Make sure you are running the PxGrid service on at least one ISE node. The PxGrid service is enabled under Administration > Deployment > [Node] > Check off pxGrid.
This is optional, but I typically enable the automatic approval of certificate-based accounts. This saves some time and hassle when using new PxGrid clients that you've already generated certificates for.
Administration > PxGrid Service > Settings tab > Automatically approve new certificate-based accounts
PxGrid requires a certificate for authentication of both the client and the server. You will need to generate a certificate for your node app to use for pxGrid connectivity. This can be done Administration > pxGrid Services > Certificates tab. You can use the following settings (use a name that you want for your node app in place of my-node-app).
Click Create and you will download the new certificate in a ZIP file. In this archive, you will have the certificate and key file for your new client, as well as the individual certificates in the trust chain for your certificate. From this, we only need out certificate and key. These should be in the format my-node-app.cer and my-node-app.key. Store the individual files in a relevant directory to your node app (e.g. ./certs/). We will get the Root CA Chain later in a single-file bundle.
Next, we want to download the root certificate chain in a single-file bundle. You can do this from the same screen as above, but by selecting I want to.. set to Download Root Certificate Chain. This should give you a zip file that contains a .cer file with the CA bundle. Move this file into the relevant directory for your node app, as well.
I typically do this in a dedicated file and import it into my app:
const fs = require('fs');
certs = [];
certs.certPath = './certs/';
certs.clientCert = fs.readFileSync(certs.certPath + 'my-node-app.cer');
certs.clientKey = fs.readFileSync(certs.certPath + 'my-node-app.key');
certs.caBundle = fs.readFileSync(certs.certPath + 'ise-chain.cer');
module.exports = certs;Of course, you can do this in your app directly, or however you want. The key thing to note is that the files should be read into the app, and passed to a PxGridControl module. If just referencing a path to the certificate files, it will not work.
const Pxgrid = require('pxgrid-node');
const certs = require('./certs.js');
// Rest of your code..Please review the README for more detail on using the module itself.
Note: this step is required if you want to publish endpoint asset information to ISE via your pxGrid client. Otherwise, this is optional. Profiling, as well as pxGrid, requires the use of a Plus license, and requires the Profiling Service to be enabled on your Policy Service node(s).
If you want publish asset information into ISE via pxGrid, you will need to configure the ISE Policy Service Node(s) (PSNs) in your deployment to use the pxGrid profiler probe. This enables the PSNs to subscribe to the Endpoint Asset topic. This is not on by default.
To enable the probe, go to Administration > System > Deployment. This will show all of the nodes in your deployment. Click on all nodes running the Policy Service persona in your deployment. Click on the Profiling Configuration tab. Check of the option pxGrid.
Note that this is different than enabling the pxGrid persona on a node as we did in the beginning of this guide.
Since we've setup ISE to auto-approve new certificate-based accounts, we should just need to run the app.
$ node anc_subscriber.pyNow that the client has been activated, we should see it in our pxGrid dashboard (Administration > pxGrid Services > All Clients tab).
All pxGrid 2.0, which this module is built on, clients will show up in the Web Client tab of the pxGrid dashboard (Administration > pxGrid Services > Web Clients tab) with information on their subscribing/publishing topics, as well.
