Table Of Contents
Installing, Uninstalling, and Reinstalling Server Applications
Preventing Installation Problems Due to PERL5LIB
Exporting Data from IPS MC 2.2
Installing Server Applications
Importing IPS MC 2.2 Data
Obtaining Service Packs and Point Patches
Applying Service Packs and Point Patches
Patching a Server
Uninstalling and Reinstalling Server Applications
Uninstalling Server Applications
Reinstalling Server Applications
Uninstalling Cisco Security Agent
Installing, Uninstalling, and Reinstalling Server Applications
This chapter contains these major sections:
•
Preventing Installation Problems Due to PERL5LIB
•Exporting Data from IPS MC 2.2
•Installing Server Applications
•Importing IPS MC 2.2 Data
•Obtaining Service Packs and Point Patches
•Applying Service Packs and Point Patches
•Uninstalling and Reinstalling Server Applications
Preventing Installation Problems Due to PERL5LIB
A known problem exists on servers where Perl is installed and where a system environment variable is set for PERL5LIB. To confirm whether this problem affects your server and to work around the problem if necessary:
Step 1 Right-click My Computer, then select Properties from the shortcut menu.
Step 2 On the Advanced tab, click Environment Variables.
Step 3 If you see in the System Variables area that a PERL5LIB variable is set, determine which application set the variable and — if that application is mission-critical in your network — reinstall it on a different server, then delete the PERL5LIB variable on the server where you plan to install Security Manager.
Security Manager cannot run on a server where the PERL5LIB variable is set.
Exporting Data from IPS MC 2.2
If you plan to migrate data from an installation of IPS MC 2.2, and if the IPS MC server is the same server on which you plan to install Security Manager, you must do the following before you start installing Security Manager, which automatically installs IPS Manager.
Note•We do not support Security Manager coexistence on the same server with VMS 2.3, the suite of applications of which IPS MC is one component. We recommend that you follow all the guidelines in Chapter 1, "Preparing a Server for Installation."
•Available space (on the IPS MC server disk partition where you will store your backup) must not be less than the size of the IPS MC database.
•If the IPS MC database that you plan to import contains Security Monitor sensor alarms or syslog events, IPS Manager ignores those alarms and events when it imports the database. IPS Manager cannot use any records that are associated with Security Monitor.
Step 1 Back up your IPS MC server database files. See http://www.cisco.com/en/US/docs/security/security_management/vms/security_monitor/2.2/user/guide/DbRules.html#wp3263.
Step 2 Move the backed-up database from CSCOpx\MDC\backup to a secure volume.
Installing Server Applications
Tip To learn how to uninstall or reinstall Security Manager, see Uninstalling and Reinstalling Server Applications.
Before You Begin
•For supported OS versions, see Server Requirements, page 1-4.
•We recommend that you install Security Manager on a dedicated server in a controlled environment.
•If you plan to install Security Manager and its related applications on a server where you previously installed any version of Common Services earlier than Common Services 3.0.3, you must uninstall the older version and uninstall every application that relies on that version. If you install Security Manager on a server where any unsupported, older version of Common Services is installed, Security Manager might not work correctly. See Chapter 1, "Preparing a Server for Installation."
•The patch that allows Common Services 3.0.3 to work correctly with Security Manager is available on the Security Manager installation DVD only, and is installed automatically, so it is important that you use this Common Services 3.0.3 version (not the CD-ONE version of Common Services 3.0.3) on the server where you install Security Manager.
•If you obtained a base license for Security Manager and IPS Manager (see Effects of Licensing on Installation, page 1-7), move a copy of the license file to your server. Security Manager sees only the local volumes, not the mapped drives, when you browse directories on your server.
This procedure tells you how to install Security Manager server software.
Step 1 If you have not done so already, uninstall McAfee Antivirus. See "Resolve security product conflicts" in the Best Practices checklist.
Step 2 Disable every active instance of Sybase.
Step 3 Follow the instructions that apply to your installation:
Installing from the DVD:
|
Installing from Cisco.com:
|
Insert the Security Manager installation DVD in the Windows server DVD drive:
•If autorun is enabled, the installer opens automatically.
•If autorun is not enabled, open the csm3_0_win_server folder, double-click Setup.exe, then click Yes to confirm that you are installing Security Manager.
|
a. Go to http://www.cisco.com/go/csmanager, then click Download Software.
b. Download both the documentation and the self-extracting software installation utility for Cisco Security Manager 3.0.
Note Save the installation utility on a disk that is local to your server. Installation cannot succeed over a network connection to a remote volume, even if installation seems to succeed.
c. Print and read the documentation to learn what important considerations might affect your installation.
d. Follow the instructions in the documentation for decompressing and starting the installation utility.
The InstallShield Wizard extracts files to a temporary directory and checks their integrity while it constructs the Cisco Security Manager Setup application, which starts automatically.
Tip If an error message says the file contents cannot be unpacked, we recommend that you empty the Temp directory, scan for viruses, delete the C:\Program Files\Common Files\InstallShield directory, then reboot and retry.
|
Step 4 When the Setup application prompts you to decide among essential installation options, such as which applications to install, select the options that meet your requirements.
If you do not understand your options, see the step-by-step instructions in Appendix A, "Security Manager Server Installation GUI Reference."
Note•If you choose to reinstall any applications, or if you choose to install applications in addition to applications that you installed previously, the Security Manager server performs a full, mandatory backup before you can advance beyond this step.
•When the wizard prompts you to enter passwords for the admin login account and the System Identity login account, you must specify the same password for both accounts. See Understanding User Accounts, page A-1.
If you are installing Security Manager, the installer prompts you to select your license options and enter your license key. You can use the free evaluation license or the base license file that you purchase. See Effects of Licensing on Installation, page 1-7.
Step 5 Click Finish.
Setup installs and configures the selected components.
Note If you are evaluating Security Manager, the evaluation period is 90 days and limits the maximum number of managed devices to 50. The evaluation version functions fully in all other ways. Each time that you start the evaluation version, a message is displayed that:
•Counts down the number of days remaining until the evaluation period ends.
•Tells you how to install a Security Manager license.
See Effects of Licensing on Installation, page 1-7.
Step 6 Restart the server.
Your Security Manager server is now:
•Available as a source from which to download the dedicated Security Manager client application. See Chapter 1, "Installing or Uninstalling Security Manager Client."
•Protected by the standalone version of Cisco Security Agent. See Cisco Security Agent, page 1-5, and see Appendix A, "Cisco Security Agent: Standalone Agent Overview."
If you plan to import data from a preexisting installation of IPS MC, see Importing IPS MC 2.2 Data.
For information about the files that are installed on your server and the locations to which they are saved, see Locations of Installed Files on Servers, page 1-9.
Importing IPS MC 2.2 Data
Before You Begin
If you plan to migrate data from IPS MC 2.2 to IPS Manager 3.0, you can complete the following procedure successfully only after you:
1. Complete the procedure described in Exporting Data from IPS MC 2.2.
2. Complete the Security Manager installation that installs IPS Manager automatically. See Installing Server Applications.
Note•If the IPS MC database that you plan to import contains Security Monitor sensor alarms or syslog events, IPS Manager ignores those alarms and events when it imports the data. IPS Manager cannot use any records that are associated with Security Monitor.
•When you import IPS MC data into IPS Manager:
–Do not use spaces anywhere in the path.
–Do not use a path that is longer than 67 characters, including the drive letter and any backslash characters.
–We recommend that available space on the server disk partition be at least twice the size of the database file that you plan to import.
To transfer IPS MC 2.2 data to IPS Manager 3.0:
Step 1 Move to your Security Manager server a copy of the IPS MC backup that you saved on a secure volume.
Step 2 Note the full pathname of the newly transferred copy of your backup file.
Step 3 From a Windows command line prompt in the NMSROOT\bin directory, run IpsMcDbUpgrade.pl, where NMSROOT is the path to the Security Manager installation directory. The default is C:\Program Files\CSCOpx.
The command line argument to use includes the full pathname of the backup file; for example: IpsMcDbUpgrade.pl D:\backup\20060104184347\ids-mdc
The time required to import IPS MC data varies according to the size of the database file and the percentage of its records that must be discarded because they are associated with Security Monitor.
Obtaining Service Packs and Point Patches
Caution Do not download or open any file that claims to be a service pack or point patch for Security Manager unless you obtained it from Cisco.com. Third-party service packs and point patches are not supported.
After you install Security Manager, you might choose to install a service pack or point patch from Cisco Systems to fix bugs, support new device types, or otherwise enhance Security Manager.
•To learn when Cisco has prepared a new, regularly-scheduled service pack, and to download any service pack that matters to you, open Security Manager, then select Help > Security Manager Online. Alternatively, point your browser to: http://www.cisco.com/go/csmanager.
•If your organization submits a Cisco TAC service request, TAC will tell you if an unscheduled point patch exists that might solve the problem you have described. Cisco does not distribute Security Manager point patches in any other way.
Service packs and point patches provide server support for client software updates and detect version level mismatches between a client and its server.
Applying Service Packs and Point Patches
After you choose to download and install a service pack or a point patch for your server, you must apply the equivalent software update to each of your client systems. See:
•Patching a Server.
•Patching a Client, page 1-9.
Patching a Server
Tip Before you apply a service pack or a point patch to your server, you might choose to create a compressed ZIP archive of NMSROOT/MDC, where NMSROOT is the path to the Security Manager installation directory. (The default is C:\Program Files\CSCOpx.) Then, if the service pack or point patch that you apply is not right for your needs or you have technical difficulties when you apply it, you can ask that a Cisco technical support engineer use the MDC.ZIP archive to restore your server.
•To learn how to obtain a service pack or point patch, see Obtaining Service Packs and Point Patches.
•The version number of the service pack or point patch that you apply to your server must be the same as the version number of the service pack or point patch that you apply to your client systems. See Patching a Client, page 1-9.
•For information about the files that are installed on your server and the locations to which they are saved, see Locations of Installed Files on Servers, page 1-9.
For step-by-step instructions that help you to apply a downloaded service pack or point patch to your server, see the readme or other user documentation that accompanies the file.
To patch a client, see Patching a Client, page 1-9.
Uninstalling and Reinstalling Server Applications
Note•To learn which data files are essential to Common Services operation and understand how to create archives of that data, see the Common Services online help or read the documentation on Cisco.com. We recommend that you back up copies of all essential data files from your server before you uninstall or reinstall Security Manager.
•If you reinstall any applications, the Security Manager server performs a full, mandatory backup automatically before you can continue.
To uninstall or reinstall applications on your server, see:
•Uninstalling Server Applications
•Reinstalling Server Applications
•Uninstalling Cisco Security Agent
Uninstalling Server Applications
Caution A server that is infected with a virus might be unstable after you uninstall software from it and reboot. If your server is not stable after an uninstallation and reboot, we recommend that you scan it for viruses and other kinds of malware.
Before You Begin
If any version of Windows Defender (which was known in its public beta test versions as both Microsoft AntiSpyware and Giant AntiSpyware) is installed, you must disable it before you try to uninstall Security Manager. Otherwise, the uninstallation application cannot run.
Step 1 Select Start > Programs > Cisco Security Manager > Uninstall Cisco Security Manager.
Step 2 From the list of applications, select one or more applications to uninstall.
Step 3 Click Next twice.
The uninstaller removes the applications that you selected.
Note If a Windows command line prompt window is open in \CSCOpx\bin when you uninstall server applications, the uninstaller cannot delete \CSCOpx\bin. In this case, you can choose whether and how to delete the directory.
Step 4 Only after you uninstall Security Manager, Common Services, and all their related applications, assuming that you choose to uninstall all server applications:
a. If a folder exists at C:\Program Files\CSCOpx, either delete, move, or rename the folder.
b. If the C:\CMFLOCK.TXT file exists, delete it.
c. Use a Registry editor to delete these Registry entries before you try to reinstall Security Manager or any of its related applications:
•My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Cisco\Resource Manager
•My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Cisco\MDC
Tip Although no reboot is required, we recommend that you reboot the server after an uninstallation so that Registry entries and running processes on the server are in a suitable state for a future reinstallation.
Note If the uninstallation causes an error, see the "Troubleshooting the Installation" chapter in Installation and Setup Guide for CiscoWorks Common Services 3.0 (Includes CiscoView) on Windows.
Step 5 (Optional) If you disabled Windows Defender before uninstalling Security Manager, you can choose now whether to reenable it.
Reinstalling Server Applications
Your server will perform a full and mandatory backup automatically when you select the required options to reinstall any Security Manager-related applications.
If you plan to reinstall Common Services on your Security Manager server, you must reinstall it from your Security Manager installation DVD, not from CD-ONE. We require this because we install a mandatory patch automatically when you install Common Services from the Security Manager installation DVD.
If you install Common Services and Security Manager on a server, then reinstall Common Services later, you must also reinstall Security Manager.
Note During reinstallation, you might see a warning message that says:
The application that you are installing requires new tasks to be
registered with ACS. If you have already registered this application
with ACS from another server, you do not need to register it again.
However if you re-register the application, you will lose any custom
roles that you had created earlier for this application in ACS.
In this case, log in to your Cisco.com account and see "CiscoWorks-ACS Task Registration During Upgrade and Re-installation" in Installation and Setup Guide for CiscoWorks Common Services 3.0.3 (Includes CiscoView) on Windows.
To reinstall one or more Security Manager server applications, see Installing Server Applications.
Uninstalling Cisco Security Agent
See Uninstalling the Standalone Agent, page A-3.
