Cisco ISE APIs and Programmability

I spent the primary few years of my networking profession avoiding scripting.  Although I had studied programming in school, I favored getting my palms soiled with CLI and didn’t see the necessity to make life sophisticated by messing with code.  Then, after I got here again to Cisco in 2015, I used to be assigned to work on programmability and I used to be pressured to study APIs, Python, Ansible, and a number of different instruments that community engineers usually keep away from.  I found that whereas community and safety engineers don’t must be coders, a stable understanding of scripting and automation is a necessity for us nowadays.

Cisco Identification Companies Engine has supported APIs because the 1.x days.  I lately sat down with Thomas Howard, a technical advertising and marketing engineer centered on ISE, to debate the capabilities of ISE APIs, and the way he makes use of them in at present’s cloud-centric world.  Our dialog is part of my Espresso with TMEs YouTube collection.

ISE has an API set referred to as ERS, which stands for “Extensible RESTful Companies”.  ERS APIs assist you to script a number of the widespread capabilities of the ISE GUI;  for instance, configuring community units, customers, and gadget teams.  I personally as soon as used the ERS APIs in a Python script to learn the entire configured SGTs (scalable group tags) from ISE.  ERS APIs have been with ISE for years, and are well-known and nicely documented.

Fashionable ISE deployments pose new challenges that require further automation.  For instance, ISE can at present be deployed in AWS.  With ISE 3.2 (due for launch quickly), ISE may be deployed in Azure, GCP, and Oracle clouds as nicely.  Mentioning an ISE deployment within the cloud requires provisioning the VM, doing the preliminary setup of ISE, and connecting again to the on-prem atmosphere.  In some instances, this would possibly require interacting with a number of platforms and API programs!  In Thomas’ instance, he wanted to provision his AWS VPC, carry up a digital Meraki MX for VPN connectivity, provision the VPN, talk with the Meraki dashboard, and deploy his ISE occasion.

If you happen to’re afraid of studying Python, making direct REST API calls to a number of programs, and coping with completely different API codecs, Thomas says you may chill out.  Ansible is a good provisioning answer that permits you to outline the entire parameters for the completely different programs in an easy-to-read YAML format.  The Ansible modules will do the heavy lifting of calling the APIs appropriately.  You’ll be able to nonetheless study Python if it’s essential enhance efficiency or parse operational information acquired from APIs, however for a lot of, a device like Ansible shall be sufficient.

If you wish to make the leap into programmability and APIs, Cisco has many instruments to supply.  For ISE, I like to recommend conserving tabs on our YouTube channel, which has tons of content material on this and different ISE-related topics.  For normal programmability, Cisco DevNet has assets from examples and pattern code to Studying Labs with sandboxes the place you may experiment.  As at all times, the Cisco Dwell library has plenty of nice displays.

Pleased scripting!

Share: