This document discusses precautions related to OEM guided installation utilities.
There are no specific requirements for this document.
The information in this document is based on these software and hardware versions:
Any HPQ (Compaq), Dell, or IBM server approved for Cisco software
Any Cisco application reliant on Microsoft components (for instance, Internet Information Services (IIS))
Compaq Smart Start version 5.40 or later
Open Manage Server Assistant version 7.0.1 or later (Dell)
Server Guide version 6.0.8 or later (IBM)
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
For more information on document conventions, refer to the Cisco Technical Tips Conventions.
Cisco server vendor partners, that is, Hewlett-Packard Company, Dell Computer Corporation, and IBM Corporation, each publish a GUI-based program that assists in the initial software assembly of a working server from bare metal. It is convenient to conceive of these utilities as a form of guided installation utilities (GIUs).
| Server Vendor
|| Server Series
|| Software Assembly Program
|| Server Monitoring Application
| Hewlett-Packard (HPQ)
|| Smart Start
|| Insight Manager
|| Server Assistant
|| Open Manage Server Administrator
|| Server Guide
These multi-lingual GIUs are intended to ease the installation of an operating system and install necessary device, port, and mini-port drivers relevant to the particular target server hardware. These GIUs all support multiple operating systems, for example, Microsoft Windows 2000 Server and Linux variants. Only Microsoft Windows 2000 Server and Advanced server issues will be discussed in this Technical Note. These GIUs do not actually embed a version of any operating system within their media. Instead, they rely upon the installer to furnish operating system media at an appropriate time during execution of the utility. These original equipment manufacturers (OEMs) utilize a Microsoft utility named "SysPrep" (also known as Mini-Setup) to control and automate the actions of the Windows installation process through use of an "answer file".
The default installation of Microsoft Windows 2000 Server and Advanced Server installs a component that has been subject to very public security exploits. That component is IIS. Dell Computer has adopted a policy, beginning with Server Assistant version 7.0.1, of prohibiting default installation of IIS without manual installer consent as placed into the SysPrep answer file. HPQ and IBM have not yet followed suit, but may do so in the future. The absence of IIS in an instance of the Windows operating system will make impossible the correct operation of an installation of some Cisco applications, including, but not limited to Cisco Unity, Cisco Unity Bridge, and Cisco Personal Assistant. By default, Dell Server Assistant also prohibits a number of otherwise default Windows service/component installations. Conscious installer deviation from the OEM's guided installation defaults is now required to enable Cisco software installation success in a single pass.
As an additional security concern, OEMs publish and sell server monitoring application software that uses Simple Network Management Protocol (SNMP) traps for administrative notification. These applications are identified in the table above. Both HPQ and Dell now enable the Windows SNMP service by default during usage of Smart Start or Server Assistant, in preparation for the potential usage of their management products. Some Cisco customers may object to the enabling of the SNMP service without their knowledge during the build of a Cisco product based on an OEM server.
It is now more important than ever for an installer to be vigilant when using these OEM guided installation utilities. Merely pressing Enter to accept the answer file defaults that are scripted into these utilities is not acceptable.
The solutions to this problem are explained in detail below.
If any one or more of the following Windows services or components are required for the Cisco application, ensure that they are enabled during the interrogative portion of HPQ Smart Start, Dell Server Assistant, or IBM Server Guide use. The following are merely examples. Default installation by Windows of other services may be prohibited by these guided installation products. Take note of the utility's defaults during usage and compare against logical knowledge of the technical needs of the Cisco application that is to be installed on the target server.
IIS and IIS sub-components (SMTP, FTP, and so forth)
Microsoft Message Queuing Service (MSMQ)
Remote Storage Services
Windows Media Services
If the customer does not want SNMP, disable the default enabling of SNMP during the interrogative portion of HPQ Smart Start, Dell Server Assistant, or IBM Server Guide use, as applicable.