Installation Guide for Cisco Security Manager 4.0 - Index [Cisco Security Manager]

Table Of Contents

A - B - C - D - E - F - H - I - J - L - M - N - O - P - R - S - T - U - V - W -

Index

A

Access Control Server (ACS)

activating NDG feature 7-15

adding devices as AAA clients without NDGs 7-13

adding managed devices 7-13

adding managed devices and configuring NDGs 7-22

adding multihomed devices 7-26

adding users 7-11

assigning roles to user groups 7-21

assigning roles to user groups with NDGs 7-22

assigning roles to user groups without NDGs 7-21

associating user roles and permissions 7-7

authentication fails 7-24

changes not appearing in Security Manager 7-25

configuring CiscoWorks AAA mode 7-18

configuring network device groups 7-14

configuring SMTP and e-mail for notifications 7-20

creating administration control user 7-16

creating local users in CiscoWorks 7-17

creating network device groups 7-15

customizing user roles 7-6

default roles 7-6

defining system identity user 7-11

devices not appearing in Security Manager 7-25

integrating with Security Manager 7-8

integration checklist 7-10

integration requirements 7-9

performing integration 7-11

performing integration in CiscoWorks 7-17

read-only access for system administrators 7-24

registering Security Manager 7-19

reinstalling server applications 4-4

restarting Daemon Manager 7-20

restoring access 7-26

troubleshooting 7-23

understanding user permissions 7-1

user permissions 7-2

using multiple versions of Security Manager 7-23

working after ACS becomes unreachable 7-25

accounts, user

managing 7-1

required 4-1

antivirus utilities, requirement to disable 3-4

applications

downgrading server 4-19

installing and configuring client 5-1

installing and upgrading server 4-1

logging into 5-9

required changes after upgrading server 4-14

uninstalling server 4-18

upgrading server 4-9

approve permissions 7-3

approver role 7-4

assign permissions 7-3

authorization, changes in ACS for devices 7-25

Auto Update Server (AUS)

installing 4-3

licensing 1-7

logging into 5-10

overview 1-2

required user accounts 4-1

server requirements 2-3

uninstalling 4-18

upgrading 4-9

B

backup

committing pending data before performing 4-11

Cygwin limitations A-5

database 4-12

backup/restore upgrade path, definition of 4-9

back up database 4-12

bootstrapping devices 6-4

browsers

configuring required settings 5-1

configuring required settings for Firefox 5-3

configuring required settings for Internet Explorer 5-2

logging into applications 5-10

supported 2-6, 2-8

Bundled Cisco Security Agent, definition of 1-3, B-1

C

certificates

requirement to create 6-1

troubleshooting 3-4

Cisco Security Agent (CSA)

cleaning an unclean agent B-3

importing policies into full version 3-2

installation, conditions for 1-3

installing 4-3

logs B-2

manually removing B-4

overview 1-3

policies for Bundled Cisco Security Agent B-1

security levels B-2

troubleshooting A-15

uninstalling B-2

upgrading 4-9

Cisco Security Management Suite

adding applications to home page 4-18

CiscoWorks Common Services

assigning roles to users 7-5

associating user roles and permissions 7-7

available user roles 7-4

configuring AAA mode 7-18

creating administration control user in ACS 7-16

creating local user for Cisco Secure ACS 7-17

defining system identity user 7-18

installing 4-3

licensing 1-6

logging into 5-10

overview 1-1

performing integration for Cisco Secure ACS 7-17

registering Security Manager with Cisco Secure ACS 7-19

required version 1-1

understanding user permissions 7-1

uninstalling 4-18

upgrading 4-9

client

clearing server list in Login window A-14

log files A-14

operating systems 2-7

requirements 2-7

troubleshooting after installation A-12

troubleshooting installation A-9

Compatibility View in Internet Explorer 8 2-6, 2-8

control permissions 7-3

Cygwin problems during database backup A-5

D

Daemon Manager

restarting after Cisco Secure ACS integration 7-20

database

backing up 4-12

committing pending data before upgrade 4-11

restoring 4-13

date and time settings 2-1, 3-4

deploy permissions 7-3

devices

bootstrapping 6-4

changes to ACS authorization not appearing in Security Manager 7-25

directory encryption, restriction against 2-4

documentation

CommonServices i-xi

Resource Manager Essentials (RME) i-xii

Security Manager, AUS, Performance Monitor i-xi

domain controllers (primary or backup), unsupported use 2-4

dual-screen setups A-15

E

e-mail address, Security Manager administrator 7-20

encrypted directories, restriction against 2-4

error messages

client installation A-9

server installation A-4

server uninstallation A-8

External Cisco Security Agent, definition of 1-3, B-1

F

Firefox

cache size requirement 5-3

configuring required settings 5-3

disabling popup blocker 5-4

displaying help in new tab 5-4

editing the preferences file 5-3

enabling Javascript 5-4

supported versions 2-6, 2-8

for more information 6-4

H

help desk user role 7-4

home page, adding applications to 4-18

HTTP, configuring non-default port 5-8

HTTPS

configuring non-default port 5-8

determining mode A-14

I

import permissions 7-3

indirect upgrade path, definition of 4-9

installation

Performance Monitor 4-5

RME 4-7

Security Manager, AUS, Common Services 4-3

Security Manager client 5-6

security settings that prevent client 5-7

troubleshooting client A-9

troubleshooting server A-4

using remote desktop or VNC 4-2

verifying 6-3

Internet Explorer

cache size requirement 5-2

configuring required settings 5-2

security settings 5-2

supported versions 2-6, 2-8

Internet Explorer 8 Compatibility View 2-6, 2-8

Internet Information Server (IIS), requirement to uninstall 3-3

J

Java requirements 2-8

L

language support 2-7

LAN Management Solution (LMS), unsupported use 3-3

LiaisonServlet error, troubleshooting A-6

licenses

effect of upgrade 1-6

how handled during product upgrade 4-9

obtaining 1-6

overview 1-5

Product Authorization Key (PAK) 1-6

Security Manager kit part numbers 1-6

Software License Claim Certificate 1-6

understanding 1-5

updating 4-16

local upgrade path, definition of 4-9

log files A-19

M

memory (RAM)

client requirements 2-7

modify permissions 7-2

N

Network Access Restriction (NAR) 7-9

network administrator role

Cisco Secure ACS 7-6

CiscoWorks 7-4

network device groups (NDGs)

activating NDG feature 7-15

associating with roles and user groups 7-22

configuring 7-14

creating 7-15

effect on user permissions 7-14

network operator role 7-4

O

operating systems

client 2-7

overview 1-1

P

pdshow command 6-2

pending data, committing 4-11

performance

client recommendations 2-7

server best practices 3-1

server recommendations 2-3

Performance Monitor

installing 4-5

licensing 1-7

logging into 5-10

overview 1-3

required user accounts 4-1

server requirements 2-3

uninstalling 4-18

updating licenses 4-16

upgrading 4-9

permanent license, upgrading from evaluation license 1-6

permissions

assigning roles in CiscoWorks 7-5

associating with user roles 7-7

categories 7-2

customizing for ACS 7-6

impact of NDGs 7-14

understanding 7-1

point patches

applying to a client 5-9

obtaining 4-17

popup blocker

disabling 5-5

disabling for Firefox 5-4

ports

comprehensive list of required TCP/UDP A-2

configuring non-default HTTP/HTTPS 5-8

list of typically required 2-1

processes

restarting server A-18

troubleshooting A-18

verifying 6-2

product registration 1-6

property files 4-11

R

remote desktop, using for installation 4-2

remote upgrade path, definition of 4-9

requirements

client 2-7

data and time settings 2-1, 3-4

general server 2-1

server 2-3

unsupported server configurations 2-4

Resource Manager Essentials (RME)

documentation i-xii

installing 4-7

licensing 1-7

logging into 5-10

required user accounts 4-1

server requirements 2-3

uninstalling 4-18

updating licenses 4-16

upgrading 4-9

restorebackup.pl command 4-13

restore database 4-13

roles

Cisco Secure ACS users 7-5

CiscoWorks users 7-4

S

Security 1-2

security

server best practices 3-1

security administrator role 7-6

security approver role 7-6

Security Manager

committing pending data before upgrade 4-11

component applications 1-1

downgrading server 4-19

getting started with 6-4

installing 4-3

licenses

effect on upgrade 1-6

obtaining 1-6

overview 1-5

understanding 1-5

logging in using browser 5-10

logging in using client 5-10

overview 1-2

related applications 1-4

required changes after upgrade 4-14

required user accounts 4-1

restarting Daemon Manager 7-20

server requirements 2-3

service startup requirements A-1

troubleshooting interaction with ACS 7-23

uninstalling server 4-18

updating licenses 4-16

upgrading server 4-9

Security Manager client

clearing server list in Login window A-14

configuring non-default HTTP/HTTPS port 5-8

determining HTTPS mode A-14

handling security settings that prevent installation 5-7

installing 5-6

locating client logs A-14

logging into 5-10

patching 5-9

resolving version mismatch A-14

running in dual-screen mode A-15

unable to upgrade 5-8

uninstalling 5-11

server

best practices for security 6-3

date and time settings 2-1, 3-4

general requirements 2-1

performance, best practices for enhancing 3-1

post installation tasks 6-1

preparation checklists 3-1

readiness checklist 3-4

requirements 2-3

security, best practices for enhancing 3-1

troubleshooting post-installation problems A-5

unsupported configurations 2-4

verifying processes 6-2

service packs

applying to a client 5-9

obtaining 4-17

services, minimum required for Windows 3-3

service startup requirements A-1

SMTP, configuring for ACS notifications 7-20

SSL certificate invalidation 3-4

submit permissions 7-3

Sybase, requirement to disable 3-4

system administrator role 7-4

system identity user 7-11, 7-18

T

TACACS+

selecting as CiscoWorks AAA mode 7-18

using ACS as 7-8

TCP

comprehensive list of required ports A-2

list of typically required ports 2-1

Terminal Services, unsupported configuration 2-4

troubleshooting

ACS configurations 7-23

antivirus scanners 3-2

Cisco Security Agent

blocking a valid operation A-16

blocking network access A-15

icon appearance changed in system tray A-16

client after installation A-12

client installation A-9

client installer says old version is installed when it is not A-12

collecting server troubleshooting information A-17

Cygwin prevents backup A-5

dual-screen setups A-15

error messages

client installation A-9

server installation A-4

server uninstallation A-8

host-based intrusion software 3-2

incorrect interface appearance A-5

installation does not run A-15

installation hangs A-5, A-11

invalid SSL certificate 3-4

java.security.cert errors 3-4

LiaisonServlet error A-6

mapped drives A-7

missing product features A-5

overview A-1

restarting server processes A-18

reviewing installation log files A-19

security settings that prevent installation 5-7

security software conflicts 3-2

server installation A-4

server problems after installation A-5

server processes A-18

server self-test A-17

server uninstall A-8

unable to upgrade client 5-8

uninstallation does not run A-15

uninstallation hangs A-9

typographical conventions in this document i-x

U

UDP

comprehensive list of required ports A-2

list of typically required ports 2-1

uninstallation

recommendation to restart servers 4-19

Security Manager client 5-11

server applications 4-18

troubleshooting server A-8

upgrade, verifying 6-3

user accounts

admin 4-1

casuser 4-1

creating 4-1

managing 7-1

System Identity 4-2

user permissions

assigning roles in CiscoWorks 7-5

associating with user roles 7-7

categories 7-2

customizing for ACS 7-6

impact of NDGs 7-14

understanding 7-1

user roles

associating with user permissions 7-7

available CiscoWorks user roles 7-4

Cisco Secure ACS 7-5

CiscoWorks 7-4

default ACS roles 7-6

V

version mismatch, resolving A-14

view permissions 7-2

VMware 4-5

VMWare supported versions 2-6

VNC, using for installation 4-2

W

web browsers

configuring required settings 5-1

logging into applications 5-10

supported 2-6, 2-8

Windows services, required 3-3

	Installation Guide for Cisco Security Manager 4.0
	Index
Installation Guide for Cisco Security Manager 4.0 Guide to User Documentation for Cisco Security Manager 4.0 Preface Overview Requirements and Dependencies Preparing a Server for Installation Installing and Upgrading Server Applications Installing and Configuring the Client Post-Installation Server Tasks Managing User Accounts Troubleshooting Bundled Cisco Security Agent: Overview Open Source License Notices for Cisco Security Manager Index	Download this chapter Index Download the complete book Installation Guide for Cisco Security Manager 4.0 (PDF - 2 MB) Feedback Table Of Contents A - B - C - D - E - F - H - I - J - L - M - N - O - P - R - S - T - U - V - W - Index A Access Control Server (ACS) activating NDG feature 7-15 adding devices as AAA clients without NDGs 7-13 adding managed devices 7-13 adding managed devices and configuring NDGs 7-22 adding multihomed devices 7-26 adding users 7-11 assigning roles to user groups 7-21 assigning roles to user groups with NDGs 7-22 assigning roles to user groups without NDGs 7-21 associating user roles and permissions 7-7 authentication fails 7-24 changes not appearing in Security Manager 7-25 configuring CiscoWorks AAA mode 7-18 configuring network device groups 7-14 configuring SMTP and e-mail for notifications 7-20 creating administration control user 7-16 creating local users in CiscoWorks 7-17 creating network device groups 7-15 customizing user roles 7-6 default roles 7-6 defining system identity user 7-11 devices not appearing in Security Manager 7-25 integrating with Security Manager 7-8 integration checklist 7-10 integration requirements 7-9 performing integration 7-11 performing integration in CiscoWorks 7-17 read-only access for system administrators 7-24 registering Security Manager 7-19 reinstalling server applications 4-4 restarting Daemon Manager 7-20 restoring access 7-26 troubleshooting 7-23 understanding user permissions 7-1 user permissions 7-2 using multiple versions of Security Manager 7-23 working after ACS becomes unreachable 7-25 accounts, user managing 7-1 required 4-1 antivirus utilities, requirement to disable 3-4 applications downgrading server 4-19 installing and configuring client 5-1 installing and upgrading server 4-1 logging into 5-9 required changes after upgrading server 4-14 uninstalling server 4-18 upgrading server 4-9 approve permissions 7-3 approver role 7-4 assign permissions 7-3 authorization, changes in ACS for devices 7-25 Auto Update Server (AUS) installing 4-3 licensing 1-7 logging into 5-10 overview 1-2 required user accounts 4-1 server requirements 2-3 uninstalling 4-18 upgrading 4-9 B backup committing pending data before performing 4-11 Cygwin limitations A-5 database 4-12 backup/restore upgrade path, definition of 4-9 back up database 4-12 bootstrapping devices 6-4 browsers configuring required settings 5-1 configuring required settings for Firefox 5-3 configuring required settings for Internet Explorer 5-2 logging into applications 5-10 supported 2-6, 2-8 Bundled Cisco Security Agent, definition of 1-3, B-1 C certificates requirement to create 6-1 troubleshooting 3-4 Cisco Security Agent (CSA) cleaning an unclean agent B-3 importing policies into full version 3-2 installation, conditions for 1-3 installing 4-3 logs B-2 manually removing B-4 overview 1-3 policies for Bundled Cisco Security Agent B-1 security levels B-2 troubleshooting A-15 uninstalling B-2 upgrading 4-9 Cisco Security Management Suite adding applications to home page 4-18 CiscoWorks Common Services assigning roles to users 7-5 associating user roles and permissions 7-7 available user roles 7-4 configuring AAA mode 7-18 creating administration control user in ACS 7-16 creating local user for Cisco Secure ACS 7-17 defining system identity user 7-18 installing 4-3 licensing 1-6 logging into 5-10 overview 1-1 performing integration for Cisco Secure ACS 7-17 registering Security Manager with Cisco Secure ACS 7-19 required version 1-1 understanding user permissions 7-1 uninstalling 4-18 upgrading 4-9 client clearing server list in Login window A-14 log files A-14 operating systems 2-7 requirements 2-7 troubleshooting after installation A-12 troubleshooting installation A-9 Compatibility View in Internet Explorer 8 2-6, 2-8 control permissions 7-3 Cygwin problems during database backup A-5 D Daemon Manager restarting after Cisco Secure ACS integration 7-20 database backing up 4-12 committing pending data before upgrade 4-11 restoring 4-13 date and time settings 2-1, 3-4 deploy permissions 7-3 devices bootstrapping 6-4 changes to ACS authorization not appearing in Security Manager 7-25 directory encryption, restriction against 2-4 documentation CommonServices i-xi Resource Manager Essentials (RME) i-xii Security Manager, AUS, Performance Monitor i-xi domain controllers (primary or backup), unsupported use 2-4 dual-screen setups A-15 E e-mail address, Security Manager administrator 7-20 encrypted directories, restriction against 2-4 error messages client installation A-9 server installation A-4 server uninstallation A-8 External Cisco Security Agent, definition of 1-3, B-1 F Firefox cache size requirement 5-3 configuring required settings 5-3 disabling popup blocker 5-4 displaying help in new tab 5-4 editing the preferences file 5-3 enabling Javascript 5-4 supported versions 2-6, 2-8 for more information 6-4 H help desk user role 7-4 home page, adding applications to 4-18 HTTP, configuring non-default port 5-8 HTTPS configuring non-default port 5-8 determining mode A-14 I import permissions 7-3 indirect upgrade path, definition of 4-9 installation Performance Monitor 4-5 RME 4-7 Security Manager, AUS, Common Services 4-3 Security Manager client 5-6 security settings that prevent client 5-7 troubleshooting client A-9 troubleshooting server A-4 using remote desktop or VNC 4-2 verifying 6-3 Internet Explorer cache size requirement 5-2 configuring required settings 5-2 security settings 5-2 supported versions 2-6, 2-8 Internet Explorer 8 Compatibility View 2-6, 2-8 Internet Information Server (IIS), requirement to uninstall 3-3 J Java requirements 2-8 L language support 2-7 LAN Management Solution (LMS), unsupported use 3-3 LiaisonServlet error, troubleshooting A-6 licenses effect of upgrade 1-6 how handled during product upgrade 4-9 obtaining 1-6 overview 1-5 Product Authorization Key (PAK) 1-6 Security Manager kit part numbers 1-6 Software License Claim Certificate 1-6 understanding 1-5 updating 4-16 local upgrade path, definition of 4-9 log files A-19 M memory (RAM) client requirements 2-7 modify permissions 7-2 N Network Access Restriction (NAR) 7-9 network administrator role Cisco Secure ACS 7-6 CiscoWorks 7-4 network device groups (NDGs) activating NDG feature 7-15 associating with roles and user groups 7-22 configuring 7-14 creating 7-15 effect on user permissions 7-14 network operator role 7-4 O operating systems client 2-7 overview 1-1 P pdshow command 6-2 pending data, committing 4-11 performance client recommendations 2-7 server best practices 3-1 server recommendations 2-3 Performance Monitor installing 4-5 licensing 1-7 logging into 5-10 overview 1-3 required user accounts 4-1 server requirements 2-3 uninstalling 4-18 updating licenses 4-16 upgrading 4-9 permanent license, upgrading from evaluation license 1-6 permissions assigning roles in CiscoWorks 7-5 associating with user roles 7-7 categories 7-2 customizing for ACS 7-6 impact of NDGs 7-14 understanding 7-1 point patches applying to a client 5-9 obtaining 4-17 popup blocker disabling 5-5 disabling for Firefox 5-4 ports comprehensive list of required TCP/UDP A-2 configuring non-default HTTP/HTTPS 5-8 list of typically required 2-1 processes restarting server A-18 troubleshooting A-18 verifying 6-2 product registration 1-6 property files 4-11 R remote desktop, using for installation 4-2 remote upgrade path, definition of 4-9 requirements client 2-7 data and time settings 2-1, 3-4 general server 2-1 server 2-3 unsupported server configurations 2-4 Resource Manager Essentials (RME) documentation i-xii installing 4-7 licensing 1-7 logging into 5-10 required user accounts 4-1 server requirements 2-3 uninstalling 4-18 updating licenses 4-16 upgrading 4-9 restorebackup.pl command 4-13 restore database 4-13 roles Cisco Secure ACS users 7-5 CiscoWorks users 7-4 S Security 1-2 security server best practices 3-1 security administrator role 7-6 security approver role 7-6 Security Manager committing pending data before upgrade 4-11 component applications 1-1 downgrading server 4-19 getting started with 6-4 installing 4-3 licenses effect on upgrade 1-6 obtaining 1-6 overview 1-5 understanding 1-5 logging in using browser 5-10 logging in using client 5-10 overview 1-2 related applications 1-4 required changes after upgrade 4-14 required user accounts 4-1 restarting Daemon Manager 7-20 server requirements 2-3 service startup requirements A-1 troubleshooting interaction with ACS 7-23 uninstalling server 4-18 updating licenses 4-16 upgrading server 4-9 Security Manager client clearing server list in Login window A-14 configuring non-default HTTP/HTTPS port 5-8 determining HTTPS mode A-14 handling security settings that prevent installation 5-7 installing 5-6 locating client logs A-14 logging into 5-10 patching 5-9 resolving version mismatch A-14 running in dual-screen mode A-15 unable to upgrade 5-8 uninstalling 5-11 server best practices for security 6-3 date and time settings 2-1, 3-4 general requirements 2-1 performance, best practices for enhancing 3-1 post installation tasks 6-1 preparation checklists 3-1 readiness checklist 3-4 requirements 2-3 security, best practices for enhancing 3-1 troubleshooting post-installation problems A-5 unsupported configurations 2-4 verifying processes 6-2 service packs applying to a client 5-9 obtaining 4-17 services, minimum required for Windows 3-3 service startup requirements A-1 SMTP, configuring for ACS notifications 7-20 SSL certificate invalidation 3-4 submit permissions 7-3 Sybase, requirement to disable 3-4 system administrator role 7-4 system identity user 7-11, 7-18 T TACACS+ selecting as CiscoWorks AAA mode 7-18 using ACS as 7-8 TCP comprehensive list of required ports A-2 list of typically required ports 2-1 Terminal Services, unsupported configuration 2-4 troubleshooting ACS configurations 7-23 antivirus scanners 3-2 Cisco Security Agent blocking a valid operation A-16 blocking network access A-15 icon appearance changed in system tray A-16 client after installation A-12 client installation A-9 client installer says old version is installed when it is not A-12 collecting server troubleshooting information A-17 Cygwin prevents backup A-5 dual-screen setups A-15 error messages client installation A-9 server installation A-4 server uninstallation A-8 host-based intrusion software 3-2 incorrect interface appearance A-5 installation does not run A-15 installation hangs A-5, A-11 invalid SSL certificate 3-4 java.security.cert errors 3-4 LiaisonServlet error A-6 mapped drives A-7 missing product features A-5 overview A-1 restarting server processes A-18 reviewing installation log files A-19 security settings that prevent installation 5-7 security software conflicts 3-2 server installation A-4 server problems after installation A-5 server processes A-18 server self-test A-17 server uninstall A-8 unable to upgrade client 5-8 uninstallation does not run A-15 uninstallation hangs A-9 typographical conventions in this document i-x U UDP comprehensive list of required ports A-2 list of typically required ports 2-1 uninstallation recommendation to restart servers 4-19 Security Manager client 5-11 server applications 4-18 troubleshooting server A-8 upgrade, verifying 6-3 user accounts admin 4-1 casuser 4-1 creating 4-1 managing 7-1 System Identity 4-2 user permissions assigning roles in CiscoWorks 7-5 associating with user roles 7-7 categories 7-2 customizing for ACS 7-6 impact of NDGs 7-14 understanding 7-1 user roles associating with user permissions 7-7 available CiscoWorks user roles 7-4 Cisco Secure ACS 7-5 CiscoWorks 7-4 default ACS roles 7-6 V version mismatch, resolving A-14 view permissions 7-2 VMware 4-5 VMWare supported versions 2-6 VNC, using for installation 4-2 W web browsers configuring required settings 5-1 logging into applications 5-10 supported 2-6, 2-8 Windows services, required 3-3
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks