Installation Guide for Cisco Security Manager 4.1 - Index [Cisco Security Manager]

Table Of Contents

A - B - C - D - E - F - H - I - J - L - M - N - O - P - R - S - T - U - V - W -

Index

A

Access Control Server (ACS)

activating NDG feature 7-15

adding devices as AAA clients without NDGs 7-13

adding managed devices 7-13

adding managed devices and configuring NDGs 7-22

adding multihomed devices 7-26

adding users 7-11

assigning roles to user groups 7-21

assigning roles to user groups with NDGs 7-22

assigning roles to user groups without NDGs 7-21

associating user roles and permissions 7-7

authentication fails 7-24

changes not appearing in Security Manager 7-25

configuring CiscoWorks AAA mode 7-19

configuring network device groups 7-14

configuring SMTP and e-mail for notifications 7-20

creating administration control user 7-17

creating local users in CiscoWorks 7-18

creating network device groups 7-16

customizing user roles 7-7

default roles 7-6

defining system identity user 7-11

devices not appearing in Security Manager 7-25

integrating with Security Manager 7-8

integration checklist 7-10

integration requirements 7-9

performing integration 7-11

performing integration in CiscoWorks 7-17

read-only access for system administrators 7-25

registering Security Manager 7-20

reinstalling server applications 4-4

restarting Daemon Manager 7-21

restoring access 7-26

troubleshooting 7-23

understanding user permissions 7-1

user permissions 7-2

using multiple versions of Security Manager 7-24

working after ACS becomes unreachable 7-26

accounts, user

managing 7-1

required 4-1

antivirus utilities, requirement to disable 3-3

applications

downgrading server 4-20

installing and configuring client 5-1

installing and upgrading server 4-1

logging into 5-10

required changes after upgrading server 4-15

uninstalling server 4-19

upgrading server 4-9

approve permissions 7-3

approver role 7-4

assign permissions 7-3

authorization, changes in ACS for devices 7-25

Auto Update Server (AUS)

installing 4-2

licensing 1-7

logging into 5-11

overview 1-2

required user accounts 4-1

server requirements 2-3

uninstalling 4-19

upgrading 4-9

B

backup

committing pending data before performing 4-11

Cygwin limitations A-5

database 4-12

backup/restore upgrade path, definition of 4-9

back up database 4-13

bootstrapping devices 6-9

browsers

configuring required settings 5-1

configuring required settings for Firefox 5-3

configuring required settings for Internet Explorer 5-2

logging into applications 5-11

supported 2-7, 2-9

C

certificates

requirement to create 6-1

troubleshooting 3-3

Cisco Security Agent (CSA)

installing 4-2

upgrading 4-9

Cisco Security Agent, caution while disabled 5-6

Cisco Security Agent, disabling 5-6

Cisco Security Management Suite

adding applications to home page 4-19

CiscoWorks Common Services

assigning roles to users 7-5

associating user roles and permissions 7-7

available user roles 7-4

configuring AAA mode 7-19

creating administration control user in ACS 7-17

creating local user for Cisco Secure ACS 7-18

defining system identity user 7-18

installing 4-2

licensing 1-7

logging into 5-11

overview 1-1

performing integration for Cisco Secure ACS 7-17

registering Security Manager with Cisco Secure ACS 7-20

required version 1-1

understanding user permissions 7-1

uninstalling 4-19

upgrading 4-9

client

clearing server list in Login window A-14

log files A-14

operating systems 2-9

requirements 2-8

troubleshooting after installation A-12

troubleshooting installation A-9

Compatibility View 2-7, 5-2

control permissions 7-3

Cygwin problems during database backup A-5

D

Daemon Manager

restarting after Cisco Secure ACS integration 7-21

database

backing up 4-12, 4-13

committing pending data before upgrade 4-11

restoring 4-14

date and time settings 2-1, 3-3

deploy permissions 7-3

devices

bootstrapping 6-9

changes to ACS authorization not appearing in Security Manager 7-25

directory encryption, restriction against 2-4

documentation

CommonServices i-xi

Resource Manager Essentials (RME) i-xii

Security Manager, AUS, Performance Monitor i-xi

domain controllers (primary or backup), unsupported use 2-4

dual-screen setups A-15

E

e-mail address, Security Manager administrator 7-20

encrypted directories, restriction against 2-4

error messages

client installation A-9

server installation A-4

server uninstallation A-8

F

Firefox

cache size requirement 5-4

configuring required settings 5-3

disabling popup blocker 5-4

displaying help in new tab 5-5

editing the preferences file 5-3

enabling Javascript 5-4

supported versions 2-7, 2-9

for more information 6-8

H

help desk user role 7-4

home page, adding applications to 4-19

HTTP, configuring non-default port 5-8

HTTPS

configuring non-default port 5-8

determining mode A-14

I

IE 8 Compatibility View 2-7, 5-2

import permissions 7-3

indirect upgrade path, definition of 4-9

installation

Performance Monitor 4-5

RME 4-7

Security Manager, AUS, Common Services 4-2

Security Manager client 5-6

security settings that prevent client 5-8

troubleshooting client A-9

troubleshooting server A-4

using remote desktop or VNC 4-2

verifying 6-8

Internet Explorer

cache size requirement 5-2

configuring required settings 5-2

security settings 5-2

supported versions 2-7, 2-9

Internet Information Server (IIS), requirement to uninstall 3-2

J

Java requirements 2-7, 2-9

L

language support 2-9

LAN Management Solution (LMS), unsupported use 3-2

LiaisonServlet error, troubleshooting A-6

licenses

effect of upgrade 1-6

how handled during product upgrade 4-9

obtaining 1-6

overview 1-4

Product Authorization Key (PAK) 1-7

Security Manager kit part numbers 1-6

Software License Claim Certificate 1-7

understanding 1-4

updating 4-17

local upgrade path, definition of 4-9

log files A-17

M

memory (RAM)

client requirements 2-9

modify permissions 7-3

N

Network Access Restriction (NAR) 7-9

network administrator role

Cisco Secure ACS 7-6

CiscoWorks 7-4

network device groups (NDGs)

activating NDG feature 7-15

associating with roles and user groups 7-22

configuring 7-14

creating 7-16

effect on user permissions 7-15

network operator role 7-4

O

operating systems

client 2-9

overview 1-1

P

pdshow command 6-2

pending data, committing 4-11

performance

client recommendations 2-8

server best practices 3-1

server recommendations 2-3

Performance Monitor

installing 4-5

licensing 1-7

logging into 5-11

overview 1-3

required user accounts 4-1

server requirements 2-3

uninstalling 4-19

updating licenses 4-17

upgrading 4-9

permanent license, upgrading from evaluation license 1-6

permissions

assigning roles in CiscoWorks 7-5

associating with user roles 7-7

categories 7-2

customizing for ACS 7-7

impact of NDGs 7-15

understanding 7-1

point patches

applying to a client 5-9

obtaining 4-18

popup blocker

disabling 5-5

disabling for Firefox 5-4

ports

comprehensive list of required TCP/UDP A-1

configuring non-default HTTP/HTTPS 5-8

list of typically required 2-1

processes

restarting server A-17

troubleshooting A-16

verifying 6-2

product registration 1-6

property files 4-12

R

remote desktop, using for installation 4-2

remote upgrade path, definition of 4-9

requirements

client 2-8

data and time settings 2-1, 3-3

general server 2-1

server 2-3

unsupported server configurations 2-4

Resource Manager Essentials (RME)

documentation i-xii

installing 4-7

licensing 1-7

logging into 5-11

required user accounts 4-1

server requirements 2-3

uninstalling 4-19

updating licenses 4-17

upgrading 4-9

restorebackup.pl command 4-14

restore database 4-14

roles

Cisco Secure ACS users 7-6

CiscoWorks users 7-4

S

Security 1-2

security

server best practices 3-1

security administrator role 7-6

Security Manager

committing pending data before upgrade 4-11

component applications 1-1

downgrading server 4-20

getting started with 6-8

installing 4-2

licenses

effect on upgrade 1-6

obtaining 1-6

overview 1-4

understanding 1-4

logging in using browser 5-11

logging in using client 5-10

overview 1-2

related applications 1-4

required changes after upgrade 4-15

required user accounts 4-1

restarting Daemon Manager 7-21

server requirements 2-3

service startup requirements A-1

troubleshooting interaction with ACS 7-23

uninstalling server 4-19

updating licenses 4-17

upgrading server 4-9

Security Manager client

clearing server list in Login window A-14

configuring non-default HTTP/HTTPS port 5-8

determining HTTPS mode A-14

handling security settings that prevent installation 5-8

installing 5-6

locating client logs A-14

logging into 5-10

patching 5-9

resolving version mismatch A-14

running in dual-screen mode A-15

unable to upgrade 5-9

uninstalling 5-12

server

best practices for security 6-7

date and time settings 2-1, 3-3

general requirements 2-1

performance, best practices for enhancing 3-1

post installation tasks 6-1

preparation checklists 3-1

readiness checklist 3-3

requirements 2-3

security, best practices for enhancing 3-1

troubleshooting post-installation problems A-5

unsupported configurations 2-4

verifying processes 6-2

service packs

applying to a client 5-9

obtaining 4-18

services, minimum required for Windows 3-2

service startup requirements A-1

SMTP, configuring for ACS notifications 7-20

SSL certificate invalidation 3-3

storage, supported SAN 2-8

submit permissions 7-3

Sybase, requirement to disable 3-4

system administrator role 7-4

system identity user 7-11, 7-18

T

TACACS+

selecting as CiscoWorks AAA mode 7-19

using ACS as 7-8

TCP

comprehensive list of required ports A-1

list of typically required ports 2-1

Terminal Services, unsupported configuration 2-4

troubleshooting

ACS configurations 7-23

antivirus scanners 3-2

client after installation A-12

client installation A-9

client installer says old version is installed when it is not A-12

collecting server troubleshooting information A-16

Cygwin prevents backup A-5

dual-screen setups A-15

error messages

client installation A-9

server installation A-4

server uninstallation A-8

host-based intrusion software 3-2

incorrect interface appearance A-5

installation does not run A-15

installation hangs A-5, A-11

invalid SSL certificate 3-3

java.security.cert errors 3-3

LiaisonServlet error A-6

mapped drives A-7

missing product features A-5

overview A-1

restarting server processes A-17

reviewing installation log files A-17

security settings that prevent installation 5-8

security software conflicts 3-2

server installation A-4

server problems after installation A-5

server processes A-16

server self-test A-15

server uninstall A-8

unable to upgrade client 5-9

uninstallation does not run A-15

uninstallation hangs A-9

typographical conventions in this document i-x

U

UDP

comprehensive list of required ports A-1

list of typically required ports 2-1

uninstallation

recommendation to restart servers 4-20

Security Manager client 5-12

server applications 4-19

troubleshooting server A-8

upgrade, verifying 6-8

user accounts

admin 4-1

casuser 4-1

creating 4-1

managing 7-1

System Identity 4-2

user permissions

assigning roles in CiscoWorks 7-5

associating with user roles 7-7

categories 7-2

customizing for ACS 7-7

impact of NDGs 7-15

understanding 7-1

user roles

associating with user permissions 7-7

available CiscoWorks user roles 7-4

Cisco Secure ACS 7-6

CiscoWorks 7-4

default ACS roles 7-6

V

version mismatch, resolving A-14

view permissions 7-2

VMWare supported versions 2-7

VNC, using for installation 4-2

W

web browsers

configuring required settings 5-1

logging into applications 5-11

supported 2-7, 2-9

Windows services, required 3-2

	Installation Guide for Cisco Security Manager 4.1
	Index
Installation Guide for Cisco Security Manager 4.1 Guide to User Documentation for Cisco Security Manager 4.1 Preface Overview Requirements and Dependencies Preparing a Server for Installation Installing and Upgrading Server Applications Installing and Configuring the Client Post-Installation Server Tasks Managing User Accounts Troubleshooting Open Source License Notices for Cisco Security Manager Index	Download this chapter Index Download the complete book Installation Guide for Cisco Security Manager 4.1 (PDF - 2 MB) Feedback Table Of Contents A - B - C - D - E - F - H - I - J - L - M - N - O - P - R - S - T - U - V - W - Index A Access Control Server (ACS) activating NDG feature 7-15 adding devices as AAA clients without NDGs 7-13 adding managed devices 7-13 adding managed devices and configuring NDGs 7-22 adding multihomed devices 7-26 adding users 7-11 assigning roles to user groups 7-21 assigning roles to user groups with NDGs 7-22 assigning roles to user groups without NDGs 7-21 associating user roles and permissions 7-7 authentication fails 7-24 changes not appearing in Security Manager 7-25 configuring CiscoWorks AAA mode 7-19 configuring network device groups 7-14 configuring SMTP and e-mail for notifications 7-20 creating administration control user 7-17 creating local users in CiscoWorks 7-18 creating network device groups 7-16 customizing user roles 7-7 default roles 7-6 defining system identity user 7-11 devices not appearing in Security Manager 7-25 integrating with Security Manager 7-8 integration checklist 7-10 integration requirements 7-9 performing integration 7-11 performing integration in CiscoWorks 7-17 read-only access for system administrators 7-25 registering Security Manager 7-20 reinstalling server applications 4-4 restarting Daemon Manager 7-21 restoring access 7-26 troubleshooting 7-23 understanding user permissions 7-1 user permissions 7-2 using multiple versions of Security Manager 7-24 working after ACS becomes unreachable 7-26 accounts, user managing 7-1 required 4-1 antivirus utilities, requirement to disable 3-3 applications downgrading server 4-20 installing and configuring client 5-1 installing and upgrading server 4-1 logging into 5-10 required changes after upgrading server 4-15 uninstalling server 4-19 upgrading server 4-9 approve permissions 7-3 approver role 7-4 assign permissions 7-3 authorization, changes in ACS for devices 7-25 Auto Update Server (AUS) installing 4-2 licensing 1-7 logging into 5-11 overview 1-2 required user accounts 4-1 server requirements 2-3 uninstalling 4-19 upgrading 4-9 B backup committing pending data before performing 4-11 Cygwin limitations A-5 database 4-12 backup/restore upgrade path, definition of 4-9 back up database 4-13 bootstrapping devices 6-9 browsers configuring required settings 5-1 configuring required settings for Firefox 5-3 configuring required settings for Internet Explorer 5-2 logging into applications 5-11 supported 2-7, 2-9 C certificates requirement to create 6-1 troubleshooting 3-3 Cisco Security Agent (CSA) installing 4-2 upgrading 4-9 Cisco Security Agent, caution while disabled 5-6 Cisco Security Agent, disabling 5-6 Cisco Security Management Suite adding applications to home page 4-19 CiscoWorks Common Services assigning roles to users 7-5 associating user roles and permissions 7-7 available user roles 7-4 configuring AAA mode 7-19 creating administration control user in ACS 7-17 creating local user for Cisco Secure ACS 7-18 defining system identity user 7-18 installing 4-2 licensing 1-7 logging into 5-11 overview 1-1 performing integration for Cisco Secure ACS 7-17 registering Security Manager with Cisco Secure ACS 7-20 required version 1-1 understanding user permissions 7-1 uninstalling 4-19 upgrading 4-9 client clearing server list in Login window A-14 log files A-14 operating systems 2-9 requirements 2-8 troubleshooting after installation A-12 troubleshooting installation A-9 Compatibility View 2-7, 5-2 control permissions 7-3 Cygwin problems during database backup A-5 D Daemon Manager restarting after Cisco Secure ACS integration 7-21 database backing up 4-12, 4-13 committing pending data before upgrade 4-11 restoring 4-14 date and time settings 2-1, 3-3 deploy permissions 7-3 devices bootstrapping 6-9 changes to ACS authorization not appearing in Security Manager 7-25 directory encryption, restriction against 2-4 documentation CommonServices i-xi Resource Manager Essentials (RME) i-xii Security Manager, AUS, Performance Monitor i-xi domain controllers (primary or backup), unsupported use 2-4 dual-screen setups A-15 E e-mail address, Security Manager administrator 7-20 encrypted directories, restriction against 2-4 error messages client installation A-9 server installation A-4 server uninstallation A-8 F Firefox cache size requirement 5-4 configuring required settings 5-3 disabling popup blocker 5-4 displaying help in new tab 5-5 editing the preferences file 5-3 enabling Javascript 5-4 supported versions 2-7, 2-9 for more information 6-8 H help desk user role 7-4 home page, adding applications to 4-19 HTTP, configuring non-default port 5-8 HTTPS configuring non-default port 5-8 determining mode A-14 I IE 8 Compatibility View 2-7, 5-2 import permissions 7-3 indirect upgrade path, definition of 4-9 installation Performance Monitor 4-5 RME 4-7 Security Manager, AUS, Common Services 4-2 Security Manager client 5-6 security settings that prevent client 5-8 troubleshooting client A-9 troubleshooting server A-4 using remote desktop or VNC 4-2 verifying 6-8 Internet Explorer cache size requirement 5-2 configuring required settings 5-2 security settings 5-2 supported versions 2-7, 2-9 Internet Information Server (IIS), requirement to uninstall 3-2 J Java requirements 2-7, 2-9 L language support 2-9 LAN Management Solution (LMS), unsupported use 3-2 LiaisonServlet error, troubleshooting A-6 licenses effect of upgrade 1-6 how handled during product upgrade 4-9 obtaining 1-6 overview 1-4 Product Authorization Key (PAK) 1-7 Security Manager kit part numbers 1-6 Software License Claim Certificate 1-7 understanding 1-4 updating 4-17 local upgrade path, definition of 4-9 log files A-17 M memory (RAM) client requirements 2-9 modify permissions 7-3 N Network Access Restriction (NAR) 7-9 network administrator role Cisco Secure ACS 7-6 CiscoWorks 7-4 network device groups (NDGs) activating NDG feature 7-15 associating with roles and user groups 7-22 configuring 7-14 creating 7-16 effect on user permissions 7-15 network operator role 7-4 O operating systems client 2-9 overview 1-1 P pdshow command 6-2 pending data, committing 4-11 performance client recommendations 2-8 server best practices 3-1 server recommendations 2-3 Performance Monitor installing 4-5 licensing 1-7 logging into 5-11 overview 1-3 required user accounts 4-1 server requirements 2-3 uninstalling 4-19 updating licenses 4-17 upgrading 4-9 permanent license, upgrading from evaluation license 1-6 permissions assigning roles in CiscoWorks 7-5 associating with user roles 7-7 categories 7-2 customizing for ACS 7-7 impact of NDGs 7-15 understanding 7-1 point patches applying to a client 5-9 obtaining 4-18 popup blocker disabling 5-5 disabling for Firefox 5-4 ports comprehensive list of required TCP/UDP A-1 configuring non-default HTTP/HTTPS 5-8 list of typically required 2-1 processes restarting server A-17 troubleshooting A-16 verifying 6-2 product registration 1-6 property files 4-12 R remote desktop, using for installation 4-2 remote upgrade path, definition of 4-9 requirements client 2-8 data and time settings 2-1, 3-3 general server 2-1 server 2-3 unsupported server configurations 2-4 Resource Manager Essentials (RME) documentation i-xii installing 4-7 licensing 1-7 logging into 5-11 required user accounts 4-1 server requirements 2-3 uninstalling 4-19 updating licenses 4-17 upgrading 4-9 restorebackup.pl command 4-14 restore database 4-14 roles Cisco Secure ACS users 7-6 CiscoWorks users 7-4 S Security 1-2 security server best practices 3-1 security administrator role 7-6 Security Manager committing pending data before upgrade 4-11 component applications 1-1 downgrading server 4-20 getting started with 6-8 installing 4-2 licenses effect on upgrade 1-6 obtaining 1-6 overview 1-4 understanding 1-4 logging in using browser 5-11 logging in using client 5-10 overview 1-2 related applications 1-4 required changes after upgrade 4-15 required user accounts 4-1 restarting Daemon Manager 7-21 server requirements 2-3 service startup requirements A-1 troubleshooting interaction with ACS 7-23 uninstalling server 4-19 updating licenses 4-17 upgrading server 4-9 Security Manager client clearing server list in Login window A-14 configuring non-default HTTP/HTTPS port 5-8 determining HTTPS mode A-14 handling security settings that prevent installation 5-8 installing 5-6 locating client logs A-14 logging into 5-10 patching 5-9 resolving version mismatch A-14 running in dual-screen mode A-15 unable to upgrade 5-9 uninstalling 5-12 server best practices for security 6-7 date and time settings 2-1, 3-3 general requirements 2-1 performance, best practices for enhancing 3-1 post installation tasks 6-1 preparation checklists 3-1 readiness checklist 3-3 requirements 2-3 security, best practices for enhancing 3-1 troubleshooting post-installation problems A-5 unsupported configurations 2-4 verifying processes 6-2 service packs applying to a client 5-9 obtaining 4-18 services, minimum required for Windows 3-2 service startup requirements A-1 SMTP, configuring for ACS notifications 7-20 SSL certificate invalidation 3-3 storage, supported SAN 2-8 submit permissions 7-3 Sybase, requirement to disable 3-4 system administrator role 7-4 system identity user 7-11, 7-18 T TACACS+ selecting as CiscoWorks AAA mode 7-19 using ACS as 7-8 TCP comprehensive list of required ports A-1 list of typically required ports 2-1 Terminal Services, unsupported configuration 2-4 troubleshooting ACS configurations 7-23 antivirus scanners 3-2 client after installation A-12 client installation A-9 client installer says old version is installed when it is not A-12 collecting server troubleshooting information A-16 Cygwin prevents backup A-5 dual-screen setups A-15 error messages client installation A-9 server installation A-4 server uninstallation A-8 host-based intrusion software 3-2 incorrect interface appearance A-5 installation does not run A-15 installation hangs A-5, A-11 invalid SSL certificate 3-3 java.security.cert errors 3-3 LiaisonServlet error A-6 mapped drives A-7 missing product features A-5 overview A-1 restarting server processes A-17 reviewing installation log files A-17 security settings that prevent installation 5-8 security software conflicts 3-2 server installation A-4 server problems after installation A-5 server processes A-16 server self-test A-15 server uninstall A-8 unable to upgrade client 5-9 uninstallation does not run A-15 uninstallation hangs A-9 typographical conventions in this document i-x U UDP comprehensive list of required ports A-1 list of typically required ports 2-1 uninstallation recommendation to restart servers 4-20 Security Manager client 5-12 server applications 4-19 troubleshooting server A-8 upgrade, verifying 6-8 user accounts admin 4-1 casuser 4-1 creating 4-1 managing 7-1 System Identity 4-2 user permissions assigning roles in CiscoWorks 7-5 associating with user roles 7-7 categories 7-2 customizing for ACS 7-7 impact of NDGs 7-15 understanding 7-1 user roles associating with user permissions 7-7 available CiscoWorks user roles 7-4 Cisco Secure ACS 7-6 CiscoWorks 7-4 default ACS roles 7-6 V version mismatch, resolving A-14 view permissions 7-2 VMWare supported versions 2-7 VNC, using for installation 4-2 W web browsers configuring required settings 5-1 logging into applications 5-11 supported 2-7, 2-9 Windows services, required 3-2
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks