Guest

Cisco Configuration Engine

Cisco Configuration Engine 3.0

  • Viewing Options

  • PDF (312.1 KB)
  • Feedback
The Cisco® Configuration Engine provides a unified, secure solution for automating the deployment of Cisco customer premises equipment (CPE). This scalable product distributes device and service configuration files and software images to one device or a group of devices, thereby reducing operating costs and deployment time to enable new services and customers.
The Cisco Configuration Engine is a highly scalable software application running on a Solaris or Linux server; with this application you can manage your CPE devices, including Cisco routers, Cisco switches, and Cisco PIX® devices. Cisco Configuration Engine is accessible through a web-based GUI or web services such as XML and Simple Object Access Protocol (SOAP).
Service provider and large enterprise customers face similar challenges of deploying and managing large volumes of network devices. This complexity is further increased when they introduce managed services such as unified communications, security, and VPNs. Traditionally, customers deploy management products from hardware vendors, which often do not meet operational challenges for managing the service-oriented network.
The Cisco Configuration Engine architecture addresses your operational concerns such as scalability, performance, programmatic interfaces, and the flexibility to customize CPE deployments to meet your business and operation requirements. Adapting to standards-based web and networking technologies, the Cisco Configuration Engine supports a highly scalable, available, distributed, and fault-tolerant architecture, allowing you to customize core components to meet your requirements. Figure 1 shows a high-level overview of a fault-tolerant, distributed Cisco Configuration Engine implementation.
Cisco IOS® Software devices connect to the Cisco Configuration Engine through persistent and secure TCP connections over Secure Sockets Layer (SSL), facilitating the distribution of device and service configuration to thousands of devices in minutes. The Cisco Configuration Engine is shipped with all the necessary software components and an embedded data repository to quickly begin managing devices. As shown in Figure 1, when managing large volumes of Cisco devices you can adapt a distributed, highly available, fault-tolerant architecture with no single point of failure.
In this scenario, all Cisco Configuration Engines can share a common external data repository, which you can duplicate for redundancy. Because Cisco IOS Software devices connect to the Cisco Configuration Engine through persistent TCP connections, a Cisco Configuration Engine failure will lead to a loss of connectivity. You can optionally deploy a Cisco Content Switching Module to load balance Cisco IOS Software device connections and then configure the switch to move the connections to another Cisco Configuration Engine appliance if failure occurs.

Figure 1. High-Level Overview of a Cisco Configuration Engine Implementation

What's New in Cisco Configuration Engine 3.0?

• Solaris 10 and Red Hat 4.0 support

• Increased scalability up to 30,000 devices on a single Cisco CE server

• Cisco Validated Designs for high availability and scalability with multiple Cisco CEs

• Refreshed product collateral and end-customer documentation

• Certification on latest Sun hardware

• Several customer requested featurettes and maintenance bugs

Primary Features and Benefits

The Cisco Configuration Engine automates the configuration of Cisco devices during initial deployments and in subsequent reconfigurations. This complete, automatic device deployment and configuration solution relieves service providers and large enterprise customers of the need to send technicians to customer sites, affording the customers fast activations for new services. Network administrators who manage large networks can also take advantage of the solution to distribute configurations, IP Security (IPSec) keys, passwords, and so on to a device or to groups of devices.
Key features of the Cisco Configuration Engine are discussed in the following sections.

Configuration and Image Services

The Cisco Configuration Engine supports configuration and software image and file distribution services. You can choose one device or a group of devices to distribute device and service configurations, provide policy-based distribution and activation of software images, or distribute files such as signature definition files (SDFs) for security. Some highlights include:

• Secure Zero-Touch Deployment of services and software image

• Secure policy-based distribution of configurations, software images, SDFs, and Cisco Unified Communications Manager Express feature scripts to one device or a group of devices

• E-page or email message notification after successful completion or failure of configuration updates and image distribution and activation

• Concept of batch size to enable you to update thousands of devices but limit the number of simultaneous updates

• State information to monitor and update the outcome of service requests

• Policy-based image distribution and activation to validate device resources before upgrading software images

Web-Based GUI

The Cisco Configuration Engine supports an intuitive, task-oriented, feature-rich, web-based GUI. In addition to standard features such as a hierarchical view, groups, jobs, log files, device cloning, bulk upload tool, and a scheduler, the Cisco Configuration Engine includes advanced features such as job customization, policy-based creation of dynamic virtual groups, and support for both embedded and external data repositories.

Velocity Template Engine

The Cisco Configuration Engine supports the Velocity Template Engine, a widely used tool from Apache. The Velocity Template Engine enables you to develop your own scripts, implementing logic to generate and validate configurations dynamically through interaction with devices. Primary benefits of using this tool include:

• User customization based on device configuration and service activation requirements

• Support for Java, Perl, Expect, and other scripting tools

• Dynamic configuration generation that you can do through interaction with the device

• Workflow control to enable you to complete multiple jobs

• Ability for you to develop and plug in scripts to validate device attributes entered by network-operations-center (NOC) personnel

• Support for scripts to autopopulate attribute values retrieved from a customer's data repository

Web Services

If you prefer to integrate programmatically, the Cisco Configuration Engine offers a rich set of application programming interfaces (APIs) based on web services (XML and SOAP). The Cisco Configuration Engine adapts to industry-standard web and Internet protocols, reducing the complexity of integration, and it supports secure communication based on HTTPS and SSL between your application and the Cisco Configuration Engine. Web services are available for configuration, image, and administrative services. The immediate benefits of integrating with the Cisco Configuration Engine using web services include:

• HTTPS and SSL communication between your application and the Cisco Configuration Engine is secure.

• Flexibility and ease of integration reduce the cost of implementation.

• XML and SOAP Web Services Description Language (WSDL) is available for administrative, configuration, and image services; you can access all features supported from the web GUI programmatically through web services.

• There is no dependency on the operating system; the API is standards-based.

Device Development Module

Devices not enabled with embedded Cisco IOS Software agents are supported using an embedded gateway module, so you can develop and register your own device adapters. This module allows you to communicate with and manage devices not supported by the Cisco Configuration Engine.

Data Repository

The Cisco Configuration Engine supports an embedded data repository. You can map to an external Lightweight Directory Access Protocol (LDAP) directory at setup. You also can duplicate an external directory to support a redundant data repository in case of failure.

Security

Security is your most important concern. The Cisco Configuration Engine security implementation includes the following:

• Cisco IOS Software devices connect to the Cisco Configuration Engine through SSL, and all communication happens over an encrypted link.

• Prior to accepting any change request, Cisco IOS Software devices validate the public key from the Cisco Configuration Engine through Cisco IOS Software trust points.

• If you use web services you can connect to the Cisco Configuration Engine securely over SSL.

Table 1 lists the features and benefits of the Cisco Configuration Engine 3.0. Table 2 lists supported devices.

Table 1. Features and Benefits of Cisco Configuration Engine

Features

Benefits

Support for CPE Devices Using SSL Transport

This scalable solution enables large-scale secure deployment and management of Cisco CPE over SSL and allows you to reduce deployment costs and service turn uptime.

Zero-Touch Deployment

Time to implement new services is significantly reduced by eliminating staging and manual processes.
This common solution supports all Cisco IOS Software CPE across multiple access technologies (leased line, Frame Relay, ATM, cable, DSL, Ethernet, and modem).
With this scalable solution you can implement services such as IP telephony, VPNs, firewalls, and so on.

Web-Based GUI

The feature-rich web GUI allows you to use the product out of the box.
The solution offers a configuration or image update to one group or group of devices.

Velocity Template Engine

The engine is customizable to meet your business and operation requirements.
The engine supports scripting languages (Java, Perl, and so on).
With the engine you can control work flow.

Configuration Services

You can update the configuration to one device or a group of devices.
You can configure email or e-page message notification of outcome.
Configuration changes are delivered to thousands of devices successfully in minutes rather than hours.

Image Services

The solution offers policy-based validation of device resources.
The solution supports devices behind the firewall or devices that use dynamic IP addresses.
You can configure email or e-page message notification of outcome.

Web Services

XML and SOAP WSDL are available for all features supported from the web GUI.
Communication between your application and the Cisco Configuration Engine is secure.
Implementation is easy.

Device Module Development

Southbound APIs support your scripts to communicate to devices.
The solution is protocol-independent (Simple Network Management Protocol [SNMP], HTTP, Secure Shell [SSH] Protocol, Perl, and so on).

Support for Zero-Touch Deployment Feature in Cisco PIX Devices, Incremental Configuration Updates, and Image Distribution

Deployment cost and time are reduced.
Productivity is improved.
Software image upgrades are scalable.
Network management is simplified.

Table 2. Devices Supported

Cisco IOS Software Platform

Access Routers

Cisco 1900, 2900 and 3900 ISR G2 Routers
* Cisco 800 Series Integrated Services Routers
Cisco 1800 Series Integrated Services Routers
Cisco 2800 Series Integrated Services Routers
Cisco 3200 Series Rugged Integrated Services Routers
Cisco 3800 Series Integrated Services Routers
Cisco SOHO 70 and SOHO 90 Series Routers
Cisco 1700 Series Modular Access Routers
Cisco 2600 Series Multiservice Platforms
Cisco 3600 Series Multiservice Platforms
Cisco 3700 Series Multiservice Access Routers
Cisco Unified Communications 500 Series for Small Business
* Cisco 500 Series Secure Routers

Gateways

Cisco AS5300 Series Universal Gateways
Cisco AS5400 Series Universal Gateways
Cisco AS5800 Series Universal Gateways
Cisco IAD2400 Series Integrated Access Devices
* Cisco IAD880 Series

Access and Metropolitan Switches

Cisco Catalyst® 2950 Series Switches
Cisco Catalyst 2960 Series Switches
Cisco Catalyst 3550 Series Switches
Cisco Catalyst 3560 Series Switches
Cisco Catalyst 3560-E Series Switches
Cisco Catalyst 3750 Series Switches
Cisco Catalyst 3750-E Series Switches
Cisco Catalyst 4500 Series Switches
Cisco ME 3400 Series Ethernet Access Switches
Cisco ME 3400E Series Ethernet Access Switches
Cisco ME 3750 Metro Series Switches
Cisco ME 4900 Series Ethernet Switches
* Cisco Catalyst 6500 Series Switches

Aggregation and Core Routers

Cisco 7200 Series Routers
Cisco 7300 Series Routers
Cisco 7500 Series Routers
Cisco ASR 1000 Series Aggregation Services Routers
Cisco 7600 Series Routers
Cisco 10000 Series Routers
Cisco 10700 Series Routers
* Cisco 12000 Series Routers

Mobile Wireless Routers

Cisco MWR 1900 Mobile Wireless Routers
* Cisco MWR 2900 Mobile Wireless Routers

The Cisco Configuration Engine supports the following platforms through SSH embedded in the Cisco Configuration Engine:

• Cisco IOS Software devices

• Cisco Catalyst OS devices

• Cisco CSS 11000 Series Content Services Switches

• Cisco VPN 3000 Series Concentrators

• Cisco access points

• Cisco PIX devices

Note: For Zero-Touch Deployment using Cisco Configuration Engine, please ensure the ISR and ISR G2 routers are ordered with the option of no configuration. Please use ISR-CCP-EXP-NOCONF or ISR-CCP-CD-NOCONF option when ordering ISR G2 1900, 2900 and 3900 routers; use CCP-EXPRESS-NOCF or CCP-CD-NOCF option when ordering ISR 800, 1800, 2800 and 3800 routers.

Table 3 gives the system requirements of Cisco Configuration Engine.

Table 3. Cisco Configuration Engine System Requirements

Linux Platform (Red Hat v4.0)

Solaris Platform (Solaris 10)

Recommended hardware for 20,000 devices:

Intel Xeon processors 4 @ 2.33 GHz
4-GB RAM
Hard Drive: 72-GB

Recommended hardware for 30,000 devices:

Sun T1000, 8 core, 1.0 GHz UltraSPARC T1 Processor
16-GB RAM
Hard Drive: 146 GB, 10K RPM SAS drive

Minimum hardware for 5,000 devices:

CPU: Intel Pentium III
1-GB RAM
Hard Drive: 40 GB

Minimum hardware for 10,000 devices:

CPU: Sun Sparc
1-GB RAM
Hard Drive: 40 GB

Ordering Information

To place an order, visit the Cisco Ordering Home Page and refer to Table 4.

Table 4. Ordering Information for Cisco Configuration Engine 3.0

Product Name

Part Number

Configuration Engine 3.0 Media Kit

CE-3.0-KIT-K9

Configuration Engine 3.0 RTU for 100 Devices

CE-3.0-RTU-100

Configuration Engine 3.0 RTU for 1000 Devices

CE-3.0-RTU-1000

Configuration Engine 3.0 RTU for 10000 Devices

CE-3.0-RTU-10000

Configuration Engine 3.0 Developers Kit

CE-3.0-SDK

Configuration Engine 2.0-3.0 Media Kit Upgrade

CE-3.0-KIT-U-K9

Configuration Engine 2.0-3.0 RTU Upgrade for 1000 Devices

CE-3.0-RTU-10000U

Configuration Engine 2.0-3.0 RTU Upgrade for 10000 Devices

CE-3.0-RTU-10000U

Configuration Engine 2.0-3.0 Developers Kit Upgrade

CE-3.0-SDK-U

Table 5. Ordering Information for Cisco Configuration Engine 3.0 Support

Product Name

Part Number

SP SAS Config Engine 3.0 Media Kit

SP-SAS-CE3KITK9

SP SAS Config Engine 3.0 Developers Kit

SP-SAS-CE3SDK

SP SAS Config Engine 3.0TRU for 10K devices

SP-SAS-CE3RTU10

SP SAS Config Engine 3.0TRU for 100 devices

SP-SAS-CE3RTU1H

SP SAS Config Engine 3.0TRU for 1000 devices

SP-SAS-CE3RTU1K

SP SAS Config Engine 2.0-3.0 Upgrade Media Kit

SP-SAS-CE3KTUK9

SP SAS Config Engine 2.0-3.0 Upgrade for 10K devices

SP-SAS-CE3R10KU

SP SAS Config Engine 2.0-3.0 Upgrade for 1K devices

SP-SAS-CE3RT1KU

SP SAS Config Engine 2.0-3.0 Upgrade Developers Kit

SP-SAS-CE3SDKU

SW App SUPP Config Engine 3.0 Media Kit

CON-SAS-CE3KITK9

SW App SUPP Config Engine 3.0 Developers Kit

CON-SAS-CE3SDK

SW App SUPP Config Engine 3.0 for 10K devices

CON-SAS-CE3RTU10

SW App SUPP Config Engine 3.0 for 100 devices

CON-SAS-CE3RTU1H

SW App SUPP Config Engine 3.0 for 1000 devices

CON-SAS-CE3RTU1K

SW App SUPP Config Engine 2.0-3.0 Media Kit Upgrade

CON-SAS-CE3KTUK9

SW App SUPP Config Engine 2.0-3.0 Upgrade for 1K devices

CON-SAS-CE3RT1KU

SW App SUPP Config Engine 2.0-3.0 Upgrade for 10K devices

CON-SAS-CE3R10KU

SW App SUPP Config Engine 2.0-3.0 Developers Kit Upgrade

CON-SAS-CE3SDKU


* The SP part numbers are applicable to service providers and the CON part numbers are applicable to enterprises.

Service and Support

Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services can help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business.
For more information about Cisco services, refer to Cisco Technical Support Services or Cisco Advanced Services.

For More Information

For more information about the Cisco Configuration Engine, visit http://www.cisco.com/en/US/products/sw/netmgtsw/ps4617/index.html or contact your local Cisco account representative.