Installing the VPN/Security Management Solution (VMS) 2.3 on Solaris
Preparing to Install or Upgrade VMS
Download this chapter
Preparing to Install or Upgrade VMSPreparing to Install or Upgrade VMS
Download the complete book
Installing VMS 2.3 on Solaris - full book pdfInstalling VMS 2.3 on Solaris - full book pdf (PDF - 1 MB)
give_us_feedback

Table Of Contents

Preparing to Install or Upgrade VMS

Planning and Deployment

System Preparation

Installation Paths and Upgrade Options

Upgrade Options

Software Updates

Downloading VMS Components from Cisco.com


Preparing to Install or Upgrade VMS

This chapter includes the following pre-installation steps:

Planning and Deployment

System Preparation

Installation Paths and Upgrade Options

Downloading VMS Components from Cisco.com

Planning and Deployment

Before installing any part of VMS, you must decide where to install VMS components according to the deployment needs of your network such as its size, device types and various security considerations. Consider the consequences of installing multiple Java Runtime Environment (JRE) versions and coexistence issues if you install VMS on a server with Routed WAN (RWAN) components such as Access Control List Manager (ACLM).

Information to assist you with deployment and solution co-existence is available in the CiscoWorks VPN/Security Management Solution Deployment Guide on cisco.com at: http://www.cisco.com/en/US/products/sw/cscowork/ps2330/prod_white_papers_list.html.

System Preparation

After you have verified that your system meets the requirements outlined in "VPN/Security Management Solution Overview" you can prepare your system for installation. The least secure component of a system defines how secure the system is. Before installing your server software, you should take some basic steps to secure the target server and operating system:

This section contains important information that you should read before you begin installation:

Note the default installation directory location. CiscoWorks applications are installed in the following default directory:

/opt/CSCOpx

If you select another directory during installation, the application is installed in that directory. If you select an installation directory different from the default, the /opt/CSCOpx directory is created as a link to the directory you selected. If you remove the link after installation, the component might malfunction.

Note the installation log file location. If errors occur during installation, check the installation log file /var/tmp/ciscoinstall.log.

System changes cannot be undone if you cancel installation. You can press Ctrl-C at any time to end the installation. However, any changes to your system (for example, installation of new files or changes to system files) will not be undone.

Caution We do not recommend ending the installation, using Ctrl-C, or you will be required to manually clean up the installation directories.

Disable SSL for security. For secure access between the client browser and the management server, you can enable or disable SSL from the CiscoWorks desktop.

If SSL is enabled:

The URL begins with https instead of http to indicate a secure connection.

The port number succeeding the server name is 1742 instead of 1741.

You cannot enable SSL on the CiscoWorks server if there is an application that is not SSL-compliant installed on the server.

Note We recommend that you have SSL enabled during installation unless you are using other CiscoWorks components that do not support SSL. For help with SSL, consult the User Guide for CiscoWorks Common Services 2.2 at: http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/2.2/user/guide/UserGuideForCommonServices.pdf.

Verify that you disabled Dynamic Host Configuration Protocol (DHCP) or assign a permanent, static lease for all CiscoWorks servers and AutoUpdate Servers. The Dynamic Host Control Protocol (DHCP) enables hosts to receive dynamically assigned IP addresses. Because these IP addresses are not permanently assigned to the hosts, we recommend that you disable DHCP or assign a permanent, static lease for all CiscoWorks servers and AutoUpdate Servers. Because Firewall MC identifies these servers as administrative hosts to the managed devices, dynamically assigning IP addresses to these hosts can result in authentication failures and the inability to manage the devices using Firewall MC.

Network inconsistencies might cause installation errors if you are installing from a remote mount point. Avoid this if possible.

Caution Before installing VMS 2.3, make sure that Router MC 1.2.1 is using the most up-to-date database, since VMS 2.3 will upgrade this database to the Router MC 1.3.1 database as described in CSCin67893. For more information about this defect and its workaround, please see Release Notes for Management Center for VPN Routers 1.3.1 on Solaris 2000 and Solaris on On Cisco.com at http://www.cisco.com/en/US/docs/security/security_management/vms/router_mc/1.3.x/release/notes/RMC131rn.html.

Installation Paths and Upgrade Options

If you already have another CiscoWorks solution or component installed on your server, component upgrade, or a different installation path might be required, before you install VMS. Review the information in Table 1 to determine what software is required for the VMS components to function properly.

Table 1 Recommended Installation Paths 

If you are installing CiscoWorks VPN/Security Management Solution (VMS) on a system that has...
Then do this

No other CiscoWorks products installed

Install VMS using the instructions in this installation guide. See Installing and Uninstalling VMS.

VMS or any of its components

See Upgrade Options.

CiscoWorks Routed WAN Management Solution (RWAN) or any of its components installed

Install VMS on a separate server using the instructions in this installation guide. See Installing and Uninstalling VMS.

CiscoWorks LAN Management Solution (LMS) or any of its components installed

Install VMS on a separate server using the instructions in this installation guide. See Installing and Uninstalling VMS.


Upgrade Options

Caution Apart from solution coexistence, a few VMS components require upgrade to an intermediary version before you can use the VMS installer found on Disk 1. For this reason, we strongly recommend selecting Server Configuration > About the Server > Applications and Versionsto determine precise component version numbers before you upgrade.

Table 2 describes the recommended sequence for upgrading individual VMS component applications when earlier versions of these components are already installed on your system. Please check component release notes for special upgrade instructions if you do not see your component's version listed in rhe Recommended Upgrade Sequence table.

Table 2 Recommended Upgrade Sequence 

If the following product is already installed...
And one or more of the following products are also already installed...
You should upgrade in the following order...

CiscoWorks Common Services 2.2

Update 1 or any Service Pack

Reinstall Common Services as described in Chapter 1, "Upgrading to VMS 2.3" and Service Pack 3 will install automatically.

Auto Update Server 1.1

Common Services 2.2 and any update other than Service Pack 3

1. Reinstall Common Services as described in Chapter 1, "Upgrading to VMS 2.3" and Service Pack 3 will install automatically.

2. Install AUS 1.3 from VMS Disk 2 on its own or with other VMS components as described in Chapter 1, "Upgrading to VMS 2.3".

Management Center for Firewalls 1.2.2

Common Services 2.2 and any update other than Service Pack 3

1. Reinstall Common Services as described in Chapter 1, "Upgrading to VMS 2.3" and Service Pack 3 will install automatically.

2. Install Firewall MC 1.3.3 from VMS Disk 2 on its own or with other VMS components as described in Chapter 1, "Upgrading to VMS 2.3".

Management Center for IDS Sensors 1.2.3

Common Services 2.2 and any update other than Service Pack 3

1. Reinstall Common Services as described in Chapter 1, "Upgrading to VMS 2.3" and Service Pack 3 will install automatically.

2. Install IDS MC 2.0.1 from VMS Disk 4 as described in Chapter 1, "Upgrading to VMS 2.3".

3. Install IPS MC 2.1 from VMS Disk 2 on its own or with other VMS components as described in Chapter 1, "Upgrading to VMS 2.3".

Management Center for IDS Sensors 2.0.1

Common Services 2.2 and any update other than Service Pack 3

1. Reinstall Common Services as described in Chapter 1, "Upgrading to VMS 2.3" and Service Pack 3 will install automatically.

2. Install IPS MC 2.1 from VMS Disk 2 on its own or with other VMS components as described in Chapter 1, "Upgrading to VMS 2.3".

Management Center for VPN Routers 1.2.1

Common Services 2.2 and any update other than Service Pack 3

1. Reinstall Common Services as described in Chapter 1, "Upgrading to VMS 2.3" and Service Pack 3 will install automatically.

2. Install Router MC 1.3.1 from VMS Disk 2 on its own or with other VMS components as described in Chapter 1, "Upgrading to VMS 2.3".

Monitoring Center for Performance 2.0

Common Services 2.2 and any update other than Service Pack 3

1. Reinstall Common Services as described in Chapter 1, "Upgrading to VMS 2.3" and Service Pack 3 will install automatically.

2. Install Performance Monitor 2.0.2 from VMS Disk 3 on its own or with other VMS components as described in Chapter 1, "Upgrading to VMS 2.3".

Monitoring Center for Security 1.2.3

Common Services 2.2 and any update other than Service Pack 3

1. Reinstall Common Services as described in Chapter 1, "Upgrading to VMS 2.3" and Service Pack 3 will install automatically.

2. Install Security Monitor 2.0 from VMS Disk 3 on its own or with other VMS components as described in Chapter 1, "Upgrading to VMS 2.3".

Resource Manager Essentials 3.5

Common Services 2.2 and any update other than Service Pack 3

1. Reinstall Common Services as described in Chapter 1, "Upgrading to VMS 2.3" and Service Pack 3 will install automatically.

2. Install IDU 12 from VMS Disk 4 as described in Chapter 1, "Upgrading to VMS 2.3."

VPN Monitor (any version)

Note VPN Monitor cannot be upgraded. Its features are distributed amongst newer VMS components.


Software Updates

All software updates and related documentation required to install VMS components are included on your product CDs. Common Services 2.2 and Resource Manager Essentials (RME) 3.5 retain the same versions in VMS 2.3 but have updates that must be installed for VMS 2.3 to operate properly. Common Services installs with an embedded Service Pack 3 update, requiring no action. RME requires IDU 12 you must install manually. Included in this update are all necessary Incremental Device Updates (IDU).

Downloading VMS Components from Cisco.com

If you are performing a fresh installation or upgrading to VMS 2.3, downloading components from Cisco.com is not required. However, you might elect to download a service pack, software update or component as they are updated over time.

See the following websites for information:

To access the CiscoWorks VMS Software Downloads page for the most recent downloads, go to http://www.cisco.com/go/vms.

To determine the appropriate media kit for all or any of the components, we recommend that you read the latest Product Bulletin for the appropriate part number according to your service contract at:

http://www.cisco.com/en/US/products/sw/cscowork/ps2330/prod_bulletins_list.html

If you need assistance, use the Product Upgrade Tool at http://www.cisco.com/upgrade.