I spent the primary few years of my networking profession avoiding scripting. Regardless that I had studied programming in school, I preferred getting my palms soiled with CLI and didn’t see the necessity to make life difficult by messing with code. Then, after I got here again to Cisco in 2015, I used to be assigned to work on programmability and I used to be compelled to study APIs, Python, Ansible, and a number of different instruments that community engineers typically keep away from. I found that whereas community and safety engineers don’t should be coders, a strong understanding of scripting and automation is a necessity for us nowadays.
Cisco Id Companies Engine has supported APIs for the reason that 1.x days. I lately sat down with Thomas Howard, a technical advertising engineer targeted on ISE, to debate the capabilities of ISE APIs, and the way he makes use of them in immediately’s cloud-centric world. Our dialog is part of my Espresso with TMEs YouTube collection.
ISE has an API set known as ERS, which stands for “Extensible RESTful Companies”. ERS APIs let you script a number of the frequent features of the ISE GUI; for instance, configuring community gadgets, customers, and system teams. I personally as soon as used the ERS APIs in a Python script to learn all the configured SGTs (scalable group tags) from ISE. ERS APIs have been with ISE for years, and are well-known and effectively documented.
Fashionable ISE deployments pose new challenges that require further automation. For instance, ISE can presently be deployed in AWS. With ISE 3.2 (due for launch quickly), ISE may be deployed in Azure, GCP, and Oracle clouds as effectively. Mentioning an ISE deployment within the cloud requires provisioning the VM, doing the preliminary setup of ISE, and connecting again to the on-prem atmosphere. In some instances, this would possibly require interacting with a number of platforms and API programs! In Thomas’ instance, he wanted to provision his AWS VPC, deliver up a digital Meraki MX for VPN connectivity, provision the VPN, talk with the Meraki dashboard, and deploy his ISE occasion.
Should you’re afraid of studying Python, making direct REST API calls to a number of programs, and coping with totally different API codecs, Thomas says you may calm down. Ansible is a good provisioning resolution that permits you to outline all the parameters for the totally different programs in an easy-to-read YAML format. The Ansible modules will do the heavy lifting of calling the APIs appropriately. You may nonetheless be taught Python if it’s essential to enhance efficiency or parse operational knowledge obtained from APIs, however for a lot of, a software like Ansible will likely be sufficient.
If you wish to make the leap into programmability and APIs, Cisco has many instruments to supply. For ISE, I like to recommend conserving tabs on our YouTube channel, which has tons of content material on this and different ISE-related topics. For basic programmability, Cisco DevNet has assets from examples and pattern code to Studying Labs with sandboxes the place you may experiment. As all the time, the Cisco Reside library has plenty of nice shows.