Table Of Contents
Preparing to Install
How the Cisco Security Agent Works
Cisco Security Agent Overview
About CSA MC
Before Proceeding
System Requirements
CSA MC System Requirements
SQL Server Express Edition
Agent Requirements for Windows Systems
Agent Requirements for Solaris Systems
Agent Requirements for Linux Systems
Environment Requirements
Browser Requirements
DNS and WINS Environments
Port Availability Requirements
Time and Date Requirements
Windows Cluster Support
Virtual Machine Support
Adobe Reader
Internationalization and Localization Support
Localization Support for Cisco Security Agents
Internationalization Support Tables
Verifying Language Tokens
Scalable Deployments
Hardware Sizing
Software Considerations
Configuration Recommendations for Scalability
Factors in Network Sizing
Factors in Database Sizing
Preparing to Install
How the Cisco Security Agent Works
The Cisco Security Agent provides distributed security to your enterprise by deploying agents that defend against the proliferation of attacks across networks and systems. These agents operate using a set of rules provided by the Management Center for Cisco Security Agents and selectively assigned to each client node on your network by the network administrator.
This section includes the following topics.
•
Cisco Security Agent Overview
•About CSA MC
•Before Proceeding
•System Requirements
–CSA MC System Requirements
–Agent Requirements for Windows Systems
–Agent Requirements for Solaris Systems
–Agent Requirements for Linux Systems
•Environment Requirements
–Browser Requirements
–DNS and WINS Environments
–Time and Date Requirements
–Port Availability Requirements
–Windows Cluster Support
–Virtual Machine Support
–Adobe Reader
•Internationalization and Localization Support
–Internationalization Support Tables
–Verifying Language Tokens
•Scalable Deployments
–Hardware Sizing
–Software Considerations
–Configuration Recommendations for Scalability
–Factors in Network Sizing
–Factors in Database Sizing
Cisco Security Agent Overview
Cisco Security Agent contains two components:
•The Management Center for Cisco Security Agents (CSA MC) — installs on a secured server and includes a web server, a configuration database, and a web-based user interface.
•The Cisco Security Agent (the agent) — installs on desktops and servers across your enterprise and enforces security policies on those systems.
Administrators configure security policies on CSA MC using the web-based interface. They distribute these policies to agents installed on end user systems and servers. Policies can allow or deny specific system actions. The agents check policies before allowing applications access to system resources.
Figure 1-1 Product Deployment
About CSA MC
The CSA MC user interface installs as part of the overall Cisco Security Agent solution installation. It is through a web-based interface that all security policies are configured and distributed to agents. CSA MC provides monitoring and reporting tools, letting you generate reports with varying views of your network enterprise health and status. Providing this web-based user interface allows an administrator to access CSA MC from any machine running a web browser. Figure 1-2 shows the CSA MC home page. See Using Management Center for Cisco Security Agent for further details.
Figure 1-2 CSA MC, Home Page
Before Proceeding
Before installing CSA MC software, refer to the Release Notes for up-to-date information. Not doing so can result in the misconfiguration of your system.
Make sure that your system is compatible with the Cisco product you are installing and that it has the appropriate software installed.
Read through the following information before installing the CSA MC software.
System Requirements
CSA MC System Requirements
Note The acronym CSA MC is used to represent the Management Center for Cisco Security Agents.
Table 1-1 shows the minimum CSA MC server requirements for Windows 2003 systems. These requirements are sufficient if you are running a pilot of the product or for deployments up to 1,000 agents. If you are planning to deploy CSA MC with more than 1,000 agents, these requirements are insufficient. See Scalable Deployments for more detailed system requirements.
Table 1-1 Minimum Server Requirements
System Component
|
Requirements for a physical server
|
Requirements for a virtual server
|
Hardware
|
•PC-compatible computer
•Color monitor with video card capable of 16-bit
|
VMware ESXi version 3.5, UP 3.
|
Processor
|
1 GHz or faster processor
|
2 GHz or faster processor
|
Operating Systems
|
Windows 2003 R2 Standard or Enterprise Editions without a service pack
Windows 2003 R2 Standard or Enterprise Editions, with Service Pack 2
Note To run terminal services on the CSA MC system, you must edit the MC policy.
|
Windows 2003 R2 Standard or Enterprise Editions without a service pack
Windows 2003 R2 Standard or Enterprise Editions, with Service Pack 2
Note To run terminal services on the CSA MC system, you must edit the MC policy.
The CSA MC may also be installed on VMware image of a Windows 2003 R2 server, as described above, which is maintained on a VMware ESXi hypervisor. See Virtual Machine Support for more information.
|
File System
|
NTFS
|
NTFS
|
Memory
|
1 GB minimum memory
|
1 GB minimum memory
|
Virtual Memory
|
2 GB virtual memory
|
2 GB virtual memory
|
Hard Drive Space
|
9 GB minimum available disk drive space
|
9 GB minimum available disk drive space
|
•CSA MC qualification and first level support for operation on Japanese OS (JOS) platforms is provided by Cisco Japan.
•The minimum recommended screen resolution for viewing the CSA MC UI is 1024x768. For optimal viewing of the CSA MC UI, you should set your display to a resolution of 1280x600 or higher.
Note We recommend connecting to the CSA MC interface using a browser on a remote machine rather than using a browser installed directly on the CSA MC's server.
•On a system where CSA MC has never been installed, the CSA MC setup program first installs Microsoft SQL Server Express and the required .NET environment. If the CSA MC installation detects any other database type attached to an existing installation of Microsoft SQL Server Express, the installation will abort. This database configuration is not supported.
SQL Server Express Edition
As part of the installation process on a system where CSA MC has not previously been installed, the setup program first installs Microsoft SQL Server Express Edition and the required .NET environment. You can use the included Microsoft SQL Server Express Edition (provided with the product) if you are planning to deploy no more than 1,000 agents.
Caution If the CSA MC installation detects any other database type attached to an existing installation of Microsoft SQL Server Express Edition, the CSA MC installation will abort. This database configuration is not supported by Cisco. (Installation process aborts if any databases other than those listed here are found: master, tempdb, model, msdb, pubs, Northwind, profiler and AnalyzerLog.)
For a local database configuration, you also have the option of installing Microsoft SQL Server 2005 or 2000 instead of using the Microsoft SQL Server Express Edition that is provided. Microsoft SQL Server Express Edition has a 4 GB limit. In this case, you can have CSA MC and Microsoft SQL Server 2005 on the same system if you are planning to deploy no more than 5,000 agents. Note that if you are using SQL Server 2005 or 2000, it must be licensed separately and it must be installed on the system before you begin the CSA MC installation.
We also recommend that you format the disk to which you are installing CSA MC as NTFS. FAT32 limits all file sizes to 4 GB.
See Chapter 2, "Installing the Management Center for Cisco Security Agents" for more information.
Agent Requirements for Windows Systems
These are the system requirements for running Cisco Security Agent on Windows servers and desktops:
Table 1-2 Agent Requirements (Windows)
System Component
|
Requirement
|
Processor
|
Intel Pentium 200 MHz or higher
Note Up to eight physical processors are supported.
|
Operating Systems
|
•Windows Vista Business and Enterprise editions with service pack 0 or 1.
•Windows Server 2003 (Standard, Enterprise, Web, or Small Business Editions) Service Pack 0, 1, or 2
•Windows XP (Professional, Tablet PC Edition 2005, or Home Edition) Service Pack 0, 1, 2, or 3.
•Windows Embedded Point of Service (WEPOS) 1.1
•Windows 2000 (Professional, Server or Advanced Server) with Service Pack 0, 1, 2, 3, or 4
Note Citrix Metaframe and Citrix XP are supported. Terminal Services are supported on Windows 2003, Windows XP, and Windows 2000.
Supported language versions are as follows:
•For Windows 2003, XP, and 2000, all language versions, except Arabic and Hebrew, are supported.
|
Memory
|
256 MB minimum—all supported Windows 2003, Windows XP, and Windows 2000 platforms
512 MB minimum—for Windows Vista.
|
Hard Drive Space
|
60 MB or higher
Note This includes program and data.
|
Network
|
Ethernet
Note Maximum of 64 IP addresses supported on a system.
|
See Port Availability Requirements for the ports that need to be available for agents to communicate with the CSA MC.
Note Cisco Security Agent uses approximately 30 MB of memory. This applies to agents running on all supported Microsoft and UNIX platforms.
Caution When upgrading or changing operating systems, uninstall the agent first. When the new operating system is in place, you can install a new agent kit. Because the agent installation examines the operating system at install time and copies components accordingly, existing agent components may not be compatible with operating system changes.
Agent Requirements for Solaris Systems
These are the system requirements for running Cisco Security Agent on Solaris servers:
Table 1-3 Agent Requirements (Solaris)
System Component
|
Requirement
|
Processor
|
UltraSPARC 400 MHz or higher
Note Uni-processor, dual processor, and quad processor systems are supported.
|
Hardware platform
|
Sun4u for Solaris 8,9, and 10.
|
Operating Systems
|
•Solaris 10, 64 bit kernel, 6/06 edition or higher.
Recommended patch levels for Solaris 10: 120068-03: SunOS 5.10: in.telnetd Patch
•Solaris 9, 64 bit, patch version 111712-11 or higher installed.
•Solaris 8, 64 bit 12/02 edition or higher (This corresponds to kernel Generic_108528-18 or higher.)
Recommended patch levels for Solaris 8: 108434-17 and 108435-17
Note If you have the minimal Sun Solaris 8 installation (Core group) on the system to which you are installing the agent, the Solaris machine will be missing certain libraries and utilities the agent requires. Before you install the agent, you must install the "SUNWlibCx" library which can be found on the Solaris 8 Software disc (1 of 2) in the /Solaris_8/Product directory. Install using the pkgadd -d . SUNWlibCx command.
|
Memory
|
256 MB minimum for Solaris 8 and 9
512 MB minimum for Solaris 10
|
Hard Drive Space
|
50 MB or higher
Note This includes program and data.
|
Network
|
Ethernet
Note Maximum of 64 IP addresses supported on a system.
|
Caution On Solaris systems running Cisco Security Agents, if you add a new type of Ethernet interface to the system, you must reboot that system twice for the agent to detect it and apply rules to it accordingly.
See Port Availability Requirements for the ports that need to be available for agents to communicate with the CSA MC.
Agent Requirements for Linux Systems
These are the requirements for running Cisco Security Agent on Linux servers and desktops:
Table 1-4 Agent Requirements (Linux)
System Component
|
Requirement
|
Processor
|
500 MHz or faster x86 processor (32 bits only)
Note Uni-processor, dual processor, and quad processor systems are supported.
|
Operating Systems
|
•Red Hat Enterprise Linux 5.0 with Update 1 or Update 2. These operating system implementations are supported for the Desktop, Server, and Advanced Platform releases.
Minimum supported kernel: 2.6.18
•Red Hat Enterprise Linux 4.0 WS, ES, or AS
Minimum supported kernel: 2.6.9-11
•Red Hat Enterprise Linux 3.0 WS, ES, or AS
Minimum supported kernel: 2.4.0
•SUSE Linux Enterprise 10, with Service Pack 2 for Server and Desktop editions.
Minimum supported kernel: 2.6.18
|
Memory
|
256 MB minimum
|
Hard Drive Space
|
50 MB or higher
Note This includes program and data.
|
Network
|
Ethernet
Note Maximum of 64 IP addresses supported on a system.
|
See Port Availability Requirements for the ports that need to be available for agents to communicate with the CSA MC.
Caution When upgrading or changing operating systems, uninstall the agent first. When the new operating system is in place, you can install a new agent kit. Because the agent installation examines the operating system at install time and copies components accordingly, existing agent components may not be compatible with operating system changes.
Environment Requirements
The following are recommendations for a secure setup and deployment of CSA MC.
•The system on which you are installing the CSA MC software should be placed in a physically secure, locked down location with restricted access.
•Do not install any software on the CSA MC system that is not required by the product itself.
•You must have administrator privileges on the system in question to perform the installation.
•The CSA MC system must have a static IP address or a DHCP reservation.
Browser Requirements
You use a web browser to access CSA MC either locally or from a remote system. Browser requirements are as follows:
Internet Explorer:
•Version 6.0 or later
•You must have cookies enabled. This means using a maximum setting of "medium" as your Internet security setting. Locate this feature from the following menu, Tools>Internet Options. Click the Security tab.
•Pop-up blocking must be disabled.
•JavaScript must be enabled.
•If you are using Internet Explorer Version 6.0 SP1 or higher, your CSA MC FQDN cannot contain non-alphanumeric characters other than '-' and '.' . For example, if the server system name contains an underscore "_", CSA MC will not work properly.
FireFox:
•Version 1.5.0.x or higher
•You must have cookies enabled. Locate this feature from the following menu, Tools>Options>Privacy>Cookies.
•Pop-up blocking must be disabled.
•JavaScript must be enabled.
DNS and WINS Environments
For agents and browsers to successfully communicate with CSA MC, the CSA MC machine name must be resolvable through DNS (Domain Name Service) or WINS (Windows Internet Naming Service).
Port Availability Requirements
This section describes the ports that need to be available for Cisco Security Agents to communicate with the Management Center. These ports need to be open on both the host running the agent, whether that host is a server or a desktop, and the server running the CSA MC. These ports perform the same tasks on all operating systems.
CSA MC acts as a web server and requires that no other web server software is running on the CSA MC system. Having multiple web servers running on the same system causes port conflicts.
Caution By default, Windows 2003 has the World Wide Web Publishing service running. If the CSA MC installation detects this service running, the CSA MC installation will disable all Web publishing services in order for its own installation to proceed.
During installation, the CSA MC installer determines if any application or service is using the ports mentioned in Table 1-5 below. If there is an application or service using a port, the installation aborts and the user is asked to shut down the services that are using those ports.
Table 1-5 Required Port Availability for Agents and the CSA MC
Port Number
|
Purpose
|
25
|
E-mail alerts are sent on this port.
|
80
|
Agent kit caching is performed on this port.
|
162
|
Used for SNMP traps.
|
443
|
The web browser on the host communicates with CSA MC on this port.
|
1433
|
If you have SQLServer on a remote machine or running locally on the same machine as the CSA MC, make sure the SQLServer port is open.
|
1741, 1742
|
Ports 1741 and 1742 are used to access Cisco Works VPN Security Management Solutions (VMS) center. (Then, to communicate with the CSA MC within VMS, you need to have port 443 open.)
|
5401
|
Application Analysis jobs are performed over this port.
|
5401 or 443
|
Cisco Security Agent communicates with the Management Center over port 5401. If port 5401 is not available, port 443 is used by default.
|
Time and Date Requirements
Before you install CSA MC, make sure that the system on which you plan install the software has the correct and current time, date, and time zone settings. If these settings are not current, you will encounter MC/agent certificate issues.
You can use the Network Time Protocol (NTP), TIME, and DAYTIME protocols for synchronizing time between the CSA MC and its agents. When using these protocols, you will also need to distribute a Network Access Control Rule (NACL) allowing hosts to access various ports for these kinds of network services. See the Sample - Microsoft Domain Controller rule module for an example of a NACL that allows hosts to act as a client or server for time protocols.
Windows Cluster Support
Cisco Security Agent supports Network Load Balancing and Server Cluster for Windows 2003 and 2000 Server platforms. Cluster support may require certain network permissions to operate. As with other network services, your CSA MC policies must account for these network permissions. (Component Load Balancing, and Solaris and Linux Clusters are not officially supported in this release.)
Virtual Machine Support
Administrators can create a VMware image of the Management Center for Cisco Security Agents and maintain it on the VMware ESXi 3.5 hypervisor. A VMware CSA MC gives administrators flexibility by giving them remote access to the MC and eliminates the expense of buying a separate physical server.
This virtual CSA MC has the same features and performs the same functions of any CSA MC installed on its own physical machine:
•The virtual CSA MC must meet all the requirements for a CSA MC as described in Table 1-1.
•Administrators can manage hosts using a virtual CSA MC.
•A virtual CSA MC can be installed along with the Microsoft SQL Server Express database.
•One or two virtual CSA MCs can work with a remote Microsoft SQL Server 2005 (or 2000) database.
•Virtual CSA MCs can be used in a High Availability solution described in Management Center for Cisco Security Agents High Availability White Paper.
The CSA MC installed on VMware does have these limitations:
•Using VMware "snapshots" of the CSA MC is not supported.
•The sizing requirements for a VMware CSA MC are different than an MC on a physical system. See Scalable Deployments for more information about how a virtual MC scales.
The following outline provides information about installing CSA MC on a VMware image. This procedure assumes you have experience with virtualized machines and environments:
Step 1 Installing VMware ESXi as described at VMware.com at this URL: http://www.vmware.com/products/esxi/.
Step 2 Load the ISO files for Windows 2003 R2 Server and create an image of a Windows 2003 R2 machine (as described in the CSA MC System Requirements).
Step 3 Log on to your VMware ESXi server through a VMware Infrastructure Client in order to install and configure CSA MC 6.0.1. Follow any of these procedures to install the CSA MC:
•Installing CSA MC with a Local Database, page 2-12
•Installing CSA MC with a Remote Database, page 2-21
•Information for Installing Multiple CSA MCs on Separate Systems, page 2-30
Adobe Reader
Reports generated on the CSA MC can be created in PDF format. We recommend that you use the most recent version of Adobe Reader to view the reports.
Internationalization and Localization Support
This section describes the localization of Cisco Security Agent on various Windows operating systems and the compatibility of Cisco Security Agent with various Windows operating systems running in different languages.
Localization Support for Cisco Security Agents
All Cisco Security Agent kits contain localized support for English, French, German, Italian, Japanese, Korean, Simplified Chinese, Spanish, Polish, Brazilian Portuguese and Russian language native desktops and Multilingual User Interface (MUI) desktops. This support is automatic in each agent kit and no action is required by the administrator. The agent UI, events, and agent help system will appear in the language of the end user's native operating system language or MUI language desktop.
The localized languages above have been tested, and are supported on these operating systems:
•Windows 2000 Professional, SP4
•Windows XP Professional, SP3
•Windows 2003 Server, SP3
•Vista Enterprise, SP1
Internationalization Support Tables
The following tables detail the level of support for each localized version of Windows operating systems. Note that support for a localized operating system is different from having a localized agent. Support for a localized operating system means that Cisco Security Agent can run on that localized version of an operating system even though CSA is not presented in the same language as the localized operating system. In this case, the dialogs will appear in U.S. English.
The tables below define the operating system support, not agent language support.
Note For Multilingual User Interface (MUI) systems, installation screens, the CSA MC user interface, and dialog boxes can be displayed in any of the MUI languages we support: Chinese (Simplified), French, German, Italian, Japanese, Korean, Polish, Brazilian Portuguese, Spanish, or Russian.
Any Windows 2000, Windows XP, Windows 2003, or Windows Vista platforms/versions not mentioned in the tables below should be treated as not supported.
The following terms are used to describe the level of support:
•Localized (L): Cisco Security Agent kits contain localized support for the languages identified. This support is automatic in each agent kit and no action is required by the administrator. The agent UI, events, and help system appear in the language of the end user's desktop.
•Tested (T): The Cisco Security Agent was tested on these language platforms. Cisco Security Agent drivers are able to interpret the local characters in file paths and registry paths.
•Supported (S): The English version interface of Cisco Security Agent is suitable to run on these language platforms. The localized characters are supported by all agent functions.
•Not applicable (NA): Microsoft does not ship this combination
•Not supported (NS): Not supported
Look at the entry for Chinese (Simplified) in Table 1-6. For Windows 2000 Professional with Service Pack 4, Cisco Security Agent has been localized (L) for Simplified Chinese, Cisco Security Agent has been tested (T) on the operating system, and Cisco Security Agent is supported (S) for use with the operating system.
Table 1-6 Windows 2000 Support
| |
Professional, SP4
|
Server
|
Advanced Server
|
Arabic
|
NS
|
NA
|
NA
|
Chinese (Simplified)
Chinese (Simplified) (MUI)
|
L, T, S
|
L, S
|
L, S
|
Chinese (Traditional)
Chinese (Traditional) (MUI)
|
T, S
|
S
|
S
|
Czech
|
S
|
S
|
NA
|
Danish (Native OS)
Danish (MUI)
|
T, S
|
NA
|
NA
|
Dutch
|
S
|
S
|
NA
|
English (Canadian)
|
T, S
|
S
|
S
|
English (UK)
|
T, S
|
S
|
S
|
English (US)
|
L, T, S
|
L, S
|
L, S
|
Finnish
|
S
|
NA
|
NA
|
French
French (MUI)
|
L, T, S
|
L, S
|
L, S
|
French (Canadian)
French (Canadian) (MUI)
|
T, S
|
S
|
S
|
German
German (MUI)
|
L, T, S
|
L, S
|
L, S
|
Greek
|
S
|
NA
|
NA
|
Hebrew
Hebrew (MUI
|
T, S
|
NA
|
NA
|
Hungarian
|
S
|
S
|
NA
|
Italian
Italian (MUI)
|
L, T, S
|
L, S
|
NA
|
Japanese
Japanese (MUI)
|
L, T, S
|
L, S
|
L, S
|
Korean
Korean (MUI)
|
L, T, S
|
L, S
|
L, S
|
Norwegian
|
S
|
NA
|
NA
|
Polish
Polish (MUI)
|
L, T, S
|
L, S
|
NA
|
Portuguese (Brazilian)
Portuguese (Brazilian) (MUI)
|
L, T, S
|
L, S
|
NA
|
Russian
Russian (MUI)
|
L, T, S
|
L, S
|
NA
|
Spanish
Spanish (MUI)
|
L, T, S
|
L, S
|
L, S
|
Swedish
|
S
|
S
|
NA
|
Turkish
|
S
|
S
|
NA
|
Table 1-7 Windows XP Support
| |
Professional, SP3
|
Home
|
Arabic
|
NS
|
NS
|
Chinese (Simplified)
Chinese (Simplified) (MUI)
|
L, T, S
|
L, S
|
Chinese (Traditional)
Chinese (Traditional) (MUI)
|
T, S
|
S
|
Chinese (Hong Kong)
|
S
|
S
|
Czech
|
S
|
S
|
Danish
Danish (MUI)
|
T, S
|
S
|
Dutch
|
S
|
S
|
English (Canadian)
|
T, S
|
S
|
English (UK)
|
T, S
|
S
|
English (US)
|
L, T, S
|
L, S
|
Finnish
|
S
|
S
|
French
French (MUI)
|
L, T, S
|
L, S
|
French (Canadian)
French (Canadian) (MUI)
|
T, S
|
S
|
German
German (MUI)
|
L, T, S
|
L, S
|
Greek
|
S
|
S
|
Hebrew
Hebrew (MUI
|
T, S
|
NS
|
Hungarian
|
S
|
S
|
Italian
Italian (MUI)
|
L, T, S
|
L, S
|
Japanese
Japanese (MUI)
|
L, T, S
|
L, S
|
Korean
Korean (MUI)
|
L, T, S
|
L, S
|
Norwegian
|
S
|
S
|
Polish
Polish (MUI)
|
L, T, S
|
L, S
|
Portuguese (Brazilian)
Portuguese (Brazilian) (MUI)
|
L, T, S
|
L, S
|
Russian
Russian (MUI)
|
L, T, S
|
L, S
|
Spanish
Spanish (MUI)
|
L, T, S
|
L, S
|
Swedish
|
S
|
S
|
Turkish
|
S
|
S
|
Table 1-8 Windows 2003 Support
| |
Standard, SP2
|
Web
|
Enterprise
|
Chinese (Simplified)
Chinese (Simplified) (MUI)
|
L, T, S
|
L, S
|
L, S
|
Chinese (Traditional)
Chinese (Traditional) (MUI)
|
T, S
|
S
|
S
|
Chinese (Hong Kong)
|
S
|
S
|
S
|
Czech
|
S
|
S
|
S
|
Danish
Danish (MUI)
|
T, S
|
S
|
S
|
Dutch
|
S
|
NA
|
NA
|
English (Canadian)
|
T, S
|
S
|
S
|
English (UK)
|
T, S
|
S
|
S
|
English (US)
|
L, T, S
|
L, S
|
L, S
|
French
French (MUI)
|
L, T, S
|
L, S
|
L, S
|
French (Canadian)
French (Canadian) (MUI)
|
T, S
|
S
|
S
|
German
German (MUI)
|
L, T, S
|
L, S
|
L, S
|
Hebrew (Native)
Hebrew (MUI
|
T, S
|
S
|
S
|
Hungarian
|
S
|
S
|
S
|
Italian
Italian (MUI)
|
L, T, S
|
L, S
|
L, S
|
Japanese
Japanese (MUI)
|
L, T, S
|
L, S
|
L, S
|
Korean
Korean (MUI)
|
L, T, S
|
L, S
|
L, S
|
Norwegian
|
S
|
S
|
S
|
Polish
Polish (MUI)
|
L, T, S
|
L, S
|
L, S
|
Portuguese (Brazilian)
Portuguese (Brazilian) (MUI)
|
L, T, S
|
L, S
|
L, S
|
Russian
Russian (MUI)
|
L, T, S
|
L, S
|
L, S
|
Spanish
Spanish (MUI)
|
L, T, S
|
L, S
|
L, S
|
Swedish
|
S
|
S
|
S
|
Turkish
|
S
|
S
|
S
|
Table 1-9 Windows Vista Support
| |
Standard
|
Web
|
Enterprise, SP1
|
Chinese (Simplified)
Chinese (Simplified) (MUI)
|
L, S
|
L, S
|
L, T, S
|
Chinese (Traditional)
Chinese (Traditional) (MUI)
|
S
|
S
|
T, S
|
Chinese (Hong Kong)
|
S
|
S
|
S
|
Czech
|
S
|
S
|
S
|
Danish
Danish (MUI)
|
S
|
S
|
T, S
|
Dutch
|
S
|
NA
|
S
|
English (Canadian)
|
S
|
S
|
T, S
|
English (UK)
|
S
|
S
|
T, S
|
English (US)
|
S, L
|
S, L
|
L, T, S
|
French
French (MUI)
|
L, S
|
L, S
|
L, T, S
|
French (Canadian)
French (Canadian) (MUI)
|
S
|
S
|
T, S
|
German
German (MUI)
|
L, S
|
L, S
|
L, T, S
|
Hebrew
Hebrew (MUI
|
S
|
S
|
T, S
|
Hungarian
|
S
|
S
|
S
|
Italian
Italian (MUI)
|
L, S
|
L, S
|
L, T, S
|
Japanese
Japanese (MUI)
|
L, S
|
L, S
|
L, T, S
|
Korean
Korean (MUI)
|
L, S
|
L, S
|
L, T, S
|
Norwegian
|
S
|
S
|
S
|
Polish
Polish (MUI)
|
L, S
|
L, S
|
L, T, S
|
Portuguese (Brazilian)
Portuguese (Brazilian) (MUI)
|
L, S
|
L, S
|
L, T, S
|
Russian
Russian (MUI)
|
L, S
|
L, S
|
L, T, S
|
Spanish
Spanish (MUI)
|
L, S
|
L, S
|
L, T, S
|
Swedish
|
S
|
S
|
S
|
Turkish
|
S
|
S
|
S
|
On non-localized but tested and supported language platforms, the administrator is responsible for policy changes arising from directory naming variations between languages.
If the previous operating system tables do not indicate that CSA is localized (L) then the system administrator is responsible for checking to ensure that the tokens are in the language they expect and the directory path is the one they intend to protect.
Verifying Language Tokens
To determine if language tokens are correct, follow this procedure:
Step 1 Log on to CSA MC as a user with configure or deploy privileges and switch to Advanced Mode.
Step 2 From the CSA menu bar, mouseover Systems and select Hosts from the drop-down menu.
Step 3 Click the link to the host name using the language you want to verify.
Step 4 In the Host Status area, click the Detailed Status and Diagnostics link.
Step 5 Click the Diagnose button.
Look at the folder information in the Data area of the Diagnosis Data page. (See Figure 1-3.) These are the values of the directory tokens CSA needs for localization. Make sure that the folder paths are in the language you expect and that they protect the correct directory.
Figure 1-3 Diagnosis for Localized Host
Scalable Deployments
This release of CSA offers scaling of agents to 100,000 systems. To reach this deployment number, there are recommended multi-tiered CSA MC server system hardware, CPU, and memory requirements. Please refer to Hardware Sizing.
Hardware Sizing
This section provides three server configuration examples and three hardware configuration examples. The server and hardware combinations will be charted in three tables providing information on how many agents can be deployed using each server and hardware configuration combination. This should give you an idea of how to configure CSA to scale up to a 100,000 agent deployment.
Server Configurations:
For the purpose of this guide, we will use three server configuration examples.
1. Single server
2. Two servers: one server for polling and configuration, one database server
3. Three servers: one server for polling, one server for configuration, one database server
Hardware Configurations:
We will use the following hardware configurations.
1. Single processor Pentium 4 (3Ghz+) with 2 GB RAM
2. Dual processor Xeon (2.5 Ghz+) with 4 GB RAM
3. Quad processor Xeon (2.5 Ghz+) with 8 GB RAM
4. Eight-Way Xeon (2.5 Ghz+) with 8 GB RAM
The following tables approximate the number of agents you could deploy with each server configuration installed on one of four hardware configurations provided.
Table 1-10 Server Configuration 1: Single Server
Hardware Configuration
|
Number of agents supported by CSA MC on physical server
|
Number of agents supported by CSA MC on virtual server
|
Hardware Configuration 1
|
2,500
|
1,000
|
Hardware Configuration 2
|
5,000
|
2,500
|
Hardware Configuration 3
|
10,000
|
5,000
|
Hardware Configuration 4
|
20,000
|
not applicable
|
Table 1-11 Server Configuration 2: Two Servers
Hardware Configuration
|
Number of agents supported by CSA MC on physical server
|
Number of agents supported by CSA MC on virtual server
|
Hardware Configuration 1
|
7,500
|
2,500
|
Hardware Configuration 2
|
15,000
|
7,500
|
Hardware Configuration 3
|
30,000
|
20,000
|
Hardware Configuration 4
|
75,000
|
not applicable
|
Table 1-12 Server Configuration 3: Three Servers
Hardware Configuration
|
Number of agents supported by CSA MC on physical server
|
Number of agents supported by CSA MC on virtual server
|
Hardware Configuration 1
|
10,000
|
2,500
|
Hardware Configuration 2
|
20,000
|
7,500
|
Hardware Configuration 3
|
50,000
|
30,000
|
Hardware Configuration 4
|
100,000
|
not applicable
|
Software Considerations
•CSA MC is only supported on Windows 2003 R2 Standard and Enterprise operating systems. Only Hardware Configurations 1 and 2 (referenced in previous tables) support Windows 2003 R2 Standard. Hardware Configuration 3 with 8GB RAM requires Windows 2003 R2 Enterprise to take advantage of the increased memory. Refer to the Microsoft web site product information section for details.
•To support any deployment over 1,000 agents, you should use Microsoft SQL Server 2005 in lieu of Microsoft SQL Server Express. Only Hardware Configuration 1 supports Microsoft SQL Server 2005 Workgroup or Standard editions with their 4GB RAM limitation.
Note Your memory consumption needs should dictate your CSA MC operating system choice, i.e. Windows 2003 R2 Standard and Enterprise.
Configuration Recommendations for Scalability
If you intend to scale to a deployment of approximately 100,000 agents, there are some configuration recommendations you should consider:
Set Polling Interval
With 100,000 agents deployed across your enterprise, you want to ensure that no more than 20 agents are communicating with the MC approximately every second or so. Therefore, with a deployment of this size, it is recommended that you set the polling interval to 24 hours and enable polling hints.
Use Content Engines
For large deployments, it is highly recommended that you use content engines with transparent web caching. It makes sense to direct groups of agents to different content engines in large deployment scenarios. Content engines reduce the load on the MC by caching rule downloads and software updates.
Factors in Network Sizing
You can use the following data points for computing product network usage. The following numbers average tasks based on the upper limit of a 100,000 agent deployment.
Agent and Configuration Statistics
•Number of agents: 100,000
•Polling interval: 24 hours
•Event retention: 60 days
•Event updates: 3 per agent per day
Task Size Statistics
•Hint message: 1 Kb
•Poll size: 2 Kb
•Event update size: 2.5 Kb
•Policy update size: 35 Kb
•Agent update size: 25,000 Kb
•Tracker (Application Behavior Investigation) (Product only): 100 Kb
•Tracker (Application Behavior Investigation) (Product and non-verbose network): 2,000 Kb
•Tracker (Application Behavior Investigation) (Product and verbose network): 8,000 Kb
Tracker (Application Behavior Investigation)Agent Installation Statistics
•Number of agents in Tracker (Product only) group: 1,000
•Number of agents in Tracker (Product and non-verbose network) group: 100
•Number of agents in Tracker (Product and verbose network) group: 10
Bandwidth Statistics
•Downstream from CSA MC: 1333.33 Kb/sec, continuous
•Upstream to CSA MC: 3600 Kb/sec, continuous
•Policy update (downstream): 5833.33 Kb/sec, during update timeframe
•Agent update (downstream): 2666666.67 Kb/sec, during update timeframe
As an example of how you could compute network load using the data points provided here, take 100,000 agents, each generating an average of 3 events per day, and multiply Event update size, by number of Event updates, by number of agents, per a time frame of your choosing and average out a network load.
Factors in Database Sizing
You can use the following data points for computing database sizing. The following numbers average table size based on the upper limit of a 100,000 agent deployment.
•Event table size: 11,707.02 Mb
•Formatted event table: 13,658.20 Mb
•Other tables: 20,000 Mb
•Total database size; 45,365.23 Mb
