I'd love to track configuration changes in Cisco ISE with NCM. Is this possible?
Will SolarWinds be working on any integrations with Cisco ISE? Since ACS is going away, seems like more people will be migrating to ISE.
I'm unaware of any place where SW is working on ISE integration. But you're asking in the right forum--just post the general question to SW via Thwack and you may have better luck than I.
What about the new Binary Configs feature? Since ISE devices can be set to backup via FTP, couldn't we just setup the Binary Config feature to pull them this way? I don't know a lot about ISE devices, so maybe this wouldn't work...
I'm looking for a way for NCM to actually request, download, store, compare, and restore ISE configurations in ways similar to that used to manage Cisco switches & routers.
I already have ISE automatically backing up it's configuration to a remote SCP server, but it's not the same as having NCM doing the work, performing the config change reports, running Compliance checks on the configs, etc.
No, I'm looking for the full NCM experience when it comes to managing any of my devices. I really like what NCM is doing, what it can do, and where it's going in the future. Anything less for backing up ISE is just a kluge that must be improved.
You mean like to have a script that SSH into ISE, captures a sh running-config and sh startup-config and update in NCM?
That's a good start. And the files need to be transferred securely, and stored in a format that NCM can compare current and prior configs. It's simple: anything NCM can do with a Cisco switch, I'd like it to do with ISE configurations.
For the moment, what I am considering:
I have two ISE nodes running. I have scheduled the Configuration and Opperational backups to be performed to the local ISE Server disks.
From that point on I can fetch all the configuration files directly from the servers local drive.
All files are accessible (run and startuo-config as well as the application configuration files).
Not sure if that is exactly what you are looking for but for me it works, until I can find an easier way
I think you might be confusing my need with what's traditional and possible.
I'm looking for a way to have NCM backup the ISE server's configuration, not the switch's configs after ISE has been applied.
Automatic download of the ISE appliance's configurations, and then performing scheduled configuration change reports of that configuration, is my goal.
I do already get the switches' running & startup config changes in reports. It's the ISE servers' configs & changes that I seek.
I guess you mean the Server Configuration and Operational Backups right?
I set those to be stored in the "Local_Disk" repository in the application "Backup & Restore".
At the repository I get something like:
l3ise-lux1/stns# sh repository Local_Disk
l3ise_ConfBCK_25_Jul_2017-CFG10-170725-1133.tar.gpg
l3ise_OperBCK_25_Jul_2017-CFG10-170725-1138.tar.gpg
These are the files that I then get with solarwinds.
I don't know if it is possible for solarwinds to interpret those files and determine which changes were made in terms of the application or operational status, but at least I always have an up to date backup of the server configurations.
Cheers
Interesting. How do you configure NCM and the ISE appliances to allow access & transfer files? A local user account? SCP?
For the moment I have configured an FTP acount with local user/pass.
We are now trying to automate the process via SNMP
The ISE config is something like this:
l3ise-lux1/stns#
repository <Repository Name>
url ftp://xxx.xxx.xxx.xxx
user xxxxx password hash xxxxxxxxxx
As long as the config and operational backup files are there, we can fetch them or upload them to Solarwinds
I never considered that as an option. On the other hand, the System Admins tend to lock us Network Analysts (and everyone else) out of these parts of their servers for safety's sake. The joys of silos.
