Installing the VPN/Security Management Solution (VMS) 2.3 Basic - Upgrading to VMS 2.3 [CiscoWorks VPN/Security Management Solution]

Table Of Contents

Upgrading to VMS 2.3

Verifying the Integrity of Installation Files

Backing Up Your Existing VMS Database

Common Services Database Backup

Management Center Backup

Order of Upgrade

Upgrading Common Services and Management Centers

Upgrading Common Services with Service Pack 3

Upgrading IDS MC 1.2.3 and Security Monitor 1.2.3

Upgrading Management Centers

Upgrading CSA MC

Upgrading to VMS 2.3

This section assumes you want to upgrade VMS in its entirety including all components on Disk 1 and Disk 2 as listed in Chapter 1, "VMS Components." VMS upgrade takes approximately one hour.

This chapter includes the following upgrade information:

•Verifying the Integrity of Installation Files

•Backing Up Your Existing VMS Database

•Order of Upgrade

•Upgrading Common Services and Management Centers

•Upgrading CSA MC

Note If you are downloading components from Cisco.com, see Chapter 1, "Downloading VMS Components from Cisco.com."

Before You Begin

•Verify that all system requirements are met as listed in Chapter 1, "System Requirements."

•Perform all proper system checks and safety measures as listed in Chapter 1, "System Preparation."

•Verify that the safety of all installation files as described in Chapter 1, "Verifying the Integrity of Installation Files."

•Back up your existing VMS database. See "Backing Up Your Existing VMS Database" in this chapter.

•Back up your database and disable the CSA MC agent if running on your target server.

Verifying the Integrity of Installation Files

Disk 1 provides a vmmc_verify_digest.exe executable file with which you can perform integrity checks for all files on your VMS installation CDs. This tool is also available on Cisco.com for those who have an account established, and we recommend that you download the tool from this location to ensure maximum security.

To verify the authenticity and integrity of your installation files:

Step 1 Insert one of the VMS installation CDs into your CD-ROM drive and enter run vmmc_verify_digest.exe at the DOS command prompt.

The vmmc_verify_digest.exe file runs though the list of files that it will verify. After this is done, you are prompted for the directory where the files are located.

Note You can press any key to exit after the verification of the files on the CD or local directory.

Step 2 Highlight the CD location by browsing the folders on the CD-ROM and pressing Enter. Verify_digests.exe validates each file.

Note You can enter the CD-ROM drive letter and check the files on the Startup Disk itself or you can copy the files to your system and check them from the directory to which they were copied.

The output displays OK if the files are authentic. If any files are found to be inauthentic (that is, not from Cisco) or corrupt, Failure is displayed.

Step 3 Do one of the following:

•If there are no failure messages, proceed with installation.

•If you receive a File not found message, check the location of the files. This means that the digest program cannot locate a file.

•If you receive a failure message, you might have corrupt files. Repeat Step 2 to confirm that there is a failure and call Cisco TAC before proceeding with VMS installation.

Backing Up Your Existing VMS Database

VMS backup occurs by backing up the Common Services database from the CiscoWorks server desktop, and by using the backup utility to backup all of the Management Center components. We recommend that you back up all system and database files now to establish a system baseline, and to avoid having to reinstall any VMS components if data becomes corrupted.

Common Services Database Backup

To back up the Common Services system files and databases, use the backup data command, described ahead, and in Installation and Setup Guide for CiscoWorks Common Services 2.2 on Windows at
http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/2.2/cd_one/installation/windows/guide/InstallSetupGuideForComSerCVWin.pdf. Make sure the backed up data is stored on tape or CD-ROM.

To backup your data:

Step 1 Access the CiscoWorks desktop and log in. For information, see Chapter 1, "Logging In to the CiscoWorks Server Desktop."

Step 2 Select Server Configuration > Administration > Database Management > Back Up Data Now.

The Back Up Data Now dialog box appears.

Step 3 Enter the pathname of the target directory.

Note We recommend that you use a different directory from the directory where VMS files are located, for example, /cw/backups.

Step 4 To begin the backup, click Finish.

This process may take a few minutes to complete.

Management Center Backup

To back up all Management Center system files and databases, use the backup database command.

To backup your database:

Step 1 Access the CiscoWorks desktop and log in. For information, see Chapter 1, "Logging In to the CiscoWorks Server Desktop."

Step 2 Select VPN/Security Management Solution > Administration > Common Services > Backup Database.

The Back Up Database dialog box appears.

Step 3 Enter the pathname of the target directory.

Note We recommend that you use a different directory from the directory where VMS files are located, for example, /cw/backups.

Step 4 To begin the backup, click Finish.

This process may take a few minutes to complete.

Order of Upgrade

Caution IPS MC 1.2.3 and Security Monitor 1.2.3 require upgrade to an intermediary version (2.0.1 found on Disk 2 before you can use the VMS installer found on Disk 1. For this reason, we strongly recommend selecting Server Configuration > About the Server > Applications and Versions to determine precise component version numbers before you upgrade.

Because backups of IPS MC 1.2.3 and Security Monitor 1.2.3 data cannot be restored directly onto a IPS MC/SecMon 2.1 system, you should perform a backup for future use after successfully upgrading.

As with a new VMS installation, the components in an upgraded installation require that Common Services and VMS Service Pack 3 be installed first.

To upgrade to VMS 2.3:

Step 1 Select Server Configuration > About the Server > Applications and Versions to determine precise component version numbers before you upgrade.

Step 2 Follow one of the following two sets of steps:

a. If you have IDS MC 1.2.3 or Security Monitor 1.2.3 installed, you must:

1. Install Common Services with Service Pack 3 on Disk 1as described in Upgrading Common Services with Service Pack 3.

2. Upgrade to IDS MC 2.0.1 and Security Monitor 2.0.1 on Disk 2as described in Upgrading IDS MC 1.2.3 and Security Monitor 1.2.3.

3. Upgrade remaining components using the installer beginning starting with Disk 1as described in Upgrading Management Centers.

b. If you have IDS MC 2.0.1 or Security Monitor 2.0.1 installed:

1. Install Common Services with Service Pack 3 on Disk 1as described in Upgrading Common Services with Service Pack 3.

2. Upgrade remaining components using the installer beginning starting with Disk 1as described in Upgrading Management Centers.

Upgrading Common Services and Management Centers

See the following for upgrade procedures:

•Upgrading Common Services with Service Pack 3

•Upgrading IDS MC 1.2.3 and Security Monitor 1.2.3

•Upgrading Management Centers

Upgrading Common Services with Service Pack 3

Service Pack 3 will install automatically when you select Common Services.

To upgrade to Common Services with Service Pack 3 (mandatory in every case):

Step 1 Insert Disk 1 into the CD-ROM drive.

At the top level of the directory structure, you will see a Documentation folder that includes all available component installation and user documentation.

If autorun is enabled on your system, the CiscoWorks VMS Management and Monitoring Centers Installer window opens.

Step 2 If autorun is not enabled, select Start > Run. In the Run dialog box, then enter e:\autorun.exe, where e is your CD-ROM drive.

The VPN/Security Management Solution Setup Program window opens.

Step 3 Click Install.

The Setup and Welcome windows advise you to exit all Windows applications before you run the installation Setup program.

Step 4 Click Next.

The Software License Agreement window opens.

Step 5 Click Yes to continue.

The Documentation Location window opens.

Step 6 Click Next.

The Choose Destination Folder window opens and displays the Destination Folder path from which you can change the default directory for your CiscoWorks files.

Step 7 Do one of the following:

•Click Browse to navigate to a different directory location for CiscoWorks files.

•Click Next to accept the default directory.

The Select Components Window lists all Disk 1 components. This list includes CiscoView 5.5 and Integration Utility 1.5, both of which are part of Common Services.

Step 8 Select all Common Services components including CiscoView 5.5 and Integration Utility 1.5. Service Pack 3 will install automatically when you select Common Services.

Caution Do not click Select All unless you are certain you have IDS MC and Security Monitor versions 2.0.1 already installed. Installation will fail. See "Order of Upgrade" section for correct procedures.

The installation program determines your system requirements, after which the System Requirements window compares available space to required space and displays a warning if the available space is not sufficient.

The Select CiscoWorks Syslog Port window asks you to confirm or change the port selection.

Step 9 Do one of the following:

•Enter a new port.

•Click Next to continue installation using the specified port.

Note For more information on ports, see Appendix A, "TCP and UDP Ports Used."

The Configure Communication Properties window opens.

Step 10 Do one of the following:

•Enter new values for Host ID, Organization ID, IP Address, Host Name and Organization Name, if necessary, in the Configure Communication Properties window.

•Click Next to continue installation with the specified values.

The VMS Database Password window asks you to enter and confirm a database password for only those applications that you are installing or updating.

Step 11 Enter and confirm your VMS database password in the VMS Database Password window.

Step 12 Click Next.

The Summary window asks you to verify the components being installed and upgraded and their target directories.

Step 13 Click Next after you have done this verification.

A series of windows opens in quick succession notifying you of various installation activities such as checks and processes within CiscoWorks that are being stopped in order to upgrade VMS component applications.

Upgrading IDS MC 1.2.3 and Security Monitor 1.2.3

IDS MC 1.2.3 must be upgraded to IDS MC 2.0.1 before it can be upgraded to IPS MC 2.1. Please read in detail the installation and upgrade sections of the Release Notes for Management Center for IDS Sensors 2.0.1 and Monitoring Center for Security 2.0.1 on Windows and Solaris on cisco.com at http://www.cisco.com/en/US/products/sw/cscowork/ps3990/prod_release_notes_list.html. Installation files are located on Disk 2.

The following information is important to you as a user of IDS MC 2.0.1 or Security Monitor 2.0.1:

•Cisco Host Intrusion Detection System is no longer supported. This functionality is replaced by Cisco Security Agent.

•Before installing VMS 2.3, you may want to upgrade your sensors to IDS 4.1(1).

•Use static IP addresses for the host or hosts where IDS MC and Security Monitor are installed, because DHCP is not supported for IDS MC or Security Monitor.

•Do not use download accelerator programs such as DAP, because they are not supported.

•You cannot use SSH keys in IDS MC if you want to use a sensor as a master blocking sensor.

•If the idsmdc.log file is growing too large with unwanted data, you can reset its size to 0 (zero) by backing up the database. Then, you can delete the backup file. (The idsmdc.log file is in the same directory as idsmdc.db, the directory that was specified for the database at installation.) Also, you can use IdsDbCompact to reduce the size of the database.

•We strongly recommend that you avoid connecting to the database directly, because doing so can cause performance reductions and unexpected system behavior.

•Do not run SQL queries against the database.

•Event Viewer in Security Monitor 2.0 and later supports blocking when you are using sensors that are operating with IDS 4.x software.

•If you do not specify the -f"filename" option when using the IdsImportIdiom command line utility, the program reads "standard input" for data. As a result, the program waits forever for input; it will not time out or return, and you must abort it. Although this is not a defect, you need to be aware of this behavior to avoid misunderstanding when you use this command line utility.

Caution If IDS_ReportScheduler (a CiscoWorks2000 process), CiscoWorks2000, or Windows 2000 is stopped, any scheduled report that is running at the time is interrupted and its content is lost. In IDS MC 1.2, Security Monitor 1.2, and later versions of both, the Audit Log Report contains an entry noting the interruption and the lost content. This caution is particularly important if reports are scheduled to be generated repeatedly.

•You can forward syslog messages on the basis of IP address/hostname and port. The IP address/hostname is a required field whose default value is localhost. If a DNS name is entered, it must resolve to an IP address at data entry time. If at any time during syslog forwarding, a DNS name cannot be resolved to an IP address, an appropriate error message is logged to the Audit Log.

•When firewall reports are generated, performance may be degraded as a result of configuring both WINS and DNS on Windows 2000 servers, because it may take a long time to resolve IP addresses to a hostname when the IP address does not exist in DNS or WINS. Security Monitor will automatically disable any further DNS lookup activity for that particular report instance if the cumulative time for doing lookup in a particular report exceeds 10 minutes. Another way to improve performance is to reconfigure your report generation filters to select a smaller subset of syslog messages to be included in the report.

•When firewall reports are generated, no correlation is done for sessions that involve more than one connection (such as FTP and RTSP). Each connection in a session appears independently in the report. If the port numbers used by connections do not map to standard port numbers, they are categorized as Unknown TCP or UDP service.

•An upgrade installation note applies if you use Cisco Secure Access Control Server and upgrade IDS MC 1.2.3 to IDS MC 2.0.1. Refer to "Post-Upgrade Installation Note for IDS MC 2.0.1 and Security Monitor 2.0.1" in the Using Management Center for IDS Sensors 2.0 at http://www.cisco.com/en/US/products/sw/cscowork/ps3990/products_user_guide_list.html.

Before you begin

Note Before upgrading, you should back up your database using the VMS backup process. For more information on the VMS backup, refer to "Backing Up Your Existing VMS Database" section.

Upgrading to IDS MC 2.0.1 and Security Monitor 2.0.1

This section describes how to upgrade to IDS MC 2.0.1 and Security Monitor 2.0.1. If IDS MC and Security Monitor are installed on the same server, you must upgrade both. If only one component is installed on the server, you can optionally install the current version of the other component on the same server during the upgrade process.

To upgrade IDS MC, Security Monitor, or both, or to upgrade one component while installing the other, follow these steps:

Step 1 Log in as the local administrator on the system on which CiscoWorks Common Services is installed.

Step 2 Start the installer, and then click Yes to begin the installation.

Step 3 Click Next to begin the installation. The Software License Agreement page appears.

Step 4 To accept the terms of the license agreement, click Yes.

Note If you do not accept the terms of the license agreement, click No. The install wizard closes.

Step 5 To indicate that you are aware you are upgrading IDS MC and Security Monitor, Security Monitor, click the Typical installation radio button.

Step 6 Click Next.

The following message appears:
NOTE: Security Monitor attack records will be archived on disk. See 
online help to import archived records.
IMPORTANT: You are performing an upgrade, it is strongly recommended 
that you first make a VMS backup.  Click [Yes] if you would like to 
proceed.
Step 7 Do one of the following:

•To cancel this upgrade and perform a VMS backup, click No and then follow the perform the backup.

After you have completed the VMS back up, restart this procedure.

•To proceed with the upgrade, click Yes.

The System Requirements page appears.

Step 8 Verify that your system meets the minimum disk space and memory requirements. Then, click Next.

If you are installing Security Monitor (not upgrading), the Select CiscoWorks Syslog Port page appears. If you are not installing Security Monitor, the Summary page appears, and you should skip to Step 9.

Step 9 Specify which UDP port CiscoWorks uses. The value can be between 1 and 65535. By default, CiscoWorks uses UDP port 52514. We recommend that you use the default port value. Then, click Next. The Configure Communication Verify the selected components. Then, click Next.

You are prompted to save the existing IDS MC/Security Monitor database.

Step 10 To save the existing IDS MC/Security Monitor database, click Yes. To erase the existing data and start with a new database, click No.

The applications are upgraded, and then the Setup Complete page appears.

Step 11 Click Finish to complete the upgrade.

Upgrading Management Centers

To upgrade Management Centers with or without Common Services:

Step 1 Insert Disk 1 into the CD-ROM drive.

At the top level of the directory structure, you will see a Documentation folder that includes all available component installation and user documentation.

If autorun is enabled on your system, the CiscoWorks VMS Management and Monitoring Centers Installer window opens.

Step 2 If autorun is not enabled, select Start > Run. In the Run dialog box, then enter e:\autorun.exe, where e is your CD-ROM drive.

The VPN/Security Management Solution Setup Program window opens.

Step 3 Click Install.

The Setup and Welcome windows advise you to exit all Windows applications before you run the installation Setup program.

Step 4 Click Next.

The Software License Agreement window opens.

Step 5 Click Yes to continue.

The Documentation Location window opens.

Step 6 Click Next.

The Choose Destination Folder window opens and displays the Destination Folder path from which you can change the default directory for your CiscoWorks files.

Step 7 Do one of the following:

•Click Browse to navigate to a different directory location for CiscoWorks files.

•Click Next to accept the default directory.

The Select Components Window lists all Disk 1 components. This list includes CiscoView 5.5 and Integration Utility 1.5, both of which are part of Common Services.

Step 8 Do one of the following:

•Select only those components you want to install.

•Click Select All to select all component check boxes and begin installation of the complete product.

Note To avoid unnecessarily slow response times while using VMS, we recommend that you install VMS security configuration management components (Firewall MC, Router MC, IPS MC, and AUS) on a separate server from VMS monitoring components (Performance Monitor and Security Monitor).

Caution You must verify that installing all components on one server is the right thing to do before enabling Select All.

The installation program determines your system requirements, after which the System Requirements window compares available space to required space and displays a warning if the available space is not sufficient.

The Select Database Location window then prompts you to confirm the location for the IPS database. At this time you can verify or change the database location, although we recommend using the default.

Step 9 Do one of the following:

•Click Browse to change the IPS database location.

•Click Next to continue installation with the IPS database at the specified location.

The Select CiscoWorks Syslog Port window asks you to confirm or change the port selection.

Step 10 Do one of the following:

•Enter a new port.

•Click Next to continue installation using the specified port.

The Ports Configuration window prompts you to change the default port values for Lock Manager (LM) and FMS database services if they conflict with another application on the server.

Note For more information on ports, see Appendix A, "TCP and UDP Ports Used."

The Configure Communication Properties window opens.

Step 11 Do one of the following:

•Enter new values for Host ID, Organization ID, IP Address, Host Name and Organization Name, if necessary, in the Configure Communication Properties window.

•Click Next to continue installation with the specified values.

The VMS Database Password window asks you to enter and confirm a database password for only those applications that you are installing or updating.

Step 12 Enter and confirm your VMS database password in the VMS Database Password window.

Step 13 Click Next.

The Summary window asks you to verify the components being installed and upgraded and their target directories.

Step 14 Click Next after you have done this verification.

A series of windows opens in quick succession notifying you of various installation activities such as checks and processes within CiscoWorks that are being stopped in order to upgrade VMS component applications. This process lasts about 5 minutes after which you will see an installation progress bar window as VMS is being installed. This process takes an additional 20 to 30 minutes.

Note If at any time installation appears to hang or take excessively long, minimize installation windows and check your desktop for hidden dialog boxes. At times, these can appear, but be covered by other windows and provide no visible indication.

Upgrading CSA MC

When you upgrade CSA MC, existing configurations (for example, policies and groups) are preserved. Because CSA MC ships with preconfigured items, new items may be added to the preserved ones. This occurs when the upgrade process checks the existing database. If a matching item is found, the new configuration data is not copied over the existing data; rather the existing item is left as is.

If the upgrade process finds an item with the same name as a new one, but with different configuration components (for example, variables), the existing item is renamed by appending the version number (V4.0, for example) to the name. The new version is then copied into the database with no version number so that both items can co-exist in the database. Therefore, for any partial configuration item duplications that may exist after an upgrade, the item with no version number appended to its name is always the most recent version.

Note Upgrading Storm Watch versions 3.0 and earlier to Cisco Security Agent V4.0 is not supported.

Before You Begin

•Verify that all system requirements are met as listed in Chapter 1, "System Requirements."

•Have available Installing Management Center for Cisco Security Agents 4.5.1 located on pdf in the Documentation directory of the installation CD.

•Disable the CSA agent when prompted during the installation.

•Exit any other programs you have running on the system where you are installing CSA MC.

To install CSA MC:

Step 1 Log in as a local Administrator on the server where you installed an earlier version of CSA MC.

Step 2 Double-click the CSA MC .exe file in the top level directory of the Disk 2 CD-ROM. The Installer window opens.

Step 3 The installation first checks to see if you have Microsoft SQL Server Desktop Engine (MSDE) installed. Because this is an upgrade, the installation program will detect the application.

Note For installation exceeding 500 agents, we recommend that you install Microsoft SQL Server 2000 instead of using the Microsoft SQL Server Desktop Engine that is provided with the product. Microsoft SQL Server Desktop Engine has a 2 GB limit. Note that SQL Server 2000 must be licensed separately and it must be installed on the system before you begin the CSA MC installation.

The installation wizard introduction window opens.

Step 4 Click Next to continue.

The installation program copies the necessary files to your system. Since this is an upgrade, the previously existing license file is used, and no dialog box is presented at this time.

After the CSA MC installation completes, an agent begins protecting your system. We recommend that you allow this agent installation immediately, although you may uninstall the agent separately if you choose.

Note When you install CSA MC, the installation enables SLL in CiscoWorks. When you access CSA MC from within the CiscoWorks server desktop, you must have SSL enabled in CiscoWorks for CSA MC to allow the connection.

You are prompted to reboot your system within 2 minutes after the CSA MC agent installation completes. You must reboot your system before you can begin using CSA MC.

Step 5 Upgrade your CSA MC production license following the steps listed in "Upgrading CSA MC Production License" in Chapter 1, "Preparing to Use VMS 2.3."

	Installing the VPN/Security Management Solution (VMS) 2.3 Basic
	Upgrading to VMS 2.3
Installing the VPN/Security Management Solution (VMS) 2.3 Basic Software License Agreement Preface Overview Preparing to Install or Upgrade VMS Installing and Uninstalling VMS Upgrading to VMS 2.3 Preparing to Use VMS 2.3 Troubleshooting Installation Password Information TCP and UDP Ports Used Index	Download this chapter Upgrading to VMS 2.3 Download the complete book Installing VMS 2.3 Basic - full book pdf (PDF - 1 MB) Table Of Contents Upgrading to VMS 2.3 Verifying the Integrity of Installation Files Backing Up Your Existing VMS Database Common Services Database Backup Management Center Backup Order of Upgrade Upgrading Common Services and Management Centers Upgrading Common Services with Service Pack 3 Upgrading IDS MC 1.2.3 and Security Monitor 1.2.3 Upgrading Management Centers Upgrading CSA MC Upgrading to VMS 2.3 This section assumes you want to upgrade VMS in its entirety including all components on Disk 1 and Disk 2 as listed in Chapter 1, "VMS Components." VMS upgrade takes approximately one hour. This chapter includes the following upgrade information: •Verifying the Integrity of Installation Files •Backing Up Your Existing VMS Database •Order of Upgrade •Upgrading Common Services and Management Centers •Upgrading CSA MC Note If you are downloading components from Cisco.com, see Chapter 1, "Downloading VMS Components from Cisco.com." Before You Begin •Verify that all system requirements are met as listed in Chapter 1, "System Requirements." •Perform all proper system checks and safety measures as listed in Chapter 1, "System Preparation." •Verify that the safety of all installation files as described in Chapter 1, "Verifying the Integrity of Installation Files." •Back up your existing VMS database. See "Backing Up Your Existing VMS Database" in this chapter. •Back up your database and disable the CSA MC agent if running on your target server. Verifying the Integrity of Installation Files Disk 1 provides a vmmc_verify_digest.exe executable file with which you can perform integrity checks for all files on your VMS installation CDs. This tool is also available on Cisco.com for those who have an account established, and we recommend that you download the tool from this location to ensure maximum security. To verify the authenticity and integrity of your installation files: Step 1 Insert one of the VMS installation CDs into your CD-ROM drive and enter run vmmc_verify_digest.exe at the DOS command prompt. The vmmc_verify_digest.exe file runs though the list of files that it will verify. After this is done, you are prompted for the directory where the files are located. Note You can press any key to exit after the verification of the files on the CD or local directory. Step 2 Highlight the CD location by browsing the folders on the CD-ROM and pressing Enter. Verify_digests.exe validates each file. Note You can enter the CD-ROM drive letter and check the files on the Startup Disk itself or you can copy the files to your system and check them from the directory to which they were copied. The output displays OK if the files are authentic. If any files are found to be inauthentic (that is, not from Cisco) or corrupt, Failure is displayed. Step 3 Do one of the following: •If there are no failure messages, proceed with installation. •If you receive a File not found message, check the location of the files. This means that the digest program cannot locate a file. •If you receive a failure message, you might have corrupt files. Repeat Step 2 to confirm that there is a failure and call Cisco TAC before proceeding with VMS installation. Backing Up Your Existing VMS Database VMS backup occurs by backing up the Common Services database from the CiscoWorks server desktop, and by using the backup utility to backup all of the Management Center components. We recommend that you back up all system and database files now to establish a system baseline, and to avoid having to reinstall any VMS components if data becomes corrupted. Common Services Database Backup To back up the Common Services system files and databases, use the backup data command, described ahead, and in Installation and Setup Guide for CiscoWorks Common Services 2.2 on Windows at http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/2.2/cd_one/installation/windows/guide/InstallSetupGuideForComSerCVWin.pdf. Make sure the backed up data is stored on tape or CD-ROM. To backup your data: Step 1 Access the CiscoWorks desktop and log in. For information, see Chapter 1, "Logging In to the CiscoWorks Server Desktop." Step 2 Select Server Configuration > Administration > Database Management > Back Up Data Now. The Back Up Data Now dialog box appears. Step 3 Enter the pathname of the target directory. Note We recommend that you use a different directory from the directory where VMS files are located, for example, /cw/backups. Step 4 To begin the backup, click Finish. This process may take a few minutes to complete. Management Center Backup To back up all Management Center system files and databases, use the backup database command. To backup your database: Step 1 Access the CiscoWorks desktop and log in. For information, see Chapter 1, "Logging In to the CiscoWorks Server Desktop." Step 2 Select VPN/Security Management Solution > Administration > Common Services > Backup Database. The Back Up Database dialog box appears. Step 3 Enter the pathname of the target directory. Note We recommend that you use a different directory from the directory where VMS files are located, for example, /cw/backups. Step 4 To begin the backup, click Finish. This process may take a few minutes to complete. Order of Upgrade Caution IPS MC 1.2.3 and Security Monitor 1.2.3 require upgrade to an intermediary version (2.0.1 found on Disk 2 before you can use the VMS installer found on Disk 1. For this reason, we strongly recommend selecting Server Configuration > About the Server > Applications and Versions to determine precise component version numbers before you upgrade. Because backups of IPS MC 1.2.3 and Security Monitor 1.2.3 data cannot be restored directly onto a IPS MC/SecMon 2.1 system, you should perform a backup for future use after successfully upgrading. As with a new VMS installation, the components in an upgraded installation require that Common Services and VMS Service Pack 3 be installed first. To upgrade to VMS 2.3: Step 1 Select Server Configuration > About the Server > Applications and Versions to determine precise component version numbers before you upgrade. Step 2 Follow one of the following two sets of steps: a. If you have IDS MC 1.2.3 or Security Monitor 1.2.3 installed, you must: 1. Install Common Services with Service Pack 3 on Disk 1as described in Upgrading Common Services with Service Pack 3. 2. Upgrade to IDS MC 2.0.1 and Security Monitor 2.0.1 on Disk 2as described in Upgrading IDS MC 1.2.3 and Security Monitor 1.2.3. 3. Upgrade remaining components using the installer beginning starting with Disk 1as described in Upgrading Management Centers. b. If you have IDS MC 2.0.1 or Security Monitor 2.0.1 installed: 1. Install Common Services with Service Pack 3 on Disk 1as described in Upgrading Common Services with Service Pack 3. 2. Upgrade remaining components using the installer beginning starting with Disk 1as described in Upgrading Management Centers. Upgrading Common Services and Management Centers See the following for upgrade procedures: •Upgrading Common Services with Service Pack 3 •Upgrading IDS MC 1.2.3 and Security Monitor 1.2.3 •Upgrading Management Centers Upgrading Common Services with Service Pack 3 Service Pack 3 will install automatically when you select Common Services. To upgrade to Common Services with Service Pack 3 (mandatory in every case): Step 1 Insert Disk 1 into the CD-ROM drive. At the top level of the directory structure, you will see a Documentation folder that includes all available component installation and user documentation. If autorun is enabled on your system, the CiscoWorks VMS Management and Monitoring Centers Installer window opens. Step 2 If autorun is not enabled, select Start > Run. In the Run dialog box, then enter e:\autorun.exe, where e is your CD-ROM drive. The VPN/Security Management Solution Setup Program window opens. Step 3 Click Install. The Setup and Welcome windows advise you to exit all Windows applications before you run the installation Setup program. Step 4 Click Next. The Software License Agreement window opens. Step 5 Click Yes to continue. The Documentation Location window opens. Step 6 Click Next. The Choose Destination Folder window opens and displays the Destination Folder path from which you can change the default directory for your CiscoWorks files. Step 7 Do one of the following: •Click Browse to navigate to a different directory location for CiscoWorks files. •Click Next to accept the default directory. The Select Components Window lists all Disk 1 components. This list includes CiscoView 5.5 and Integration Utility 1.5, both of which are part of Common Services. Step 8 Select all Common Services components including CiscoView 5.5 and Integration Utility 1.5. Service Pack 3 will install automatically when you select Common Services. Caution Do not click Select All unless you are certain you have IDS MC and Security Monitor versions 2.0.1 already installed. Installation will fail. See "Order of Upgrade" section for correct procedures. The installation program determines your system requirements, after which the System Requirements window compares available space to required space and displays a warning if the available space is not sufficient. The Select CiscoWorks Syslog Port window asks you to confirm or change the port selection. Step 9 Do one of the following: •Enter a new port. •Click Next to continue installation using the specified port. Note For more information on ports, see Appendix A, "TCP and UDP Ports Used." The Configure Communication Properties window opens. Step 10 Do one of the following: •Enter new values for Host ID, Organization ID, IP Address, Host Name and Organization Name, if necessary, in the Configure Communication Properties window. •Click Next to continue installation with the specified values. The VMS Database Password window asks you to enter and confirm a database password for only those applications that you are installing or updating. Step 11 Enter and confirm your VMS database password in the VMS Database Password window. Step 12 Click Next. The Summary window asks you to verify the components being installed and upgraded and their target directories. Step 13 Click Next after you have done this verification. A series of windows opens in quick succession notifying you of various installation activities such as checks and processes within CiscoWorks that are being stopped in order to upgrade VMS component applications. Upgrading IDS MC 1.2.3 and Security Monitor 1.2.3 IDS MC 1.2.3 must be upgraded to IDS MC 2.0.1 before it can be upgraded to IPS MC 2.1. Please read in detail the installation and upgrade sections of the Release Notes for Management Center for IDS Sensors 2.0.1 and Monitoring Center for Security 2.0.1 on Windows and Solaris on cisco.com at http://www.cisco.com/en/US/products/sw/cscowork/ps3990/prod_release_notes_list.html. Installation files are located on Disk 2. The following information is important to you as a user of IDS MC 2.0.1 or Security Monitor 2.0.1: •Cisco Host Intrusion Detection System is no longer supported. This functionality is replaced by Cisco Security Agent. •Before installing VMS 2.3, you may want to upgrade your sensors to IDS 4.1(1). •Use static IP addresses for the host or hosts where IDS MC and Security Monitor are installed, because DHCP is not supported for IDS MC or Security Monitor. •Do not use download accelerator programs such as DAP, because they are not supported. •You cannot use SSH keys in IDS MC if you want to use a sensor as a master blocking sensor. •If the idsmdc.log file is growing too large with unwanted data, you can reset its size to 0 (zero) by backing up the database. Then, you can delete the backup file. (The idsmdc.log file is in the same directory as idsmdc.db, the directory that was specified for the database at installation.) Also, you can use IdsDbCompact to reduce the size of the database. •We strongly recommend that you avoid connecting to the database directly, because doing so can cause performance reductions and unexpected system behavior. •Do not run SQL queries against the database. •Event Viewer in Security Monitor 2.0 and later supports blocking when you are using sensors that are operating with IDS 4.x software. •If you do not specify the -f"filename" option when using the IdsImportIdiom command line utility, the program reads "standard input" for data. As a result, the program waits forever for input; it will not time out or return, and you must abort it. Although this is not a defect, you need to be aware of this behavior to avoid misunderstanding when you use this command line utility. Caution If IDS_ReportScheduler (a CiscoWorks2000 process), CiscoWorks2000, or Windows 2000 is stopped, any scheduled report that is running at the time is interrupted and its content is lost. In IDS MC 1.2, Security Monitor 1.2, and later versions of both, the Audit Log Report contains an entry noting the interruption and the lost content. This caution is particularly important if reports are scheduled to be generated repeatedly. •You can forward syslog messages on the basis of IP address/hostname and port. The IP address/hostname is a required field whose default value is localhost. If a DNS name is entered, it must resolve to an IP address at data entry time. If at any time during syslog forwarding, a DNS name cannot be resolved to an IP address, an appropriate error message is logged to the Audit Log. •When firewall reports are generated, performance may be degraded as a result of configuring both WINS and DNS on Windows 2000 servers, because it may take a long time to resolve IP addresses to a hostname when the IP address does not exist in DNS or WINS. Security Monitor will automatically disable any further DNS lookup activity for that particular report instance if the cumulative time for doing lookup in a particular report exceeds 10 minutes. Another way to improve performance is to reconfigure your report generation filters to select a smaller subset of syslog messages to be included in the report. •When firewall reports are generated, no correlation is done for sessions that involve more than one connection (such as FTP and RTSP). Each connection in a session appears independently in the report. If the port numbers used by connections do not map to standard port numbers, they are categorized as Unknown TCP or UDP service. •An upgrade installation note applies if you use Cisco Secure Access Control Server and upgrade IDS MC 1.2.3 to IDS MC 2.0.1. Refer to "Post-Upgrade Installation Note for IDS MC 2.0.1 and Security Monitor 2.0.1" in the Using Management Center for IDS Sensors 2.0 at http://www.cisco.com/en/US/products/sw/cscowork/ps3990/products_user_guide_list.html. Before you begin Note Before upgrading, you should back up your database using the VMS backup process. For more information on the VMS backup, refer to "Backing Up Your Existing VMS Database" section. Upgrading to IDS MC 2.0.1 and Security Monitor 2.0.1 This section describes how to upgrade to IDS MC 2.0.1 and Security Monitor 2.0.1. If IDS MC and Security Monitor are installed on the same server, you must upgrade both. If only one component is installed on the server, you can optionally install the current version of the other component on the same server during the upgrade process. To upgrade IDS MC, Security Monitor, or both, or to upgrade one component while installing the other, follow these steps: Step 1 Log in as the local administrator on the system on which CiscoWorks Common Services is installed. Step 2 Start the installer, and then click Yes to begin the installation. Step 3 Click Next to begin the installation. The Software License Agreement page appears. Step 4 To accept the terms of the license agreement, click Yes. Note If you do not accept the terms of the license agreement, click No. The install wizard closes. Step 5 To indicate that you are aware you are upgrading IDS MC and Security Monitor, Security Monitor, click the Typical installation radio button. Step 6 Click Next. The following message appears: NOTE: Security Monitor attack records will be archived on disk. See online help to import archived records. IMPORTANT: You are performing an upgrade, it is strongly recommended that you first make a VMS backup. Click [Yes] if you would like to proceed. Step 7 Do one of the following: •To cancel this upgrade and perform a VMS backup, click No and then follow the perform the backup. After you have completed the VMS back up, restart this procedure. •To proceed with the upgrade, click Yes. The System Requirements page appears. Step 8 Verify that your system meets the minimum disk space and memory requirements. Then, click Next. If you are installing Security Monitor (not upgrading), the Select CiscoWorks Syslog Port page appears. If you are not installing Security Monitor, the Summary page appears, and you should skip to Step 9. Step 9 Specify which UDP port CiscoWorks uses. The value can be between 1 and 65535. By default, CiscoWorks uses UDP port 52514. We recommend that you use the default port value. Then, click Next. The Configure Communication Verify the selected components. Then, click Next. You are prompted to save the existing IDS MC/Security Monitor database. Step 10 To save the existing IDS MC/Security Monitor database, click Yes. To erase the existing data and start with a new database, click No. The applications are upgraded, and then the Setup Complete page appears. Step 11 Click Finish to complete the upgrade. Upgrading Management Centers To upgrade Management Centers with or without Common Services: Step 1 Insert Disk 1 into the CD-ROM drive. At the top level of the directory structure, you will see a Documentation folder that includes all available component installation and user documentation. If autorun is enabled on your system, the CiscoWorks VMS Management and Monitoring Centers Installer window opens. Step 2 If autorun is not enabled, select Start > Run. In the Run dialog box, then enter e:\autorun.exe, where e is your CD-ROM drive. The VPN/Security Management Solution Setup Program window opens. Step 3 Click Install. The Setup and Welcome windows advise you to exit all Windows applications before you run the installation Setup program. Step 4 Click Next. The Software License Agreement window opens. Step 5 Click Yes to continue. The Documentation Location window opens. Step 6 Click Next. The Choose Destination Folder window opens and displays the Destination Folder path from which you can change the default directory for your CiscoWorks files. Step 7 Do one of the following: •Click Browse to navigate to a different directory location for CiscoWorks files. •Click Next to accept the default directory. The Select Components Window lists all Disk 1 components. This list includes CiscoView 5.5 and Integration Utility 1.5, both of which are part of Common Services. Step 8 Do one of the following: •Select only those components you want to install. •Click Select All to select all component check boxes and begin installation of the complete product. Note To avoid unnecessarily slow response times while using VMS, we recommend that you install VMS security configuration management components (Firewall MC, Router MC, IPS MC, and AUS) on a separate server from VMS monitoring components (Performance Monitor and Security Monitor). Caution You must verify that installing all components on one server is the right thing to do before enabling Select All. The installation program determines your system requirements, after which the System Requirements window compares available space to required space and displays a warning if the available space is not sufficient. The Select Database Location window then prompts you to confirm the location for the IPS database. At this time you can verify or change the database location, although we recommend using the default. Step 9 Do one of the following: •Click Browse to change the IPS database location. •Click Next to continue installation with the IPS database at the specified location. The Select CiscoWorks Syslog Port window asks you to confirm or change the port selection. Step 10 Do one of the following: •Enter a new port. •Click Next to continue installation using the specified port. The Ports Configuration window prompts you to change the default port values for Lock Manager (LM) and FMS database services if they conflict with another application on the server. Note For more information on ports, see Appendix A, "TCP and UDP Ports Used." The Configure Communication Properties window opens. Step 11 Do one of the following: •Enter new values for Host ID, Organization ID, IP Address, Host Name and Organization Name, if necessary, in the Configure Communication Properties window. •Click Next to continue installation with the specified values. The VMS Database Password window asks you to enter and confirm a database password for only those applications that you are installing or updating. Step 12 Enter and confirm your VMS database password in the VMS Database Password window. Step 13 Click Next. The Summary window asks you to verify the components being installed and upgraded and their target directories. Step 14 Click Next after you have done this verification. A series of windows opens in quick succession notifying you of various installation activities such as checks and processes within CiscoWorks that are being stopped in order to upgrade VMS component applications. This process lasts about 5 minutes after which you will see an installation progress bar window as VMS is being installed. This process takes an additional 20 to 30 minutes. Note If at any time installation appears to hang or take excessively long, minimize installation windows and check your desktop for hidden dialog boxes. At times, these can appear, but be covered by other windows and provide no visible indication. Upgrading CSA MC When you upgrade CSA MC, existing configurations (for example, policies and groups) are preserved. Because CSA MC ships with preconfigured items, new items may be added to the preserved ones. This occurs when the upgrade process checks the existing database. If a matching item is found, the new configuration data is not copied over the existing data; rather the existing item is left as is. If the upgrade process finds an item with the same name as a new one, but with different configuration components (for example, variables), the existing item is renamed by appending the version number (V4.0, for example) to the name. The new version is then copied into the database with no version number so that both items can co-exist in the database. Therefore, for any partial configuration item duplications that may exist after an upgrade, the item with no version number appended to its name is always the most recent version. Note Upgrading Storm Watch versions 3.0 and earlier to Cisco Security Agent V4.0 is not supported. Before You Begin •Verify that all system requirements are met as listed in Chapter 1, "System Requirements." •Have available Installing Management Center for Cisco Security Agents 4.5.1 located on pdf in the Documentation directory of the installation CD. •Disable the CSA agent when prompted during the installation. •Exit any other programs you have running on the system where you are installing CSA MC. To install CSA MC: Step 1 Log in as a local Administrator on the server where you installed an earlier version of CSA MC. Step 2 Double-click the CSA MC .exe file in the top level directory of the Disk 2 CD-ROM. The Installer window opens. Step 3 The installation first checks to see if you have Microsoft SQL Server Desktop Engine (MSDE) installed. Because this is an upgrade, the installation program will detect the application. Note For installation exceeding 500 agents, we recommend that you install Microsoft SQL Server 2000 instead of using the Microsoft SQL Server Desktop Engine that is provided with the product. Microsoft SQL Server Desktop Engine has a 2 GB limit. Note that SQL Server 2000 must be licensed separately and it must be installed on the system before you begin the CSA MC installation. The installation wizard introduction window opens. Step 4 Click Next to continue. The installation program copies the necessary files to your system. Since this is an upgrade, the previously existing license file is used, and no dialog box is presented at this time. After the CSA MC installation completes, an agent begins protecting your system. We recommend that you allow this agent installation immediately, although you may uninstall the agent separately if you choose. Note When you install CSA MC, the installation enables SLL in CiscoWorks. When you access CSA MC from within the CiscoWorks server desktop, you must have SSL enabled in CiscoWorks for CSA MC to allow the connection. You are prompted to reboot your system within 2 minutes after the CSA MC agent installation completes. You must reboot your system before you can begin using CSA MC. Step 5 Upgrade your CSA MC production license following the steps listed in "Upgrading CSA MC Production License" in Chapter 1, "Preparing to Use VMS 2.3."
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.