User Guide for Cisco IPS Manager 3.0 - Generating, Approving, and Deploying Sensor Configurations [Cisco Security Manager]

Table Of Contents

Generating, Approving, and Deploying Sensor Configurations

Task List for Generating, Approving, and Deploying Sensor Configurations

Generating Sensor Configurations

Approving Sensor Configurations

Deploying Sensor Configurations

Defining Deployment Settings

Generating, Approving, and Deploying Sensor Configurations

You must generate, approve, and deploy sensor configurations after you configure sensors and groups of sensors.

You must have a user account with privileges to generate, approve, or deploy configuration files. Five types of accounts, or authorization roles, are available in Management Center for IPS Sensors (IPS MC). The Approver can approve sensor configurations, the Network Operator can deploy sensor configurations, and the System Administrator can generate, approve, and deploy sensor configurations.

•Help Desk—Privileges for this type of account are read-only for the entire system. Using this type of account, you can view any report or alarm but cannot delete reports or alarms and cannot generate reports.

•Approver—Privileges for this type of account are read-only for the entire system and the ability to approve configurations. Using this type of account, you can view any report or alarm but cannot delete reports or alarms and cannot generate reports.

•Network Operator—Privileges for this type of account are read-only for the entire system and the ability to deploy configurations. Using this type of account, you can view any report or alarm, delete reports and alarms, and generate reports.

•Network Administrator—Privileges for this type of account are read-only for the entire system and the ability to edit devices and device groups.

•System Administrator—Using this type of account, you can edit anything in the system, view any report or alarm, delete reports and alarms, and generate reports.

Tip You can install Cisco Secure Access Control Server for additional levels of authorization and authentication.

Task List for Generating, Approving, and Deploying Sensor Configurations

From the Deployment tab you can generate, approve, and deploy sensor configurations.

This section contains the following topics:

•Generating Sensor Configurations

•Approving Sensor Configurations

•Deploying Sensor Configurations

•Defining Deployment Settings

Generating Sensor Configurations

This procedure describes how to generate sensor configurations. It applies to sensors for which you have saved proposed configuration changes to the database but for which the configurations have not been generated.

You must have a user account with adequate privileges to generate sensor configurations.

You cannot generate a configuration for proposed configuration changes until you save them to the database. You can review proposed configuration changes to determine whether you have saved them; for more information, see Reviewing Pending Configuration File Settings.

Note Unless you specify otherwise, IPS MC automatically approves sensor configurations when you generate them.

To generate a sensor configuration, follow these steps:

Step 1 Select Deployment > Generate.

The Generate page appears.

Step 2 To generate a configuration file for a particular sensor, select that sensor from the tree, and then click Generate.

Step 3 You can verify that the configuration file was generated; for more information, see Reviewing Historical Configuration File Settings

Approving Sensor Configurations

This procedure describes how to approve, view, and delete proposed sensor configurations.

You must have a user account with adequate privileges to approve sensor configurations.

To approve a sensor configuration, follow these steps:

Step 1 Select Deployment > Approve.

The Approve page appears.

Step 2 To approve a configuration, select the corresponding check box, and then click Approve.

Note Unless you specify otherwise, IPS MC approves configurations when you generate them. To specify manual approval, select Admin > System Configuration, and then select Configuration File Management from the TOC.

Step 3 You can also view and delete configurations on the Approve page by clicking View and Delete, respectively.

Deploying Sensor Configurations

This procedure describes how to deploy approved sensor configurations.It also describes how to view a list of pending configurations and how to view the status of each deployment job in the IPS MC database.

You must have a user account with adequate privileges to deploy sensor configurations.

Caution If your sensors already have an NTP server configuration, such as you might have established outside of IPS MC, you must identify the NTP server by using the procedure entitled Identifying an NTP Server before deploying a sensor configuration. Otherwise, your NTP server settings might be lost. We recommend selecting the Global group in the step-by-step portion of that procedure.

To deploy a sensor configuration, follow these steps:

Step 1 Select Deployment > Deploy.

Step 2 From the TOC, select Submit.

The Submit page appears.

Step 3 In the tree, select the sensor for which you want to deploy a configuration.

The Select Configurations page appears.

Step 4 Select a sensor configuration by selecting the corresponding check box, and then click Next.

The Enter Job Properties page appears.

Step 5 Enter the name of the job in the Job Name field under Schedule Type.

Step 6 To deploy the job immediately, click the Immediate radio button. Then, skip to Step 13.

Step 7 To deploy the job at a specific date and time, click the Scheduled radio button, and then select the desired start date and time using the list boxes to the right of Start Time.

Step 8 Enter the maximum number of deployment attempts that should be tried in the Maximum Number Of Attempts field under Retry Options.

Note Enter 0 (zero) in the Maximum Number Of Attempts field to specify no retries.

Step 9 Enter the time, in minutes, between attempts in the Time Between Attempts field.

Note The default time is 15 minutes.

Step 10 To overwrite a conflicting configuration on the sensor, select the Overwrite conflicting sensor(s) configuration? check box under Failure Options.

Step 11 To require that sensor versions are correct, select the Require correct sensor versions? check box under Failure Options.

Step 12 To enable notification on deployment, select the Email report to: check box under Notification Options, and then, in the Email report to: field, enter the email addresses of the people to be notified. Use commas to separate email addresses.

Step 13 Click Finish.

The Submit page appears.

Step 14 To verify that you have submitted a configuration file for deployment, select Deployment > Deploy, and then select Pending from the TOC.

The Pending page appears.

Step 15 On the Pending page, you can edit a pending deployment or delete it.

Step 16 To see the status of each deployment job in the IPS MC database, select Deployment > Deploy, and then select Job Management from the TOC.

The Job Management page appears.

You can use the Job Management page to delete completed jobs and jobs that have errors or other problems.

Step 17 When you deploy a sensor configuration to a 5.x device, there are some settings that require you to reboot the sensor manually. IPS MC notifies when this condition occurs. You can then reboot the sensor manually through IPS MC.

a. If any settings require you to reboot the sensor manually, IPS MC notifies you by changing the icon of the sensor everywhere that it occurs:

•In the Object Selector that results from selecting Configuration.

•In the Object Selector that results from selecting Devices > Sensor.

Tip The tool tip for the icon displays detailed information about the sensor as part of how IPS MC notifies you.

b. If any settings require you to reboot the sensor manually, IPS MC also notifies you by displaying the status of the sensor in the Progress Viewer. In the % Complete column in the Progress Viewer, a yellow-colored field containing the words "Reboot Required" appears.

Tip In the Progress Viewer, two other status displays are possible for a sensor: A blue-colored field containing the word "Success" and a red-colored field containing the word "Error."

c. To reboot a sensor or sensors manually, select Devices > Sensor, then select the sensor or sensors, and then click Reboot.

A warning dialog box asks you if you really want to reboot the sensor or sensors.

Defining Deployment Settings

This procedure describes how to define the default settings used by Quick Deploy and scheduled deployment jobs. This procedure is available in version 2.0 and later versions of the IPS MC.

You must have a user account with adequate privileges to define deployment settings.

To define deployment settings, follow these steps:

Step 1 Select Admin > System Configuration.

Step 2 From the TOC, select Deploy Settings.

The Deploy Settings page appears.

Step 3 Define the default settings to be used by Quick Deploy. For example, email notification for Quick Deploy can be entered here.

Step 4 Define the default setting to be used by scheduled deployment jobs. The default settings that you define here will be used as initial values in the schedule page in the Deploy wizard.

	User Guide for Cisco IPS Manager 3.0
	Generating, Approving, and Deploying Sensor Configurations
User Guide for Cisco IPS Manager 3.0 Preface Introduction Advanced User Interface Design Features Managing Sensors with IPS MC Working with Groups and Sensors Configuring Sensors and Signature Settings Generating, Approving, and Deploying Sensor Configurations Monitoring Sensor Health Using Update Files Administering the System Configuration Administering the Database Reports Moving from the Unix Director or CSPM to IPS MC Solving Common Problems in IPS MC Employing Cisco Secure ACS with IPS MC Index	Download this chapter Generating, Approving, and Deploying Sensor Configurations Download the complete book User Guide for Cisco IPS Manager 3.0 (PDF - 3 MB) Table Of Contents Generating, Approving, and Deploying Sensor Configurations Task List for Generating, Approving, and Deploying Sensor Configurations Generating Sensor Configurations Approving Sensor Configurations Deploying Sensor Configurations Defining Deployment Settings Generating, Approving, and Deploying Sensor Configurations You must generate, approve, and deploy sensor configurations after you configure sensors and groups of sensors. You must have a user account with privileges to generate, approve, or deploy configuration files. Five types of accounts, or authorization roles, are available in Management Center for IPS Sensors (IPS MC). The Approver can approve sensor configurations, the Network Operator can deploy sensor configurations, and the System Administrator can generate, approve, and deploy sensor configurations. •Help Desk—Privileges for this type of account are read-only for the entire system. Using this type of account, you can view any report or alarm but cannot delete reports or alarms and cannot generate reports. •Approver—Privileges for this type of account are read-only for the entire system and the ability to approve configurations. Using this type of account, you can view any report or alarm but cannot delete reports or alarms and cannot generate reports. •Network Operator—Privileges for this type of account are read-only for the entire system and the ability to deploy configurations. Using this type of account, you can view any report or alarm, delete reports and alarms, and generate reports. •Network Administrator—Privileges for this type of account are read-only for the entire system and the ability to edit devices and device groups. •System Administrator—Using this type of account, you can edit anything in the system, view any report or alarm, delete reports and alarms, and generate reports. Tip You can install Cisco Secure Access Control Server for additional levels of authorization and authentication. Task List for Generating, Approving, and Deploying Sensor Configurations From the Deployment tab you can generate, approve, and deploy sensor configurations. This section contains the following topics: •Generating Sensor Configurations •Approving Sensor Configurations •Deploying Sensor Configurations •Defining Deployment Settings Generating Sensor Configurations This procedure describes how to generate sensor configurations. It applies to sensors for which you have saved proposed configuration changes to the database but for which the configurations have not been generated. You must have a user account with adequate privileges to generate sensor configurations. You cannot generate a configuration for proposed configuration changes until you save them to the database. You can review proposed configuration changes to determine whether you have saved them; for more information, see Reviewing Pending Configuration File Settings. Note Unless you specify otherwise, IPS MC automatically approves sensor configurations when you generate them. To generate a sensor configuration, follow these steps: Step 1 Select Deployment > Generate. The Generate page appears. Step 2 To generate a configuration file for a particular sensor, select that sensor from the tree, and then click Generate. Step 3 You can verify that the configuration file was generated; for more information, see Reviewing Historical Configuration File Settings Approving Sensor Configurations This procedure describes how to approve, view, and delete proposed sensor configurations. You must have a user account with adequate privileges to approve sensor configurations. To approve a sensor configuration, follow these steps: Step 1 Select Deployment > Approve. The Approve page appears. Step 2 To approve a configuration, select the corresponding check box, and then click Approve. Note Unless you specify otherwise, IPS MC approves configurations when you generate them. To specify manual approval, select Admin > System Configuration, and then select Configuration File Management from the TOC. Step 3 You can also view and delete configurations on the Approve page by clicking View and Delete, respectively. Deploying Sensor Configurations This procedure describes how to deploy approved sensor configurations.It also describes how to view a list of pending configurations and how to view the status of each deployment job in the IPS MC database. You must have a user account with adequate privileges to deploy sensor configurations. Caution If your sensors already have an NTP server configuration, such as you might have established outside of IPS MC, you must identify the NTP server by using the procedure entitled Identifying an NTP Server before deploying a sensor configuration. Otherwise, your NTP server settings might be lost. We recommend selecting the Global group in the step-by-step portion of that procedure. To deploy a sensor configuration, follow these steps: Step 1 Select Deployment > Deploy. Step 2 From the TOC, select Submit. The Submit page appears. Step 3 In the tree, select the sensor for which you want to deploy a configuration. The Select Configurations page appears. Step 4 Select a sensor configuration by selecting the corresponding check box, and then click Next. The Enter Job Properties page appears. Step 5 Enter the name of the job in the Job Name field under Schedule Type. Step 6 To deploy the job immediately, click the Immediate radio button. Then, skip to Step 13. Step 7 To deploy the job at a specific date and time, click the Scheduled radio button, and then select the desired start date and time using the list boxes to the right of Start Time. Step 8 Enter the maximum number of deployment attempts that should be tried in the Maximum Number Of Attempts field under Retry Options. Note Enter 0 (zero) in the Maximum Number Of Attempts field to specify no retries. Step 9 Enter the time, in minutes, between attempts in the Time Between Attempts field. Note The default time is 15 minutes. Step 10 To overwrite a conflicting configuration on the sensor, select the Overwrite conflicting sensor(s) configuration? check box under Failure Options. Step 11 To require that sensor versions are correct, select the Require correct sensor versions? check box under Failure Options. Step 12 To enable notification on deployment, select the Email report to: check box under Notification Options, and then, in the Email report to: field, enter the email addresses of the people to be notified. Use commas to separate email addresses. Step 13 Click Finish. The Submit page appears. Step 14 To verify that you have submitted a configuration file for deployment, select Deployment > Deploy, and then select Pending from the TOC. The Pending page appears. Step 15 On the Pending page, you can edit a pending deployment or delete it. Step 16 To see the status of each deployment job in the IPS MC database, select Deployment > Deploy, and then select Job Management from the TOC. The Job Management page appears. You can use the Job Management page to delete completed jobs and jobs that have errors or other problems. Step 17 When you deploy a sensor configuration to a 5.x device, there are some settings that require you to reboot the sensor manually. IPS MC notifies when this condition occurs. You can then reboot the sensor manually through IPS MC. a. If any settings require you to reboot the sensor manually, IPS MC notifies you by changing the icon of the sensor everywhere that it occurs: •In the Object Selector that results from selecting Configuration. •In the Object Selector that results from selecting Devices > Sensor. Tip The tool tip for the icon displays detailed information about the sensor as part of how IPS MC notifies you. b. If any settings require you to reboot the sensor manually, IPS MC also notifies you by displaying the status of the sensor in the Progress Viewer. In the % Complete column in the Progress Viewer, a yellow-colored field containing the words "Reboot Required" appears. Tip In the Progress Viewer, two other status displays are possible for a sensor: A blue-colored field containing the word "Success" and a red-colored field containing the word "Error." c. To reboot a sensor or sensors manually, select Devices > Sensor, then select the sensor or sensors, and then click Reboot. A warning dialog box asks you if you really want to reboot the sensor or sensors. Defining Deployment Settings This procedure describes how to define the default settings used by Quick Deploy and scheduled deployment jobs. This procedure is available in version 2.0 and later versions of the IPS MC. You must have a user account with adequate privileges to define deployment settings. To define deployment settings, follow these steps: Step 1 Select Admin > System Configuration. Step 2 From the TOC, select Deploy Settings. The Deploy Settings page appears. Step 3 Define the default settings to be used by Quick Deploy. For example, email notification for Quick Deploy can be entered here. Step 4 Define the default setting to be used by scheduled deployment jobs. The default settings that you define here will be used as initial values in the schedule page in the Deploy wizard.
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.