Table Of Contents
Release Notes for the Cisco Application Networking Manager 1.2
New Features
Changes in ANM 1.2
New Features and Support
Features Changed
Features Removed
Supported Devices and Software
ANM Product Documentation Set
Resolved Caveats in Software Version 1.2
Open Caveats in Software Version 1.2
Obtaining Documentation and Submitting a Service Request
Release Notes for the Cisco Application Networking Manager 1.2
March 18, 2009
This release note applies to the Cisco Application Networking Manager (ANM) 1.2 release.
This release note contains the following sections:
•
New Features
•Changes in ANM 1.2
•Supported Devices and Software
•ANM Product Documentation Set
•Resolved Caveats in Software Version 1.2
•Open Caveats in Software Version 1.2
•Obtaining Documentation and Submitting a Service Request
Caution Because the ANM 1.2 image does not support upgrading from Beta or pre-FCS ANM versions, when you install the ANM 1.2 image, you will lose all current Beta or pre-FCS ANM data. You will need to reimport all devices and modules that you previously imported.
New Features
The ANM provides the following features:
•Device Import
ANM allows you to select the supported devices that you want to add to its database. The method you use to identify and select the supported devices you may have in your network is up to you:
–You can specify the individual chassis and ACE modules or appliances you want to import. You can then import any resident ACE module with their chassis configuration.
–You can run device discovery to identify the supported devices on your network and select the supported routers or chassis and ACE modules you want to import.
You can then add supported devices by manually adding the credentials. The same process is also used to import CSS, CSM, and ACE 4710 devices.
Regardless of the method you use, if the ACEs have not been configured before, ANM can import and configure them using the ANM interface.
Note Make sure the ACE or CSM module you want to import has booted successfully and is in the OK/Pass state as seen when you issue the Supervisor IOS CLI command show module.
•ACE Configuration and Server Management
ACE configuration allows you to import the ACE devices you want to manage using ANM, establish static routes, and install, update, or remove ACE licenses. In addition, you can configure ACE devices for high availability to ensure a reliable, fault-tolerant environment.
Server management enables you to activate and suspend servers, establish server weight, and set limits on the number of connections for each server.
•Provisioning
ANM allows you to configure such items as VLANs, SNMP, syslog, ACLs, SSL, L4/L7 Application Protocol Inspection, Application Acceleration and Optimization, and Compression on Supervisor modules, ACE modules, and ACE 4710 appliances. In addition, you can establish traffic policies, load-balancing services with activation and suspension, and fault tolerance to ensure that network services are available to your customers in a reliable manner.
In addition to service load balancing, traffic policies, and configuration templates, you can use virtual contexts to partition Cisco ACE devices. Each virtual context contains its own set of policies, interfaces, and resources, allowing you to more efficiently manage system resources and services. Users can create their own logical groups of devices and virtual contexts within ANM for ease of management and reference.
You can also create virtual servers, which provide a simplified abstraction of the ACE class maps and policy maps. When you add and configure virtual servers, you define their specific properties, load-balancing attributes, resources, and policies. In addition to Layer 3/Layer 4 traffic policies, ANM allows you to configure Layer 7 protocol-specific classes that perform server load balancing based on HTTP traffic, deep inspection of HTTP traffic, or the inspection of FTP commands by the ACE. ANM also supports load-balancing provisioning for SIP, RTSP, RDP, DNS, Radius, and generic TCP/UDP.
After configuring real servers, you can deploy virtual servers when appropriate for your environment.
ANM also allows you to establish resource classes, which are sets of resources and allocations available for use by virtual contexts. Resource classes ensure that no single context uses all available resources, thus starving other contexts, and allows you to configure resources in a manner that best meets your customers' needs.
Provisioning also allows you to extract, modify, and tag configuration templates for auditable, retrievable working configurations and to synchronize context configurations between the ANM and ACE devices.
•Monitoring
Monitoring provides real-time device health, performance information, event reporting, and resource utilization via syslog, trap, and SNMP polling. Enhancements include threshold alarms and notification, global polling settings, and enhanced views (service path and event views).
Monitoring provides system view, traffic summary, resource usage view, VIP service path, Load Balancing statistics, and Application Acceleration views via SNMP and CLI polling. These views are available on per context basis as well as on device group level. Monitoring views are supported for ACE 1.0, ACE 2.0, ACE 4710, CSS, and CSM devices.
Events view is enhanced by parsing IP and port information from traffic-related events and provides the ability to sort based on this information. This feature is driven by SNMP traps and syslogs. Events view is supported for ACE 1.0, ACE 2.0, and ACE 4710 devices.
•User and system administration
ANM provides secure, granular, role-based access control that ensures that users view only the devices or services or perform the actions that are included in the domains to which they have access. Predefined user roles allow quick setup of users. You can create organizations which allow you to configure AAA server lookup for your users or to set up users who work for a service provider customer.
Centralized management of ANM enables you to set up and check ANM statistics and manage ANM licenses.
If you encounter a problem with ANM, you can use the Lifeline feature to report the problem to Cisco Technical Support. Lifeline takes a snapshot of the running system configuration, status, buffers, logs, thread dumps, and messages and allows you to submit a diagnostic package to Cisco to aid in problem resolution.
Changes in ANM 1.2
The following sections detail the changes in the ANM 1.2 release:
•New Features and Support
•Features Changed
•Features Removed
New Features and Support
The following features and support are new for the ANM 1.2 release:
•Import and configuration support for 7600 series routers, Cisco Content Switching Module (CSM) devices, and Cisco Content Services Switch (CSS) devices
•Global resource classes
•RTSP, SIP-TCP, SIP-UDP, and SNMP probes
•DHCP relay agent
•Support for ACE 2.0 modules, including:
–ACL object groups
–Global Static NAT
–Action lists for HTTP optimization
–SSL authentication groups and certificate revocation lists
–Parameter map support for generic, RTSP, SIP, and Skinny traffic policies
–Stickiness based on HTTP content, Layer 4 payloads, RADIUS attributes, RTSP headers, and SIP headers
–Traffic class maps and policy maps for generic, RADIUS, RTSP, and SIP server load balancing
–Traffic class maps and policy maps for SIP deep packet inspection
–Traffic policy maps for Skinny deep packet inspection and RDP server load balancing
•Support for ACE appliances, including:
–Application acceleration and optimization options for logging and debugging
–Optimization parameter map support for traffic policies
–Port channel and Gigabit Ethernet interface configuration options
–Action lists for application acceleration and HTTP optimization
–Traffic policy maps for HTTP optimization
•New Monitoring features including
–Monitoring of 7600 series routers, Cisco Content Switching Module (CSM) devices, Cisco Content Services Switch (CSS) devices, and device groups
–System, Resource Usage, Traffic, Load Balancing, and Application Acceleration monitoring capabilities
–Alarm notifications
–On-demand polling by using the Poll Now feature
–Threshold group creation
–Ability to configure global polling parameters and SMTP configuration
•New feature added under ANM Management > License Management.
•Device Role-Based Access Control (RBAC)
•New Organizations feature under Admin > Role-Based Access Control.
•Licensing, including new license requirements (server and ACE licenses)
Features Changed
•Configuration templates are renamed configuration building blocks to more closely represent their functionality and how they can be used.
•The ANM documentation has been updated to focus on Device Add vs. Discovery. Discovery just discovers the IP addresses of the devices.
•The ANM Server Status screen under ANM Management no longer has graphing capabilities.
•There are new Roles (default roles) available under RBAC.
•In ANM 1.1, the syslog events ANM received were related to High Availability (HA) status changes, not all syslog events. ANM 1.2 uses periodical polling to get the HA status instead of syslog.
Features Removed
•GUI Bypass
•Options for configuring polling and monitoring in configuration templates (building blocks in ANM 1.2)
•Comparing two template configurations
•Comparing two chassis configurations
•Auditing chassis configurations
•Viewing VLAN connectivity
•Failover in ANM Management Synchronizing and Verifying the DB in ANM Management User Groups in RBAC
•For upgrades:
–Staged objects are not migrated during an upgrade; only deployed devices are migrated.
–User names are migrate, but not their relationships to roles or domains.
–Custom Roles are migrated during an upgrade.
Supported Devices and Software
For information on Cisco devices supported by ANM 1.2, refer to the Supported Devices Table for the Cisco Application Networking Manager 1.2 located at:
http://www.cisco.com/en/US/products/ps6904/products_device_support_tables_list.html
ANM Product Documentation Set
In addition to this release note, the Cisco Application Networking Manager (ANM) documentation set includes the following publications. You can access the ANM documentation on www.cisco.com at:
http://www.cisco.com/en/US/products/ps6904/tsd_products_support_series_home.html
•Installation Guide for the Cisco Application Networking Manager 1.2—Includes complete installation and configuration information for the ANM 1.2 software.
•User Guide for the Cisco Application Networking Manager 1.2—Includes complete information about ANM functionality and detailed procedures for its use. Contains all of the information found in online help.
Available either on cisco.com or from the ANM online help.
•Context-sensitive online help—Help topics for all pages in the UI (also provides access to PDFs of the user guide). Select an option from the ANM GUI, then click Help.
•Supported Devices Table for the Cisco Application Networking Manager 1.2—Includes complete supported device and firmware versions for ANM.
Resolved Caveats in Software Version 1.2
Table 1 describes the resolved caveats in ANM 1.2.
Table 1 Resolved Caveats in Software Version 1.2
Bug ID
|
Summary
|
Explanation
|
CSCsj06023
|
Importing a CSS device blocks the import of CSM, Cat6K, etc.
|
After you import a CSS device, you cannot import other device types. When you try adding a device, you get an error message indicating that the device is not reachable.
|
CSCsj17633
|
Device group virtual context members are not removed when the chassis is deleted.
|
Under the following conditions, when you click on a virtual context in a device group, an error message is displayed:
•In ANM1.1, you create a device group that contains virtual contexts. You later delete the chassis and reimport it using a different name. ANM is upgraded to 1.2.
•You create a device group in ANM 1.2, then later delete the chassis.
|
CSCsj32079
|
RBAC: Add domain with Object Type All results in an error.
|
When you add an ACE module or ACE appliance with the Object Type All to a domain in Config > Device RBAC, you get an error message.
|
CSCsj37771
|
ACE4710 Optimization attributes are discovered in expert mode but not in the virtual server form.
|
When you discover an ACE 4710 device in the Admin virtual context with virtual server enabled with optimization, the ACE 4710 optimization attributes are discovered in Expert mode but not in the virtual server form.
|
CSCsj39561
|
In the virtual server form, the server farm predictor hash-cookie name does not appear in the UI.
|
When you select an ACE 2.0 virtual context, create a virtual server using the advanced form and then deploy it, when you later edit the virtual server form and change the server farm predictor to hash-cookie, the deployment fails because you need to enter a cookie name, which does not appear in the UI.
|
CSCsj54205
|
RBAC: User Password fields are not mandatory for remote authentication.
|
When you select Admin > RBAC > Users, and add a new user, the Password and Confirm fields should not be mandatory.
|
CSCsj55462
|
Applying a template returns an unexpected message.
|
You might see unexpected UI messages when you perform the following steps:
1. Select Config > Global > Templates.
2. Create a template and tag it, then select the tagged template.
3. Apply the template to a virtual context.
The template is applied successfully, but UI returns unexpected message.
|
CSCsj57398
|
The Edit/Browse button is missing from some screens.
|
The button that allows you switch between configure and browse modes is missing on some screens, such as SNMP.
|
CSCsj57587
|
On the virtual server form, HTTP Deep Packet Inspection is enabled, but the L7 Inspect policy map is not deployed.
|
When you select a virtual context, then select Load Balancing > Virtual Server > Add a VIP, select protocol HTTP or HTTPS, enable HTTP Deep Packet Inspection and deploy the changes, the HTTP Deep Packet Inspection is enabled in the Virtual Server form, but the L7 Inspect policy map is not deployed.
|
CSCsj57817
|
RBAC: Permissions are not set for Network-Monitor role.
|
When you select Admin > RBAC > Users then add a new user with the Network-Monitor role and log in as the user, all the ANM screens are blank.
|
CSCsj59705
|
Failure to add Inline Match to Advanced Virtual Server.
|
When you add a virtual server using the Advanced View, if you select to Add a New Inline Match to L7 load balancing, the deployment fails with the following error:
Internal Error: non-existent column "Sourcemask" for table "Policymap%Rule".
|
CSCsj59778
|
RBAC: Server Maintenance role does not have View permissions.
|
When you select Admin > RBAC > Users and add a user with the Server Maintenance role, the correct permissions are not applied to the Server Maintenance role. You cannot see Server Farms, NAT, VIP, or threshold information.
|
CSCsj61715
|
RBAC: Custom domains with single virtual context, real server, or VIP cannot be used.
|
When you select Admin > RBAC > Domains, select a user organization, add a new domain and select only one virtual context, real server, or VIP the device does not display in the device tree.
|
CSCsj61084
|
Deleting an ACL entry results in a UI error.
|
When you select an ACE 2.0 virtual context, create an extended IP access list any any, then try to delete the permit entry, an error message is displayed.
|
CSCsj61175
|
Probes with name "tcp" or "udp" are not discovered.
|
The ANM cannot discover a probe with the name TCP or UDP.
|
CSCsj61659
|
Sticky Group sticky-enabled attributes are not discovered.
|
The sticky enabled attribute of the Sticky Group object is not correctly discovered by ANM.
|
CSCsj61669
|
RBAC: The Organization table does not update Contact Name.
|
When you select Admin > RBAC > Organizations, add a new organization, enter a Contact Name, then save the entry, the Contact Name column is not updated.
|
CSCsj63142
|
Compression is not enabled on ACE4710 devices through the Virtual Server form.
|
When you select an ACE 4710 device, create and successfully deploy an HTTP virtual server using the Virtual Server Advanced Form, then later edit the Virtual Server and enable compression, compression is not enabled on the device.
|
CSCsj63792
|
Provide a clear warning that FT switchover is not supported for ACE1 virtual contexts.
|
When you click Switchover to perform FT switchover between virtual contexts on ACE1 and ACE2, the error "% invalid command detected at `^' marker" is displayed in the UI.
|
CSCsj71595
|
Advanced virtual server form: Exception appears when viewing Radius, RTSP, generic, and all sticky groups.
|
When you select an ACE 2.0 virtual context, you might get an error message when you try to view the following attributes in the virtual server form:
•Sticky groups
•Radius
•RTSP
•Generic virtual server sticky groups
|
CSCsj73139
|
RBAC: Should not allow user to delete custom role if it is still in use.
|
ANM incorrectly allows you to delete a role you created under Admin > RBAC > Roles, even if the role is still being referenced by a user. In addition, the deleted role continues to appear in the table next to the selected user.
|
CSCsj81102
|
CSM virtual servers do not display on the Operations page.
|
When you add or update a CSM device, the Operations page cache is not updated. As a result, some CSM virtual servers might not appear when you select Config > Operations.
|
CSCsj81218
|
After login, page loading takes forever if server left idle for few days
|
If the ANM server is left idle for a 5-10 days without performing any operations, when you try to log into the server, the loading pages takes an excessively long time.
|
CSCsj87533
|
Incorrect display of RDP virtual server appears in virtual server table.
|
When you create a RDP virtual server in a virtual context using the ACE CLI interface, the discovery appears successful but the virtual server table displays the following information incorrectly:
•Configured state is "Out of service."
•RDP port number is not displayed.
•VLAN ID is not displayed.
•Server farm is not displayed.
|
CSCsj90809
|
TCP and UDP virtual server port field is discovered incorrectly in the virtual server form.
|
When you create a TCP virtual server in a virtual context using the ACE CLI interface, the discovery seems successful, but the port field is empty on the virtual server form. Because the port field is required, any further deployment operations will fail for this virtual server.
|
CSCsj90904
|
CSS/CSM on-demand polling cannot retrieve SNMP credentials upon ANM restart.
|
The Monitoring Poll Now function is unable to retrieve the SNMP credentials from CSS and CSM devices when the ANM server is restarted. Background polling is not affected and works correctly.
|
CSCsj92352
|
CSM import fails when virtual server and policy map point to the same SF
|
CSM import fails when the virtual server and policy map point to the same server farm.
|
CSCsj92593
|
Need auto restart monitoring when CSS/CSM SNMP credentials are changed.
|
When you change the SNMP credentials on a CSM or CSS device, monitoring is not automatically started as it should be.
|
CSCsj92726
|
Device tree displays identical real servers under the wrong chassis.
|
When you have real servers with identical names, the device tree displays them under the wrong chassis and virtual context.
|
CSCsj96011
|
Discovery fails when non-configured NAT ID is referenced to the policy map.
|
ANM discovery fails if you have any non-configured NAT pool IDs referenced to the policy map.
|
Open Caveats in Software Version 1.2
Table 2 describes the open caveats in software version 1.2.
Table 2 Open Caveats in Software Version 1.2
Bug ID
|
Summary
|
Explanation
|
CSCsj13528
|
Device name shows up as rmoid in the Alarm Notifications and Events screens.
|
In the Alarms Notifications page, in the Source ID field, an internal ID is displayed instead of the correct name. For ACE virtual contexts, the source ID displayed is a combination of the display name of the device, the serial number, and the virtual context. For CSS and CSM devices, the source ID displayed is a combination of the device names and the serial number for ACE, and it contains the device name for the CSS or CSM device.
Workaround: None.
|
CSCsj35564
|
Web page displays an error after using F5 refresh.
|
If you are using Microsoft Internet Explorer 6.0, when you select All Devices in the device tree, then press the F5 key, the Security Information appears. When you click Yes, an error appears and the device tree window is blank.
Workaround: Close your browser, clear the cache, and then open a new browser window.
|
CSCsj63158
|
CSS Module Type and Module Status are incorrectly displayed as 12 and 2.
|
When you select Monitor > System View, some of the values in the High Availability and Module Info fields are numbers instead of the correct text. For example, the CSS Module Type is 12 and the Module Status is 2, which is unclear.
Workaround: Restart the ANM server.
|
CSCsj65260
|
Failed virtual server deployment results in "Server farm name already in use" error.
|
When creating a virtual server and a server farm at the same time, if an error occurs that causes the virtual server deployment to fail, but the server farm has already been created, you get an error.
Workaround: Cancel the virtual server creation. Then add a virtual server and repopulate the form. You should be able to select the server farm rather than create it.
Another workaround is to deselect the new server farm, then select something else. Click Deploy. Then edit the virtual server and select the server farm. Click Deploy.
|
CSCsj98834
|
Server Farm, Health Monitoring, and Sticky Groups screens flicker when loading > 200 entries.
|
When you discover an Admin virtual context with more than 200 entries and then display one of the following screens, the screen flickers:
•Server Farm table
•Health Monitoring Probes table
•Config > Sticky Groups table
Workaround: None.
|
CSCsk09390
|
On the ACE appliance Import screen, the Next button should be changed to Import.
|
You can only import one ACE appliance at a time because there is no Next button on the Import screen.
Workaround: None.
|
CSCsk31533
|
Cannot create new probes, class maps, or policy maps after 200 entries with Internet Explorer.
|
When the number of rows in the table exceeds 200, which is the default page size, if you click the Add (+) button to add a new probe or real server or policy map or class map, instead of displaying the screen to add the new entry, the last page of the list appears instead.
Workaround: Click Add again after the last page is displayed, and the correct screen appears.
|
CSCsk43561
|
When you add a domain and select the domain All, you must click OK twice.
|
When you add a new domain and select the domain All, you must click OK twice in order to apply the selected entry.
Workaround: None.
|
CSCsk47316
|
The ACE Traffic Summary page displays status as 1 or 2.
|
The Traffic Summary page for ACE devices sometimes displays 1 or 2 in the Operational Status and Admin Status fields. 1 means Up and 2 means Down.
Workaround: None.
|
CSCsk49103
|
Deleting a tagged template does not reset the user count.
|
When you create and tag a template and then apply the template to a virtual context, the number of users is incremented. If you then delete the tagged version of the template, modify the working template and tag the template, a new tagged version is created with the same user count as the previously deleted template; the user count should be reset to 0.
Workaround: None.
|
CSCsk85308
|
Cannot activate RS when the configured state is out of sync with the device.
|
When the CLI of an ACE device is out of sync with the ANM, you cannot activate or suspend the real or virtual servers.
Workaround: If an ACE real server does not change state, you should modify the state of the server, then change it back. For example, if the real server is showing Configured State Inservice, Operational State outOfService, and you want to server to be InService, do a Suspend on the Operations page. The real server becomes Configured State outOfService, Operational State outOfService. Do an Activate on the Operations page. The real server becomes Configured State inService, Operational State inService.
Another workaround is to sync the ACE configuration with the ANM.
|
CSCsk85692
|
The real server's Admin Status and Operation Status for CSS devices shows 4.
|
When you select Monitor > Device > CSS device, then click on #Rservers Up link on the virtual server page, the Admin Status and Operation Status values are shown incorrectly as 4 or outOfservice.
Workaround: Restart the ANM server.
|
CSCsl01563
|
Session timeout displays a dialog with the label "unknown."
|
When an ANM session times out, a window labeled "Unknown" appears. This window continues to appear when the screen is left open and the session times out.
Workaround: None.
|
CSCsk96610
|
Physical Link Status of CSS HA shows N/A.
|
The Physical Link Status field of CSS High Availability displays N/A because the implementation of SNMP for this variable is different from other SNMP variables.
Workaround: None.
|
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
CCDE, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0812R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2009 Cisco Systems, Inc. All rights reserved.
