Table Of Contents
Server Platform Considerations
Data Migration Support Summary
Overview
This document provides technical guidance on migrating from CiscoWorks VPN/Security Management Solution (VMS) to Cisco Security Manager.
This chapter contains the following sections:
•
Server Platform Considerations
•
VMS Product Migration
End-of-Sale and End-of-Life dates are announced for VMS 2.3 at the following URL:
There are no further VMS releases planned beyond the 2.3 Each application within the VMS bundle transitions either by 1) replacement by a new product/application or 2) movement of the application to a new product offering. The component applications of VMS 2.3 are listed in Table 1-1 along with the corresponding replacement product and application. An end-of-sale and end-of-life announcement will follow for VMS, once all VMS applications have completed their transition.
Table 1-1 VMS 2.3 Application Migration
Firewall Management Center (MC) 1.3.5
Cisco Security Manager 3.0 or higher
Cisco Security Manager 3.0 or higher
Router MC 1.3.1
Cisco Security Manager 3.0 or higher
Cisco Security Manager 3.0 or higher
IPS MC 2.2
Cisco Security Manager 3.1 or higher
Cisco Security Manager 3.1 or higher
MCP 2.0.2
Cisco Security Manager 3.0 or higher
Performance Monitor 3.0 or higher
Auto Update Server 1.3
Cisco Security Manager 3.0 or higher
Auto Update Server 3.0 or higher
RME 3.5
Cisco Security Manager 3.0 or higher
RME 4.0.x
Security Agent MC 4.5
Cisco Security Agent 5.2 and higher
Cisco Security Agent MC 5.2 and higher
Security Monitor 2.2
Cisco Security MARS1
Cisco Security MARS
1 Cisco Security MARS is provided in an appliance form factor unlike VMS and Security Manager which are software only and installed on a customer-supplied server.
Licensing Considerations
The licensing model has changed between VMS and Security Manager and it is important to understand the differences when planning the migration.
VMS 2.3 has 3 different versions:
•
•
•
Cisco Security Manager 3.x has three base versions:
•
•
•
The Standard versions support 5 and 25 devices, respectively. The Professional version supports 50 devices and supports incremental device license packages available in increments of 50, 100, 500, and 1000 devices. The Professional version supports the management of the Catalyst 6500 and its associated services modules, while the Standard versions do not include this support.
When migrating from VMS to Security Manager, you should pay attention to licensing to ensure a sufficient device count support and device type support. Extra attention should be paid in the case of VMS Unrestricted used with large networks. When migrating to Security Manager you might need to acquire additional device count licenses to cover the size of the network. If Catalyst 6500 services modules will be managed, the Cisco Security Manager Professional version is required.
VMS customers can get information about upgrading to Security Manager from http://www.cisco.com/go/csmanager.
Cisco Security MARS is provided as an appliance and different models are available based on the required events per second (EPS) load handling requirements. Information on Cisco Security MARS is available at http://www.cisco.com/go/mars.
For more information about Cisco Security Agent, visit http://www.cisco.com/go/csa.
Server Platform Considerations
When planning a migration from VMS to Security Manager, you should to take into account the differences in server platform requirements between the two products. Table 1-2 summarizes the server operating system support for VMS and Security Manager. VMS is available on both Windows and Solaris operating systems. However, Security Manager is only available on Windows. Therefore, if you are using VMS on Solaris you cannot migrate to Security Manager unless you switch to a Windows platform.
VMS does not support Windows 2003, while Security Manager does. Because Microsoft has retired mainstream support for Windows 2000, you may want to migrate to Windows 2003 for use with Security Manager.
There are also differences between VMS 2.3 and Security Manager 3.0 in the minimum server hardware requirements as shown in (Table 1-3). Given the increased requirements for Cisco Security Manager 3.0, you might need to upgrade the server being used for VMS or use a new server that meet the requirements.
Data Migration Support Summary
There are few data migration tools available when migrating from VMS to Cisco Security Manager. The data migration support that is available is summarized in Table 1-4. For some applications there is no data migration support. This document provides strategies and recommendations for migrating to Security Manager where automated data migration tools are not available. For those Security Manager applications where data migration is supported, the upgrade and migration procedures are covered in the indicated installation guide.
Table 1-4 Data Migration Support Summary
Firewall MC
Security Manager 3.0 or higher
No
Router MC
Security Manager 3.0 or higher
No
IPS MC 2.2
Security Manager 3.1 or higher
Partial
AUS 2.2
AUS 3.0 or higher
No
See Notes on AUS
MCP 2.0.2
Performance Monitor 3.0 or higher
Partial1
Installation and Release Notes for Cisco Performance Monitor 3.0
RME 3.5
RME 4.0.3
Yes
Installation and Setup Guide for Resource Manager Essentials 4.0.3 on Windows (With LMS 2.5.1) and Data Migration Guide for LAN Management Solution 2.5.1
Common Services 2.2.
Common Services 3.0.3
Yes
Installation and Setup Guide for CiscoWorks Common Services 3.0.3 (Includes CiscoView) on Windows (With LMS 2.5.1) and Data Migration Guide for LAN Management Solution 2.5.1
Security Monitor 2.2
Cisco Security MARS
No
—
Security Agent MC 4.5
Security Agent MC 5.2
Yes
Installing Management Center for Cisco Security Agents 5.2
1 A limited data migration utility is provided which migrates the device inventory and credentials from MCP 2.0.2 to Performance Monitor 3.0.
Migration Notes
This section provides brief notes on specific VMS applications:
Notes on AUS
Automated data migration from AUS 1.3 to AUS 3.0 is not supported. If AUS is used simply as a deployment method for device configurations, you do not need to perform any additional configuration of AUS after installation. All device inventory and deployment information is configured in Security Manager.
However, if you use AUS to update PIX software images or PIX device manager images, these images need to be loaded in to AUS 3.0. Likewise all file to device assignments need to be re-created. You cannot transfer historical event data from AUS 1.3 to AUS 3.0.
Notes on Security Monitor
Cisco Security MARS is the recommended replacement product for Security Monitor. There is no data migration supported between Security Monitor and Cisco Security MARS.
1 Unlimited from a licensing perspective. Performance limitations would limit the actual number of devices that could be managed by a single VMS server.