User Guide for the Cisco Application Networking Manager 5.2.2
Downloads: This chapterpdf (PDF - 139.0 KB) The complete bookPDF (PDF - 28.37 MB) | Feedback


Table Of Contents


Cisco Application Control Engine, available as a module that resides in a Cisco Catalyst 6500 series chassis, Cisco 7600 series router, or as a standalone appliance. The ACE offers high-performance server load balancing (SLB), routing and bridging configuration, traffic policies, redundancy (high availability), virtualization for resource management, SSL, security features, and application acceleration and optimization.
Access Control List. A mechanism in computer security used to enforce privilege separation. An ACL identifies the privileges and access rights a user or client has to a particular object, such as a server, file system, or application.
Places an entity into the resource pool for load balancing content requests or connections and starts the keepalive function. See also suspend.
administrative distance
The first criterion a router uses to determine which routing protocol to use if two protocols provide route information for the same destination. Administrative distance is a measure of the trustworthiness of the source of the routing information. Administrative distance has only local significance, and is not advertised in routing updates.
The smaller the administrative distance value, the more reliable the protocol. The values range from 0 (zero) for a connected interface and 1 for a static route, to 255 for an unknown protocol.
Advanced Encryption Standard. One of the possible encryption algorithms available for use in SNMP communications.
ANM Mobile
ANM feature that allows supported mobile devices to access to your ANM server or ANM Virtual Appliance and manage the network objects in much the same way you do from an ANM client. Using a mobile device, you can run ANM Mobile as a native application (app) or inside the mobile device browser.
ANM server
Dedicated server with ANM server software and Red Hat Enterprise Linux (RHEL) operating system installed on it.
ANM Virtual Appliance
VMware virtual appliance with ANM server software and Cisco Application Delivery Engine Operating System (ADE OS) installed on it. Cisco distributes ANM Virtual Appliance in Open Virtual Appliance (.OVA) format.
Address Resolution Protocol. Internet protocol used to map an IP address to a MAC address. Defined in RFC 826.

building block
Reusable configuration attributes that can be applied to virtual contexts for consistent, standardized implementation.
Bridge-Group Virtual Interface. Logical Layer 3-only interface associated with a bridge group when integrated routing and bridging (IRB) is configured.


Cisco CallManager. A Cisco product that provides the software-based, call-processing component of the Cisco IP Telephony Solutions for the Enterprise, part of Cisco AVVID (Architecture for Voice, Video, and Integrated Data). CallManager acts as a signaling proxy for call events initiated over other common protocols such as SIP, ISDN (Integrated Services Digital Network), or MGCP (Media Gateway Control Protocol).
certificate chain
A certificate chain is a hierarchal list of certificates used in SSL that includes the subject's certificate, the root CA certificate, and any intermediate CA certificates.
certificate signing request
See CSR.
A snapshot in time of a known stable ACE running configuration before you begin to modify it. If you encounter a problem with the modifications to the running configuration, you can roll back the configuration to the previous stable configuration checkpoint.
Replaces the Cisco Connection Online website. Use this site to access customer service and support.
class map
A mechanism for classifying types of network traffic. The ANM uses class maps to classify the network traffic that is received and transmitted by the ACE. Types of traffic include Layer 3/Layer 4 traffic that can pass through the ACE, network management traffic that can be received by the ACE, and Layer 7 HTTP load-balancing traffic.
Certificate Signing Request. A message sent to a certificate authority, such as VeriSign and Thawte to a apply for a digital identity certificate for use with SSL. The request includes information that identifies the SSL site, such as location and serial number, and a public key that you choose. The request may also provide any additional proof of identity required by the certificate authority.
Cisco IOS Software
The Cisco system software that allows centralized, integrated, and automated installation and management of internetworks, while ensuring support for a wide variety of protocols, media, services, and platforms.

Data Encryption Standard. One of the possible encryption algorithms available for use in SNMP communications.
Dynamic Feedback Protocol. A protocol that allows load-balanced servers (both local and remote) to dynamically report changes in their status and their ability to provide services.
distinguished name
Used for SSL, a set of attributes that provides the certificate authority with the information it needs to authenticate your site.
Dynamic Workload Scaling (DWS)
ACE feature that permits on-demand access to remote resources, such as VMs, that you own or lease from an Internet service provider or cloud service provider.

A message from the ANM that informs you of activities on parts of the system, including each virtual context, the management system, and hardware components.
event type
Alarm, Log, Audit, Attack Log
A group of related faults.

An abnormal condition that occurs when a system component exceeds a performance threshold or is not functioning properly.
File Transfer Protocol
See FTP.
File Transfer Protocol. Application protocol, part of the TCP/IP protocol stack, used for transferring files between network nodes. FTP is defined in RFC 959.

An umbrella recommendation from the ITU Telecommunication Standardization Sector (ITU-T) that defines the protocols that provide audio-visual communication sessions on any packet network. It is a part of the H.32x series of protocols which also address communications over Integrated Services Digital Network (ISDN), Public switched telephone network (PSTN) or Signaling System 7 (SS7). H.323 is commonly used in Voice over IP (VoIP, Internet Telephony, or IP Telephony) and Internet Protocol (IP)-based videoconferencing.H.323 defines a common set of CODECs, call setup and negotiating procedures, and basic data transport methods.
Hot Standby Router Protocol. A networking protocol that provides network redundancy for IP networks, ensuring that user traffic immediately and transparently recovers from first hop failures in network edge devices or access circuits.

Internet Control Message Protocol. Network layer Internet protocol that reports errors and provides other information relevant to IP packet processing. Documented in RFC 792.
Internet Control Message Protocol
See ICMP .
1. A network connection.
2. A connection between two systems or devices.
3. In telephony, a shared boundary defined by common physical interconnection characteristics, signal characteristics, and meanings of interchanged signals.


load balancing
An action that spreads network requests among available servers within a cluster of servers, based on a variety of algorithms.

Message Digest 5 or Message-Digest Algorithm. One of the possible encryption algorithms available for use in SNMP communications.
Database of network management information that is used and maintained by a network management protocol, such as SNMP or CMIP. The value of a MIB object can be changed or retrieved using SNMP or CMIP commands, usually through a GUI network management system. MIB objects are organized in a tree structure that includes public (standard) and private (proprietary) branches.

Name Address Translation. A method of connecting multiple computers to the Internet (or any other IP network) using one IP address.

object group
A logical grouping of similar objects, such as servers, clients, services, or networks. Creating an object group allows you to apply common attributes to a number of objects without specifying each object individually.
organization s
An organization allows you to configure AAA server lookup for your users or set up users who work for a service provider customer. Organizations in the Cisco ANM system are defined by the system administrator.

Port Address Translation. A mechanism that allows many devices on a LAN to share one IP address by allocating a unique port address at Layer 4.
A common method for troubleshooting the accessibility of devices.
A ping tests an ICMP echo message and its reply. Because ping is the simplest test for a device, it is the first to be used. If ping fails, try using traceroute.
Run ping to view the packets transmitted, packets received, percentage of packet loss, and round-trip time in milliseconds.
1. An interface on an internetworking device (such as a router); a physical entity.
2. In IP terminology, an upper-layer process that receives information from lower layers. Ports are numbered, and each numbered port is associated with a specific process. For example, SMTP is associated with port 25. A port number is also called a well-known address.
3. To rewrite software or microcode so that it will run on a different hardware platform or in a different software environment than that for which it was originally designed.

Registration, Admission, and Status Protocol. Protocol that is used between endpoints and the gatekeeper to perform management functions. RAS signalling function performs registration, admissions, bandwidth changes, status, and disengage procedures between the VoIP gateway and the gatekeeper.
Role-Based Access Control. A mechanism that allows privileges to be assigned to defined roles. The roles are then assigned to real users, allowing or limiting access to specific features as appropriate for each role.
real server
A real server is a physical device assigned to a server farm.
In internetworking, the duplication of devices, services, or connections so that, in the event of a failure, the redundant devices, services, or connections can perform the work of those that failed.
resource class
A defined set of resources and allocations available for use by a device (such as an ACE). Using resource classes prevents a single device from using all available resources.
See user role.
Rivest, Shamir, and Adelman Signatures. A public-key cryptographic system used for authentication.
Real Time Streaming Protocol. A client-server multimedia presentation control protocol, designed to address the needs for efficient delivery of streamed multimedia over IP networks.

Skinny Client Control Protocol. A proprietary terminal control protocol owned and defined by Cisco as a messaging set between a skinny client and the Cisco CallManager ( CCM). Examples of skinny clients include the Cisco 7900 series of IP phone such as the Cisco 7960, Cisco 7940 and the 802.11b wireless Cisco 7920, along with Cisco Unity voicemail server. See also Skinny.
server farm
A collection of servers that contain the same content.
Server Load Balancer
See SLB.
A destination location where a piece of content resides physically. Also referred to in general terms for this release as including content rules, owners, virtual servers, real servers, and so on.
Simple Message Transfer Protocol
See SMTP .
Session Initiation Protocol. Protocol developed by the IETF MMUSIC Working Group as an alternative to H.323. SIP features are compliant with IETF RFC 2543, published in March 1999. SIP equips platforms to signal the setup of voice and multimedia calls over IP networks.
Skinny is a lightweight protocol which allows for efficient communication with Cisco CallManager. See also SCCP.
Server Load Balancer. A device that makes load balancing decisions based on application availability, server capacity, and load distribution algorithms, such as round robin or least connections. Using load balancing and server/application feedback, an SLB device determines a real server for the packet flow and sends this information to the requesting forwarding agent. After the optimal destination is decided on, all other packets in the packet flow are directed to a real server by the forwarding agent, increasing packet throughput.
special configuration file
Managed file resource on an ACE module, such as a piece of a configuration file or a keep-alive script.
Simple Message Transfer Protocol. Internet protocol that provides email services.
A feature that ensures that the same client gets the same server for multiple connections. It is used when applications require a consistent and constant connection to the same server. If you are connecting to a system that keeps state tables about your connection, sticky allows you to get back to the same real server again and retain the statefulness of the system.
Removes an entity from the resource pool for future load-balancing content requests or connections. Suspending a service or device does not affect existing content flows, but it prevents additional connections from accessing the suspended entity or content. See also activate.

Transport Control Protocol. Connection-oriented transport layer protocol that provides reliable full-duplex data transmission. TCP is part of the TCP/IP protocol stack.
A range in which you expect your network to perform. If a threshold is exceeded or goes below the expected bounds, you examine the areas for potential problems. You can create thresholds for a specific device.
A diagnostic tool that helps you understand why ping fails or why applications time out. Using it, you can view each hop (or gateway) on the route to your device and how long each took.
Transport Control Protocol
See TCP.

Uniform Resource Identifier. Type of formatted identifier that encapsulates the name of an Internet object, and labels it with an identification of the name space, thus producing a member of the universal set of names in registered name spaces and of addresses referring to registered protocols or name spaces. [RFC 1630]
user role
A mechanism for granting access to features and functionality to a user account. The Cisco Application Networking Manager includes four predefined roles: System Administrator, Server Manager, Network Manager, and Service Provider Customer.

virtual context
A concept that allows users to partition an ACE into multiple virtual devices. Each virtual context contains its own set of policies, interfaces, resources, and administrators, allowing administrators to more efficiently manage system resources and services.
There are two types of contexts; the Admin context and a user context. The Admin context is the default context that the ACE provides. The Admin context, which contains the basic settings for each virtual device or context, allows a user to configure and manage all contexts. When a user logs into the Admin context, he or she has full system administrator access to the entire ACE and all contexts and objects within it. The Admin context provides access to network-wide resources, for example, a syslog server or context configuration server. All global commands for ACE settings, contexts, resource classes, and so on, are available only in the Admin context.
A user context, which is created by a user, has access to the resources in which the context was created. For example, a user context that was created by an administrator while in Admin context, by default, has access to all resources in an ACE device. Any user created by someone in a user-defined context, only has access to the resources within that context. In addition, roles are assigned to users, which determine the commands and resources that are available to that user.
Virtual LAN. Group of devices on one or more LANs that are configured (using management software) so that they can communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. Because VLANs are based on logical instead of physical connections, they are extremely flexible.
VLAN Trunking Protocol
See VTP.
virtual server
A virtual server represents groups of real servers and are associated with a real server farm.
VMware vCenter Server
Third-party product for creating and managing virtual data centers, which includes VMware vSphere Client and virtual machines.
VLAN Trunking Protocol. A Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs within a VTP domain. VTP minimizes misconfigurations and configuration inconsistencies that can result in a number of problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations.
VTP domain
Also called a VLAN management domain, a domain composed of one or more network devices that share the same VTP domain name and that are interconnected with trunks.

Web server
A machine that contains Web pages that are accessible by others.