Guest

CiscoWorks Network Compliance Manager

Release Notes for CiscoWorks Network Compliance Manager 1.8.01

Hierarchical Navigation

Downloads

 Feedback

Table Of Contents

Release Notes for CiscoWorks Network Compliance Manager 1.8.01

Introduction

Installing the CiscoWorks NCM 1.8.01 Patch

What's Been Fixed in CiscoWorks NCM 1.8.01

Additonal Information

Uninstalling the CiscoWorks NCM 1.8.01 Patch

Supported Platforms

Supported Databases

Additional CiscoWorks NCM Configurations

Virtual Environments

Performance Issues

Additional Required Applications

Hardware Requirements

Accessing the CiscoWorks NCM Documentation Set

Obtaining Documentation and Submitting a Service Request


Release Notes for CiscoWorks Network Compliance Manager 1.8.01

Published: September 2012, OL-28028-01

These release notes are for CiscoWorks Network Compliance Manager (NCM) 1.8.01. It contains the following sections:

Introduction

Additonal Information

What's Been Fixed in CiscoWorks NCM 1.8.01

Additonal Information

Uninstalling the CiscoWorks NCM 1.8.01 Patch

Supported Platforms

Supported Databases

Additional CiscoWorks NCM Configurations

Virtual Environments

Additional Required Applications

Hardware Requirements

Accessing the CiscoWorks NCM Documentation Set

Obtaining Documentation and Submitting a Service Request

Note The Docs tab provided in the CiscoWorks NCM user interface might not include links to the latest documents. Therefore, we recommend that you access the CiscoWorks NCM documentation set using the following URL: http://www.cisco.com/en/US/products/ps6923/tsd_products_support_series_home.html

Introduction

CiscoWorks NCM tracks and regulates configuration and software changes in a multivendor network environment. It provides visibility into network changes and tracks compliance with a broad variety of regulatory, IT, corporate governance, and technology requirements. CiscoWorks NCM helps IT staff identify and correct trends that could lead to problems, such as network instability and service interruption.

Installing the CiscoWorks NCM 1.8.01 Patch

To install the NCM patch:

Step 1 On the NCM server, unzip the patch bundle.

Step 2 From the command line, run the patch script.

For Windows, either double-click the patch.bat script or run the following command: 

C:\> patch.bat

For Linux or Solaris, run one of the following commands: 

% sh patch.sh

or 

% ./patch.sh

Note The patch process creates a patch.log file in the <NCM_HOME>/server/log directory. In the event of an error during the patch installation process, the error is logged to this file.

Step 3 After installing the patch, clear the web browser cache for each user.

Note In a Multimaster or Horizontal Scalability environment, follow this installation approach:
1. On all NCM servers, stop all NCM services.
2. Apply this patch to all NCM servers.
3. On all NCM servers, restart the NCM services.

What's Been Fixed in CiscoWorks NCM 1.8.01

Table 1 describes the issues fixed in CiscoWorks NCM 1.8.01.

Table 1 Issues Fixed in CiscoWorks NCM 1.8.01

Bug Id
Bug Summary

QCCR1D91908

Show the core ID for a task when using Horizontal Scalability

QCCR1D120216

Track how long a device has been out of compliance

QCCR1D121216

Provide options for configuring the determination of who actually made a change on the device (See Additonal Information, below.)

QCCR1D121495

Reports should reflect the actual time started, finished, and duration for tasks

QCCR1B86926

Provision Device From Template menu doesn't progress to the next page

QCCR1B90899

Failed task status always reported as 'Running'

QCCR1B93540

Exception thrown when checking "list active policies only"

QCCR1B97183

CiscoCatNative: the snapshot failover from SCP to TFTP does not work correctly

QCCR1B97638

Import/Export to Word for compliance policies/rules

QCCR1B97785

Provide a way to enable command script task session logging through the API

QCCR1B98753

Last Access Time and Last Snapshot Result show wrong values (See Additonal Information, below.)

QCCR1B98835

Update SWIM library

QCCR1B99455

The device hostname should not be case sensitive

QCCR1B99464

Link for "Other End" shows incorrect data

QCCR1B99618

Script text box does not display after searching devices/groups

QCCR1B99700

The NCM proxy cursor does not properly react on Cisco ACE devices

QCCR1B99740

Expect fails to set timeout

QCCR1B99755

Save 'Update Device Software task' error when selecting '*.bin' software image file

QCCR1B99830

BlockType 'raw' in the table RN_DEVICE_DATA

QCCR1B99974

VLAN search results are not predictable

QCCR1B100122

User with Existing View Permission Role selected and created View Partition Permissions checked is unable to see checkboxes when comparing two configurations from different devices (Devices > Configuration Changes)

QCCR1B100359

Enhanced custom data "limit values to" field is limited to100 characters

QCCR1B100592

Rule Exception Expire Date field needs in to include future years

QCCR1B100856

Command script run by a user with custom permissions throws NPE

QCCR1B101426

Reports > Search For > Interfaces displays incorrect "Negotiated Duplex" information

QCCR1B101560

When creating a command script or advanced command script with the Multiline option selected, the "Limit Values To"box is restricted to 255 characters

QCCR1B101600

Generate a session log when running an advanced command script through the API

QCCR1B101701

User permission denial throws a java exception

QCCR1B102147

Advanced script does not use the last used password

QCCR1B102226

WSDL operation show_device missing Site Name as output

QCCR1B102230

Cannot edit partition

QCCR1B102302

HPSA and TACACS+ authentication failover does not work when SA is unavailable

QCCR1B102338

Import deactivates device templates

QCCR1B102582

Connection through bastion host fails.

QCCR1B103233

CiscoWorks NNMi-CiscoWorks NCM integration: NCM does not interact correctly with NNMi for devices not in the "Default Site" partition (See Additonal Information below.)

QCCR1B103237

NCM import not updating console server port

QCCR1B103283

Problem exporting device passwords using tc_tools.sh

QCCR1B103347

Reroute to NCM logon page loses the target link

QCCR1B103511

SNMPv2c is not used during driver discovery

QCCR1B103778

LDAP Setup Wizard using Generic LDAP and SSL

QCCR1B103910

Issue with addins directory

QCCR1B104125

Issue with selecting device on run command script

QCCR1B104158

Compliance search "View Search Result as CSV File": unchecked policy rule displayed as 'Yes' for Rule Compliance, instead of "Not Checked Yet"

QCCR1B104783

NCM WSDL - list_task output generates too much data

QCCR1B104937

Perl script will not save as "Auto Remediation" task

QCCR1B105172

Any user can edit other user-defined reports, regardless of permissions

QCCR1B105179

Compliance report CSV export results in discrepancies

QCCR1B105277

Runtime exception error in jboss_wrapper for RN_DeviceLastUsed duplicate records

QCCR1B105285

Configuration change report with "include result details" formatted incorrectly in CSV output

QCCR1B105323

UI error when clicking on A10 interface detail

QCCR1B105385

Incorrect checkmark behavior when importing scripts, diagnostics, or compliance policies

QCCR1B105406

Duplicate results when searching in diagnostics

QCCR1B105546

Policy import should fail if dependency (diagnostics) is missing

QCCR1B105705

Some non-administrator users are unable to view device configurations

QCCR1B105871

Event Notification Rule not updating

QCCR1B105931

Need to allow special characters in policy name and description

QCCR1B106020

Permissions problem when creating a command from the configuration templates for a specific partition

QCCR1B106037

Global "Change Detection and Polling" settings and Driver Discovery

QCCR1B106226

Unable to re-run auto-remediation command script

QCCR1B106242

Problem with compliance search export

QCCR1B106266

View > Current Configuration does not always show the correct configuration

QCCR1B106308

NCM reports an older configuration as the current device configuration for some devices(See Additonal Information, below.)

QCCR1B106310

Very large number of error messages filling jboss_wrapper.log when running large diagnostic tasks

QCCR1B106312

The advanced Perl scripts are not working on JavaScript drivers

QCCR1B106381

Dynamic device group membership computation should be

triggered when case-sensitivity is changed

QCCR1B106595

Check Configuration Compliance Report shows policy rule passed, but manual run fails

QCCR1B106652

User Reports Add To Favorites is broken

QCCR1B106660

Need to allow Special Characters in Policy Detailed Description and Solution

QCCR1B107024

Installer with documented workaround and tc_tools.sh doesn't work with Oracle service name, works with SID


Additonal Information

Some of the fixes detailed here require additional manual steps or .rcx file modifications. The .rcx files are located in the <NCM_HOME>/jre directory.

Unless otherwise directed, it is recommend to make all changes to the adjustable_options.rcx file. Other files might be overwritten during an NCM upgrade.

Note Before modifying .rcx files, back up the current .rcx files to a location outside of the NCM directory structure. (NCM reads all .rcx files within the NCM directory structure.)

1. QCCR1D121216

This fix provides a way to adjust the priorities that NCM uses for associating a user to a specific device change. By default, the NCM uses the following priorities (1 is the highest priority):

a. User who scheduled a password change that was run on the device.

b. User who scheduled a software update that was run on the device.

c. User who deployed a configuration to the device.

d. User who ran a script on the device.

e. User who connected to the device through the system's proxy.

f. User information gathered from AAA logs.

g. User information parsed from a syslog message.

h. User who scheduled a diagnostic that was run on the device. uses for associating a user to a specific device change. By default, the NCM uses the following priorities (1 is the highest priority):

This fix associates a weighted value to each priority. These weights can be adjusted using rcx settings.

To change the default order of these priorities, follow these steps:

a. Add the following text to the adjustable_options.rcx file: 

     <option name="changepriority/ACL_DELETE_PRIORITY">21</option>

     <option name="changepriority/PASSWORD_CHANGE_PRIORITY">20</option>

     <option name="changepriority/SOFTWARE_UPDATE_PRIORITY">18</option>

     <option name="changepriority/CONFIGURE_SYSLOG_PRIORITY">17</option>

     <option name="changepriority/CONFIG_DEPLOY_PRIORITY">16</option>

     <option name="changepriority/SCRIPT_RUN_PRIORITY">15</option>

     <option name="changepriority/PROXY_PRIORITY">12</option>

     <option name="changepriority/SYSLOG_PRIORITY">10</option>

     <option name="changepriority/AAA_PRIORITY">8</option>

     <option name="changepriority/DIAGNOSTIC_RUN_PRIORITY">2</option>

     <option name="changepriority/NONE_PRIORITY">0</option>

b. As needed, change the value for each priority to reflect the desired priority order. The higher the value, the higher the priority.

Note Each value must be an integer and unique within this list of priorities.

c. Save the adjustable_options.rcx file.

d. Do one of the following:

Restart the NCM services.

Click [Save] on the Admin > Administrative Settings > User Interface page in the product console.

Run the "reload server options" command from the NCM proxy.

To verify that the new values are being used, set Feature/ChangeDetectionto trace.

2. QCCR1B98753

By default, the Show Device and Show Device Template commands display a heading named "Last Snapshot Result." This fix supports changing this heading to "Last Task Result."

To enable this fix, follow these steps:

a. In the appserver.rcx file, locate the following lines: 

     <option name="formatting/show device/stdout/body">Device ID : $Device.DeviceID$

     ...

     Last Successful Snapshot : $Device.LastAccessSuccessDate$

     ...

     $CustomData$Comments : $Device.Comments$</option>

b. Copy the entire option definition from the appserver.rcx file to the adjustable_options.rcx file.

c. In the adjustable_options.rcx file, locate the following copied line: 

     Last Snapshot Result : $Device.LastAccessAttemptStatus$

d. Change the copied line to: 

     Last Task Result : $Device.LastAccessAttemptStatus$

e. Save the adjustable_options.rcx file.

f. Reload the .rcx settings by running the "reload server options" command from the NCM proxy or by restarting the NCM services.

3. QCCR1B103233

This fix enables NCM to interact with NNMi for devices in non-default partitions.

To enable this fix, follow these steps:

a. In the site_options.rcx file, locate the following lines: 

    <option name="3rd party/integrations/NCMPartition">

    	<title>NCM Partition</title>

        <section>NNMi Integration</section>

        <size>30</size>

        <type>Text</type>

    <comment>NCM-NNMi integration partition</comment>Default Site</option>

b. To these lines, append the following option: 

    <option name="3rd 
party/integrations/nnm_map_securitygroups_to_partitions/enabled">0<title>NNMi Maps 
Security Groups to NCM Security Partitions</title>

        <section>NNMi Integration</section>

        <type>RadioButtons</type>

        <domain>1</domain>

        <number_1>Enabled</number_1>

        <domain>0</domain>

        <number_0>Disabled</number_0>

    </option>

c. Save the site_options.rcx file.

d. Reload the .rcx settings by running the "reload server options" command from the NCM proxy or by restarting the NCM services.

4. QCCR1B106308

This fix provides a way to force NCM to reevaluate the current configuration of all managed devices.

To enable this fix, run the following command from the NCM proxy: 

run checkdb -resolver currentconfig -verbose

The runtime of this command is proportional to the number of devices being managed.

Uninstalling the CiscoWorks NCM 1.8.01 Patch

The root of the NCM installation directory contains a subdirectory named patch_backups that was created by the patch installer. In the patch_backups directory is a subdirectory named with the patch build number. This subdirectory contains a backup of all critical files changed by the patch installer. The backup.log file lists the files that were backed up and the original location of each file.

 To remove the patch and roll back to the pre-patch state: 

Step 1 Stop the NCM services.

Step 2 Manually restore the files listed in the backup.log file to their original locations.

Step 3 Back out any changes made to the .rcx files as noted in the section, Additional Information, if applicable.

Step 4 Restart the NCM services.

Supported Platforms

Table 2 shows the supported platforms for CiscoWorks NCM 1.8.x

Table 2 Supported Platforms for CiscoWorks NCM 1.8

Operating System
NCM Application Supported Versions
NCM Satellite Supported Versions
Windows Server 2008:
 

x64 Datacenter Edition, SP2

X
None
 

R2 x64 Datacenter Edition, SP1

X
 

x64 Enterprise Edition, SP2

X
 

R2 x64 Enterprise Edition, SP1

X
 

x64 Standard Edition, SP2

X
 

R2 x64 Standard Edition, SP1

X
 

Note: RSA device authentication is not yet available on Windows Server 2008. If you run NCM on a Windows operating system require RSA device authentication, you cannot install or upgrade to NCM 1.8 at this time.

Linux:
 

Red Hat Enterprise Linux Server AS 4.0 or later minor version

 
X
 

Red Hat Enterprise Linux Server 5.4 or later minor version through 5.6

X
X
 

Red Hat Enterprise Linux Server 6.0 or later minor version

X
 
 

SUSE Linux Enterprise Server 9

 
X
 

SUSE Linux Enterprise Server 11 SP1

X
 
 
Tip: Red Hat does not support direct upgrades from Red Hat Enterprise Linux Server 5.x to 6.0.
Solaris:
 

Oracle Solaris 10 SPARC

X
X
 
Note:
· Before installing NCM on a Solaris platform, reconfigure the Syslog server to not listen for remote Syslog messages.
· NCM on a Solaris system requires a large amount of swap space because of the way the fork() system call works. For example, forking a 24 GB process allocates 24 GB in the swap file, which guarantees space to swap out the new process if necessary. If the 24 GB is not available in swap, the fork() system call fails.

The following operating systems are no longer supported:

Windows 2000

Solaris 9

Red Hat AS3

SuSE 9

Note For all operating system upgrades, please see the respective vendor documentation or contact your system support personnel. Cisco is not responsible for issues that might arise during third-party product upgrades.

Supported Databases

Table 3 shows the databases that are supported by CiscoWorks NCM 1.8.x

Table 3 Supported Databases for CiscoWorks NCM 1.8

Database
Notes

Oracle 10g (10.2.0.2 and 10.2.0.4) Standard and Enterprise Edition

64-bit Oracle is supported. If you are running CiscoWorks NCM 1.8.x in a Distributed System environment, you will need Oracle 10g or 11gR1 Enterprise Edition.

Oracle 11g (11.1.0.7.0) Standard and Enterprise Edition

64-bit Oracle is supported. If you are running CiscoWorks NCM 1.8.x in a Distributed System environment, you will need Oracle 10g or 11gR1 Enterprise Edition.

Microsoft SQL Server 2005 and 2008 Standard and Enterprise Edition

64-bit Microsoft SQL Server is supported. High Availability Distributed System on Microsoft SQL Server requires SQL Server 2005 Service Pack 2 (Standard Edition or Enterprise Edition) or SQL Server 2008 (Standard Edition or Enterprise Edition).

MySQL 5.0.58

MySQL 5.0.58 ships with CiscoWorks NCM 1.8.x


Except for modest deployments without full enterprise scale and performance requirements, the application server and database server should be on separate physical machines. In addition, the database server should be dedicated to CiscoWorks NCM, rather than serving multiple applications.

Note CiscoWorks NCM 1.8.x does not support the use of Microsoft SQL Named Instances.

The following databases are no longer supported:

Oracle 9i and Oracle 9.2

Microsoft SQL Server 2000

MySQL 3

Note For all database upgrades, please see the respective vendor documentation or contact your database analyst. Cisco is not responsible for issues that might arise during third-party product upgrades.

Additional CiscoWorks NCM Configurations

If you have configured a High Availability Distributed System, the database requirements for Oracle and Microsoft SQL Server include:

If you have configured a Horizontal Scalability environment, the database requirements for Oracle and Microsoft SQL Server include:

Database
Restrictions

Oracle 10g Standard or Enterprise Edition (10.2.0.2 and 10.2.0.4)

No more than five CiscoWorks NCM application servers can be configured together with a single database.

Oracle 11g Standard or Enterprise Edition (11.1.0.7.0)

No more than five CiscoWorks NCM Cores can be configured together with a single database.

Microsoft SQL Server Standard and Enterprise Edition 2005 (SP2 or higher) and 2008

No more than five CiscoWorks NCM application servers can be configured together with a single database.


See High Availability Distributed System Configuration Guide for CiscoWorks Network Compliance Manager for information on configuring High Availability Distributed System environment.

See Horizontal Scalability User Guide for CiscoWorks Network Compliance Manager for information on configuring Horizontal Scalability environment.

Note High Availability and Horizontal Scalability environments are not supported for MySQL.

Virtual Environments

Table 4 lists the virtual servers NCM supports.

Table 4 NCM-Supported Virtual Servers 

Virtual Server
Supported Operating System Types
Notes

VMware:

ESX Server 3.5

ESX 4.0 or later minor version

ESXi 4.1 or later minor version

ESXi 5.0 or later minor version

Host OS:

— Windows
— Linux

Guest OS: Any of the operating systems listed in Table 2

The virtual environment must meet the x86-64 or AMD64 hardware requirements listed in Table 5.

Microsoft® Hyper-V R2

· Host OS: Windows Server 2008 R2 x64
· Guest OS: Any of the Windows operating systems listed in Table 2
 

Oracle Solaris Zones

Oracle Solaris
 

If you are running NCM in a virtual environment, review the follow guidelines:

Because NCM can be network intensive, many virtual machines sharing a virtual switch and network interface card could result in unexpected behavior, including time-outs and failed tasks.

Each virtual environment is different and could function differently under loads with shared VM guests.

On a virtual server, it is recommended that the Disk I/O be split. The virtual server must have two arrays:

One array for the host operating system

One array for the virtual machines

Live migration (for example, using Vmotion) of the NCM application server is not recommended.

If you plan to use virtual machines for both the NCM application and the NCM database, ensure that they are running on different guests. It is recommended to host the database virtual machine on a different array to avoid conflicting I/O on the array. Verify that the database is supported in a virtual environment.

When configuring NCM on virtual machines in a Multimaster Distributed System environment or a Horizontal Scalability environment, the maximum number of NCM application servers is two.

Some virtual guests time drift, which can be an issue and should be corrected. Synchronizing the guests to an external time source can solve this issue.

Each NCM guest system must be configured with a set reservation for CPU and memory. These reservations should be at least 125% of the standalone server requirements listed in Table 5 and Table 6. Ensure that the resource pool containing the NCM guest system has adequate resources to consistently deliver the CPU and memory reservations to the NCM guest system.

Performance Issues

To counter performance issues while running NCM in a virtual environment, do the following:

Increase hardware resources on the physical host.

Ensure resources are dedicated to the NCM application server guest.

Decrease the number of guests running simultaneously.

Add a network interface card dedicated to NCM to the virtual server.

A large number of concurrent tasks increases NCM resource demand. If performance issues arise, reduce the number of concurrent tasks or provide more resources to the NCM virtual server. (This suggestion also applies to physical servers.)

Additional Required Applications

You need to install the following applications:

CiscoWorks NCM supports the following browsers:

Mozilla Firefox 3.x and higher

Internet Explorer 7.x and higher

Note Windows pop-up blockers must be disabled for the browser. Cookies must be enabled for the browser.

Microsoft Excel 2000 or higher, if you are viewing Summary Reports from the CiscoWorks NCM server.

Adobe® Acrobat Reader™ version 4.0 or higher if you are viewing CiscoWorks NCM documentation from the CiscoWorks NCM server.

ActivePerl 5.8.x (for Windows).

Perl 5.8.x (for Solaris and Linux). The CiscoWorks NCM Convert-to-Perl script feature uses Perl.

Perl Net::SSH::Expect module (for using the Connect module with SSH)

Note Third-party products mentioned in this documentation are manufactured by vendors independent of Cisco. Cisco makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

Hardware Requirements

CiscoWorks NCM requires the following minimum hardware:

Table 5 Application Server Requirements

Application Server

CPU

Intel 64-bit (x86-64), AMD 64-bit (AMD64), 3.0+ GHz (Windows, Linux), Minimum of 2.5GHz, 1 physical CPU with 6 cores and 12 logical processors with hyper-threading

Oracle SPARC64 VI or later (M-Series), Oracle SPARC T4 or later (T-Series) (Oracle Solaris), Minimum of 2.5GHz, 1 physical CPU with 6 cores and 12 virtual processors

Memory

16 GB RAM

Swap Space

16 GB

Disk

40 GB, Fast SCSI

Network

100 Mbps Fast Ethernet, full duplex


Table 6 Database Server Requirements

Database Server

CPU

Intel Xeon or equivalent, 3.0+ GHz

Memory

16 GB RAM

Swap Space

16 GB

Disk

512 GB, Fast SCSI

Network

100 Mbps Fast Ethernet, full duplex


Accessing the CiscoWorks NCM Documentation Set

All or any part of the CiscoWorks NCM documentation set, including this document, might be upgraded over time. Therefore, we recommend that you access the CiscoWorks NCM documentation set using the following URL: http://www.cisco.com/en/US/products/ps6923/tsd_products_support_series_home.html

Tip To cut and paste a two-line URL into the address field of your browser, you must cut and paste each line separately to get the entire URL without a break.

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.

Open a service request online at:

http://www.cisco.com/techsupport/servicerequest

View a list of Cisco worldwide contacts at:

http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2012 Cisco Systems, Inc. All rights reserved.