User Guide for Resource Manager Essentials 4.2 (With LMS 3.1)
Chapter 8: Archiving Configurations and Managing Them Using Archive Management
Downloads: This chapterpdf (PDF - 0.97MB) The complete bookPDF (PDF - 10.7MB) | Feedback

Archiving Configurations and Managing Them Using Archive Management

Table Of Contents

Archiving Configurations and Managing Them Using Archive Management

Performing Archive Management Tasks

Performing Archive Management Administrative Tasks

Performing Configuration Management Administrative Tasks

Preparing to Use the Archive Management

Entering Device Credentials

Modifying Device Configurations

Enabling rcp

Enabling scp

Enabling https

Configuring Devices to Send Syslogs

Modifying Device Security

Router Commands

Switches Commands

Content Networking—Content Service Switch Commands

Content Networking—Content Engine Commands

Cisco Interfaces and Modules—Network Analysis Modules

Security and VPN—PIX Devices

Using Job Approval for Archive Management

Configuring Transport Protocols

Requirements to Use the Supported Protocols

Supported Protocols for Configuration Management Applications

Defining the Protocol Order

Configuring Default Job Policies

Defining the Default Job Policies

Usage Scenarios When Job Password is Configured on Devices

Setting Up Archive Management

Moving the Configuration Archive Directory

Enabling and Disabling the Shadow Directory

Configuring Exclude Commands

Configuring Fetch Settings

Understanding Configuration Retrieval and Archival

Timestamps of Configuration Files

How Running Configuration is Archived

Change Audit Logging

Defining the Configuration Collection Settings

Purging Configurations from the Configuration Archive

Checking Configuration Archival Status

Configuration Archival Reports

Successful Devices Report

Failed Devices Report

Partially Successful Devices Report

Scheduling Sync Archive Job

Using the Config Fetch Protocol Usage Report

Generating an Out-of-Sync Report

Scheduling Sync on Device Job

Using the Configuration Version Tree

Understanding the Config Viewer Window

Viewing the Configuration Version Summary

Configuration Quick Deploy

Performing a Configuration Quick Deploy

Configuring Labels

Creating a Label

Editing a Labeled Configuration

Viewing the Labeled Configuration

Deleting the Labeled Configuration

Using Search Archive

Creating a Custom Query

Running a Custom Query

Editing a Custom Query

Deleting the Custom Queries

Searching Archive

Search Archive Result

Device Configuration Quick View Report

Comparing Configuration

Comparing Startup vs. Running Configurations

Comparing Running vs. Latest Archived Configurations

Comparing Two Configuration Versions of the Same Device

Compare Two Configuration Versions of Different Devices

Understanding the Config Diff Viewer Window

Using Archive Management Job Browser

Retrying a Config Job

Stopping a Config Job

Deleting the Config Jobs

Viewing the Archive Management Job Details

Baseline Template


Archiving Configurations and Managing Them Using Archive Management


The Archive Management application maintains an active archive of the configuration of devices managed by RME. It enables you to perform the following tasks:

Fetch, archive, and deploy device configurations.

Search and generate reports on archived data

Compare and label configurations, compare configurations with a baseline, and check for compliance.

You can also perform some of the Archive Management tasks using command line utility cwcli config.

You can also export the configuration data using the cwcli export config command.

See CLI Utilities for further details on cwcli config and cwcli export config commands.

This chapter gives information on performing:

Archive Management tasks (see Archive Management allows you to: for details).

Archive Management administrative tasks (see Performing Archive Management Administrative Tasks for details).

Configuration Management administrative tasks (see Performing Configuration Management Administrative Tasks for details).

Performing Archive Management Tasks

Archive Management allows you to:

Update the archive

In addition to scheduling configuration archive update, you can also update the archive manually. This ensures that you have the latest configurations.

See Scheduling Sync Archive Job and Defining the Configuration Collection Settings for further details.

Check archival status

You can check the overall status of the configuration archive (For example, Successful, Partially Successful, etc.).

See Checking Configuration Archival Status for further details.

Determine Configuration Protocol usage details

You can view the protocol usage details for successful configuration fetches for devices. You can also change the transport protocol order after analyzing the protocol usage trends.

See Using the Config Fetch Protocol Usage Report for more details.

Determine out-of-sync configuration files

You can list the devices for which running configurations are out-of-sync- with the startup configuration.

See Generating an Out-of-Sync Report and Scheduling Sync on Device Job for further details.

View Version Tree

You can view all configuration versions of selected devices in the form of a graphical display.

See Using the Configuration Version Tree for further details.

View Version Summary

You can view the latest three archived configurations for selected devices. It also has a link to view a particular configuration running on the device and to generate differences between versions in the archive.

See Viewing the Configuration Version Summary for further details.

Search for device configuration files

You can search the archive for configuration containing text patterns for selected devices.

See Using Search Archive for further details.

Create custom configuration queries (See Creating a Custom Query.)

You can create and run custom queries that generate reports. These reports display device configuration files from the archive for the devices you specify. You can use custom queries while searching archives.

Compare configurations

You can compare startup and running configurations, running and latest archived configurations. You can also compare two configuration versions of the same device, or two configuration versions of different devices.

See Comparing Configuration for further details.

Configuration Quick Deploy

You can create an immediate job to deploy the version of configuration that you are viewing on the device. You can deploy the configuration either in the Overwrite or Merge mode. You can also use job-based password.

See Configuration Quick Deploy for further details.

Archive Management Job Browser

You can see the status of your Archive Management jobs.

See Using Archive Management Job Browser for further details.

Label Configuration

You can select configuration files from different managed devices and then group and label them.

See Configuring Labels for further details.

Set the debug mode for Archive Management application

You can set the debug mode for Archive Management application in the Log Level Settings dialog box (Resource Manager Essentials > Admin > System Preferences > Loglevel Settings).

See Application Log Level Settings for further details.

Using Device Center you can perform these Archive Management tasks:

Viewing the latest configuration archived details

Viewing the differences between the two archived running configuration

Updating the configuration archive

See RME Device Center for further details.

Performing Archive Management Administrative Tasks

The administrative tasks for Archive Management are:

Modify configuration collection and polling settings

You can enable or disable the configuration collection and polling tasks. You can also schedule a periodic job for configuration collection and polling.

See Defining the Configuration Collection Settings for further details.

Move the configuration archive directory (See Moving the Configuration Archive Directory.)

You can move the configuration archive directory to a new location.

Enable and disable the Shadow directory (See Enabling and Disabling the Shadow Directory.)

You can enable or disable the use of the Shadow directory.

The configuration archive Shadow directory is an image of the most recent configurations gathered by the configuration archive. You can use the shadow directory as an alternative method to get the latest configuration information programmatically, using scripts or other means.

Configure Exclude Commands (See Configuring Exclude Commands.)

You can list the commands that have to be excluded while comparing configuration.

Purge configurations files from the archive (See Purging Configurations from the Configuration Archive.)

You can enable or disable the purge task and also modify the schedule. This frees disk space and maintains your archive at a manageable size.

You need to set up your devices for the configuration archive. See Preparing to Use the Archive Management.

Performing Configuration Management Administrative Tasks

The administrative tasks for configuration Management (applicable to Archive Management, Config Editor, cwcli config, and NetConfig) are:

Configure Transport Protocol (See Configuring Transport Protocols.)

You can set the transport protocol order for Archive Mgmt, NetConfig, and Config Editor jobs.

Config Job Policies (See Configuring Default Job Policies.)

You can enable the job password policy for Archive Mgmt, NetConfig, Config Editor, and cwcli config. You can also configure the default job policies if the job fails.

For the new features in this release, see What's New in this Release.

Preparing to Use the Archive Management

Before you start using the Archive Management, you must:

Enter Device Credentials (See Entering Device Credentials for details)

Modify Device Configurations (See Modifying Device Configurations for details)

Modify Device Security (See Modifying Device Security for details)

Entering Device Credentials

Enter the following device credentials in the Device and Credentials window (Common Services > Device and Credentials > Device Management):

Read and write community strings

Primary Username and Password

Primary Enable Password

If you have enabled the Enable Job Password option in the Config Job Policy dialog box ((Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) when you scheduled the Config jobs, you are prompted for the following device credentials:

Login User name

Login Password

Enable Password

The supported Device authentication prompts are:

Routers

"Username:", "Username: "

"Password:", "Password: "

Switches

"username: ", "Username: "

"password: ", "Password: "

Cisco Interfaces and Modules—Network Analysis Modules

"login: "

"Password: " "password: "

Security and VPN—PIX

"username: ", "Username: "

"passwd: ", "password: ", "Password: "

Content Networking—Content Service Switch

"Username: ", "username: ", "login: ","Username:" , "username:" , "login:"

"Password: ", "password: ", "passwd: ","Password:" , "password:" , "passwd:"

Content Networking—Content Engine

"Username: " ,"login: "

"Password: "

Storage Networking—MDS Devices

"Username:", "Username: "

"Password:", "Password: "

If you enabled TACACS for a device and configured custom TACACS login and passwords prompts, you may experience Telnet problems, since RME may not recognize the prompts. To make your prompts recognizable, you must edit the TacacsPrompts.ini file. See the procedure given in the Handling Custom Telnet Prompts section of the User Guide for Common Services.

Modifying Device Configurations

To enable the configuration archive to gather the configurations, modify the device configurations for the following:

Enabling rcp

Enabling scp

Enabling https

Configuring Devices to Send Syslogs

Enabling rcp

To enable the configuration archive to gather the configurations using the rcp protocol, modify your device configurations.

Make sure the devices are rcp-enabled by entering the following commands in the device configurations:

# ip rcmd rcp-enable
# ip rcmd remote-host local_username {ip-address | host} remote_username [enable]

Where ip_address | host is the IP address/hostname of the machine where RME is installed. Alternatively, you can enter the hostname instead of the IP address. The default remote_username and local_username are cwuser.

Disable the DNS security check for rcp if your RME server and devices are not registered with the DNS server. To do this, use the command,
no ip rcmd domain-lookup for rcp to fetch the device configuration.

Enabling scp

To enable the configuration archive to gather the configurations using the scp protocol, modify your device configurations.

To configure local User name:

aaa new-model

aaa authentication login default local

aaa authentication enable default none

aaa authorization exec default local

username admin privilege 15 password 0 system

ip ssh authentication-retries 4

ip scp server enable

To configure TACACS User name:

aaa new-model

aaa authentication login default group tacacs+

aaa authentication enable default none

aaa authorization exec default group tacacs+

ip ssh authentication-retries 4

ip scp server enable

User on the TACACS Server should be configured with priv level 15:

user = admin {

default service = permit

login = cleartext "system"

service = exec {

priv-lvl = 15

}

}

Enabling https

To enable the configuration archive to gather the configurations using https protocol you must modify your device configurations.

To modify the device configuration, follow the procedure as described in this URL:

http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_41/configuration/guide/mgtproto.html

Configuring Devices to Send Syslogs

Configure your devices for Syslog Analysis if you want the device configurations to be gathered and stored automatically in the configuration archive when Syslog messages are received.

After you perform these tasks and the devices become managed, the configuration files are collected and stored in the configuration archive.

Modifying Device Security

Configuration Management must be able to run certain commands on devices to archive their configurations.

You must have the required permissions to run these Configuration Management commands:

Router Commands

Switches Commands

Content Networking—Content Service Switch Commands

Content Networking—Content Engine Commands

Cisco Interfaces and Modules—Network Analysis Modules

Security and VPN—PIX Devices

For example, you can use the RME server to access the devices using Telnet or SSH to archive their configurations. Ensure that the user credentials provided by you in DCR has the required permissions to access the devices and execute the above mentioned configuration CLI commands on the devices to fetch the configurations.

These configuration information fetched from the devices by the RME server is stored in the RME database.

Router Commands

Command
Description

terminal length 0

Sets the number of lines on the current terminal screen for the current session

terminal width 0

Sets the number of character columns on the terminal screen for the current line for a session

show privilege

Displays your current level of privilege

Show running

Gets running configuration.

Show startup

Gets startup configuration

Show running-brief1

Gets the running configuration in brief by excluding the encryption keys.

1 This is applicable for the IOS release 12.3(7)T release or later.


The commands in the above tables also apply to the following device types:

Universal Gateways and Access Servers

Universal Gateways and Access Servers

Optical Networking

Broadband Cable

Voice and Telephony

Wireless

Storage Networking

Switches Commands

The switches commands are:

Command
Description

set length 0

Configures the number of lines in the terminal display screen

set logging session disable

Disables the sending of system logging messages to the current login session.

write term

Gets running configuration.


Content Networking—Content Service Switch Commands

The Content Service Switch commands are:

Command
Description

no terminal more

Disables support for more functions with the terminal.

show running-config

Gets all components of the running configuration.

show startup-config

Gets the CSS startup configuration (startup-config).


Content Networking—Content Engine Commands

The Content Engine commands are:

Command
Description

terminal length 0

Sets the number of lines on the current terminal screen for the current session

show run

Gets running configuration.

show config

Gets startup configuration.


Cisco Interfaces and Modules—Network Analysis Modules

The Network Analysis Modules commands are:

Command
Description

terminal length 0

Sets the number of lines on the current terminal screen for the current session

show autostart

Displays autostart collections

show configuration

Gets startup configuration.


Security and VPN—PIX Devices

The PIX devices commands are:

Command
Description

terminal width 0

Sets the number of character columns on the terminal screen for the current line for a session

show config

Gets startup configuration.

show running

Gets running configuration.

show curpriv

View the current logged-in user.

no pager

Removes paging control


Using Job Approval for Archive Management

You can enable Job Approval for Archive Management tasks, (Resource Manager Essentials > Admin > Approval > Approval Policies). This means all jobs require approval before they can run.

Only users with Approver permissions can approve Archive Management jobs. Jobs must be approved before they can run if Job Approval is enabled on the system.

For more details on enabling job approval see Setting Up Job Approval in the section Enabling Approval and Approving Jobs Using Job Approval.

The following Archive Management tasks require approval if you have enabled Job Approval:

Out-of-Sync (Config Mgmt > Archive Mgmt > Out-of-Sync Summary)

Sync Archive jobs do not have Job Approval enabled because this job only archives the configuration from the device and there is no change to the device configuration.

If you have enabled Approval for Archive Management tasks, these options appear in the Job Schedule and Options dialog box:

Approval Comment—Approval comments for the job approver.

Maker E-Mail—E-mail-ID of the job creator.

Configuring Transport Protocols

You can set the protocol order for Configuration Management applications such as Archive Management, Config Editor, and NetConfig jobs to download configurations and to fetch configurations. For NetShow, you can set the protocol order to download configurations.

This setup allows you to use your preferred protocol order for fetching and downloading the configuration.

The available protocols are:

Telnet

TFTP (Trivial File Transport Protocol)

rcp (remote copy protocol)

SSH (Secure Shell)

SCP (Secure Copy Protocol)

HTTPS (Hyper Text Transfer Protocol Secured)

Requirements to Use the Supported Protocols

If the following requirements are not met, an error message appears.

To use this Protocols
You must...

Telnet

Know Telnet passwords for login and Enable modes for device. If device is configured for TACACS authentication, enter Primary Username and Primary Password.

TFTP

Know read and write community strings for device.

rcp

Configure devices to support incoming rcp requests. To make sure the device is rcp-enabled, enter the following commands in the device configuration:

# ip rcmd rcp-enable

# ip rcmd remote-host local_username {ip-address | host} remote_username [enable]

where ip_address | host is the IP address/hostname of the machine where RME is installed. The default remote_username and local_username are cwuser. For example, you can enter:

# ip rcmd remote-host cwuser 123.45.678.90 cwuser enable

Disable the DNS security check for rcp if your RME server and devices are not registered with the DNS server. To do this, use the command,
no ip rcmd domain-lookup for rcp to fetch the device configuration.

SSH

Know the username and password for the device. If device is configured for TACACS authentication, enter the Primary Username and Primary Password.

Know password for Enable modes.

When you select the SSH protocol for the RME applications (Configuration Archive, NetConfig, ConfigEditor, and NetShow) the underlying transport mechanism checks whether the device is running SSHv2.

If so, it tries to connect to the device using SSHv2.

If the device does not run SSHv2 and runs only SSHv1 then it connects to the device through SSHv1.

If the device runs both SSHv2 and SSHv1, then it connects to the device using SSHv2.

If a problem occurs while connecting to the device using SSHv2, then it does not fall back to SSHv1 for the device that is being accessed.

Some useful URLs on configuring SSHv2 are:

Configuring Secure Shell on Routers and Switches Running Cisco IOS:

http://www.cisco.com/warp/public/707/ssh.shtml

How to Configure SSH on Catalyst Switches Running Catalyst OS:

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a0080094314.shtml

Configuring the Secure Shell Daemon Protocol on CSS:

http://www.cisco.com/en/US/partner/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a00801eea45.html#1105358

Configuration Examples and TechNotes:

http://www.cisco.com/en/US/tech/tk583/tk617/tech_configuration_examples
_list.html

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guides_list.html

SCP

Know the SSH username and password for the device.

To make sure the device is scp-enabled, enter the following commands in the device configuration.

To configure local User name:

aaa new-model

aaa authentication login default local

aaa authentication enable default none

aaa authorization exec default local

username admin privilege 15 password 0 system

ip ssh authentication-retries 4

ip scp server enable

To configure TACACS User name:

aaa new-model

aaa authentication login default group tacacs+

aaa authentication enable default none

aaa authorization exec default group tacacs+

ip ssh authentication-retries 4

ip scp server enable

User on the TACACS Server should be configured with privilege level 15:

user = admin {

default service = permit

login = cleartext "system"

service = exec {

priv-lvl = 15

}

}

HTTPS

Know the username and password for the device. Enter the Primary Username and Password in the Device and Credential Repository (Common Services > Device and Credentials > Device Management).

To enable the configuration archive to gather the configurations using https protocol you must modify your device configurations:

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a00801f1d98.html#999607

This is used for VPN 3000 device.


The configuration archive uses Telnet/SSH to gather the module configurations of Catalyst 5000 family devices and vlan.dat file in case of Catalyst IOS switches. Make sure you enter the correct Telnet and Enable passwords.

If you enabled TACACS for a device and configured custom TACACS login and passwords prompts, you may experience Telnet problems, since RME may not recognize the prompts. To make your prompts recognizable, you must edit the TacacsPrompts.ini file. See the procedure given in the Handling Custom Telnet Prompts section of the User Guide for Common Services 3.2.

For module configs, the passwords on the module must be same as the password on the supervisor.

Supported Protocols for Configuration Management Applications

For supported protocol at individual device-level, you can either see:

The RME device packages Online help. You can launch the RME device packages Online help using Help > Resource Manager Essentials > Device Packages.

or

The Supported Protocols for Configuration Management table on Cisco.com:

http://www.cisco.com/en/US/products/sw/cscowork/ps2073/products_device_support_tables_list.html

Defining the Protocol Order

The following is the workflow for defining the protocol order for Configuration Management applications to perform either Config fetch or Config update:


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.



Step 1 Select Resource Manager Essentials > Admin > Config Mgmt.

The Config Transport Settings dialog box appears.

Step 2 Go to the first drop-down list box, select the application for which you want to define the protocol order.

Step 3 Select a protocol from the Available Protocols pane and click Add.

If you want to remove a protocol or change the protocol order, you must remove the protocol using the Remove button and add the protocol, again.

The list of protocols that you have selected appears in the Selected Protocol Order pane.

When a configuration fetch or update operation fails, an error message appears. This message displays details about the supported protocol for the particular device and it modules, if there are any.

For the list of supported protocols, see Supported Device Table for Configuration Management application on Cisco.com.

Step 4 Click Apply.

A message appears, New settings saved successfully.

Step 5 Click OK.


Configuring Default Job Policies

Each Configuration Management job has properties that define how the job will run. You can configure a default policy for these properties that applies to all future jobs. You can also specify for each property whether users can change the default when creating a job.

You have the option of entering a username and password for running a specific Archive Management, Config Editor, NetConfig, or NetShow job.

If you enter a username and password, Archive Management, Config Editor, or NetConfig applications use this username and password to connect to the device, instead of taking these credentials from the Device and Credential Repository.

While the job is running, the password is retrieved from the Device and Credential Repository for each of the selected devices.

For example, if the TACACS server is managing the devices, the passwords in the TACACS server and the passwords in the Device and Credential Repository should be synchronized (with every password change).

This option of entering the username and password for running a job is useful in high security installations where device passwords are changed at frequent intervals. In such instances, the passwords may be changed every 60-90 seconds.

To use this option of entering a username and password for running a specific job, you should enable the job password policy for Archive Management, Config Editor, NetConfig, or NetShow jobs.

You can do this by using the Enable Job Password option in the Config Job Policies window.

If you have enabled Enable Job Password option, you can enter these credentials while scheduling a job:

Login Username

Login Password

Enable Password

Defining the Default Job Policies

The following is the workflow for defining the default job policies for Configuration Management applications:


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.



Step 1 Select Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies.

The Job Policy dialog box appears.

Step 2 Select the applications.

Step 3 Based on your selection, enter the following information:

Field Name
Description
Usage Notes

Failure Policy

This appears only if you select either Config Editor or NetConfig application.

Select what the job should do if it fails to run on the device. You can stop or continue the job, and roll back configuration changes to the failed device or to all devices configured by the job.

You can select one of the options:

Stop on failure—Stops the job on failure.

Ignore failure and continue—Continues the job on failure.

Rollback device and stop—Rolls back the changes on the failed device and stops the job. This is applicable only to NetConfig application.

Rollback device and continue—Rolls back the changes on the failed device and continues the job. This is applicable only to NetConfig application.

Rollback job on failure—Rolls back the changes on all devices and stops the job. This is applicable only to NetConfig application.

You can create rollback commands for a job in the following ways:

Using a system-defined template.

Rollback commands are created automatically by the template.

The Banner system-defined template does not support rollback. You cannot create rollback commands using this template.

Creating a user template.

Allows you to enter rollback commands into the template.

When you use the Adhoc and Telnet Password templates, you cannot create rollback commands.

E-mail Notification

This appears for all the applications in the dropdown list.

Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.

You can enter multiple e-mail addresses separated by commas.

Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).

We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).

When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.

Notification is sent when the job is started and completed.

Notification E-mails include a URL to enter to display job details. If you are not logged in, do so using log in panel.

Sync Archive before Job Execution

This appears if you select either Config Editor or NetConfig application.

The job archives the running configuration before making configuration changes.

None.

Copy Running Config to Startup

This appears if you select either Config Editor or NetConfig application.

The job writes the running configuration to the startup configuration on each device after configuration changes are made successfully.

Does not apply to Catalyst OS devices.

Enable Job Password

This appears for all the applications in the dropdown list.

The job Password Policy is enabled for all the jobs.

The Archive Management, Config Editor, and NetConfig jobs use this username and password to connect to the device, instead of taking these credentials from the Device and Credential Repository.

These device credentials are entered while scheduling a job.

None.

You can use this option even if you have configured only the Telnet password (without configuring username) on your device.

You must enter a string in the Login Username field. Do not leave the Login Username field blank.

The Login Username string will be ignored while connecting to the device since the device is configured only for the Telnet password.

See Usage Scenarios When Job Password is Configured on Devices.

Fail on Mismatch of Config Versions

This appears if you select either Config Editor or NetConfig application.

The job is considered a failure when the most recent configuration version in the configuration archive is not identical to the most recent configuration version that was in the configuration archive when you created the job.

None.

Delete Config after download

This appears if you select Config Editor.

The configuration file is deleted after the download.

 

Execution Policy

This appears for all the applications in the dropdown list.

Allows you to configure the job to run on multiple devices at the same time (Parallel execution) or in sequence (Sequential Execution).

If you select sequential execution, you can select Device Order in the Job Schedule and Options dialog box to set the order of the device.

1. Select a device in the Set Device Order dialog box.

2. Either:

Click the Move Up or Move Down arrows to change its place in the order. Click Done to save the current order.

Or

Close the dialog box without making any changes.

You cannot alter the device sequence for Archive Management application jobs such as Sync Archive, Check Compliance and Deploy, etc.

Sequential Execution is not supported for the following jobs:

Manual Synch Archive

Periodic Config Collection and Polling

cwcli config get

User Configurable

Select this check box next to any field to make corresponding policy user configurable.

You can configure a user-configurable policy while defining job. You cannot modify non-user-configurable policies.


Step 4 Click Apply.

A message appears, Policy values changed successfully.

Step 5 Click OK.


Usage Scenarios When Job Password is Configured on Devices

The following tables list the usage scenarios and their implications for Configuration application when job password is configured on devices.

When Device Access is Only Through Job Password and No Access is Available Through Regular Telnet/SSH and SNMP (Read or Write)

When Devices are Configured for Job Password and Access is Available Through SNMP (Read or Write)

When Devices are not Configured for Job Password and Access is Available Through Regular Telnet/SSH but no SNMP

When Devices are not Configured for Job Password and Regular Telnet/SSH is Disabled. Access is Available Only Through SNMP (Read or Write)

Table 8-1 When Device Access is Only Through Job Password and No Access is Available Through Regular Telnet/SSH and SNMP (Read or Write) 

Scenario
Archive Mgmt
cwcli config
NetConfig
Config Editor

Device is added into RME

Fails

Not applicable

Not applicable

Not applicable

Update archive request through user interface

Fails

Not applicable

Not applicable

Not applicable

Update archive request through command line

Not applicable

Fails

Not applicable

Not applicable

Config update when Syslog message is received

Fails

Not applicable

Not applicable

Not applicable

Config update through periodic scheduled process

Fails

Not applicable

Not applicable

Not applicable

Config update through SNMP poller based scheduled process

Fails

Not applicable

Not applicable

Not applicable

Config upload/restore through cwcli config

Not applicable

Fails

Not applicable

Not applicable

NetConfig Job

Not applicable

Fails

Succeeds

Not applicable

Config Editor job

Not applicable

Not applicable

Not applicable

Succeeds


Table 8-2 When Devices are Configured for Job Password and Access is Available Through SNMP (Read or Write) 

Scenario
Archive Mgmt
cwcli config
NetConfig
Config Editor

Device is added into RME

Succeeds for SNMP supported devices

Not applicable

Not applicable

Not applicable

Update archive request through user interface

Succeeds for SNMP supported devices

Not applicable

Not applicable

Not applicable

Update archive request through command line

Succeeds for SNMP supported devices

Succeeds for SNMP supported devices

Not applicable

Not applicable

Config update when Syslog message is received

Succeeds for SNMP supported devices

Not applicable

Not applicable

Not applicable

Config update through periodic scheduled process

Succeeds for SNMP supported devices

Not applicable

Not applicable

Not applicable

Config update through SNMP poller based scheduled process

Succeeds for SNMP supported devices

Not applicable

Not applicable

Not applicable

Config upload/restore through cwcli config

Not applicable

Succeeds for SNMP supported devices

Not applicable

Not applicable

NetConfig Job

Not applicable

Fails

Succeeds

Not applicable

Config Editor job

Not applicable

Not applicable

Not applicable

Succeeds


Table 8-3 When Devices are not Configured for Job Password and Access is Available Through Regular Telnet/SSH but no SNMP 

Scenario
Archive Mgmt
cwcli config
NetConfig
Config Editor

Device is added into RME

Succeeds

Not applicable

Not applicable

Not applicable

Update archive request through user interface

Succeeds

Not applicable

Not applicable

Not applicable

Update archive request through command line

Succeeds

Succeeds

Not applicable

Not applicable

Config update when Syslog message is received

Succeeds

Not applicable

Not applicable

Not applicable

Config update through periodic scheduled process

Succeeds

Not applicable

Not applicable

Not applicable

Config update through SNMP poller based scheduled process

Succeeds

Not applicable

Not applicable

Not applicable

Config upload/restore through cwcli config

Succeeds

Succeeds

Not applicable

Not applicable

NetConfig Job

Not applicable

Not applicable

Succeeds

Not applicable

Config Editor job

Not applicable

Not applicable

Not applicable

Succeeds


Table 8-4 When Devices are not Configured for Job Password and Regular Telnet/SSH is Disabled. Access is Available Only Through SNMP (Read or Write) 

Scenario
Archive Mgmt
cwcli config
NetConfig
Config Editor

Device is added into RME

Succeeds for SNMP supported devices

Not applicable

Not applicable

Not applicable

Update archive request through user interface

Succeeds for SNMP supported devices

Not applicable

Not applicable

Not applicable

Update archive request through command line

Succeeds for SNMP supported devices

Succeeds for SNMP supported devices

Not applicable

Not applicable

Config update when Syslog message is received

Succeeds for SNMP supported devices

Not applicable

Not applicable

Not applicable

Config update through periodic scheduled process

Succeeds for SNMP supported devices

Not applicable

Not applicable

Not applicable

Config update through SNMP poller based scheduled process

Succeeds for SNMP supported devices

Not applicable

Not applicable

Not applicable

Config upload/restore through cwcli config

Succeeds for SNMP supported devices

Succeeds for SNMP supported devices

Not applicable

Not applicable

NetConfig Job

Not applicable

Fails

Fails

Not applicable

Config Editor job

Not applicable

Not applicable

Not applicable

Fails


Setting Up Archive Management

You can move the directory for archiving the RME device configuration and enable and disable the usage of Shadow directory. You can also list the commands that need to be excluded while comparing configuration

To do this select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt.

Moving the Configuration Archive Directory

Enabling and Disabling the Shadow Directory

Configuring Exclude Commands

Moving the Configuration Archive Directory

You can move the directory where the configuration of the devices can be archived on the RME server.

The default Configuration Archive directory is:

On RME Solaris server,

/var/adm/CSCOpx/files/rme/dcma

On RME Windows server,

NMSROOT\files\rme\dcma

Where NMSROOT is the CiscoWorks installed directory.

The new archive directory location should have the permission for casuser:casusers in Solaris and casuser should have Full Control in Windows. The new archive directory location should not be the root of any drive (F:\) and must be a subdirectory (F:\RMEarchives).


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


The following is the workflow for moving the configuration archive location:


Step 1 Stop the ConfigMgmtServer process. To do this:

a. Select Common Services > Server > Admin > Processes.

The Process Management dialog box appears.

b. Select the ConfigMgmtServer process.

c. Click Stop.

Step 2 Select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt.

The Archive Settings dialog box appears.

Step 3 Enter the new location in the Archive Location field, or click Browse to select a directory on your system.

Step 4 Click Apply.

A message appears confirming the changes.

Step 5 Restart the ConfigMgmtServer process. To do this:

a. Select Common Services > Server > Admin > Processes.

The Process Management dialog box appears.

b. Select the ConfigMgmtServer process.

c. Click Start.


Enabling and Disabling the Shadow Directory

The configuration archive Shadow directory is an image of the most recent configurations gathered by the configuration archive.

The Shadow directory contains subdirectories that represent each device class and the latest configurations supported by the configuration archive.

Each file name is DisplayName.cfg, where DisplayName is the device's Display Name as defined in the Device and Credential Repository. Each time the archive is updated, the Shadow directory is updated with the corresponding information.

The Shadow directory can be used as an alternative method to derive the latest configuration information programmatically by using scripts or other means.

To access to the Shadow directory, you must be root or casuser on Solaris, or in the administrator group for Windows.

You can find the Shadow directory in the following locations:

On Solaris, /var/adm/CSCOpx/files/rme/dcma/shadow

On Windows, NMSROOT/files/rme/dcma/shadow. Where NMSROOT is the directory in which RME is installed (the default is C:\Program Files\CSCOpx).


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


You can enable or disable the use of Shadow directory by following this workflow:


Step 1 Stop the ConfigMgmtServer process. To do this:

a. Select Common Services > Server > Admin > Processes.

The Process Management dialog box appears.

b. Select the ConfigMgmtServer process.

c. Click Stop.

Step 2 Select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt.

The Archive Settings dialog box appears.

Step 3 Select the Enable Shadow Directory check box.

Step 4 Click Apply.

A message shows that the changes were made.

Step 5 Restart the ConfigMgmtServer process. To do this:

a. Select Common Services > Server > Admin > Processes.

The Process Management dialog box appears.

b. Select the ConfigMgmtServer process.

c. Click Start.


Configuring Exclude Commands

You can list the commands that have to be excluded while comparing configuration. To do this select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Exclude Commands.

You can enter multiple commands separated by commas.

RME provides default exclude commands for some Device Categories.

For example, the default exclude commands for Router device category are, end,exec-timeout,length,width,certificate,ntp clock-period

You can specify Exclude Commands at all these levels:

Device Category (For example, Routers, Wireless, etc.)

Device Family (For example, Cisco 1000 Series Routers, Cisco 1400 Series Routers, etc.)

Device Type (For example, Cisco 1003 Router, Cisco 1401 Router, etc.)

While comparing configurations, if you have specified exclude commands in the Device Type, Device Family and Device Category, these commands are excluded only at the Device Type level. The commands in the Device Family and Device Category are not excluded.

Example 1:

If you have specified these commands at,

Routers (Device Category) level

end,exec-timeout,length,width,certificate,ntp clock-period

Cisco 1000 Series Routers (Device Family) level

banner incoming,snmp-server location

Cisco 1003 Router (Device Type) level

ip name-server,banner motd,snmp-server manager session-timeout

While comparing configurations, only the Cisco 1003 Router (Device Type) level commands are excluded.

Example 2:

If you have specified these commands only at Device Family and Device Category,

Routers (Device Category) level

end,exec-timeout,length,width,certificate,ntp clock-period

Cisco 1000 Series Routers (Device Family) level

banner incoming,snmp-server location

Cisco 1003 Router (Device Type) level

No commands specified.

While comparing configurations, only the Cisco 1000 Series Routers (Device Family) level commands are excluded.

If the commands are specified only at the Device Category level, these commands are applicable to all devices under that category.

To configure Exclude Commands:


Step 1 Select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Exclude Commands.

The Configure Exclude Commands dialog box appears.

Step 2 Select one of these from the Device Type Selector pane:

Device Category (For example, Routers, Wireless, etc.)

Device Family (For example, Cisco 1000 Series Routers, Cisco 1400 Series Routers, etc.)

Device Type (For example, Cisco 1003 Router, Cisco 1401 Router, etc.)

Step 3 Enter the command in the Exclude Commands pane to add new commands.

You can enter multiple commands separated by commas.

You can also edit or delete the existing commands in the Exclude Commands pane.

Step 4 Click Apply.

A message appears, The commands to be excluded are saved successfully.


Configuring Fetch Settings

You can configure the Job Result Wait Time per device for the Sync Archive Jobs. The default value is 120 seconds. The minimum value can be set to 60 seconds.

Job Result Wait Time is the maximum wait time that Archive Management waits to get the configurations from the device during the sync-archive job execution.

To configure the Job Result Wait Time:


Step 1 Select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt.

The Fetch Settings dialog box appears.

Step 2 Provide the Job Result wait time in seconds in the Maximum time to wait for Job results per device (seconds) field.

Step 3 Click either of these:

Click Apply, if you want to submit the Job Result Wait Time entered.

Click Cancel if you want to cancel the changes made to the Job Result Wait Time.


Understanding Configuration Retrieval and Archival

RME supports five different ways to trigger the retrieval of configuration files from the device for archival purposes.

Schedule Periodic Configuration File Archival

RME will archive both the startup and running configuration files for all devices at the scheduled time (6-hourly, 12-hourly, daily, weekly, monthly), as configured by the user.

Since this method collects the full running configuration and startup configuration files for the entire network, we recommend that you schedule this to run at no more than once per day, especially if the network is large and outside the LAN.

See Defining the Configuration Collection Settings for further details.

Schedule Periodic Configuration Polling

RME can be configured to periodically poll configuration MIB variables on devices that support these MIBs according to a specified schedule, to determine if either the startup or running configuration file has changed.

If it has, RME will retrieve and archive the most current configuration file from the device.

Polling uses fewer resources than full scheduled collection, because configuration files are retrieved only if the configuration MIB variable is set.

On IOS devices the variables ccmHistoryRunningLastChanged and ccmHistoryStartupLastChanged from the CISCO-CONFIG-MAN-MIB MIB, and on CATOS the variable sysConfigChangeTime from CISCO-STACK-MIB are used to detect the change.

Any change in the value of these variables causes the configuration file to be retrieved from the device. SNMP change polling works only in case of IOS and CATOS devices which support these MIBs.

If these MIBs are not supported on the devices, then by default, configuration fetch will be initiated without checking for the changes.

By default, the Periodic Collection and Polling are disabled.

See Defining the Configuration Collection Settings for scheduling the periodic polling.


Note The Syslog application triggers configuration fetch, if configuration change messages like SYS-6-CFG_CHG, CPU_REDUN-6-RUNNING_CONFIG_CHG etc., are received.


Manual Updates (Sync Archive function)

This feature allows the RME user to force the configuration archive to check specified devices for changes to the running configuration file only. Use Sync Archive if you need it to synchronize quickly with the running configuration.

You can also poll the device and compare the time of change currently on the device with the time of last archival of the configuration to determine whether the configuration has changed on a device.

The Startup configuration is not retrieved during manual update archive operation. However, you can retrieve the Startup configuration by enabling the Fetch startup Config option while scheduling Sync Archive job.

See Scheduling Sync Archive Job for further details.

Using Version Summary

You can trigger a configuration file retrieval by clicking on the Running or Startup configuration in the Configuration Version Summary report.

After a configuration file is fetched from the device, as described above, RME submits the configuration file for archival.

See Viewing the Configuration Version Summary for further details.

Timestamps of Configuration Files

These are timestamps of a running configuration file, or the change time (in change audit), indicate the time at which RME system archived the configuration file.

This is not the time at which the configuration actually changed on the device. If changes are detected immediately using Syslog messages, the timestamp should be very close to the actual configuration change time on the device.

Startup configurations are handled differently by RME. Startup configs are simply saved into the system, as they are retrieved from the device (unlike running configurations, which are compared and saved in versioned archives, if different).

The timestamps of Startup Configuration files are just the archival times, and do not indicate the change time.

In the version summary reports, the Running and Startup are links, which when clicked will retrieve in real time, the respective configuration from the device. This column does not have a timestamp associated with it.

In the Out-Of-Sync report, the Startup configuration column indicates the last archived startup configuration along with its timestamp, and the Running configuration column indicate the last archived running config along with its timestamp.

How Running Configuration is Archived

The workflow for archiving the Running configuration is:

1. If RME detects an effective change, the new configuration is queued for Archival.

2. The archiver, calculates the exact effective changes, assigns a new version number for the newly collected archive, and archives it in the system.

3. The archiver, at the end, logs a change audit record that the configuration of the device has changed, along with other Audit information.

4. If you have enabled the Enable Shadow Directory option in the Archive Settings dialog box (Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt) the latest running configuration file is also stored in a raw format for manual TFTP purposes to restore the configuration on the device, in the directory location:

On Solaris, /var/adm/CSCOpx/files/rme/dcma/shadow

On Windows, NMSROOT/files/rme/dcma/shadow. Where NMSROOT is the directory in which RME is installed (the default is C:\Program Files\CSCOpx)


Note Startup configurations are not `versioned' and only one copy of the startup configuration of devices (which supports startup configuration), is saved in the system. No change audit records are logged for changes in the `Startup Configuration' files.


RME first compares the collected configuration file, with the latest configuration in the archive, and checks to see if there are effective configurations changes from what was previously archived.

Change Audit Logging

Config change audit records include information about, who changed (which user) the configuration, when the configuration change was identified by RME, and other change information.

Any configuration change made through the RME system (example, using Config Editor or Netconfig), will have the user name of the user who scheduled the change job.

Any configuration change that was done outside of RME and detected through the configuration retrieval process, has the same user name as reported by the device through the CONFIG-MAN-MIB variable (ccmHistoryEventTerminalUser).

Changes identified through syslog messages, contain the user name identified in the Syslog message, if present.

Defining the Configuration Collection Settings

The configuration archive can be updated with configuration changes in two ways:

Periodic configuration archival (with and without configuration polling). You can enable this using Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Collection Settings.

Manual configuration archival using Resource Manager Essentials > Config Mgmt > Archive Mgmt > Sync Archive.

You can modify how and when the configuration archive retrieves configurations by selecting one or all of the following:

Periodic Polling

The configuration archive performs a SNMP query on the device. If there are no configuration changes detected in the devices, no configuration is fetched.

Periodic Collection

The configuration is fetched without checking for any changes in the configuration.

By default, the Periodic Collection and Polling are disabled.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


The following is the workflow for defining the configuration collection setting:


Step 1 Select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Collection Settings.

The Config Collection Settings dialog box appears.

Step 2 Select one or all of the following options:

Periodic Polling

a. Select Enable for Configuration archive to performs a SNMP query on the device to retrieve configuration.

b. Click Schedule.

The Config Collection Schedule dialog box appears.

c. Enter the following information:

Field
Description
Scheduling

Run Type

You can specify when you want to run the configuration polling job.

To do this, select one of these options from the drop-down menu:

Daily—Runs daily at the specified time.

Weekly—Runs weekly on the day of the week and at the specified time.

Monthly—Runs monthly on the day of the month and at the specified time.

The subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.

For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed.

If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, the next job will start only at 10:00 a.m. on November 3.

Date

You can select the date and time (hours and minutes) to schedule.

Job Information

Job Description

The system default job description, Default config polling job is displayed.

You cannot change this description.

E-mail

Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.

You can enter multiple e-mail addresses separated by commas.

Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).

We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.


d. Click OK.

Periodic Collection

a. Select Enable for Configuration archive to perform a periodic check on the device to retrieve configuration.

b. Click Schedule.

The Config Collection Schedule dialog box appears.

c. Enter the following information:

Field
Description
Scheduling

Run Type

You can specify when you want to run the configuration collection job.

To do this, select one of these options from the drop-down menu:

Daily—Runs daily at the specified time.

Weekly—Runs weekly on the day of the week and at the specified time.

Monthly—Runs monthly on the day of the month and at the specified time.

The subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.

For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed.

If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, the next job will start only at 10:00 a.m. on November 3.

Date

You can select the date and time (hours and minutes) to schedule.

Job Information

Job Description

The system default job description, Default config collection job is displayed.

You cannot change this description.

E-mail

Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.

You can enter multiple e-mail addresses separated by commas.

Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).

We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.


d. Click OK.

Step 3 Either click Apply to accept the new values provided.

Or

Click Cancel if you want to discard the changes and revert to previously saved values.

If you had clicked Apply, a message appears:

New settings saved successfully.

You can check the status of your scheduled job by selecting Resource Manager Essentials > Job Mgmt > RME Jobs.


Purging Configurations from the Configuration Archive

You can specify when to purge archived configurations. This frees disk space and keeps your archive at a manageable size.

By default, the purging jobs are disabled.

You can purge configurations based on two criteria:

Number of versions to retain. Maximum number of versions of each configuration to retain.

The oldest configuration is purged when the maximum number is reached. For example, if you set the maximum versions to retain to 10, when the eleventh version of a configuration is archived, the earliest (first version) is purged to retain total number of latest archived versions at 10.

Age. Configurations older than the number of days that you specify are purged.

The Labeled configuration files are not purged even if they satisfy either of the purge conditions (Maximum versions to retain and Purge versions older than options in the Archive Purge Settings window) unless you enable the Purge labeled files option in the Archive Purge Settings window.

The labeled files are purged only if they satisfy the conditions given in the Maximum versions to retain and Purge versions older than options.

Archive Management will not purge the configuration files, if there are only two versions of these files in the archive.

Archived configurations that match the purge criteria that you set are purged from the system. This purge policy applies to Running configuration only.


Caution Ensure that the configuration change detection schedule does not conflict with purging, since both processes are database-intensive. Also backup your system frequently to prevent losing versions.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


The workflow to define the Configuration Archive purge policy is:


Step 1 Select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Purge Settings.

The Archive Purge Setup dialog box appears.

Step 2 Select Enable.

Step 3 Click Change to schedule a Purge job.

The Config Purge Job Schedule dialog box appears.

Step 4 Enter the following information:

Field
Description
Scheduling

Run Type

You can specify when you want to purge the configuration archive files.

To do this, select one of these options from the drop-down menu:

Daily—Runs daily at the specified time.

Weekly—Runs weekly on the day of the week and at the specified time.

Monthly—Runs monthly on the day of the month and at the specified time.

The subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.

For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed.

If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, the next job will start only at 10:00 a.m. on November 3.

Date

You can select the date and time (hours and minutes) to schedule.

Job Information

Job Description

The system default job description, Default archive purge job is displayed.

You cannot change this description.

E-mail

Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.

You can enter multiple e-mail addresses separated by commas.

Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).

We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.


Step 5 Specify when to purge configuration files from the archive by selecting one or all of the following purge policies:

Click Maximum versions to retain and enter the number of configurations to retain.

Click Purge versions older than and enter the number of days, weeks, or months.

Click Purge labeled files to delete the labeled configuration files. See Configuring Labels for information on labeled files.

The Purge labeled files option must be used either with the Maximum versions to retain or Purge versions older than options. You cannot use this option without enabling either Maximum versions to retain or Purge versions older than options.

The labeled files are purged only if they satisfy the conditions given in the Maximum versions to retain and Purge versions older than options.

The Labeled configuration files are not deleted even if they satisfy either of the purge conditions (Maximum versions to retain and Purge versions older than) unless you enable the Purge labeled files option.

These purge policies are applied sequentially. That is, if you have enabled all the three purge policies, RME applies the Purge policies in this sequence:

a. Maximum versions to retain

b. Purge versions older than

c. Purge labeled files

Archive Management does not purge the configuration files, if there are only two versions of these files in the archive.

Step 6 Click Apply.

A message appears, New settings saved successfully.

Step 7 Click OK.

You can check the status of your scheduled job by selecting Resource Manager Essentials >
Job Mgmt > RME Jobs.


Checking Configuration Archival Status

After you add devices into RME, their configurations are gathered and stored in the configuration archive. You can check the overall status of the configuration archive (Successful, Partially Successful, and Failed). It provides the status of the last archival attempt.

Refresh

(Icon)

Click on this icon to refresh the configuration archive status window.



Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To check the configuration archive status:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt.

The Configuration Archival Summary dialog window appears with the following information.

Archival Status
Description

Successful

Number of devices for which all supported configurations have been fetched successfully.

Click No.of Devices to see the Successful Devices Report.

Failed

Number of devices for which fetch of all supported configurations has failed.

Click No.of Devices to see the Failed Devices Report.

Partial Successful

Number of devices for which fetch of any one of the supported configurations has failed.

Number of Catalyst 5000 devices for which sub-modules were not pulled into archive. Only the main configuration of supervisor engine module is archived for Catalyst 5000 devices.

Click No.of Devices to see the Partially Successful Devices Report.


Step 2 Select one or all of the Config Archival Status and click Sync Archive to schedule an immediate job to update the archive status.

You can check the status of your scheduled Sync Archive job by selecting Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.


Configuration Archival Reports

The following are the Config Archival reports:

Successful Devices Report

Failed Devices Report

Partially Successful Devices Report

Successful Devices Report

A device appears in this report if all supported configurations have been fetched successfully.


Note These dates do not necessarily reflect when the archive was last updated.


This report contains the following information:

Column Names
Description

Device Name

Device Display Name as entered in Device and Credential Repository.

Click on the device name to launch the Device Center.

Config Type

Defines the type of configuration PRIMARY, SECONDARY, or VLAN.

PRIMARY/SECONDARY—Contains the Running and Startup configuration files information.

VLAN—Contains running vlan.dat configuration file information. This config type does not contain Startup configuration file information.

For ONS devices, the PRIMARY configuration type displays the configuration information from the active CPU, at that instance.

File Type

Defines the configuration file type that is either Running or Startup configuration.

Accessed At

Date and time that RME pulled running configuration from device in an attempt to archive. The configuration is archived only if there has been a change.

Description

Displays the archival status.


Failed Devices Report

A device appears in this report if fetch for all of the supported configurations has failed. This report also contains the reasons configuration could not be pulled.

This report contains the following information:

Column Names
Description

Device Name

Device Display Name as entered in Device and Credential Repository.

Click on the device name to launch the Device Center.

Config Type

Defines the type of configuration PRIMARY, SECONDARY, or VLAN.

PRIMARY/SECONDARY—Contains the Running and Startup configuration files information.

VLAN—Contains running vlan.dat configuration file information. This configuration type does not contain Startup configuration file information.

For ONS devices, the PRIMARY configuration type displays the configuration information from the active CPU, at that instance.

File Type

Defines the configuration file type that is either Running or Startup configuration.

Accessed At

Date and time that RME pulled running configuration from device in an attempt to archive. The configuration is archived only if there has been a change.

Description

Reason why RME could not pull running and startup configuration from device.


If you enabled TACACS for a device and configured custom TACACS login and passwords prompts, you may experience Telnet problems, since RME may not recognize the prompts.

To make your prompts recognizable, you must edit the TacacsPrompts.ini file. See the procedure given in the Handling Custom Telnet Prompts section of the User Guide for Common Services.

Partially Successful Devices Report

A device shows up in this report if fetch for any one of the supported configurations has failed.

The Partially Successful Devices report lists the Catalyst 5000 family devices for which sub-module information could not be pulled from the device. Only the main configuration of the supervisory module is archived for Catalyst 5000 devices.

This report contains the following information:

Column Names
Description

Device Name

Device Display Name as entered in Device and Credential Repository.

Click on the device name to launch the Device Center.

Config Type

Defines the type of configuration PRIMARY, SECONDARY, or VLAN.

PRIMARY/SECONDARY—Contains the Running and Startup configuration files information.

VLAN—Contains running vlan.dat configuration file information. This configuration type does not contain Startup configuration file information.

For ONS devices, the PRIMARY configuration type displays the configuration information from the active CPU, at that instance.

File Type

Defines the configuration file type that is either Running or Startup configuration.

Accessed At

Date and time that RME pulled running configuration from device in an attempt to archive. The configuration is archived only if there has been a change.

Description

Reason why RME could not pull running or startup configuration from device.


Scheduling Sync Archive Job

You can schedule a job to update the configuration archive for selected group of devices.

You have an option to poll device configuration before updating the archive and to fetch Startup configuration.

You can also perform this task for a selected device using Device Center (from the CiscoWorks LMS Portal home page, select Device Troubleshooting > Device Center to launch Device Center).


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To schedule a job to update the device configuration:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Sync Archive.

The Sync Archive dialog box appears.

Step 2 Select either:

Device Selector — To schedule a job for static set of devices. See Using RME Device Selector for information on how to use RME Device Selector.

The sync archive job fails if devices are removed from the DCR. For example, a sync archive job is scheduled to run for all the devices that are part of the selected group in Device Selector. When the job runs if a device is deleted from the DCR, then the job fails for that particular device. However, if the job succeeds for the remaining devices in the group, the status of the job still remain failed.

Or

Group Selector — To schedule a job for dynamic group of devices.

The job is scheduled only for the devices that are present in the selected group at the time when the job is run. The customizable group selector for jobs evaluates static groups also as dynamic during run time.

Step 3 Enter the following information:

Field
Description
Scheduling

Run Type

You can specify when you want to run the Sync Archive job.

To do this, select one of these options from the drop-down menu:

Immediate—Runs this task immediately.

6 - hourly—Runs this task every 6 hours, starting from the specified time.

12 - hourly—Runs this task every 12 hours, starting from the specified time.

Once—Runs this task once at the specified date and time.

Daily—Runs daily at the specified time.

Weekly—Runs weekly on the day of the week and at the specified time.

Monthly—Runs monthly on the day of the month and at the specified time.

The subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.

For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed.

If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, the next job will start only at 10:00 a.m. on November 3.

Date

You can select the date and time (hours and minutes) to schedule.

The Date field is enabled only if you have selected an option other than Immediate in the Run Type field.

Job Information

Job Description

Enter a description for the job. This is mandatory. You can enter only alphanumeric characters.

E-mail

Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.

You can enter multiple e-mail addresses separated by commas.

Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).

We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.

Job Options

Poll device before configuration collection

Archive Management polls the device and compares the time of change currently on the device with the time of last archival of configuration to determine if configuration has changed on a device.

If the polling is not supported on the device, then configuration fetch will be initiated without checking for the changes.

See Understanding Configuration Retrieval and Archival for further details on configuration polling.

Fetch startup config

Archive Management fetches the startup configuration.


Step 4 Click Submit.

A message appears, Job ID is created successfully.

Where ID is a unique Job number.

Step 5 Click OK.

You can check the status of your scheduled Sync Archive job by selecting Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.


Using the Config Fetch Protocol Usage Report

You can view the configuration protocol usage details for successful configuration fetches using the Config Fetch Protocol Usage Report.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Config Fetch Protocol Usage to generate a Config Fetch Protocol Usage Report.

The Config Fetch Protocol Usage Report window displays the following information:

Column Name
Description

Protocol

Protocols used by RME for configuration fetches.

Config Type

The Configuration types for the various protocols. The available types are:

Running — Count of the successful running configuration fetches for each protocol

Startup — Count of the successful startup configuration fetches for each protocol

VLAN — Count of the successful VLAN configuration fetches for each protocol. This configuration fetch is supported by only Telnet and SSH protocols.

Click on the Count link to view a detailed report for a protocol and corresponding Config Type. The detailed report shows the list of devices which are accessed using a particular protocol and for which successful Config Fetch has happened.

Example:

If you click on a Count link, 20, for Telnet protocol and Running config type, a detailed report is generated with the following fields:

Device Name — Display name of each device.

Accessed At — Date and time at which each device was accessed for Config Fetch purpose.

Config Type — Configuration type for each device.

File Type -— Configuration file type for each device.

This detailed report shows only the devices for which Telnet has successfully fetched configurations.

You can use the export icon to export the list of devices from this detailed report to the device selector.

Edit Settings

(Button)

Click this button, if you want to change the transport protocol order.

For more information, see Configuring Transport Protocols.

Refresh

(Icon)

Refreshes the Config Fetch Protocol Usage Report.


Generating an Out-of-Sync Report

You can generate an Out-of-Sync report for the group of devices for which running configurations are not synchronized with the startup configuration.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Out-of-Sync Summary to generate an Out-of-sync report. The Startup and Running Out-Of-Sync Summary window displays the following information:

Column Name
Description

Device Name

Device Display Name as entered in Device and Credential Repository.

Startup

Startup configuration of the device. This configuration is fetched from the configuration archive.

Click on the displayed date to view the configuration.

Diff

Difference between the archived Startup and archived Running configuration.

Click on the icon to see the difference between the archived Startup and archived Running configuration.

Running

Running configuration of the device. This configuration is fetched from the configuration archive.

Click on the displayed date to see the detailed information on Running configuration.

Sync on Device

(Button)

Use this button to schedule a Sync on device job.

You can schedule a Sync on device job to copy the running configuration of a device to the startup configuration.

For more information see, Scheduling Sync on Device Job.


Scheduling Sync on Device Job

You can schedule a Sync on device job using the Sync on Device button on Startup and Running Out-Of-Sync Summary window.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To schedule a Sync on device job:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Out-of-Sync Summary.

The Startup and Running Out-Of-Sync Summary dialog box appears.

Step 2 Select a device.

Step 3 Click Sync on Device.

The Job Schedule and Options dialog box appears.

Step 4 Enter the following information:

Field
Description
Scheduling

Run Type

You can specify when you want to run the Startup and Running Out-Of-Sync Summary report.

To do this, select one of these options from the drop-down menu:

Immediate—Runs the report immediately.

Once—Runs the report once at the specified date and time.

Daily—Runs daily at the specified time.

Weekly—Runs weekly on the day of the week and at the specified time.

Monthly—Runs monthly on the day of the month and at the specified time.

The subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.

For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed.

If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, the next job will start only at 10:00 a.m. on November 3.

Date

You can select the date and time (hours and minutes) to schedule.

The Date field is enabled only if you have selected an option other than Immediate in the Run Type field.

Job Information

Job Description

Enter a description for the job. This is mandatory. You can enter only alphanumeric characters.

E-mail

Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.

You can enter multiple e-mail addresses separated by commas.

Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).

We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.

Approver Comments

Enter comments for the job approver.

This field appears only if you have enabled Job Approval for Archive Management.

Maker E-Mail

Enter the e-mail-ID of the job creator. This is a mandatory field.

This field appears only if you have enabled Job Approval for Archive Management.

Job Options

Job Password

If you have enabled the Enable Job Password option and disabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) enter the device login user name and password and device Enable password.

If you have enabled the Enable Job Password option and enabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) either:

Enter the device login user name and password and device Enable password

or

Disable the Job Password option in the Job Schedule and Options dialog box.


Step 5 Click Submit.

A message appears, Job ID is created successfully.

Where ID is a unique Job number.

Step 6 Click OK.

You can check the status of your scheduled Copy Running Config to Startup job by selecting Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.


Using the Configuration Version Tree

You can view all configuration versions of the selected devices in the form of a graphical display. You can also perform a configuration quick deploy for a selected device.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To view the configuration Version Tree:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Version Tree

The Device Selection dialog box appears.

Step 2 Select a device. See Using RME Device Selector for information on how to use RME Device Selector.

Step 3 Click OK.

The Config Version Tree dialog box appears.

Step 4 Click either the configuration version which is a hyper link or select the radio button for the configuration version.

To expand the configuration version folder, click on plus icon and select the configuration version to view the configuration.

The Config Viewer dialog box appears. See Understanding the Config Viewer Window for further information.

If you want to perform a configuration quick deploy (Configuration Quick Deploy), click the Deploy button.


Understanding the Config Viewer Window

The Config Viewer is a HTML-based window which displays the configurations of specified devices.

You can specify how you want to view the contents of the configurations by selecting one of the options under Show:

Click Raw to view data exactly as it appears in the configuration file.

Click Processed to view data with the commands ordered and grouped.

The Config Viewer window contains two columns.

Column
Description
Configlets

Click on any configlets to display the corresponding information. The available configlets vary from device to device; the following are examples:

All—Entire contents of the configuration files.

SNMP—SNMP configuration commands. For example, snmp-server community public RO.

IP Routing—IP routing configuration commands. For example, router abcd 100.

Interface folder—The different interface configuration commands. For example,
Interface Ethernet0 and Interface TokenRing.

Global—Global configuration commands. For example no ip address.

Line con 0—configuration commands for line console 0.

IP—IP configuration commands. For example, ip http server.

Configuration file name

View the contents of configuration file.


The buttons on the Config Viewer are:

Button
Description

Export

(Icon)

Export the configuration file.

If you are using the Raw mode then the exported file format is cfg. The file name convention is DeviceName-VersionNumber.cfg.

If you are using the Processed mode then the exported file format is XML. The file name convention is DeviceName-VersionNumber.xml.

Where DeviceName is the device Display Name as entered in Device and Credential Repository and VersionNumber is the device configuration version.

The default directory where Configuration Archive file is exported is:

On RME Solaris server,

/var/adm/CSCOpx/files/rme/dcma/configexport

On RME Windows server,

NMSROOT\files\rme\dcma\configexport

 

Export (continue)

To export a file:

1. Click on the icon.

The Export Config File dialog box appears.

2. Enter the folder name on the RME server.

You must enter the default export directory. You cannot enter any other directory.

To change the default directory, see the RME FAQs section in the User Guide for Resource Manager Essentials 4.2:

http://www.cisco.com/en/US/products/sw/cscowork/ps2073/products_user_guide_list.html

or

Browse to select a folder on the RME server.

The Server Side File Browser dialog box appears.

a. Select a folder on the RME server.

b. Click OK.

The Browse button takes you to the default directory. It does not allow you to change this default export directory.

To change the default directory, see the RME FAQs section in the User Guide for Resource Manager Essentials 4.2:

http://www.cisco.com/en/US/products/sw/cscowork/ps2073/products_user_guide_list.html

3. Click OK.

If you have exported configuration in the Raw mode, the notification message displays, Config file exported as ExportedFolder\DeviceName-VersionNumber.cfg

If you have exported configuration in the Processed mode, the notification message displays, Config file exported as ExportedFolder\DeviceName-VersionNumber.XML

Where ExportedFolder is the location where configuration file is exported.

4. Click OK.

Print

(Icon)

Generates a format that can be printed.

Compare with previous version

Compares configuration with previous version. When you click on this button, a new window Config Diff Viewer opens to show configurations side by side.

See Understanding the Config Diff Viewer Window for further details.

This button gets activated only if you have a previous version of the configuration.

Compare with next version

Compares configuration with next version. When you click on this button, a new window Config Diff Viewer opens to show configurations side by side.

See Understanding the Config Diff Viewer Window for further details.

This button gets activated only if you have a next version of configuration.

Edit

Launches Config Editor window.

This button is active only if you are viewing the configuration version from the archive.

See Editing and Deploying Configurations Using Config Editor for further details.

Deploy

Perform a quick configuration deploy.

This button is active only if you are viewing the configuration version from the archive.

See Configuration Quick Deploy.


Viewing the Configuration Version Summary

You can view all archived configurations for selected devices. It also provides a link to view a particular configuration running on the device and to generate differences between versions in the archive.

You can view the last three configuration versions for each device regardless of number of versions stored in archive.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To view the Config Summary, follow this workflow:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Version Summary

The Device Selection dialog box appears.

Step 2 Select a device. See Using RME Device Selector for information on how to use RME Device Selector.

Step 3 Click OK.

The Archive Mgmt Version Summary window appears with the information in Table 8-5.

Table 8-5 Fields in the Archive Mgmt Version Summary Window 

Column
Description

Device Name

Device Display Name as entered in Device and Credential Repository.

Click on the device name to launch the Device Center.

Config Type

Defines the type of configuration PRIMARY, SECONDARY, or VLAN.

PRIMARY/SECONDARY—Contains the Running and Startup configuration files information.

VLAN—Contains running vlan.dat configuration file information. This configuration type does not contain Startup configuration file information.

For ONS devices, the PRIMARY configuration type displays the configuration information from the active CPU, at that instance.

Startup

Configuration running when device was started. This configuration is fetched from the device.

Click on the Startup icon to view the Startup configuration

Diff

Differences between Startup and Running configuration.

To view the difference between Startup and Running configuration, click on the Diff icon.

Running

Configuration currently running on device.

Click on the Running icon to view the Running configuration.

The configuration that appears, is fetched from the device. This happens if the fetched configuration is different from the latest configuration that is in the archive. Otherwise, the latest configuration from the archive appears.

Diff

Differences between the Running Configuration on the device and the most recent archived configuration.

To view the difference between the two running configurations, click on the Diff icon.

Latest

Displays date and time of most recent configuration archive. The time shown here is when the file was actually archived. If the file was archived on 03/07/2004 5.00 PM PST, that's the time that will appear in this report. This is in the client's time zone.

To view the device configuration, click on Date and Time.

The Archived At fields that appear in other configuration reports shows the last time configuration was taken from the device in an attempt to archive. The system actually archives the configuration only if there is a change in the newly obtained configuration when compared to the archived one. So there could be different time values.

Diff

Differences between the most recent and the second most recent archived configurations.

To view the difference between the two running configurations, click on the Diff icon.

Latest-1

Date and time the second most recent configuration was archived.

To view the device configuration, click on Date and Time.

Diff

Differences between the second most recent and third most recent configurations in archive.

To view the difference between the two running configurations, click on the Diff icon.

Latest-2

Date and time the third most recent configuration was archived.

To view the device configuration, click on Date and Time.



Configuration Quick Deploy

You can create an immediate job to deploy the version of configuration being viewed on the device. You can deploy the configuration either in overwrite or merge mode.

Features of Configuration Quick Deploy

The following are the features of Configuration Quick Deploy:

It can be performed for both running and startup configuration of all categories of devices.

The job is executed immediately. Therefore Job approval should not be enabled at the time of Configuration Quick Deploy.

The jobs cannot be rolled back.

The jobs use TFTP, Telnet, SSH, scp, rcp, https transport protocols.

It provides an option to select either merge or overwrite mode when you deploy configuration on a device.

It cannot be performed for VLAN configurations. However, you can deploy VLAN configurations using the CLI command, cwcli config put. See Overview: cwcli config Command for more information.

It is supported for configuration versions in the archive only. That is, you cannot deploy for configuration version available on a device.

The jobs use the same protocol order that you have specified in the Config Transport Settings (Resource Manager Essentials > Admin > Config Mgmt).

Performing a Configuration Quick Deploy

You can perform a configuration quick deploy using the Config Viewer window.

For example, you can launch Config Viewer window by clicking on Startup configuration or Running Configuration links while performing tasks such as generating Out-Of-Sync Summary report, viewing the Version Summary report etc.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.



Step 1 Click Deploy on the Config Viewer (Understanding the Config Viewer Window) window.

The Job Option Details dialog box appears.

Step 2 Enter the following information:

Field
Description
Job Information

E-mail

Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.

You can enter multiple e-mail addresses separated by commas.

Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).

We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.

Job Options

Job Password

If you have enabled the Enable Job Password option and disabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) enter the device login user name and password and device Enable password.

If you have enabled the Enable Job Password option and enabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) either:

Enter the device login user name and password and device Enable password

or

Disable the Job Password option in the Job Schedule and Options dialog box.

Deploy Mode

Overwrite

Select the Overwrite option, if you want to replace the existing running configuration on the device, with the selected configuration.

This is the default option for the configuration deployment.

The configuration that you have selected is compared with the latest running configuration in the Configuration Archive. (RME assumes that the latest running configuration in the archive is the same as the configuration currently running on the device.)

The Overwrite mode ensures that the running configuration on the device is overwritten with the selected configuration. This means, after the configuration is successfully deployed, the selected configuration and the running configuration on the device are the same.

Merge

Select the Merge option, if you want to add incremental configuration to the device.

The configuration that you have selected is deployed on to the device as is. This means, the existing running configuration of the device is updated incrementally with the commands in the selected configuration.

The selected running configuration is not compared with the running configuration in the Configuration Archive.

We recommend that you use this option on newly deployed devices. This is because, the Merge option effectively deploys the entire configuration from the archive, on to the device.


Step 3 Click Submit.

An immediate Quick Deploy of Configuration on Device job will be scheduled.

A message appears, Job ID is created successfully.

Where ID is a unique Job number.

Step 4 Click OK.

You can check the status of your scheduled Config Quick Deploy job by selecting Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.


What Happens During Configuration Quick Deploy

Before Configuration Management deploys the configuration on the device, it verifies whether the device is locked.

The deploy process follows the configured transport protocol order and the fallback option is active.

At end of this task, Configuration Management will:

Unlock the device

Checks-in the new version of configuration if the deploy completes successfully.

After uploading the configuration on the device, Configuration Management writes to the Change Audit log.

Configuring Labels

A label is a name given to a group of customized selection of configuration files. You can select configuration files from different RME devices, group and label them.

These labeled files are not purged along with the other configuration files. You have to explicitly select the Purge labeled files option to purge the labeled files. These labeled files are not purged if this option is not enabled.

You can purge the label config files using Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Purge Settings.

See Purging Configurations from the Configuration Archive for further details.

The Label Config window displays the following information:

Column
Description

Label Name

Displays the label name.

Description

Displays the label description.

Created by

Displays the user who created this label.

Created on

Displays the label creation time.


You can click on any column heading to sort the information by that column. If you double-click a heading, the order is reversed.

The Label Configs window contains the following buttons:

Button
Description

Create

Create a label. See Creating a Label for further details.

Edit

Edit a labeled configuration. See Editing a Labeled Configuration for further details.

This button is active only after you select a Label.

View

View a labeled configuration. See Viewing the Labeled Configuration for further details.

This button is activate only after you select a Label.

Delete

Delete labeled configuration. See Deleting the Labeled Configuration for further details.

This button is activate only after you select a Label.


Creating a Label

You can use Label Configuration to create a group of configuration files from selected devices.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


You can create a label file using the following workflow:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Label Configs.

The Label Configs dialog box appears.

Step 2 Click Create.

The Device Selection dialog box appears.

Step 3 In Device Selector pane, select the devices. See Using RME Device Selector for information on how to use RME Device Selector.

Step 4 Go to the Label selection pane and:

Enter the Label Name. You can enter up to 64 characters.

Enter the Label Description. You can enter up to 128 characters.

Step 5 Go to the Config Type pane and select Primary or VLAN.

Option
Description

Primary

Contains the Running and Startup configuration files information.

VLAN

Contains running vlan.dat configuration file information. This configuration type does not contain Startup configuration file information.


Step 6 Go to the Version pane and select Latest to include the most recent configuration only, or All to view all configuration versions.

If you have selected Latest, you can click Finish button in the Select Devices page and complete the Label creation.

If you have selected All, go to Step 7.

Step 7 Click Next.

The Select Configs to be Labelled dialog box appears.

To view the configuration, select a configuration version file from the left pane and click View. The Config Viewer (Understanding the Config Viewer Window) window appears.

To add the selected configuration, select a configuration version file from the left pane and click Add.

To remove the selected configuration, select a configuration version file from the right pane and click Remove.

Step 8 Click Finish.

A message appears, Label LabelName created successfully.

Where LabelName is the name of the label that you entered.

Step 9 Click OK.


Editing a Labeled Configuration

You can make the following changes to a label:

Modify the Label Description.

Remove configuration files from the Selected Versions list.

Add new configuration files from the Devices list.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


You can edit a label file using the following workflow:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Label Configs.

The Label Configs dialog box appears.

Step 2 Select a label and click Edit.

The Device Selection dialog box appears. The devices that are already part of the labeled file are selected.

Step 3 Go to the Device Selector pane and select a new device or deselect a device. See Using RME Device Selector for information on how to use RME Device Selector

Step 4 Go to the Version pane and select Latest to include the most recent configuration only, or All to view all configuration versions.

Step 5 Click Next.

The Label Details dialog box appears with the current details of the label.

Step 6 Do either of the following:

Change the Label Description. You can enter up to 128 characters.

Select a configuration version file from the left pane, click Add to add the selected configuration file.

If you selected Latest in the previous dialog box, the left pane will show devices and the latest archived configuration file. The right pane contains labeled configuration.

If you selected All in the previous dialog box, the left pane will show devices and all available archived configuration files. The right pane contains labeled configuration.


Note You can select only one configuration file for a device.


To remove the selected configuration, select a configuration version file from the right pane and click Remove.

To view the configuration, select a configuration version file from the left pane and click View. The Config Viewer (Understanding the Config Viewer Window) window appears.

Step 7 Click Finish.

A message appears, Label LabelName updated.

Where LabelName is the name of the label as entered by you.

Step 8 Click OK.


Viewing the Labeled Configuration

You can view configurations of a label from the label listing.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.



Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Label Configs.

The Label Configs dialog box appears.

Step 2 Select a label and click View.

The Label Config Viewer window appears with the following information:

Column Name
Description

Device Name

Device Display Name as entered in Device and Credential Repository.

Config Type

Defines the type of configuration PRIMARY, SECONDARY, or VLAN.

PRIMARY/SECONDARY—Contains the Running and Startup configuration files information.

VLAN—Contains running vlan.dat configuration file information. This configuration type does not contain Startup configuration file information.

For ONS devices, the PRIMARY configuration type displays the configuration information from the active CPU, at that instance.

Version

Version of configuration file.

Click on the version to display Config Viewer (see Understanding the Config Viewer Window), which shows contents of corresponding configuration file.

In the Config Viewer window, you can click the Deploy button if you want to perform a Configuration Quick Deploy (Configuration Quick Deploy)

Created On

Date and time configuration file was created.

Change Description

Description of configuration change.



Deleting the Labeled Configuration

You can delete a label from the list of labels in the label configuration dialog box:


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.



Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Label Configs.

The Label Configs dialog box appears.

Step 2 Select the labels and click Delete.

A message appears, Are you sure you want to delete the label(s)?

Step 3 Click OK to delete the labels.


Using Search Archive

You can search the archive for configuration containing text patterns for selected devices. You can specify ten different combinations of patterns/strings as part of search criteria.

For example:

Search all devices for configurations having pattern set banner motd and set banner exec.

Search all devices for configurations having pattern set banner motd and set banner exec and set password.

You can also specify an option to ignore/consider the case sensitive property.

You can create a custom configuration query that searches information about the specified configuration files.

If you monitor devices X, Y, and Z every morning, you can create a custom query on them. When you run the query, RME quickly gathers all the archived configuration files for these devices and displays them in a report.

The Custom Queries window displays the following information:

Column
Description

Query Name

Custom Query name.

Description

Custom Query description.

Created By

User name of the person who created this Custom Query.

Created On

Custom Query creation time.


You can click on any column heading to sort the information by that column. If you double-click a heading, the order is reversed.

The Custom Queries window contains the following buttons:

Button
Description

Create

Create a custom query. See Creating a Custom Query for further details.

Edit

Edit a custom query. See Editing a Custom Query for further details.

This button is activate only after you select a custom query.

Run

Run a custom query. See Running a Custom Query for further details.

This button is activate only after you select a custom query.

Delete

Delete custom queries. See Deleting the Custom Queries for further details.

This button is activate only after you select a custom query.


The user who creates the custom query has the full permission to perform any tasks such as edit, run, etc,. on the Custom Queries.

See Searching Archive for the procedure to search the configuration with and without search pattern.

Creating a Custom Query

To create a custom query:


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.



Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Search Archive > Custom Queries.

The Custom Queries dialog box appears

Step 2 Click Create.

Step 3 Do any of the following:

Enter the Custom Query name. You can enter up to 64 characters.

Enter the Custom Query description. You can enter up to 128 characters.

Enter patterns to search for, for example, http server. You can enter text patterns up to 64 characters.

To search for more than one pattern, enter the second and third patterns in the Pattern 2 and Pattern 3 fields. You can specify ten different combinations of patterns as part of search criteria.

You cannot search for special characters or regular expressions, for example, Control-C, boot*, etc.

Select the search criteria Contains/Does Not Contain.

If you have entered string as a search pattern, you can select Match Any to search for any given pattern string or Match All to search for all pattern strings.

Click Match Case to perform a case-sensitive search, which is more efficient when you know the exact pattern you want to match. By default, Match Case is disabled.

Step 4 Click OK.

A message appears, Custom Query CustomQueryName created successfully.

Where CustomQueryName is the name of the custom query as entered by you.

Step 5 Click OK.


Running a Custom Query

To run a custom query:


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.



Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Search Archive > Custom Queries.

The Custom Queries dialog box appears.

Step 2 Select a Custom Query and click Run.

The Device Selection dialog box appears.

Step 3 Select the devices. See Using RME Device Selector for information on how to use RME Device Selector.

Step 4 Click OK.

The Custom Query Search Result window appears with the following information:

Column Name
Description

Device Name

Device Display Name as entered in Device and Credential Repository.

Click on the device name to launch the Device Center.

Version

Versions of configuration file.

Click on the version to display Config Viewer (see Understanding the Config Viewer Window), which shows contents of corresponding configuration file.

In the Config Viewer window, you can click on the Deploy button if you want to perform a configuration quick deploy (Configuration Quick Deploy)

Created On

Date and time configuration file was created.


You can perform the following tasks from this window:

Select the devices and click NetConfig to make any changes to the device configuration using NetConfig templates.

Select a device and click Edit to edit the device configuration using the Config Editor application.


Editing a Custom Query

You can edit the Custom Query description and modify the search patterns and their criteria. To edit a custom query:


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.



Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Search Archive > Custom Queries.

The Custom Queries dialog box appears.

Step 2 Select a Custom Query and click Edit.

The Custom Query Window appears.

Step 3 Do any of the following:

Update the Custom Query description. You can enter up to 128 characters.

Either add a new search pattern or delete or update an existing search pattern and their criteria. You can enter up to 64 characters.

Modify the string search options Match Any to Match All or vice versa.

Enable/Disable the case-sensitive search.

Step 4 Click OK.

A message appears, Custom Query CustomQueryName updated successfully.

Where CustomQueryName is the name of the Custom Query.

Step 5 Click OK.


Deleting the Custom Queries

To delete the custom queries:


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.



Step 1 Select Resource Manager Essentials > Config Mgmt Archive Mgmt Search Archive Custom Queries.

The Custom Queries dialog box appears.

Step 2 Select a Custom Query and click Delete.

A message appears, The query will be deleted.

Step 3 Click OK.


Searching Archive

You can search the device configuration file with or without the search pattern. You can also narrow down your search using Label Configuration files and Custom Queries.

You can view the search report in two ways:

Search Archive Result

Device Configuration Quick View Report


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To search the configuration archive:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Search Archive.

The Search Archive dialog box appears.

Step 2 Enter the following:

Field
Description
Left Pane

Label Config

Enable this option and select a label name.

The configuration version options Latest and All are disabled.

Device Selector

Select the devices. See Using RME Device Selector for information on how to use RME Device Selector.

If you have selected Label Config, you need not select devices. If you have selected any devices, only the devices that are specified in the label configuration are searched. Other devices are ignored.

Version

Select Latest to search the most recent configuration only or All to search all configuration versions.

If you have selected Label Config, then you cannot specify the versions.

View Type

Select one of these view types:

Version to view the Device Configuration Version Report. This displays all versions of the configuration, the time and date the configurations were archived, and reason for archival.

Quick View to view the Device Configuration Quick View Report. This displays the contents of the configuration files.

Right Pane

Custom Query

Select a Custom Query.

The search patterns that are defined in the Custom Query appear in the Pattern Details text boxes.

In addition to Custom Query search patterns, you can also add additional search patterns.

Pattern Details

Perform the following tasks:

Enter patterns to search for, for example, http server. You can enter text patterns up to 64 characters.

To search for more than one pattern, enter the second and third patterns in the Pattern 2 and Pattern 3 fields. You can specify ten different combinations of patterns as part of search criteria.

You cannot search for special characters, for example, Control-C, boot*, etc.

You can search the device configuration file without the search pattern too. The search will list all archived configuration for all selected devices.

If you have selected the version as Latest, the search will list latest archived configuration for all selected devices.

If you have selected the version as All, the search will list all archived configurations for all selected devices

Select the search criteria Contains/Does Not Contain.

If you have entered string as a search pattern, you can select Match Any to search for any given pattern string or Match All to search for all pattern strings

Click Match Case to perform a case-sensitive search, which is more efficient when you know the exact pattern you want to match. By default, Match Case is disabled.


Step 3 Click Search.

Based on your View type selection, either Search Archive Result or Device Configuration Quick View Report appears.


Search Archive Result

The Search Archive Result displays information about the device configurations. The Search Archive Result contains the following details of the selected configurations:

Column Name
Description

Device Name

Device Display Name as entered in Device and Credential Repository.

Click on the device name to launch the Device Center.

Config Type

Defines the type of configuration PRIMARY, SECONDARY, or VLAN.

PRIMARY/SECONDARY—Contains the Running and Startup configuration files information.

VLAN—Contains running vlan.dat configuration file information. This config type does not contain Startup configuration file information.

For ONS devices, the PRIMARY config type displays the configuration information from the active CPU, at that instance.

Version

Versions of configuration file.

Click on the version to display Config Viewer (see Understanding the Config Viewer Window), which shows contents of corresponding configuration file.

Created On

Date and time configuration file was created.

Change Description

Cause of configuration change.


You can perform the following tasks from this window:

Select the devices and click NetConfig to make changes to the device configuration using NetConfig templates.

Select a device and click Edit to edit the device configuration using the Config Editor application.


Device Configuration Quick View Report

The Device Configuration Quick View report lists the devices, configuration version numbers, and configuration details of the device configuration version you specified.

You can specify how you want to view the contents of the configurations by selecting one of the options under Show:

Click Raw to view data exactly as it appears in the configuration file. There are two panes, one lists all devices and the other displays the configuration.

Click Processed to view data with the commands ordered and grouped. There are three panes, one lists all devices, the second pane lists all configlets, and the third pane displays the configuration.

Column
Description

Devices

Device Display Name as entered in Device and Credential Repository.

Click on the device name to launch the Device Center.

Configlets

You can click on any configlets to display the corresponding information. The available configlets vary from device to device. The following are examples:

All—The entire contents of the configuration files.

SNMP—SNMP configuration commands. For example, snmp-server community public RO.

IP Routing—IP routing configuration commands. For example, router abcd 100.

Interface folder—The different interface configuration commands. For example,
Interface Ethernet0 and Interface TokenRing.

Global—Global configuration commands. For example no ip address.

Line con 0—Configuration commands for line console 0.

IP—IP configuration commands. For example, ip http server.

Configuration file name

You can view the contents of configuration file.


The following buttons are available on the Config Viewer:

Button
Description

Export

(Icon)

Exports the configuration file.

If you are using the Raw mode then the exported file format is cfg. The file name convention is DeviceName-VersionNumber.cfg.

If you are using the Processed mode then the exported file format is XML. The file name convention is DeviceName-VersionNumber.xml.

Where DeviceName is the device Display Name as entered in Device and Credential Repository and VersionNumber is the device configuration version.

The default directory where Configuration Archive file is exported is:

On RME Solaris server,

/var/adm/CSCOpx/files/rme/dcma/configexport

On RME Windows server,

NMSROOT\files\rme\dcma\configexport

 

Export (continue)

To export a file:

1. Click on the icon.

The Export Config File dialog box appears.

2. Enter the folder name on the RME server.

You must enter the default export directory. You cannot enter any other directory.

To change the default directory, see the RME FAQs section in the User Guide for Resource Manager Essentials 4.2:

http://www.cisco.com/en/US/products/sw/cscowork/ps2073/products_user_guide_list.html

or

Browse to select a folder on the RME server.

The Server Side File Browser dialog box appears.

a. Select a folder on the RME server.

b. Click OK.

The Browse button takes you to the default directory. It does not allow you to change this default export directory.

To change the default directory, see the RME FAQs section in the User Guide for Resource Manager Essentials 4.2:

http://www.cisco.com/en/US/products/sw/cscowork/ps2073/products_user_guide_list.html

3. Click OK.

If you have exported configuration in the Raw mode, the notification message displays, Config file exported as ExportedFolder\DeviceName-VersionNumber.cfg

If you have exported configuration in the Processed mode, the notification message displays, Config file exported as ExportedFolder\DeviceName-VersionNumber.XML

Where ExportedFolder is the location where configuration file is exported.

4. Click OK.

Print

(Icon)

Generates a format that can be printed.

Compare with previous version

Compares configuration with the previous version. When you click on this button, a new window Config Diff Viewer opens to show configurations side by side.

See Understanding the Config Diff Viewer Window for further details.

This button is activate only if you have a previous version of configuration.

Compare with next version

Compares configuration with the next version. When you click on this button, a new window Config Diff Viewer opens to show configurations side by side.

See Understanding the Config Diff Viewer Window for further details.

This button is activate only if you have a next version of configuration.

Edit

Launches Config Editor window.

This button is active only if you are viewing the configuration version from the archive.

See Editing and Deploying Configurations Using Config Editor for further details.

Deploy

You can perform a configuration quick deploy.

This button is active only if you are viewing the configuration version from the archive.

See Configuration Quick Deploy.


Comparing Configuration

You can compare two device configuration files from version to version or from device to device. You can also compare the configuration when a device was started with the current configuration, and the current configuration with the most recently archived configuration.

You can list the commands that have to be excluded while comparing configurations.

To do this select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Exclude Commands. See Configuring Exclude Commands for further details.

You can compare the configurations in these ways:

Startup vs. Running—Compares the configuration when the device was started with the current configuration. These configurations are fetched from the device.

See Comparing Startup vs. Running Configurations.

Running vs. Latest Archived—Compares the running configuration with the most recent archived configuration. The Running configuration is fetched from the device.

See Comparing Running vs. Latest Archived Configurations.

Two Versions of the Same Device—Compares two archived configuration versions.

See Comparing Two Configuration Versions of the Same Device.

Two Versions of Different Devices—Compares any two configurations in the configuration archive.

See Compare Two Configuration Versions of Different Devices.

Comparing Startup vs. Running Configurations

You can compare the configuration when a device was started with the current configuration. These configurations are fetched from the device.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To compare Startup vs. Running configurations:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Compare Configs.

The Compare Configurations dialog box appears.

Step 2 Select Startup vs. Running and click Compare.

The Device Selection dialog box appears.

Step 3 Select a device. See Using RME Device Selector for information on how to use RME Device Selector.

Step 4 Click OK.

The Understanding the Config Diff Viewer Window window appears.


Comparing Running vs. Latest Archived Configurations

You can compare the configuration currently running on a device with the most recent configuration stored in the configuration archive. The Running configuration is fetched from the device.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To compare Running vs. latest archived configurations:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Compare Configs.

The Compare Configurations dialog box appears.

Step 2 Select Running vs. Latest Archived and click Compare.

The Device Selection dialog box appears.

Step 3 Select a device. See Using RME Device Selector for information on how to use RME Device Selector.

Step 4 Click OK.

The Understanding the Config Diff Viewer Window window appears.


Comparing Two Configuration Versions of the Same Device

You can compare two different archived configurations of the same device.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To compare two versions of the same device:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Compare Configs.

The Compare Configurations dialog box appears.

Step 2 Select Two Versions of the Same Device and click Compare.

The Device Selection dialog box appears.

Step 3 Select a device. See Using RME Device Selector for information on how to use RME Device Selector.

Step 4 Click Next.

The Select First Configuration dialog box appears with the following information:

Column Name
Description

Config Version

Versions of configuration file.

File Type

Defines the configuration file type that is either Running or Startup configuration.

Config Type

Defines the type of configuration PRIMARY, SECONDARY, or VLAN.

PRIMARY/SECONDARY—Contains the Running and Startup configuration files information.

VLAN—Contains running vlan.dat configuration file information. This configuration type does not contain Startup configuration file information.

For ONS devices, the PRIMARY configuration type displays the configuration information from the active CPU, at that instance.

Created On

Date and time configuration file was created.


Step 5 Click on the first configuration to compare and click Next.

The Select Second Configuration dialog box appears with the same information as the Select First Configuration window.

Step 6 Click on the second configuration to compare it with first configuration and click Finish.

The Understanding the Config Diff Viewer Window window appears.


Compare Two Configuration Versions of Different Devices

You can compare two archived versions of a configuration of the same or different devices.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To compare two versions of different devices:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Compare Configs.

The Compare Configurations dialog box appears.

Step 2 Select Two Versions of Different Devices and click Compare.

The Select Device and Pattern dialog box appears.

Step 3 Perform the following and click Next:

Field
Description
Left Pane

Device Selector

Select the devices.

See Using RME Device Selector for information on how to use RME Device Selector.

Version

Select Latest to view the most recent configuration or All to view all configuration versions.

Right Pane

Pattern Details

Perform the following tasks:

1. Enter patterns to search for, for example, http server. You can enter text patterns up to 64 characters.

To search for more than one pattern, enter the second and third patterns in the Pattern 2 and Pattern 3 fields. You can specify ten different combinations of patterns as part of search criteria.

You cannot search for special characters or regular expressions, for example, Control-C, boot*, etc.

You can search the device configuration file without the search pattern too.

2. Select the search criteria Contains/Does Not Contain.

If you have entered string as a search pattern, you can select Match Any to search for any given pattern string or Match All to search for all pattern strings.

3. Click Match Case to perform a case-sensitive search, which is more efficient when you know the exact pattern you want to match. By default, Match Case is disabled.


The Select First Configuration dialog box appears with the following information:

Column Name
Description

Device Name

Device Display Name as entered in Device and Credential Repository.

Config Version

Versions of configuration file.

File Type

Defines the configuration file type that is either Running or Startup configuration.

Config Type

Defines the type of configuration PRIMARY, SECONDARY, or VLAN.

PRIMARY/SECONDARY—Contains the Running and Startup configuration files information.

VLAN—Contains running vlan.dat configuration file information. This configuration type does not contain Startup configuration file information.

For ONS devices, the PRIMARY configuration type displays the configuration information from the active CPU, at that instance.

Created On

Date and time configuration file was created.


Step 4 Click on the first configuration to compare and click Next.

The Select Second Configuration dialog box appears with the same information as the Select First Configuration window.

Step 5 Click on the second configuration to compare it with first configuration and click Finish.

The Understanding the Config Diff Viewer Window window appears.


Understanding the Config Diff Viewer Window

The Configuration Version Compare report shows the differences between the two selected configurations. You can access the Configuration Version Compare report by comparing device configurations.

You can specify how you want to view the differences between the configurations by selecting one of the options under Show:

Click Raw to view the differences between the two raw configurations.

Click Processed to view the differences with the commands ordered and grouped.

The color conventions that are used on Config Diff Viewer are:

Black—All unchanged text.

Red—Lines that have changed from one version to another.

Blue—Lines that have been added or deleted from one of the versions.

The Configuration Versions Compare report has three columns:

Column
Description

Configlets

You can click on any configlet to display the corresponding information. The available configlets vary from device to device. The following are examples:

Diffs—Displays the differences between the two configuration files (if you selected more than one).

All—The entire contents of the configuration files.

SNMP—SNMP configuration commands. For example, snmp-server community public RO.

IP Routing—IP routing configuration commands. For example, router abcd 100.

Interface folder—The different interface configuration commands. For example, Interface Ethernet0 and Interface TokenRing.

Global—Displays global configuration commands. For example no ip address.

Line con 0—Displays configuration commands for line console 0.

IP—Displays IP configuration commands. For example, ip http server.

First configuration file

Contains the contents of the first configuration file.

Second configuration file

Contains the contents of the second configuration file.


The buttons on the Config Diff Viewer are:

Button
Description

Export

(Icon)

Export the configuration file.

If you are using the Raw mode then the exported file format is cfg. The file name convention is DeviceName-VersionNumber.cfg.

If you are using the Processed mode then the exported file format is XML. The file name convention is DeviceName-VersionNumber.xml.

Where DeviceName is the device Display Name as entered in Device and Credential Repository and VersionNumber is the device configuration version.

The default directory where Configuration Archive file is exported is:

On RME Solaris server,

/var/adm/CSCOpx/files/rme/dcma/configexport

On RME Windows server,

NMSROOT\files\rme\dcma\configexport

 

Export (continue)

To export a file:

1. Click on the icon.

The Export Config File dialog box appears.

2. Enter the folder name on the RME server.

You must enter the default export directory. You cannot enter any other directory.

To change the default directory, see the RME FAQs section in the User Guide for Resource Manager Essentials 4.2:

http://www.cisco.com/en/US/products/sw/cscowork/ps2073/products_user_guide_list.html

or

Browse to select a folder on the RME server.

The Server Side File Browser dialog box appears.

a. Select a folder on the RME server.

b. Click OK.

The Browse button takes you to the default directory. It does not allow you to change this default export directory.

To change the default directory, see the RME FAQs section in the User Guide for Resource Manager Essentials 4.2:

http://www.cisco.com/en/US/products/sw/cscowork/ps2073/products_user_guide_list.html

3. Click OK.

If you have exported configuration in the Raw mode, the notification message displays, Config file exported as ExportedFolder\DeviceName-VersionNumber.cfg

If you have exported configuration in the Processed mode, the notification message displays, Config file exported as ExportedFolder\DeviceName-VersionNumber.XML

Where ExportedFolder is the location where configuration file is exported.

4. Click OK.

Print

(Icon)

Generates a format that can be printed.


Using Archive Management Job Browser

You can browse the Archive Management jobs that are registered on the system. From the Archive Mgmt Jobs dialog box you can also retry, delete, stop jobs and view a job's details.

The Archive Management Jobs window displays the following information:

Column Name
Description

Job ID

Unique number assigned to the job when it is created.

For periodic jobs such as Daily, Weekly, etc., the job IDs are in the number.x format. The x represents the number of instances of the job. For example, 1001.3 indicates that this is the third instance of the job ID 1001.

Click on the Job ID to view the Archive Management Job Details (see Viewing the Archive Management Job Details).

Job Type

Type of the configuration job.

Sync Archive—Appears if you had scheduled a Sync Archive job (Resource Manager Essentials > Config Mgmt > Archive Mgmt > Sync Archive).

Get Config—Appears if you had scheduled a configuration fetch job using the CLI command, cwcli config get.

Put Config—Appears if you had scheduled a configuration retrieve job using the CLI command, cwcli config put.

Import Config—Appears if you had scheduled a job that retrieved the configuration from a file and if you had transferred it to the device using the CLI command, cwcli config import.

Write to Running Config—Appears if you had scheduled a job that downloaded the differences between the specified configuration file and the latest configuration version in the archive for the specified device, using the CLI command, cwcli config write2run.

Job Type

(Continue)

Write to Startup Config—Appears if you had scheduled a job that erased the contents of the device Startup configuration and if wrote contents of a specified file as new Startup configuration, using the CLI command, cwcli config write2start.

Copy Running Config to Startup—Appears if you had scheduled a job that overwrote with the Startup configuration of the device with the Running configuration, using the CLI command, cwcli config run2start.

Copy Startup Config to Running—Appears if you had scheduled a job that merged the Startup configuration with the Running configuration, using the CLI command, cwcli config start2run.

Reload Device—Appears if you had scheduled a job that rebooted the devices, using the CLI command cwcli config reload.

Config Quick Deploy—Appears if you had created an immediate Configuration Quick Deploy job, using the Config Viewer window.

Compliance Check—Appears if you had scheduled a Compliance Check job (Resource Manager Essentials > Config Mgmt > Compliance Manager > Compliance Check and clicked the Compliance Check button).

Check Compliance and Deploy—Appears if you had scheduled a Compliance Check job with the job option, Check compliance and deploy enabled (Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates > Compliance and clicked the Compliance Check button).

Deploy Baseline template—Appears if you had scheduled a Baseline Template deploy job (Resource Manager Essentials > Config Mgmt > Compliance Manager > Direct Deploy and clicked the Deploy button).

Deploy Compliance Results—Appears if you had scheduled a Deploy job on the non-complaint devices (Resource Manager Essentials > Config Mgmt > Compliance Manager > Compliance/Deploy Jobs and clicked the Deploy button).

Status

Job states:

Cancelled—Running job stopped by you.

Failed—Failed job. Click on the Job ID to view the job details.

The number, within brackets, next to Failed status indicates the count of the devices that had failed for that job. This count is displayed only if the status is Failed.

For example, If the status displays Failed(5), then the count of devices that had failed amounts to 5.

This count of failed devices is not displayed for jobs restored from RME 4.0.4 or lesser versions.

Running—Job still running.

Scheduled—Job scheduled to run.

Rejected—Job rejected by an approver. Click on the Job ID to view the rejection details.

Successful—Job completed successfully

Waiting for Approval—Job waiting for approval.

Description

Job description entered during job definition

Owner

User who created this job.

Scheduled at

Date and time job is scheduled to run.

Completed at

Date and time at which job completed.

Schedule Type

Run type of the job: Immediate, Once, 6 - hourly, 12 - hourly, Daily, Weekly, and Monthly.


You can click on any column heading to sort information by that column. If you double-click on a heading, the order is reversed.

You can use the Filter button to do a quick search on the Archive Management jobs. You can perform filters by using these options:

Filter Options
Description

Job ID

Unique number assigned to the job when it is created.

For periodic jobs such as Daily, Weekly, etc., the job IDs are in the number.x format. The x represents the number of instances of the job.

For example, 1001.3 indicates that this is the third instance of the job ID 1001.

Job Type

Types of Archive Management jobs.

For example: Sync Archive, Write to Running Config, etc.

Status

Status of the job.

For example: Successful, Failed, etc.

Description

Job description.

Owner

Owner of the job.

Schedule Type

Job schedule Type.

For example: Immediate, Weekly, etc.

Refresh

(Icon)

Click on this icon to refresh the Archive Management Job Browser.


You can perform the following tasks on this window:

Retrying a Config Job

Stopping a Config Job

Deleting the Config Jobs

Retrying a Config Job

You can retry only a failed job. You cannot retry a job that are scheduled to run periodically (Daily, Weekly, and Monthly).


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To retry a job:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.

The Archive Management Jobs dialog box appears.

Step 2 Select a failed job and click Retry.

The Job Schedule and Options dialog box appears.

Step 3 Enter the following information:

Based on your retry job selection, some of the options may not be visible.

For example, 6 - hourly and 12 -hourly Run Type options are visible only if you are retrying a Sync Archive job. This is not visible for other types of Archive Management jobs.

Field
Description
Scheduling

Run Type

You can specify when you want to run the selected Retry job.

To do this, select one of these options from the drop-down menu:

6 - hourly—Runs this task every 6 hours, starting from the specified time.

12 - hourly—Runs this task every 12 hours, starting from the specified time.

Immediate—Runs this task immediately.

Once—Runs this task once at the specified date and time.

Daily—Runs daily at the specified time.

Weekly—Runs weekly on the day of the week and at the specified time.

Monthly—Runs monthly on the day of the month and at the specified time.

The subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.

For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed.

If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, the next job will start only at 10:00 a.m. on November 3.

Date

You can select the date and time (hours and minutes) to schedule.

The Date field is enabled only if you have selected an option other than Immediate in the Run Type field.

Job Information

Approver Comments

Enter comments for the job approver.

This field appears only if you have enabled job approval for Archive Management.

Maker E-Mail

Enter the e-mail-ID of the job creator. This is a mandatory field.

This field appears only if you have enabled job approval for Archive Management.

Job Password

If you have enabled the Enable Job Password option and disabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) enter the device login user name and password and device Enable password.

If you have enabled the Enable Job Password option and enabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) either:

Enter the device login user name and password and device Enable password

Or

Disable the Job Password option in the Job Schedule and Options dialog box.

E-mail

Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.

You can enter multiple e-mail addresses separated by commas.

Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).

We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.


Step 4 Click Submit.

A message appears, Job resubmitted successfully.

Step 5 Click OK.


Stopping a Config Job

You can stop the following running job types (See Using Archive Management Job Browser for details on the job types):

Put Config

Import Config

Write to Running Config

Write to Startup Config

Copy Running Config to Startup

Copy Startup Config to Running

Reload Device

Config Quick Deploy

Check Compliance and Deploy

Deploy Baseline template

Compliance check


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To stop a Archive Management job:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.

The Archive Management Jobs dialog box appears.

Step 2 Select a running job and click Stop.

A message appears, Selected job(s) will be stopped.

Step 3 Click OK.


Deleting the Config Jobs

You can delete the job in these status:

Cancelled

Failed

Scheduled

Rejected

Successful

Waiting for Approval

You cannot delete a running job.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To delete jobs:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.

The Archive Management Jobs dialog box appears.

Step 2 Select a running job and click Delete.

A message appears, Selected job(s) will be deleted.

Step 3 Click OK.


Viewing the Archive Management Job Details

From the Archive Management Jobs window, you can learn more about one job by viewing its details. You can view this details by clicking the Job ID on the Config Job window.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


The Archive Management Job Details window contains the following information:

Page/Folder
Description

Execution Summary

Displays summary of completed job:

Execution Summary—Information about the job status, start time and end time.

Device Summary—Information about the job completion status on the devices you have selected. For example, number of successful devices where the job is executed successfully.

Click on Device Details folder and device status link and on the Device link to see the complete job execution details.

Execution Message (Pre-Execution and Post-Execution)—Information about any e-mails sent.

Device Details

Contains detailed job results for each device. Displays status folders that correspond to possible device status:

Successful Devices—Devices were successfully executed.

Failed Devices—Devices were not successfully executed.

Partially Failed Devices—Job partially failed to run on these devices.

Pending Devices—Job did not try to update devices, even though they were selected.

Not Attempted—Job did not attempt to run on these devices.

Click on Status to see the job details. Details include a record of the entire CLI session between RME and the device. To launch the Device Center, click on the device display name.

When the configuration fetch takes unusually long, this error message appears,

Unable to get results of job execution for device. Please retry the job

This could happen because of slow device response, Network latency, etc.

Work Order

Contains the Summary of the job definition such as,

Detailed information, such as owner, schedule type, and Job Approval state.

Policies configured for the job, such as E-mail Notification and Job Based Password.

Devices on which the job runs. Also, gives details about the commands.

For retried jobs, these job definitions are not updated. For such jobs the original job definitions are retained.


The buttons on the Job Details window are:

Delete—You can delete jobs with the following Job Status:

Cancelled

Failed

Scheduled

Rejected

Successful

Waiting for Approval

You cannot delete a running job.

Stop—You can stop the following running job types (See Using Archive Management Job Browser for details on the job types):

Put Config

Import Config

Write to Running Config

Write to Startup Config

Copy Running Config to Startup

Copy Startup Config to Running

Reload Device

Config Quick Deploy

Check Compliance and Deploy

Deploy Baseline template

Compliance check

Baseline Template

For more information on Baseline Templates, see Using Baseline Templates to Check Configuration Compliance.