extensible Messaging and Presence Protocol) clients, Cisco pxGrid nodes work in active-standby high availability
mode which means that the Cisco pxGrid Service is in Running state on the active node and in Disabled state on the standby
After the automatic failover to the secondary Cisco pxGrid node is initiated, if the original primary Cisco pxGrid node is
brought back into the network, the original primary Cisco pxGrid node will continue to have the secondary role and will not
be promoted back to the primary role unless the current primary node goes down.
At times, the original primary Cisco pxGrid node might be automatically promoted back to the primary role.
In a high availability deployment, when the primary Cisco pxGrid node goes down, it might take around three to five minutes
to switchover to the secondary Cisco pxGrid node. It is recommended that the client waits for the switchover to complete,
before clearing the cache data just in case the primary Cisco pxGrid node fails.
The following logs are available for the Cisco pxGrid node:
pxgrid.log: State change notifications.
pxgrid-cm.log: Updates on publisher or subscriber or both and data exchange activity between the client and the server.
pxgrid-controller.log: Displays the details of client capabilities, groups, and client authorization.
pxgrid-jabberd.log: All logs related to system state and authentication.
pxgrid-pubsub.log: Information related to publisher and subscriber events.