Integrate the Illumio PCE with IBM i running Precisely Assure Security
Note
For the most up-to-date information about configuring Precisely Assure Security for this integration, see the Precisely document Commands for the Assure SAM integration with Illumio.
This topic describes how to integrate IBM i system(s) running Precisely Assure Security with your Illumio PCE. This integration differs from the typical switch integration in the following ways:
Although the IBM i is not a switch, this integration uses the PCE switch integration user interface to perform the integration.
Instead of generating ACLs as you would do when integrating a switch, you'll generate a Precisely-formatted CSV file to configure relevant policy on your IBM i system that is running Precisely.
Flow information is collected by Assure Security and sent to the Illumio Flowlink server (see Illumio Flowlink Configuration and Usage Guide).
Add Unmanaged Workloads and IBM i Definitions
To create a security policy, add unmanaged workloads representing each IBM i system included in the PCE policy. A set of csv data is generated for each configured IBM i unmanaged workload. To define the IBM i system and the workloads attached to them as unmanaged workloads in the PCE web console, complete the following steps:
Log into the PCE web console.
Define the IBM i system as unmanaged workloads by adding an unmanaged workload through the PCE. You will associate these unmanaged workloads with their IBM i Precisely integration later. (For more about adding unmanaged workloads, see Adding Unmanaged Workloads in the Security Policy Guide.
Note
The workload name must be the IBM i system name in upper-case.
Illumio Core release 22.5 and earlier: Go to Workloads and VENs > Workloads . . . click Add > Add Unmanaged Workload
Illumio Core release 23.2 and later: Go to Servers & Endpoints > Workloads. . . click Add > Add Unmanaged Workload
Define the IBM i integration and associated workloads in the PCE by going to Infrastructure > Switches.
Click +Add.
Enter details:
NEN hostname: This field is populated with the FQDNs of the NENs paired with your organization's PCE. Select the appropriate NEN.
Description: This field is populated with "Illumio Network Enforcement Node" and the FQDN of the NEN. You cannot edit this field.
Switch Name: Enter a unique name that's easy to remember.
Switch IP: IP address of the IBM i system.
Manufacturer: Select IBM.
Model: Select Precisely.
Click Save.
Click Interfaces.
Click Edit and then enter details:
Total Interfaces: 1
Interface 1: Enter a name, such as interface 1.
Workloads: Select the unmanaged workload representing the appropriate IBM i system. Only workloads assigned to the IBM i system interfaces are secured. You can attach one or more workloads to an interface.
Monitor Traffic: Ignore this setting. It doesn't apply to this integration.
Click Save.
Note
If your unmanaged IBM i system has two or more network interfaces, the generated ACL file will include duplicate entries for Inbound Rules, one pair of entries for each interface. This is expected behavior.
Fields in the PCE web console > Infrastructure > Switches > Add Switch page:
