A trifecta of ISE (Identity Services Engine) power is coming your way via DevNet
First, we have a brand-new ISE 3.1 sandbox.
Second, we have new learning labs that show you what you can do in the sandbox.
Third, and most importantly, we have a webinar coming up next week to go through all this exciting stuff.
Now before we go into the details of all of these items, it makes sense to talk about the new ISE release: version 3.1. Even though ISE has had APIs for a long time, the current release goes above and beyond the previous capabilities. In version 3.1, a new API is added which is built on top of the OpenAPI Specification (OAS). It now allows to configure policy sets, certificates and more! These were caveats in the previous APIs that have now been solved. Furthermore, to make it even easier than ever to use this new ISE API, a Python SDK and Ansible module have been released as well.
If you want to learn how to use this, then you should definitely come and join the webinar next week!
- Sign up here for the APJC webinar – July 7th 09:30 AM IST
- Sign up here for the AMER/EMEAR webinar – July 6th 08:00 AM PDT | 5:00 PM CET
DevNet sandbox and learning labs
Now we can cover more of the details of the DevNet sandbox and learning labs. The sandbox is created as such, that you will receive API access to a full ISE instance, together with an Active Directory, Radius Simulator and a “Dev Box”. This will allow for a real-life experience, without the chance of breaking anything in production. Use this for development and testing purposes, or just use this sandbox to learn alongside of the DevNet ISE Learning Labs. In these labs you will go through a variety of scenarios. Below is a high-level overview of what you will do:
- Enable the ISE APIs and configure Role-Based Access Control
- Use the new ISE OpenAPIs with the Swagger utility
- Install and use the ISE REST API collections in Postman
- Convert your Postman REST calls to Python scripts
- Install and use the new ciscoisesdk Python package
- Install and use Ansible including the new cisco.ise modules
- Configure an ISE deployment using Ansible playbooks
Are you as excited as we are about all of this news? Then register now to join us at next week’s webinars!
Learn more about Cisco ISE (Identity Services Engine)
We’d love to hear what you think. Ask a question or leave a comment below.
And stay connected with Cisco DevNet on social!
Twitter @CiscoDevNet | Facebook | LinkedIn
Visit the new Developer Video Channel
Chris, did you all happen to record the July session?
hi Josh, yes this was recorded, please check it out here: https://www.youtube.com/watch?v=V3dnEAcywZE
Hi Chris,
Does the current APIs for the cisco ISE support extracting its configuration using an API call e.g, getting the GUI banner message, Mnt Access Restriction config, Lockout policy, password policy config etc.
I have gone through the ERS API documentation for this and cant find anything supporting this as it covers mostly the control and management of Endpoint devices and not the cisco ISE itself.
I would like support or pointing in the right direction on how I can be able to extract the GUI configurations from the CISCO ISE successfully as we use this for config compliance checks.
Not everything in ISE can be addressed by an API unfortunately. We started with the ERS APIs to perform operations that customers do most frequently so they could be automated, scripted, or integrated with other tools. Many one-time or set-and-forget things have yet to be addressed with APIs. Most recently in ISE 3.1 we are addressing node provisioning but still do not have password policies, banners or even all identity stores like LDAP, SAML or ODBC covered by APIs. I expect we will keep adding things like this with each release.
The only option for checking the GUI configuration that I can think of would be to use a screen-scraping script (Python with Selenium, etc.) that literally logs into the ISE GUI, navigates to the desired page/panel and verifies checkbox settings, textfields, lists, etc. That may not be easy with some custom ISE GUI components.