Installation Guide for Cisco Security Manager 3.3.1
Requirements and Dependencies
Download this chapter
Requirements and DependenciesRequirements and Dependencies
Download the complete book
Installation Guide for Cisco Security Manager 3.3.1Installation Guide for Cisco Security Manager 3.3.1 (PDF - 4 MB)
 Feedback

Table Of Contents

Requirements and Dependencies

Required Services and Ports

Server Requirements

Client Requirements


Requirements and Dependencies

You can install and use Security Manager as a standalone product or in combination with several other Cisco Security Management Suite applications, including optional applications that you can select in the Security Manager installer or download from Cisco.com. Requirements for installation and operation vary in relation to the presence of other software on the server and according to the way that you use Security Manager.

Tip We recommend that you synchronize the date and time settings on all your management servers and all the managed devices in your network. One method is to use an NTP server. Synchronization is important if you want to correlate and analyze log file information from your network.

The sections in this chapter describe requirements and dependencies for installing server applications such as Security Manager, Auto Update Server, Performance Monitor, and RME, and Security Manager client software:

Required Services and Ports

Server Requirements

Client Requirements

Required Services and Ports

You must ensure that required ports are enabled and available for use by Security Manager and its associated applications on your server so that the server can communicate with clients and servers running associated applications.

The ports that need to be open depend on whether you are using CiscoWorks for AAA or an external server (such as ACS), and whether you are configuring Security Manager to interact with certain other applications:

Basic Required PortsTable 2-1 lists the basic ports that must be opened, assuming that you have not customized your configuration to use non-default ports. If you are using CiscoWorks for AAA (user authorization) services, and you do not use any of the optional applications, these should be the only ports you need to open.

Table 2-1 Basic Required Ports

Communication
Service
Protocol
Port

Security Manager Client to the Security Manager Server

HTTP/HTTPS

TCP

1741/443

Security Manager Client to the Cisco IPS Event Viewer (if you use this application)

IPS Viewer

TCP

60000, 60002, 60003

Security Manager Server to Devices

HTTPS
SSH
Telnet

TCP

443
22
23


Ports Required By Optional Applications—If you are using Security Manager with other applications, other ports also need to be opened, as shown in Table 2-2.

Table 2-2 Ports Required for Optional Applications 

Communication
Service
Protocol
Port

Security Manager Server to CS-MARS

HTTPS

TCP

443

Security Manager Server to Cisco Secure Access Control Server (ACS)

HTTP, HTTPS

TCP

2002

If port restriction is enabled on the ACS server, allow all ports in the range for HTTP/HTTPS communication.

If port restriction is disabled, allow all HTTP/HTTPS traffic between the Security Manager server and ACS.

Security Manager Server to an External AAA Server (configurable in a non-ACS mode)

RADIUS
LDAP
Kerberos

TCP

1645, 1646, 1812, 389, 636 (SSL), 88

Security Manager Server to Configuration Engine

HTTPS

TCP

443

Security Manager Server to AUS

HTTPS

TCP

443

Security Manager Server to TMS Server

FTP

TCP

21


Server Requirements

Tip We recommend that you install Security Manager on a dedicated server in a controlled environment. For additional best practices and related guidance, see Chapter 3, "Preparing a Server for Installation."

You can install Security Manager and its related applications on a Windows-based server that uses one CPU or multiple CPUs. To install Security Manager, you must be an Administrator or a user with local administrator rights. Table 2-3 describes server requirements and restrictions. These requirements apply to all applications. For example, if you install Performance Monitor on a separate server than Security Manager, the Performance Monitor server also needs to meet these requirements.

Do not install any application:

On a primary or backup domain controller. We do not support any use of Common Services on a Windows domain controller.

In an encrypted directory. Common Services does not support directory encryption.

If Terminal Services is enabled in Application mode. In such a case, you must disable Terminal Services, then restart the server before you install. Common Services supports only the Remote Administration mode for Terminal Services.

Table 2-3 Server Requirements and Restrictions 

Component
Requirement

System hardware

Minimum: One CPU >= 2GHz; Recommended: Two CPUs >= 2 GHz or a One dual-core CPU >= 2 GHz.

Color monitor with at least 1280 x 1024 resolution and a video card capable of 16-bit colors. For Performance Monitor and RME servers, you can get by with 1024 x 768 resolution.

DVD-ROM drive.

100BaseT (100 Mbps) or faster network connection; single interface only.

Keyboard.

Mouse.

System software

Microsoft Windows Server 2003, 32-bit version; Security Manager applications do not support 64-bit versions of Microsoft Windows:

Enterprise Edition with SP1 and SP2.

Standard Edition with SP1 and SP2.

R2 Enterprise Edition with SP1 and SP2.

R2 Standard Edition with SP1 and SP2.

Security Manager supports only the US-English and Japanese versions of Windows. From the Start Menu, open the Control Panel for Windows, open the panel where you configure region and language settings, then set the default locale. (We do not support English as the language in any Japanese version of Windows.)

Microsoft ODBC Driver Manager 3.510 or later is also required, so your server can work with Sybase database files. To confirm the installed ODBC version, find and right-click ODBC32.DLL, then select Properties from the shortcut menu. The file version is listed under the Version tab.

Memory (RAM)

Minimum: 2 GB; Recommended: 4 GB.

For the RME application, the minimum is 3 GB.

File system

NTFS.

Browser

One of the following:

Microsoft Internet Explorer 6.0 Service Pack 2.

Internet Explorer 7.0.

Firefox 2.0.

Compression software

WinZip 9.0 or compatible.

Hard Drive Space

20 GB free disk space or more.

IP Address

One static IP address. Dynamic addresses are not supported.

Note If the server has more than one IP address, you do not need to disable any of the multiple network interface cards before installation.

Swap Size

4096 MB

Virtualization Software

VMWare ESX Server 3.5. You should allocate 4 GB of memory to the virtual machine you use with Security Manager. Use of recent generation CPUs with technology designed to improve virtualization performance is recommended (for example, Intel-VT or AMD-V CPUs).

Tip You should allocate two or more CPUs to the VM image. Some processes, such as system backup, can take an unreasonably long time to complete if you use one CPU.

Client Requirements

Table 2-4 describes Security Manager Client requirements and restrictions.

Table 2-4 Client Requirements and Restrictions 

Component
Requirement

System hardware

One CPU with a minimum speed of 2 GHz

Color monitor with at least 1280 x 1024 resolution and a video card capable of 16-bit colors

Keyboard

Mouse

System software

One of the following:

Microsoft Windows XP Professional with SP1, SP2, or SP3, 32-bit version; Security Manager does not support 64-bit versions of Microsoft Windows.

Microsoft Windows Server 2003, 32-bit version; Security Manager does not support 64-bit versions of Microsoft Windows:

Server Edition with SP1 and SP2.

Enterprise Edition with SP1 and SP2.

R2 Enterprise Edition with SP1 and SP2.

R2 Standard Edition with SP1 and SP2.

Microsoft Windows Vista Business Edition with SP1 or Enterprise Edition.

Note Security Manager supports only the US-English and Japanese versions of Windows. From the Start Menu, open the Control Panel for Windows, open the panel where you configure region and language settings, then set the default locale. (We do not support English as the language in any Japanese version of Windows.)

Memory (RAM)

Minimum: 1 GB; Recommended: 2 GB.

Virtual Memory/
Swap Space

512 MB.

Hard Drive Space

10 GB free disk space.

Browser

One of the following:

Microsoft Internet Explorer 6.0 Service Pack 2.

Internet Explorer 7.0.

Firefox 2.0.

Java

Java Plug-in version 1.6.0_05. This is used for applications that are hosted in a browser window.

The Security Manager client includes an embedded and completely isolated version of Java. This Java version does not interfere with your browser settings or with other Java-based applications.

To verify the installed versions of JVM and the Java plug-in, do one of the following:

Internet Explorer—Select Tools > Sun Java Console.

Firefox— Select Tools > Web Development > Java Console.

From a prompt—Enter java -version.

Windows user account

You must log into the workstation with a Windows user account that has Administrator privileges to use the Security Manager client.

Although the some features of the client might work with lesser privileges, Administrator users only are fully supported.