Table Of Contents
Release Notes for Cisco Unified Operations Manager 2.3
Published: February 16, 2010Revised: June 21, 2010, OL-21108-05
This document contain the following topics:
New and Changed Features
Cisco Unified Operations Manager 2.3 includes the following updates:
•Incremental support for Cisco Unified Communications family of products and other new devices including the following:
–Unified Communications 8.0 solution component support including Cisco Unified Communications Manager 8.0, Unified CM Express 8.0, Unity 8.0, Unity Connection 8.0, MeetingPlace Express 8.0, Unified Contact Center Enterprise 8.0, Unified Mobility Advantage 8.0, and VG20x support.
–Support for Unified Computing System platform for Operations Manager and for virtualized Cisco Unified Communications 8.0 and Unity Connection 8.0.
Additional Unified Communications 8.0 solution and application support details are located in the Supported and Interoperable Devices and Software for Cisco Unified Operations Manager 2.3.
–New phone support (6901 and 6911).
–Cisco TelePresence System (CTS codec) monitoring enhancements.
–VMWare EXSi 4.0 certification for Operations Manager.
See the Supported and Interoperable Devices and Software for Cisco Unified Operations Manager 2.3 for more all device and interoperable software support.
•Newly supported events including Device Partially Monitored, StoppedGsuPerformancePolling, and Telepresence events, as well as synchronized event severities between Operations Manager and Unified Communications devices.
For a list of supported events, see Table E-1 in the "Events Processed" appendix of the User Guide for Cisco Unified Operations Manager.
•Support for Service Monitor 2.3.
•Additional documentation available on Cisco.com:
–Best practices for managing voice applications.
See Table 3 for problems that are resolved in this release.
System requirements are documented in the Installation Guide for Cisco Unified Operations Manager 2.3. For documentation updates after publication, see Cisco.com.
The following topics include important information:
For critical security updates in the installation or user guide documentation, see Documentation Updates.
Upgrade paths that were tested and are supported:
•Operations Manager, release 2.1 or 2.1 SP1 (2.1.1) to 2.3
•Operations Manager, release 2.2 to 2.3
There is no direct upgrade from Operations Manager releases prior to 2.1 to 2.3. If you are running:
•Operations Manager 2.0.x: upgrade to Operations Manager 2.1, then to 2.3. To download Operations Manager 2.1, go to http://www.cisco.com/cgi-bin/tablebuild.pl/cuom21.
•Operations Manager release 1.x: upgrade to 2.0.3, then to 2.1 and 2.3. To download Operations Manager 2.0.3, go to http://www.cisco.com/cgi-bin/tablebuild.pl/cuom203.
For complete details on installation and upgrade procedures, see the Installation Guide for Cisco Unified Operations Manager 2.3.
Note Some known problems in Service Monitor have been resolved. If you run Service Monitor on the server with Operations Manager, you should review Release Notes for Cisco Unified Service Monitor 2.3 before you install Operations Manager. See Related Documentation for Cisco.com links.
Memory Usage for Multiple Phone Reports
Depending on the number of records reports, the system can only handle a certain number of large reports kept open at the same time. When a report is closed, the window task manager may not show Tomcat memory usage decreasing right away, but it will free up memory for new report to be opened. We recommend you close phone reports after you are finished with them to ensure system performance is not degraded.
Table 1 describes the installation or upgrade, backup and restore, and other setup problems known to exist in this release.
For installation or user guide documentation updates, see Documentation Updates.
Table 1 Known Problems with Installation, Upgrade, Backup, Restore, and Setup in Operations Manager
Bug ID Summary Explanation
TLS/SSL Security Update.
An industry-wide vulnerability exists in the Transport Layer Security (TLS) protocol that could impact any Cisco product that uses any version of TLS and SSL. The vulnerability exists in how the protocol handles session renegotiation and exposes users to a potential man-in-the-middle attack.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml.
Common Services has released OpenSSL security patch for TLS/SSL renegotiation vulnerability (CSCtd01597) on Cisco.com. The patch can be downloaded from the following URL: http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=276698858.
Product Security: VTP-SYN-FLOOD.
Immediately following installation, the TCP/IP stack should be hardened to avoid denial of service attacks. See Microsoft Security Updates for Denial of Service Attacks for details. See also CSCsy80792.
Product Security: VTP-VUL-SCAN.
Immediately following installation, the TCP/IP stack should be hardened to avoid denial of service attacks. These type of attacks may occur when using Nessus (a vulnerability scan tool that performs network and system vulnerability assessments). Ensure the footnote steps listed in Table 1-1 of the Installation Guide for Cisco Unified Operations Manager 2.3 are taken before you use Operations Manager.
Even after performing the hardening steps on the Operations Manager server, the following problems may still occur with these Nessus IDs:
•For port 1741: Nessus ID 10930: Has the following common vulnerabilities and exposures (CVE): CVE-2001-0386, CVE-2001-0493, CVE-2001-0391, CVE-2001-0558, CVE-2002-0200, CVE-2000-0168, CVE-2003-0016, and CVE-2001-0602 which may occasionally cause an Apache child process to halt abruptly, but the system recovers automatically without intervention when Apache starts a new child process.
•For port 139: Nessus ID 10204: Has the following CVE: CVE-1999-0980: An existing vulnerability on Windows NT 4.0 may cause the services.exe to halt abruptly. However, this was not seen during testing but may occur.
Every audit check done by Nessus is implemented as a plugin and is identified by a plugin ID. The list of Nessus plugin IDs can be viewed at http://www.nessus.org/plugins/index.php?view=all and can be searched for at http://www.nessus.org/plugins/index.php?view=search.
Associated with each plugin is a list of CVEs. CVEs are maintained in the National Vulnerability Database (http://cve.mitre.org/cve/) and can be searched for by their identifiers here (http://cve.mitre.org/cve/cve.html). For example, "Nessus ID 10930 CVE-2001-0386" indicates a plugin ID of 10930 with a CVE identifier of CVE-2001-0386.
Product Security: VTP-FIN-WAIT-FLOOD.
Immediately following installation, the TCP/IP stack should be hardened to avoid denial of service attacks. Users should perform a procedure on their Windows Server 2003 Standard/Enterprise Edition to block remote access to all TCP/UDP ports except for those ports used by Operations Manager required for external access. See Operations Manager Firewall Updates to Avoid Denial of Service Attacks.
Large performance: Backup UI times out if the page is open for more than an hour.
Backup user interface times out if the page is open for more than one hour. This happens when the data to be backed up is huge.
Workaround: Even though the user interface times out, the backup process is actually running on the server. Check the backup directory and backup log to determine the status.
Table 2 Known Problems in Operations Manager
Bug ID Summary Explanation
On Service Statistics Manager, OM-WebServices API returns remote exception without closing the connection.
Operations Manager WebServices API used by Service Statistics Manager returns RemoteException without closing the connection. This results in a MaxConnection timeout error once all the 20 connections are used.
Workaround: To resolve this issue, install the patch provided on the software download website and review the patch README for installation instructions.
Environment parameters are not shown for ASR.
Environment variables (such as power supply and temperature sensor) are not collected during inventory collection for ASR devices.
IBM Media Convergence Server support for monitoring hardware information has some issues.
The following issues occur on IBM MCS servers:
•A hardware component without its redundant instance is not monitored. For example, the power supply component is not monitored unless its redundant instance exists.
•The IBM Director server agent must be installed on your media convergence server in order for the hardware attributes to be monitored by Operations Manager. See the Deployment Guide for Operations Manager on Cisco.com for information on this requirement.
Voice mail port status is not updating dynamically on Service Level View.
Updating voice mail port status takes a long time (60 minutes or more) to get reflected in Service Level View.
Workaround: For Service Level View to show the correct port status, the device needs to be deleted from Service Level View and re-added. This causes SIR to rediscover the device and all information correctly.
Operations Manager displays alert's discovery time zone incorrectly.
Various components in Operations Manager may display different time zones. This is caused by the way JDK uses the Windows system time resources. This time zone error can occur on any application that uses JDK.
1. On your server, change the time zone to another time zone and click Apply. Then return the time zone back to its original setting and click Apply. For example, change to ACT/PKST in the server time zone list, then back to CDT.
2. Restart the daemon manager to apply the changes.
3. To update all time zone displays in Operations Manager, run discovery.
DDV issues for Cisco Unified MeetingPlace 8.0.
The following issues occur when adding and monitoring Cisco MeetingPlace 8.0 in Operations Manager 2.3:
•Environmental parameters are not displayed.
•System > Processor information is not displayed.
•System > RAM — Free physical memory (%) is displayed in a negative.
Further Problem Description: Review CSCtc94859 for information on Cisco Unified MeetingPlace issue.
Environmental parameters not shown for Unity 8.0.
The following issues occur when adding and monitoring Cisco Unity 8.0 in Operations Manager 2.3:
•Environmental parameters are not displayed.
•Interfaces > Unity ports > Port extension are not displayed.
Further Problem Description: Review CSCtc94843 for information on Unity issue.
Environmental variables not shown for VG202 & VG204.
VG202 and VG204 environmental variables are not discovered and monitored.
Further Problem Description: Some variables in the Cisco Environmental MIB are not supported on VG202 and VG204. This causes Operations Manager to be unable to discover/monitor any environmental variables (Fan, VoltageSensor, and TempSensor).
Detailed Device View (DDV) issues with Unified Contact Center Express 8.0.
When adding or monitoring Unified Contact Center Express 8.0 in Operations Manager 2.3, DDV incorrectly displays System Interface and Voice Services information.
Error msg pops up intermittently while editing the notification group.
When more than the recommended notification groups are created, an error message intermittently displays while editing a notification group.
Workaround: Limit the number of notification groups. If you are over the recommended limit, remove some notification groups. See http://www.cisco.com/en/US/products/ps6535/products_user_guide_list.html for details about phone and other notification group limits.
Environment variables tab missing for Cisco Unified Contact Center installed in 7845-I2.
This platform does not have the instrumentation to report environment variables.
Incorrect unresponsive event for Cisco Unity.
This only occurs on Cisco Unity version 4.0.5 (which has reached end of life).
Workaround: Upgrade to a later version of software to fix the issue.
Large deployment FHServer OutOfMemory error
OutOfMemory error appears in the FHServer logfile because the database grows large quickly and can become fragmented. Symptoms include slow Alert History queries or issues in restarting the FHDbEngine Server.
Workaround—Unload and reload all Operations Manager databases as follows:
1. Make sure the system uses the perl utility that is supplied with Operations Manage under this directory: <NMSROOT>\objects\perl5\bin
NMSROOT is the directory where you installed Operations Manager. If you used the default installation directory, NMSROOT is C:\Program Files\CSCOpx.
2. Delete any reload.sql files left from any previous reload activity from the database directories.
3. Run this perl script: <NMSROOT>/conf/itemDb/bin/dbreload.pl.
After you invoke the utility, command line options walk you through the steps. This utility reloads all Operations Manager databases given the password. If you do not know the database password, the utility prompts for a new database password, resets it on all the databases, and then executes the reload.
Note Consider running this utility as a preventive measure when the Alert History database size grows beyond 2 GB or when Alert History queries run slowly.
Nonpaged pool kernel memory is increasing.
Workaround: Apply the Windows hot fix available at http://support.microsoft.com/kb/931311. Reboot the system. Nonpaged pool kernel memory should be stabilized.
Flash memory instability can occur in SLV client during burst events
The Service Level View client can become unresponsive and may start sending messages after triggering 700 to 2,000 device unresponsive burst events. This may be caused by a network connectivity issue to Operations Manager. Internet Explorer may crash in this situation.
When large number of devices become unresponsive at the same time, a multitude of events are generated and the changes are pushed to the SLV client. This causes memory instability in the Flash module in Internet Explorer and display the following error dialog: "A script in this movie is causing Adobe Flash player 9 to run slowly. If it continues to run your computer may become unresponsive. Do you want to abort the script?"
Workaround: Close all existing Service Level View clients and start a new client after the burst events have stopped. Any client which hangs should be closed and relaunched.
Fault History report contains invalid event ID.
Some event ID numbers may display incorrectly when the Alert and Event History Report is displayed in an Excel spreadsheet. This occurs if the event ID contains certain numbers. The wrong format is a result of an Excel limitation which displays numbers such as 00003E8 as 3.00E+08.
Workaround: Open the report in a text reader such as Notepad or Wordpad, which will show the right event ID.
RPC communication is still on between Operations Manager and Cisco Unity device even though the device is not managed.
RPC keep alive packets are exchanged between Unity devices and Operations Manager server even after the devices are deleted from the server. For example, the Unity server was managed byOperations Manager, then deleted later but RPC packet continue to be exchanged.
This happens when the Cisco Unity device status is initially marked Fully Managed in Operations Manager but later the device is deleted from Operations Manager.
Workaround: Restarting daemon manager resolves this issue.
1. Stop the CiscoWorks daemon manager by entering net stop crmdmgtd.
2. Wait 1 to 15 minutes for the daemon to stop.
3. Start the Ciscoworks daemon manager by entering: net start crmdmgtd.
Operations Manager cannot monitor Extension Mobility enabled phones.
Some of the Extension Mobility phones are missing in the Operations Manager Phone report. Extension mobility phones exist in the network.
Operations Manager currently doesn't support Extension Mobility Phones in Unified Communications Manager due to lack of MIB instrumentation in Unified Communications Manager.
IPIU Phone count reduced to 0.
Phone count in the system becomes 0 when phone major discoveries schedules are deleted and there is no major discovery scheduled for the entire day.
Workaround: Need to have at least one major discovery cycle of major discovery scheduled in a day. To avoid this issue, do not delete any of the default schedules.
Operations Manager does not support more than two page files on the system.
Inventory Collection is stuck at 10% and the brcontrol execution gets stuck with high CPU consumption. This is a limitation of the Operations Manager due to the SMART server.
This occurs when the system has more than two page files.
Workaround: Do not use more than two page files on the operating system.
SIP-based CME is not discovered as CME nor is it displayed as CME in the Service Level View.
This problem is related to CSCso92226; CCMEEnabled is not set to true for SIP Communications Manager Express.
Workaround: Create a dummy "telephony config" on the CME device and then discover it in Operations Manager. Use the "telephony-service" command in config mode to enable skinny- based CME on the gateway.
OM credential change disrupts Service Statistics Manager functioning
If Service Statistics Manager is installed in your network and uses the Operations Manager admin user password to perform discovery, changing the admin user password causes problems. Users can no longer log into Service Statistics Manager; Service Statistics Manager can no longer verify licensing.
Workaround: Change the Operations Manager password for the admin user to the original password that Service Statistics Manager used to discover Operations Manager. For more information, see Release Notes for Cisco Unified Service Statistics Manager 1.2.
ErrCode 10 displayed for NAM properties
This can happen when you drill down from a Service Quality Alerts Display to an Event ID page and click a NAM Call Details link If the event occurred longer than 3 days ago, ErrCode = 10 is displayed.
NAM call details are only available for 3 days.
Workaround: Close the error window.
Operations Manager does not recognize gateways as MGCP devices when dial control is not needed.
You cannot create performance graphs in Operations Manager for Media Gateway Control Protocol (MGCP) voice gateways. The performance graphing option does not appear in the right-click menu in the Service Level View for the device.
This occurs when the device is configured using the new MGCP configuration; for example with PRI Backhaul or SS7 Signaling where dial peers do not need to be configured.
Workaround: Upgrade the gateway to Cisco IOS version 12.4(17a) or later, then rediscover the device in Operations Manager.
SRST operations link does not open.
The SRST page and the Service Level View may not open.
Restart the appropriate service:
•For the SRST page, restart the SRSTServer service.
•For the Service Level View, restart the Inventory Collector.
In the Detailed Device View for negative synthetic tests, the success criterion for end-to-end calls and phone registration always shows availability as 100 percent.
In the Detailed Device View for negative tests, the availability is displayed as 100 percent and failure as 0 percent. These two settings are not applicable to the negative synthetic tests. The Detailed Device View should display N/A for this field.
Detailed Device View for Cisco Unity devices displays incorrect information.
For Cisco Unity releases prior to 4.2, the Detailed Device View shows the following:
•Current Number Of Licensed Subscribers as Not Available.
•Maximum Number of Licensed Subscribers as Not Available.
•Current Number of Inbox Licenses as Not Available.
•Maximum Number of Inbox Licenses as Not Available.
•Even though Cisco Unity 4.0(4) is upgraded to 4.0(5), the version on all services is still shown as 4.0(4).
Workaround: Upgrade to Cisco Unity 4.2, then run RSK Configuration Wizard.
Note This workaround applies only to the Cisco Unity service version issue. The workaround does not fix the first four counter issues mentioned above. There is no workaround for those issues.
Unreachable devices are displayed in Operations Manager device management.
If the SNMP agent on a device is working intermittently, Operations Manager may discover the device, but may move it to the unreachable state during inventory collection.
This occurs because the device was responding to SNMP queries during automatic discovery, then did not respond to SNMP queries during inventory collection.
The Devices report may show a device's capability as UnknownMDFType.
The Devices report displays a device's capability as UnknownMDFType when the device is not supported by Operations Manager.
The DFMServer and VHMServer processes are not registering with the broker.
Devices that are added to Operations Manager when it is in this condition exhibit the following behavior:
•ALL devices become stuck in the Inventory Collection in Progress state.
•All devices move to the unreachable state.
After installing Operations Manager and rebooting the server, either the DFMServer, or the VHMServer, or both processes do not start. There is no sm_server.exe instance (or there are only two sm_server.exe instances) in the Windows task manager.
Workaround: Perform the following:
1. Run net stop crmdmgtd.
2. Wait 15 minutes.
3. Run net start crmdmgtd.
After the CPU resets, check the Windows task manager. There should be four instances of sm_server.exe.
The output of the brcontrol command should show both DFM and VHM.
Broker is located at: IPCOM-daily:9002 Started: Jan 06 10:21:09 2009
Domain Host Name Port Proc ID State Last Chg Time
------ --------- ------ ------- ----- -------------
DFM IPCOM-daily.cisco.com 2163 14120 RUNNING Jan 06 16:18:03 2009
VHM IPCOM-daily.cisco.com 2206 8856 RUNNING Jan 06 16:18:04 2009
Next Discovery, in the Device Management: Summary page, displays the incorrect time.
The problem is due to a registry setting in Windows that appears for certain time zones for which Daylight Saving Time changes are applicable. If the check box for Daylight Saving Time is not checked, problems occur when converting valid date strings to a date object. This registry key remains even if the time zone of the machine is switched to another time zone for which Daylight Saving Time is not applicable.
Following is the registry information:
DisableAutoDaylightTimeSet REG_DWORD 0x00000001(1)
Workaround: If the system is in a time zone that has Daylight Saving Time, check the Automatically adjust for Daylight Saving Time changes check box.
If the system is in a time zone for which Daylight Saving Time is not applicable, but the registry key is present and set to 1, do the following:
1. Change to a time zone for which Daylight Saving Time is applicable.
2. Check the Automatically adjust for Daylight Saving Time changes check box, and click Apply.
This will cause the registry key to disappear. Now switch the machine to its present time zone.
On the Alert Details page, once a tool is launched, you cannot relaunch it.
In the Alert Details page, once you select a tool from the Launch Tools menu you cannot launch the selected tool again until you choose another tool.
Workaround: After launching a tool, to launch the same tool again, you must either select a different tool or select the Launch Tools option in the menu.
After doing either of these actions, you can relaunch your original choice.
An error occurs when you launch a trending graph for a device when the time of the graph is configured for more than 48 minutes in the past.
The error states that there is not any data available for the last 48 minutes. This error occurs due to an incorrect system uptime in the device.
This error occurs in specific Cisco IOS versions. Refer to the Cisco IOS IP SLA bugs, CSCin66315 and CSCeb46870.
Workaround: Upgrade the Cisco IOS version, or reboot the source device. For details, see CSCin66315 and CSCeb46870.
Cluster name changes are not reflected in Operations Manager.
If you change the name of a cluster in Cisco Unified CallManager after the devices have been added to Operations Manager, the name change does not occur in Operations Manager. This is the case even after performing inventory collection.
Workaround: Delete the devices in the cluster from Operations Manager and then add the devices in again.
IBM Server MCS 7835/7845 I2 displays -1 in DDV.
For IBM servers, the temperature sensor value in the Detailed Device View (DDV) may display as -1. The -1 should be interpreted as follows:
- The SNMP Agent software has not been properly integrated, or
- The vendor has not implemented the object ID (OID).
There is no workaround for this issue.It has not been observed on later Unified Communications Manager versions, for example, 7.1(2).
The following software problems were resolved in Operations Manager 2.3. For information on bugs that are not included below, see the Cisco Software Bug Toolkit at http://www.cisco.com/cgi-bin/Support/Bugtool/home.pl.
Note Service Monitor Build ID NT_SM2_3_20100430_1150 resolves known problems in Service Monitor and is included with Operations Manager Build ID NT_OM23SM23_20100503_1019. For more information, see Release Notes for Cisco Unified Service Monitor 2.3, and Finding the Build ID for an Installed Operations Manager or Service Monitor to determine if you must reinstall Operations Manager.
Table 3 describes problems that were fixed in this release.
Table 3 Problems Resolved in Operations Manager 2.3
Bug ID Summary
Clarification that the procedure for the read-only Unified CM user account is version specific. See Cisco.com for version-specific Unified CM and Unity procedures.
Cluster drill down fits correctly in Service Level View map view without any scroll bar.
Launching T1 PRI Active Calls works with no errors.
Devices with SNMPv3 SHA are now manageable.
Exporting more than 2,000 records via Inventory Analysis is fixed.
Event to be raised stating the reason when GSU Polling fails.
Support for 3560-E Switches is now included.
Monitored devices export and print works successfully.
CUOM 2.1.1 database itemFh.db has 2GB initial size has been resolved for new installations. If you are upgrading and run into this issue, see "Fixing Unknown Database Growth" in the User Guide for Cisco Unified Operations Manager 2.3.
Out of memory error and major discovery issue has been resolved in Operations Manager 2.3. If you upgrade from 2.1 or 2.2, you may experience this issue. If you experience this issue after an upgrade, see "Fixing Unknown Database Growth" in the User Guide for Cisco Unified Operations Manager 2.3.
cpqDaPhyDrvBusFaults counter value rapidly increases in HP Server has been fixed by an HP patch.
The following documentation updates should be reviewed:
Installation Guide Updates
The following omissions were identified in the installation guide document that shipped with the product:
•Updates for Service Monitor 2.3 not mentioned in the installation guide. The versions in the preface reflect 2.2, but the 2.3 build is available on Cisco.com software download now.
Microsoft Security Updates for Denial of Service Attacks
The information below updates the Server Requirements table footnote detailing the need to follow Microsoft security guidelines:
The system that you use for your Operations Manager server should meet all the security guidelines that Microsoft recommends for Windows 2003 Server. Please see the NSA site below for the security guidance: http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml#microsoft
Specifically, the TCP/IP stack should be hardened to avoid denial of service attacks. (CSCsy83124)
See section "Security Consideration for Network Attacks" on page 103 in The Windows Server 2003 - Security Guide, v2.1 to download this information from this NSA URL.
Operations Manager Firewall Updates to Avoid Denial of Service Attacks
If you have Windows Server 2003 Standard/Enterprise Edition, use the following procedure to block remote access to all TCP/UDP ports except for those required for external access by Operations Manager. The list of ports required for Operations Manager external access is listed in the procedure below in Step 6. (CSCsy80792)
Step 1 Open Control Panel for Windows Firewall.
Step 2 Select On to block all outside sources from connecting to this computer. The exceptions to this rule are documented in steps below.
Step 3 Select the Exceptions tab and select any services you may want to open for remote access. For example, Remote Desktop or File and Print Sharing.
Step 4 Select the Advanced tab. To add exemptions for an individual connection, select the network connection that is used for connecting external clients to this server and then click Settings.
Step 5 Click Add in the Advanced Settings dialog window to enter your port exceptions.
Step 6 In the Service Settings dialog, enter each of the following TCP/UDP ports one at a time and click OK:
Description of Service Protocol Port Number 1
CUOM Web Server
CUSM SFTP Server
CUOM Trap Listener
CUOM Trap Listener
CUOM Syslog Receiver
CUSM Syslog Receiver
1 Note that external and internal port numbers are the same for all the services that require external access.
Repeat Step 6 until all ports are entered.
Step 7 Click OK in the Windows Firewall window to close it.
Step 8 Restart the server for the firewall settings to take effect, if required.
Prerequisites Chapter, Table 1-1, Installation Server System Minimum Requirements for Operations Manager
Footnote #6 in the table has been updated as follows:
Immediately following installation, the TCP/IP stack should be hardened to avoid denial of service attacks. Ensure these steps are taken before product use.
•Apply Windows security patches. See Microsoft Security Updates for Denial of Service Attacks for details. The system that you use for your Operations Manager server should meet all the security guidelines that Microsoft recommends for Windows 2003 Server. See the NSA website for security guidance: http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml#microsoft. (Specifically, the TCP/IP stack should be hardened to avoid denial of service attacks.) See "Security Consideration for Network Attacks", page 103 in "The Windows Server 2003 - Security Guide, v2.1" for download from this NSA URL.
•Apply Common Services patches. Common Services has released OpenSSL security patch for TLS/SSL renegotiation vulnerability (CSCtd01597) on Cisco.com. The patch can be downloaded from the following URL: http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=276698858.
•Perform a procedure on their Windows Server 2003 Standard/Enterprise Edition to block remote access to all TCP/UDP ports except for those ports used by Operations Manager required for external access. See Operations Manager Firewall Updates to Avoid Denial of Service Attacks.
For details about Nessus vulnerability scan issues that may occur even after performing these steps, see CSCsy83005.
User Guide Updates
The following are documentation updates:
•Operations Manager monitors environmental parameters for all the supported devices. However, if any of these parameters are not seen in the Detailed Device View for a particular device, then do the following:
–Check from the device hardware specification to see if the device has the specific components installed.
–Check with the person responsible for this device to see if the device supports SNMP MIBs for those components.
Note The originally published printed and electronic documentation is included with your product. Any changes after original publication are reflected on Cisco.com, where you will find the most up-to-date documentation. Table 4 describes the product documentation that is available.
Table 4 Product Documentation
Document Title Available Formats
Supported Devices Table for Cisco Unified Operations Manager 2.3
On Cisco.com at the following URL: http://www.cisco.com/en/US/products/ps6535/products_device_support_tables_list.html
Release Notes for Cisco Unified Operations Manager 2.3
•In PDF on the product CD-ROM
•On Cisco.com at the following URL: http://www.cisco.com/en/US/products/ps6535/prod_release_notes_list.html
Installation Guide for Cisco Unified Operations Manager 2.3
•In PDF on the product CD-ROM
•On Cisco.com at the following URL: http://www.cisco.com/en/US/products/ps6535/prod_installation_guides_list.html
User Guide for Cisco Unified Operations Manager 2.3
•In PDF on the product CD-ROM
•On Cisco.com at the following URL: http://www.cisco.com/en/US/products/ps6535/products_user_guide_list.html
Context-sensitive online help
•Select an option from the navigation tree, then click Help
•Click the Help button on the page
Note We sometimes update the printed and electronic documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.
Table 5 describes the additional documentation that is available.
Table 5 Related Documentation
Document Title Available Formats
Release Notes for Cisco Unified Service Monitor 2.3
•PDF on the product CD-ROM
•On Cisco.com at the following URL:
User Guide for Cisco Unified Service Monitor 2.3
•PDF on the product CD-ROM.
•On Cisco.com at the following URL: http://www.cisco.com/en/US/products/ps6536/
Release Notes for CiscoWorks Common Services 3.3
On Cisco.com at this URL:
User Guide for CiscoWorks Common Services 3.3
On Cisco.com at this URL:
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.
SUPPLEMENTAL LICENSE AGREEMENT
SUPPLEMENTAL LICENSE AGREEMENT FOR CISCO SYSTEMS NETWORK MANAGEMENT SOFTWARE: CISCO UNIFIED OPERATIONS MANAGER.
IMPORTANT-READ CAREFULLY: This Supplemental License Agreement ("SLA") contains additional limitations on the license to the Software provided to Customer under the End User License Agreement between Customer and Cisco. Capitalized terms used in this SLA and not otherwise defined herein shall have the meanings assigned to them in the End User License Agreement. To the extent that there is a conflict among any of these terms and conditions applicable to the Software, the terms and conditions in this SLA shall take precedence.
By installing, downloading, accessing or otherwise using the Software, Customer agrees to be bound by the terms of this SLA. If Customer does not agree to the terms of this SLA, Customer may not install, download or otherwise use the Software.
ADDITIONAL LICENSE RESTRICTIONS:
•Installation and Use. The Software components are provided to Customer solely to install, update, supplement, or replace existing functionality of the applicable Network Management Software product. Customer may install and use the following Software components:
–CiscoWorks Common Services: Contains shared resources used by other components in this bundle. In many cases, all components in this bundle can be installed on a single server.
–Cisco Unified Operations Manager: May be installed on a server in Customer's network management environment. Contains shared resources used by other components in this bundle. In many cases, all components in this bundle can be installed on a single server.
–Cisco Unified Service Monitor: May be installed on a server in Customer's network management environment.
For each Software license granted, Customers may install and run the software on a single server to manage the number of IP phones specified in the license file provided with the software, or as specified in the Software License Claim Certificate. Customers whose requirements exceed the IP phone limit must purchase upgrade licenses or additional copies of the software. The IP phone limit is enforced by license registration.
•Cisco Unified Operations Manager.
–Cisco Unified Operations Manager Standard Edition has been discontinued.
–Cisco Unified Operations Manager Premium Edition. All Cisco Unified Operations Manager products contain the Premium Edition features, starting with Operations Manager 2.3. All Operations Manager Standard Edition customers may obtain the Premium Edition features by purchasing the Operations Manager 2.3 full package or upgrade package. The upgrade package must match the number of phones in the existing Standard Edition already installed. The Customer may install and run the Software on a single server. Use of this product is enforced by license registration.
•Reproduction and Distribution. Customers may not reproduce nor distribute the Software.
DESCRIPTION OF OTHER RIGHTS AND LIMITATIONS.
Please refer to the Cisco Systems, Inc. End User License Agreement.
This document is to be used in conjunction with the documents listed in the "Product Documentation" section.
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0910R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2010 Cisco Systems, Inc. All rights reserved.