Cisco ISE APIs and Programmability


I spent the primary few years of my networking profession avoiding scripting.  Regardless that I had studied programming in faculty, I appreciated getting my arms soiled with CLI and didn’t see the necessity to make life sophisticated by messing with code.  Then, once I got here again to Cisco in 2015, I used to be assigned to work on programmability and I used to be compelled to find out about APIs, Python, Ansible, and a bunch of different instruments that community engineers usually keep away from.  I found that whereas community and safety engineers don’t must be coders, a stable understanding of scripting and automation is a necessity for us these days.

Cisco Identification Companies Engine has supported APIs for the reason that 1.x days.  I just lately sat down with Thomas Howard, a technical advertising engineer centered on ISE, to debate the capabilities of ISE APIs, and the way he makes use of them in immediately’s cloud-centric world.  Our dialog is part of my Espresso with TMEs YouTube sequence.

Cisco engineers Jeff McLaughlin and Thomas Howard discuss Identity Services Engine (ISE) in the cloud and APIs.
Determine 1. Cisco engineers Jeff McLaughlin and Thomas Howard talk about Identification Companies Engine (ISE) within the cloud and APIs.

ISE has an API set known as ERS, which stands for “Extensible RESTful Companies”.  ERS APIs mean you can script a number of the frequent capabilities of the ISE GUI;  for instance, configuring community gadgets, customers, and system teams.  I personally as soon as used the ERS APIs in a Python script to learn the entire configured SGTs (scalable group tags) from ISE.  ERS APIs have been with ISE for years, and are well-known and properly documented.

Trendy ISE deployments pose new challenges that require extra automation.  For instance, ISE can presently be deployed in AWS.  With ISE 3.2 (due for launch quickly), ISE could be deployed in Azure, GCP, and Oracle clouds as properly.  Mentioning an ISE deployment within the cloud requires provisioning the VM, doing the preliminary setup of ISE, and connecting again to the on-prem atmosphere.  In some circumstances, this would possibly require interacting with a number of platforms and API methods!  In Thomas’ instance, he wanted to provision his AWS VPC, carry up a digital Meraki MX for VPN connectivity, provision the VPN, talk with the Meraki dashboard, and deploy his ISE occasion.

In the event you’re afraid of studying Python, making direct REST API calls to a number of methods, and coping with completely different API codecs, Thomas says you’ll be able to calm down.  Ansible is a superb provisioning resolution that means that you can outline the entire parameters for the completely different methods in an easy-to-read YAML format.  The Ansible modules will do the heavy lifting of calling the APIs appropriately.  You’ll be able to nonetheless be taught Python if it is advisable to enhance efficiency or parse operational information obtained from APIs, however for a lot of, a software like Ansible might be sufficient.

If you wish to make the leap into programmability and APIs, Cisco has many instruments to supply.  For ISE, I like to recommend holding tabs on our YouTube channel, which has tons of content material on this and different ISE-related topics.  For basic programmability, Cisco DevNet has assets from examples and pattern code to Studying Labs with sandboxes the place you’ll be able to experiment.  As all the time, the Cisco Dwell library has various nice displays.

Joyful scripting!



Please enter your comment!
Please enter your name here