[ad_1]
I spent the primary few years of my networking profession avoiding scripting. Although I had studied programming in school, I appreciated getting my palms soiled with CLI and didn’t see the necessity to make life sophisticated by messing with code. Then, after I got here again to Cisco in 2015, I used to be assigned to work on programmability and I used to be compelled to find out about APIs, Python, Ansible, and a bunch of different instruments that community engineers usually keep away from. I found that whereas community and safety engineers don’t must be coders, a strong understanding of scripting and automation is a necessity for us nowadays.
Cisco Id Providers Engine has supported APIs for the reason that 1.x days. I lately sat down with Thomas Howard, a technical advertising engineer centered on ISE, to debate the capabilities of ISE APIs, and the way he makes use of them in immediately’s cloud-centric world. Our dialog is part of my Espresso with TMEs YouTube collection.
Determine 1. Cisco engineers Jeff McLaughlin and Thomas Howard focus on Id Providers Engine (ISE) within the cloud and APIs.
ISE has an API set referred to as ERS, which stands for “Extensible RESTful Providers”. ERS APIs assist you to script a few of the frequent capabilities of the ISE GUI; for instance, configuring community gadgets, customers, and gadget teams. I actually as soon as used the ERS APIs in a Python script to learn all the configured SGTs (scalable group tags) from ISE. ERS APIs have been with ISE for years, and are well-known and nicely documented.
Fashionable ISE deployments pose new challenges that require further automation. For instance, ISE can at the moment be deployed in AWS. With ISE 3.2 (due for launch quickly), ISE may be deployed in Azure, GCP, and Oracle clouds as nicely. Mentioning an ISE deployment within the cloud requires provisioning the VM, doing the preliminary setup of ISE, and connecting again to the on-prem surroundings. In some instances, this would possibly require interacting with a number of platforms and API techniques! In Thomas’ instance, he wanted to provision his AWS VPC, deliver up a digital Meraki MX for VPN connectivity, provision the VPN, talk with the Meraki dashboard, and deploy his ISE occasion.
For those who’re afraid of studying Python, making direct REST API calls to a number of techniques, and coping with totally different API codecs, Thomas says you may loosen up. Ansible is a superb provisioning resolution that lets you outline all the parameters for the totally different techniques in an easy-to-read YAML format. The Ansible modules will do the heavy lifting of calling the APIs appropriately. You possibly can nonetheless be taught Python if you could enhance efficiency or parse operational knowledge acquired from APIs, however for a lot of, a instrument like Ansible will likely be sufficient.
If you wish to make the leap into programmability and APIs, Cisco has many instruments to supply. For ISE, I like to recommend maintaining tabs on our YouTube channel, which has tons of content material on this and different ISE-related topics. For common programmability, Cisco DevNet has assets from examples and pattern code to Studying Labs with sandboxes the place you may experiment. As at all times, the Cisco Dwell library has numerous nice shows.
Completely happy scripting!
Share:
[ad_2]