Cisco pxGrid Cloud

Jason Kunst · ‎03-23-2022

Overview

Cisco pxGrid Cloud is a cloud-based solution that enables you to share contextual information between on-premises applications and cloud-based solutions without compromising the security of your network or requiring changes to your existing firewall. Cisco pxGrid Cloud was introduced with ISE 3.1 Patch 3. It is generally recommended to use the latest patch for your ISE release.

Get Started

Please follow the steps in the Cisco pxGrid Cloud Solution Guide. All developer reference material may be found in the Cisco pxGrid Cloud page in Cisco DevNet. You may now try our Cisco pxGrid Cloud Demo App in a Cisco dCloud lab to experience the basic connectivity and onboarding yourself.

Supported Features

The following functionality is supported with Cisco pxGrid Cloud in ISE 3.1 Patch 3 and later:

Both pxGrid and pxGrid Cloud integrations in the same ISE deployment
All Cisco pxGrid Topics for Context-Out (the publishing of topic data from ISE to partner applications)
Context-In (bulk endpoint creation) with endpoint API (ISE 3.1 Patch 5)
ISE ERS and Open APIs
Adaptive Network Control (ANC) Service
Currently only the US region is supported for app deployment. For additional regions, please contact the Cisco pxGrid Cloud Product Manager.

Unsupported Features

Not currently supported with pxGrid Cloud:

Bulk Update/Delete (ISE 3.1 patch 6 | ISE 3.2 Patch 1)
Bulk Download >1MB (ISE 3.1 patch 7 | ISE 3.2 Patch 2 | ISE 3.3)
RADIUS Change of Authorization (COA) re-profiling is not happening after an update (ISE 3.3)
Mobile Device Management (MDM)
ISE Monitoring (MNT) APIs
TC-NAC
IPv6 client for pxGrid Cloud communication

Supported Scale

A maximum of 5 ISE Deployments can be added to a pxGrid Cloud Tenant.
See the Performance and Scalability Guide for Cisco Identity Services Engine for all other ISE limits.

How to Access Cisco pxGrid Cloud APIs

Login to your ISE Primary Policy Administration Node (PAN)
In ISE, navigate to Administration > pxGrid Services > Client Management > pxGrid Cloud Connection and verify you are enrolled
In the pxGrid Cloud Policy page, confirm your settings for pxGrid topics and API settings (ERS and OpenAPIs)
Verify the correct scopes are enabled for sharing with any pxGrid Cloud-connected apps
Verify the Regional URL, Device ID and API key are correct in cURL command.
Use POST operation and include empty payload (‘{}’) – For pxGrid APIs only

Vendor Implementation notes

The following items should be at minimal part of your implementation and testing

Ability to receive notifications of a new ISE deployment being added or removed from a tenant
The echo services for health status checks are implemented and a status shown in vendor UI

The following tests should be done at minimum (working on a more extensive list). Make sure the systems is able to handle when the following happens:

Deactivate activate the app
Remove and add back in the ISE deployment (Disconnect ISE deployment under ISE pxGrid Cloud settings)
ISE system goes down (shutdown ISE)
pxGrid Cloud connection is severed

Troubleshooting

After connecting app it will become disconnected and won't reactivate - delete the app and reconnect to restore - 3.1p4
I am unable to activate the app (seen in logs as 403 error) - make sure the scopes you setup with the app are also allowed on ISE under admin > pxgrid services > Client Management > pxGrid Cloud Policy
Error 403 seen when making an API call : Verify your app is connected to the pxGrid Cloud tenant

Resources

Cisco pxGrid (https://cisco.com/go/pxgrid)
Cisco Security Technology Alliance (CSTA) (https://cisco.com/go/csta)
CSTA Partner Integration Details (https://cs.co/ise-eco-partners)
Cisco pxGrid Partner Integration Guide (https://cs.co/pxgrid-integration)
Cisco pxGrid FAQ (https://cs.co/pxgrid-faq)
Cisco DevNet
- Cisco pxGrid on DevNet (https://cs.co/pxgrid-devnet)
- Cisco ISE on DevNet (https://cs.co/ise-devnet)
GitHub Repositories
- Cisco pxGrid Client Software on GitHub (https://cs.co/pxgrid-github)
- pxGrid Python Examples (pip install pxgrid-util)