Installing the VPN/Security Management Solution (VMS) 2.3 Basic
Preparing to Install or Upgrade VMS
Download this chapter
Preparing to Install or Upgrade VMSPreparing to Install or Upgrade VMS
Download the complete book
Installing VMS 2.3 Basic - full book pdfInstalling VMS 2.3 Basic - full book pdf (PDF - 1 MB)
give_us_feedback

Table Of Contents

Preparing to Install or Upgrade VMS

Planning and Deployment

System Preparation

Installation Paths and Upgrade Options

Upgrade Options

Software Updates

Downloading VMS Components from Cisco.com


Preparing to Install or Upgrade VMS

This chapter includes the following pre-installation steps:

Planning and Deployment

System Preparation

Installation Paths and Upgrade Options

Downloading VMS Components from Cisco.com

Planning and Deployment

Before installing any part of VMS, you must decide where to install VMS components according to the deployment needs of your network such as its size, device types and various security considerations. Consider the consequences of installing multiple Java Runtime Environment (JRE) versions and coexistence issues if you install VMS on a server with Routed WAN (RWAN) components such as Access Control List Manager (ACLM).

Information to assist you with deployment and solution co-existence is available in the CiscoWorks VPN/Security Management Solution Deployment Guide on cisco.com at: http://www.cisco.com/en/US/products/sw/cscowork/ps2330/prod_white_papers_list.html.

System Preparation

After you have verified that your system meets the requirements outlined in Chapter 1, "System Requirements," you can prepare your system for installation. The least secure component of a system defines how secure the system is. Before installing your server software, you should take some basic steps to secure the target server and operating system:

Note We strongly recommend you verify the integrity of your files before beginning VMS installation. See Chapter 1, "Verifying the Integrity of Installation Files."

Use strong passwords. A strong password has at least 8 characters and contains numbers, letters (both uppercase and lowercase), and symbols.

Avoid creating network shares. If you must create a network share, secure the shared resources with strong passwords. However, network shares are strongly discouraged, and you should disable NETBIOS completely.

Disable unnecessary accounts. Remove the default Guest account. Make sure that all remaining accounts are protected with strong passwords. Require a password to log in.

Secure the Registry. Disable or limit remote access to the Registry.

Apply all hotfixes and security patches. Visit the Microsoft website regularly and apply the most recent security patches. Use the Windows Update feature regularly to ensure that the most recent critical updates are installed on the server.

Disable unused and unneeded services. At a minimum, Windows requires the following services to run: DNS Client, Event Log, Plug & Play, Protected Storage, and Security Accounts Manager. Check your software documentation for any additional Windows services required by your software. Do not install Microsoft Internet Information Server (IIS), other web, ftp, tftp, email or any services that allow connectivity directly to the server.

Caution Do not install Microsoft Internet Information Server (IIS).

Disable all network protocols except Internet Protocol (TCP/IP). Other protocols can be used to gain access to your server. Limiting the network protocols used limits the access points to your server. If you are not using network shares on the server, disable NETBIOS.

Monitor the security of your system regularly. Log and review system activity. Use security tools, such as the Microsoft Security Configuration Tool Set (MSCTS) and Fport, to periodically review the security configuration of your system. You can obtain MSCTS from the Microsoft website.

Limit physical access to your server. If your server contains removable media drives, set the server to boot from the hard drive first. Your data can be compromised if someone boots your server from a floppy disk. You can typically set the boot order in the system BIOS. Make sure you protect the BIOS with a strong password.

Do not install remote access or administration tools on the server. These tools provide a point of entry to your server and are considered a security risk.

Run a virus scanning application on the server. Virus scanning software can prevent trojan horse applications from infecting your server. Update the virus signatures regularly.

Turn Terminal Services off. VMS installation will abort until Terminal Services is off.

Note We recommend that Virus Scan be turned off for a faster installation.

Installation Paths and Upgrade Options

Note We strongly recommend you verify the integrity of your files before beginning VMS installation. See Chapter 1, "Verifying the Integrity of Installation Files."

If you already have another CiscoWorks solution or component installed on your server, component upgrade, or a different installation path might be required, before you install VMS. Review the information in Table 1 to determine what software is required for the VMS components to function properly.

Table 1 Recommended Installation Paths 

If you are installing CiscoWorks VPN/Security Management Solution (VMS) on a system that has...
Then do this

No other CiscoWorks products installed

Install VMS using the instructions in this installation guide. See Chapter 1, "Installing VMS."

VMS or any of its components

See "Upgrade Options" in this chapter.

CiscoWorks Routed WAN Management Solution (RWAN) or any of its components installed

Install VMS on a separate server using the instructions in this installation guide. See Chapter 1, "Installing VMS."

CiscoWorks LAN Management Solution (LMS) or any of its components installed

Install VMS on a separate server using the instructions in this installation guide. See Chapter 1, "Installing VMS."


Upgrade Options

Table 2 describes the recommended sequence for upgrading individual VMS component applications when prior versions of these components are already installed on your system. Please check component release notes for special upgrade instructions if you do not see your component's version listed in rhe Recommended Upgrade Sequence table.

Caution Apart from solution coexistence, a few VMS components require upgrade to an intermediary version before you can use the VMS installer found on Disk 1. For this reason, we strongly recommend selecting Server Configuration > About the Server > Applications and Versions to determine precise component version numbers before you upgrade.

Table 2 Recommended Upgrade Sequence 

If the following product is already installed...
And one or more of the following products are also already installed...
You should upgrade in the following order...

CiscoWorks Common Services 2.2

Update 1 or any Service Pack

Disk 1 Service Pack 3 will install automatically with any component upgrade.

Auto Update Server 1.1

Common Services 2.2 and any update other than Service Pack 3

Anytime. Service Pack 3 will install automatically when you install AUS 1.3 on its own or with other VMS components as described in Chapter 1, "Upgrading Common Services and Management Centers."

Management Center for Firewalls 1.2.2

Common Services 2.2 and any update other than Service Pack 3

Use Disk 1 to upgrade anytime. Service Pack 3 will install automatically when you install Firewall MC 1.3.3 on its own or with other VMS components as described in Chapter 1, "Upgrading Common Services and Management Centers."

Management Center for IDS Sensors 1.2.3

Common Services 2.2 and any update other than Service Pack 3

1. Upgrade first to IDS MC 2.0.1 on Disk Two.

2. Upgrade to IPS MC 2.1 anytime using Disk 1.

Service Pack 3 will install automatically when you install IDS MC 2.0.1 on its own or with other VMS components as described in Chapter 1, "Upgrading Common Services and Management Centers."

Management Center for IDS Sensors 2.0.1

Common Services 2.2 and any update other than Service Pack 3

Anytime. Service Pack 3 will install automatically when you install IDS MC 2.0.1 on its own or with other VMS components as described in Chapter 1, "Upgrading Common Services and Management Centers."

Monitoring Center for Performance 2.0

Common Services 2.2 and any update other than Service Pack 3

Anytime. Service Pack 3 will install automatically when you install Performance Monitor 2.0.2 on its own or with other VMS components as described in Chapter 1, "Upgrading Common Services and Management Centers."

Monitoring Center for Security 1.2.3

Common Services 2.2 and any update other than Service Pack 3

1. Upgrade first to Security Monitor 2.0.1 using Disk 2.

2. Upgrade to Security Monitor 2.1 anytime using Disk 1.

Service Pack 3 will install automatically when you install IDS MC 2.0.1 on its own or with other VMS components as described in Chapter 1, "Upgrading Common Services and Management Centers."

Monitoring Center for Security 2.0.1

Common Services 2.2 and any update other than Service Pack 3

Anytime. Service Pack 3 will install automatically when you install Security Monitor 2.0.1 on its own or with other VMS components as described in Chapter 1, "Upgrading Common Services and Management Centers."

Management Center for VPN Routers 1.2.1

Common Services 2.2 and any update other than Service Pack 3

Anytime. Service Pack 3 will install automatically when you install Router MC 1.3.1 on its own or with other VMS components as described in Chapter 1, "Upgrading Common Services and Management Centers."

Management Center for Cisco Security Agents 4.x

Common Services 2.2 and any update other than Service Pack 3

Common Services 2.2 from Disk 1 to install Service Pack 3 automatically as described in Chapter 1, "Upgrading Common Services and Management Centers.".

CSA MC 4.0.3 as described in Common Services 2.2 from Disk 1 to install Service Pack 3 automatically as described in Chapter 1, "Upgrading CSA MC."

Caution You cannot upgrade StormWatch versions 3.0 or earlier to CSA MC.

 

 

VPN Monitor (any version)

Note VPN Monitor cannot be upgraded. The features for this component are distributed amongst newer VMS components.


Software Updates

All software updates and related documentation required to install VMS components are included on your product CDs. Common Services 2.2 retains the same version in VMS but has updates that must be installed for VMS 2.3 to operate properly.

Common Services installs with an embedded Service Pack 3 update, requiring no action.

Downloading VMS Components from Cisco.com

If you are performing a fresh installation or upgrading to VMS 2.3, downloading components from Cisco.com is not required. However, you might elect to download a service pack, software update or component as they are updated over time.

See the following websites for information:

To access the end-of-life and end-of-sales notices, go to:

http://www.cisco.com/en/US/products/sw/cscowork/ps2330/prod_eol_notices_list.html

To determine the appropriate media kit for all or any of the components, we recommend that you read the latest Product Bulletin for the appropriate part number according to your service contract at:

http://www.cisco.com/en/US/products/sw/cscowork/ps2330/prod_bulletins_list.html

If you need assistance, use the Product Upgrade Tool at http://www.cisco.com/upgrade.