The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Cisco ISE customers with an Advantage license can register their Cisco ISE deployment with Cisco pxGrid Cloud and use the applications listed in the offer.
The Cisco pxGrid Cloud and Cisco ISE integration workflow includes these steps:
Share data between your Cisco ISE deployment and a cloud application by completing these tasks:
To access the Cisco Catalyst Cloud Portal, go to https://dna.cisco.com.
Install and activate the Advantage license tier in your Cisco ISE deployment.
The pxGrid Cloud agent creates an outbound HTTPS connection to Cisco pxGrid Cloud. Therefore, you must configure Cisco ISE proxy settings if the customer network uses a proxy to reach the internet. To configure proxy settings in Cisco ISE, go to .
The Cisco ISE Trusted Certificates Store must include the root CA certificate required to validate the server certificate presented by Cisco pxGrid Cloud. Ensure that the Trust for Authentication of Cisco Services option is enabled for this root CA certificate. To enable Trust for Authentication of Cisco Services, go to .
Port 443 must be open for outbound connection from Cisco ISE to Cisco pxGrid Cloud portal. If firewall or proxy settings are configured, these URLs must not be blocked:
|
Step 1 |
In the Cisco ISE GUI, navigate to . |
||
|
Step 2 |
Select the node on which you want to enable the Cisco pxGrid Cloud service. |
||
|
Step 3 |
In the General Settings tab, enable the pxGrid service. |
||
|
Step 4 |
Check the Enable pxGrid Cloud check box.
|
|
Step 1 |
Go to https://dna.cisco.com. If you already have a Cisco account, skip to Step 4. |
||
|
Step 2 |
If you do not have a Cisco account, click Create a New Account. You don't need additional licenses or privileges to open a Cisco Catalyst Cloud Portal account. |
||
|
Step 3 |
Enter the required details in the Create Account window and click Register. A verification email is sent to the email address entered in the Create Account window. Check your verification email to complete the sign-in process. |
||
|
Step 4 |
Log in to the Cisco Catalyst Cloud Portal with your Cisco account. |
||
|
Step 5 |
Enter a name for your account and click Continue. |
||
|
Step 6 |
Verify your account profile details and click Create Account.
|
|
Step 1 |
In the Cisco Catalyst Cloud Portal home page, click Subscribe to Offer. |
||
|
Step 2 |
In the Set Up Your Subscription slide-in pane, from the Offer drop-down list, choose pxGrid Cloud. |
||
|
Step 3 |
From the Region drop-down list, choose the region of your choice. Cisco pxGrid Cloud is supported in the U.S., Europe, Asia Pacific, and Japan. |
||
|
Step 4 |
Check the General Terms check box and click Subscribe Offer. If you want to delete an offer, select the offer and click Delete.
|
|
Step 1 |
Go to https://dna.cisco.com/. |
||
|
Step 2 |
In the Cisco Catalyst Cloud Portal home page, click Register Cisco ISE. |
||
|
Step 3 |
In the Register Cisco ISE slide-in pane, enter the Cisco ISE server name and description. A one-time password (OTP) is generated. This OTP is valid for 30 minutes. Refer to Cisco pxGrid Cloud and Cisco ISE integration for more information. Enter the OTP in the Setup Connection page in Cisco ISE (under ).
|
After the pxGrid Cloud service is enabled, you must register your Cisco ISE deployment in Cisco pxGrid Cloud and generate an authentication token.
|
Step 1 |
In the Cisco ISE GUI, go to . |
|
Step 2 |
Click Setup Connection. |
|
Step 3 |
Enter the OTP in the Setup Connection page, and click Connect. Refer to Register Cisco ISE for instructions on how to obtain the OTP. The connection setup includes these steps:
|
To end the pxGrid Cloud connection, click Disconnect in the pxGrid Cloud Connection page. This disconnects the Cisco ISE deployment from Cisco pxGrid Cloud and ends the pxGrid Cloud agent on the Active node.
When the Cisco ISE deployment is connected to Cisco pxGrid Cloud, the pxGrid Cloud agent (called Hermes process) is listed in the output of the show application status ise CLI command.
To enable connectivity between a Cisco ISE deployment and Cisco pxGrid Cloud, the pxGrid Cloud option must be activated on one or two pxGrid nodes in the Cisco ISE deployment. If you have configured high availability for pxGrid nodes, one of the nodes acts as the Active node and the other acts as the Standby node. The Standby node assumes the role if the Active node fails.
Only the Active node establishes connection to Cisco pxGrid Cloud and handles the traffic between the Cisco ISE deployment and Cisco pxGrid Cloud. No other Cisco ISE node interacts with Cisco pxGrid Cloud.
The pxGrid Cloud agent acts as a bridge between Cisco ISE and Cisco pxGrid Cloud. A pxGrid Cloud application can subscribe to a pxGrid topic. The pxGrid Cloud agent in Cisco ISE learns about this subscription from Cisco pxGrid Cloud and establishes the actual subscription to the pxGrid service in Cisco ISE. When the agent receives a notification on the pxGrid topic, it forwards the notification to Cisco pxGrid Cloud over a logical channel dedicated to the pxGrid service. The pxGrid Cloud application can invoke ERS, pxGrid, and OpenAPIs within the Cisco ISE deployment. The pxGrid Cloud agent proxies a REST request from Cisco pxGrid Cloud to Cisco ISE, and returns the response to Cisco pxGrid Cloud.
Cisco ISE customers with a pxGrid Cloud subscription can register their deployment with Cisco pxGrid Cloud and use the applications in the offer. To do this, you must:
Acquire and activate the pxGrid Cloud subscription.
Enable the pxGrid Cloud service on one or two pxGrid nodes in the Cisco ISE deployment.
Register the Cisco ISE deployment with Cisco pxGrid Cloud (associating it with the subscription) and receive an authentication token.
Enter the authentication token in the Setup Connection page in Cisco ISE ().
This activates the pxGrid Cloud agent on the Active pxGrid node and establishes a connection between the Cisco ISE deployment and Cisco pxGrid Cloud.
Select a Cisco pxGrid Cloud application from the offer and associate it with the subscription. The application then has access to the Cisco ISE deployment.
You can register applications to your product based on your requirements. For example, you can create an app that can retrieve the session and endpoint data from Cisco ISE.
These applications can use the ERS, pxGrid, and OpenAPIs to exchange information with Cisco ISE. Refer to the Cisco pxGrid Cloud API Reference Guide for information on supported APIs.
Share data between your Cisco ISE deployment and a cloud application by completing these tasks:
|
Step 1 |
In the Cisco pxGrid Cloud Portal home page, go to the App Store. |
|
Step 2 |
Choose the required app in the App Store page and click Connect to App. An OTP is generated and remains valid for 60 minutes. |
|
Step 3 |
Navigate to the application URL and paste the OTP in the Enter Token field. For example, if you are connecting the DNA Spaces application, the OTP is used in DNA Spaces. |
You must register Cisco ISE and connect your app before activating the app.
|
Step 1 |
In the Cisco pxGrid Cloud Portal home page, go to the App Store, and click My Apps. |
||
|
Step 2 |
In the My Apps page, choose the app and click Activate product.
|
||
|
Step 3 |
Click Let's Do it. |
||
|
Step 4 |
In the Select an App page, choose the app from the App Name drop-down list and click Next. Details of the compatible products and supported regions are displayed below the app. |
||
|
Step 5 |
In the Select Product page, from the Product Type drop-down list, choose Cisco ISE and select your Cisco ISE server from the Product drop-down list. |
||
|
Step 6 |
In the Configure App for Product page, set the configuration for Cisco ISE. The scope options available for configuration depend on your specific app.
|
||
|
Step 7 |
In the Summary page, review your settings and click Activate App for Products. |
||
|
Step 8 |
Refresh the ISE Enrollment page in the app. |
||
|
Step 9 |
Select the activated Cisco ISE instance, click Connect, and click Accept. |
You can change the scopes that are configured for an app based on your requirements. Ensure that the scopes that you configure for the app on the Cisco pxGrid Cloud Portal match the chosen pxGrid services in Cisco ISE.
 Caution |
Deactivate an app to change data scopes after Cisco pxGrid Cloud integration. This also deletes any existing integrated app information that is currently shared with Cisco ISE. After deactivating the app, you can select the required scopes and reactivate the app through a new integration with Cisco pxGrid Cloud. |
|
Step 1 |
In the Cisco ISE GUI, go to . |
|
Step 2 |
In the pxGrid Services area, choose the required services from the list. You can enable one or more pxGrid services by clicking their names. |
|
Step 3 |
In the Cisco pxGrid Cloud Portal home page, go to the App Store and click My Apps. |
|
Step 4 |
In the Select an App page, choose the app from the App Name drop-down list. |
|
Step 5 |
In the Select Product page, from the Product Type drop-down list, choose Cisco ISE. |
|
Step 6 |
From the Product drop-down list, choose the Cisco ISE server. |
|
Step 7 |
In the Configure App for Product page, set the configuration for Cisco ISE. These scopes are available.
|
|
Step 1 |
In the Cisco ISE GUI, go to . |
|
Step 2 |
Check the check box next to the pxGrid node and click Edit. |
|
Step 3 |
Uncheck the Enable pxGrid Cloud check box. After disabling the Cisco pxGrid Cloud service in your Cisco ISE deployment, you can re-enable it when needed. |
Feedback