Table Of Contents

Deploying Configurations

Managing Deployment in Workflow Disabled Mode

Using the Actions Bar

Deploying Configurations to Devices (Workflow Disabled Mode)

Viewing Deployment Status Information (Workflow Disabled Mode)

Redeploying Configurations (Workflow Disabled Mode)

Aborting a Deployment (Workflow Disabled Mode)

Viewing Device Configurations (Workflow Disabled Mode)

Managing Deployment in Workflow Enabled Mode

Understanding Job Statuses

Managing Jobs

Creating a Job

Accessing the Job Wizard

Naming the Job

Selecting Devices for the Job

Selecting Deployment Options

Reviewing Generation Errors and Warnings

Viewing a Summary of the Job

Opening a Job

Approving a Job

Deploying a Job

Redeploying a Job

Rejecting a Job

Reverting to the Previous Configuration (Rollback)

Aborting a Job

Viewing a Job's Deployment Status

Viewing the Deployment Status of Devices

Viewing Device Configurations

Deploying Configurations

---

The settings and policies you define in Router MC must be deployed to your devices so that they can be implemented in your network.

In Router MC, the way in which you deploy configurations to your devices differs depending on your workflow mode. When workflow mode is disabled (default), you can save your policy definitions and deploy them immediately. When workflow mode is enabled, you must create a deployment job in which you select the devices and the deployment parameters. You then deploy the job.

See Comparison of Workflow Modes, page 1-7 for more information about the workflow modes.

The following topics provide information about deploying configurations to devices, in each workflow mode:

•Managing Deployment in Workflow Disabled Mode

•Managing Deployment in Workflow Enabled Mode

Managing Deployment in Workflow Disabled Mode

When workflow mode is disabled (default), you do not need to create a job to deploy configurations—Router MC automatically defines a job for you when you save and deploy configuration changes. You deploy configuration changes by clicking the Save and Deploy icon in the Deployment tab, or in the Actions bar of the Home page, Devices tab, or Configuration tab. See Understanding the Router MC Pages, page 1-25 for more information. Router MC translates the committed policy configurations for each device into command line interface (CLI) commands. These CLI commands can be previewed and deployed either directly to the devices in the network or to an output file (by a user with the authority to do so).

From the Deployment tab, you can manage deployment, view the status of your deployment sessions, and view the device CLI commands to be deployed to your devices. See Deployment Tab, page 1-22 for more information.

---

Note The Deployment tab is visible when workflow mode is disabled. When workflow mode is enabled, the Workflow tab replaces the Deployment tab. See Changing the Workflow Mode, page 1-8 for more information.

---

The following topics provide information about managing deployment in Workflow Disabled mode:

•Using the Actions Bar

•Deploying Configurations to Devices (Workflow Disabled Mode)

•Viewing Deployment Status Information (Workflow Disabled Mode)

•Viewing Device Configurations (Workflow Disabled Mode)

Using the Actions Bar

When workflow mode is disabled, you can use the Actions bar in the Home page, Devices tab, or Configuration tab to generate configurations for changed devices, undo changes, and view changes that were made since the last save.

Table 1-1 shows the icons in the Actions bar.

Table 1-1 Actions Bar Icons (Workflow Disabled Mode)

Icon	Name	Description
	Save and Deploy	Saves any configuration changes made since the last deployment, generates the configurations for devices and allows you to deploy them. See Deploying Configurations to Devices (Workflow Disabled Mode) for more information.
	Undo Changes	Discards all changes to configurations and device inventories since the last save.
	View Details	Opens a dialog box that displays the changes made to configurations and device inventories since the last save.

Deploying Configurations to Devices (Workflow Disabled Mode)

When you deploy your configurations, you can transfer the configurations generated for the devices in the deployment session to the devices in the network directly, or to files in a specified output directory.

---

Note Deployment might take from a few minutes to an hour or more, depending on the number of devices in the deployment session.

---

The following procedure describes the steps required to deploy configurations to your devices, after you have completed the configuration changes.

Procedure

---

Step 1

Click the Save and Deploy icon in the Deployment tab, or in the Actions bar of the Home page, Devices tab, or Configuration tab. See Table 1-6 on page 1-25 for a description of the elements in the Router MC user interface.

The Select Devices page of the Job wizard appears. See Table 1-5 for a description of the Select Devices page.

Step 2 In the All tab, select the devices for which you want to generate and deploy configurations.

Step 3 Click Next. If Router MC has added devices to the deployment session, a dialog box appears and lists the added devices and the reason they were added. When you close the dialog box, the Deployment Options page appears.

Step 4 Select a radio button to specify whether to deploy to devices or files. See Table 1-6 for a description of the Deployment Options page.

Step 5 If you selected Deploy to File, specify the directory to which the files should be written.

Step 6 Select the available check boxes, as required. See Table 1-6 for a description of the check boxes.

Step 7 Click Next. The Error Checking page appears.

Step 8 Review the listed errors and warnings, if any.

Step 9 If there are errors in the list, click Cancel to exit the wizard, or go back to the device selection page of the wizard and change your device selection. If there are warnings but no errors, you can either continue with the deployment process or cancel it.

Step 10 If Summary appears in the TOC:

a. Click Next. The Summary page appears.

b. Verify that your definitions are correct.

c. Click Finish to generate the configurations for the devices, or go back to a previous step in the wizard to change your definitions, as required.

OR

If Summary does not appear in the TOC, click Finish to generate the configurations for the devices, or go back to a previous step in the wizard to change your definitions, as required.

Step 11 After clicking Finish, the Job Deployment Status page appears, indicating the status of the devices in the deployment session. The deployment status changes to Deploying. When the deployment is complete, the status changes to Deployed. See Viewing a Job's Deployment Status for more information.

---

Viewing Deployment Status Information (Workflow Disabled Mode)

The Deployment Status page is accessed by selecting Deployment > Deployment Status. In this page you can view the status of your deployment sessions. From this page, you can also open a deployment session to view the CLI commands that were generated for its devices, redeploy a deployment session that failed, and abort a deployment session that is not yet deployed. See Table 1-2 for a description of the Deployment Status page.

The currently open deployment session is displayed in the top right corner of pages in the Deployment tab. This enables you to see the context within which you are working. If no deployment session is open, the word None will be displayed.

Understanding Deployment Statuses

Deployment sessions can have the following statuses:

•Generating—Configurations for the devices are currently being generated. You can monitor the generation progress for specific devices in the Job Deployment Status page, accessed by clicking on the deployment session's name in the list.

•Deploying—The configurations generated for the deployment session are currently being deployed to the devices or to an output directory (depending on the option selected during deployment). You can monitor the generation progress for specific devices in the Job Deployment Status page, accessed by clicking on the deployment session's name in the list.

•Deployed—The configurations for all the devices in the deployment session have been deployed to the devices or to output files.

•Failed—Deployment to one or more devices in the deployment session failed. You can see the reasons for the deployment failure in the Job Deployment Status page. A deployment session that was aborted also shows as Failed.

See Viewing a Job's Deployment Status for more information about deployment statuses.

The following topics provide information about:

•Redeploying Configurations (Workflow Disabled Mode)

•Aborting a Deployment (Workflow Disabled Mode)

Table 1-2 describes each element in the Deployment Status page.

Table 1-2 Deployment Status—GUI Reference 

UI Element	Description
# column	Sequentially numbers the deployment sessions in the list.
Radio button column	Enables you to select a deployment session and then perform the required action on it, for example, open it, redeploy it, and so forth.
Name field	Displays the name of the deployment session. You can click on a name to see details about the deployment, including the deployment status of each device relative to the overall deployment status. For example, if the overall deployment status is Deploying, you can see if the deployment process for each device is pending, in progress, failed, or completed. Likewise, if the overall deployment status is Generating, you can see the generation status of each device in the deployment session. In addition, if a process on a device has failed, you can see the reason for the failure. See Viewing a Job's Deployment Status for more information.
Status field	Displays the status of the deployment session, for example, deploying, deployed, rejected, and so forth. See Understanding Deployment Statuses for more information.
Last Action field	Displays the last action done on the deployment session, for example, opened by user, redeployed by user, and so forth.
Rows per page list box	Enables you to change the number of deployment sessions displayed per page.
Open button	Click to open a selected deployment session, for viewing the CLI commands that were generated for its devices. The name of the open deployment session appears in the top right corner of the page. See Viewing Device Configurations (Workflow Disabled Mode) for more information.
Redeploy button	Click to redeploy a selected deployment session. See Redeploying Configurations (Workflow Disabled Mode) for more information.
Abort button	Click to stop the deployment session. See Aborting a Deployment (Workflow Disabled Mode) for more information.

Redeploying Configurations (Workflow Disabled Mode)

You can redeploy a deployment session if necessary. For example, if the previous deployment failed, you could correct the problems that caused the deployment to fail and then redeploy it. Another example is if you want to change the directory to which configurations are deployed. You can also use the redeploy option to resume an aborted deployment session.

During redeployment, configurations are only written to devices for which the previous deployment failed.

You can redeploy a deployment session from the Deployment Status page, as described in the procedure below.

---

Note You can only redeploy deployment sessions with a status of Failed.

---

Procedure

---

Step 1 Select Deployment > Deployment Status. The Deployment Status page appears.

Step 2 Select the radio button next to the deployment session you want to redeploy.

Step 3 Click Redeploy. The Redeploy dialog box appears.

Step 4 Specify the directory to which you want to deploy configurations for the deployment session's devices.

Step 5 Click Redeploy. The deployment status changes to Deploying. When the deployment is complete, the status changes to Deployed.

---

Aborting a Deployment (Workflow Disabled Mode)

You can stop a deployment session. If Router MC has not yet begun to write commands to a device during deployment, the device's deployment status will become "Failed". If commands are currently being written to a device, the deployment will continue to completion. Aborting a deployment has no effect on devices in the deployment session that have already been deployed.

To resume a deployment session, you can redeploy it. See Redeploying Configurations (Workflow Disabled Mode) for more information.

---

Note You can only abort deployment sessions with a status of Deploying.

---

Procedure

---

Step 1 When you start deploying configurations to your devices, the Job Deployment Status page appears, showing the deployment status of each device in your deployment session. See Viewing a Job's Deployment Status for more information.

To abort the deployment session, click Abort in the Job Deployment Status page. Alternatively, you can return to the Deployment Status page (select Deployment > Deployment Status), select the deployment session, and click Abort.

A dialog box appears requesting confirmation of the Abort operation.

Step 2 Click Yes. The deployment status changes to Failed. See Table 1-2.

---

Viewing Device Configurations (Workflow Disabled Mode)

Router MC enables you to view the CLI commands that will be written to your devices (or to configuration files) to implement your VPN and firewall definitions. You can preview device configurations before deployment, or you can confirm the configurations after deployment.

The following options are available for viewing a device's configurations:

•Incremental—Shows the CLI commands generated by Router MC for the device, in the current deployment session. You can view the incremental device configurations in Telnet or TFTP format.

The incremental view can also show the Router MC policies from which the generated CLI commands originated. You can choose whether to show this information by enabling or disabling an option in the System Settings under the Admin tab. See Defining System Settings, page 1-1 for more information.

•Full—Shows the proposed complete configuration on the device after deployment, including the incremental configuration and the previous configuration on the device.

•Current—Shows the current configuration on the device. If deployment has not yet taken place, the current configuration reflects the configuration on the device when the device was imported.

If configurations have previously been deployed to the device, the current configuration reflects the full configuration on the device after the last deployment. These include the commands that were on the device previously, and the commands that Router MC wrote to the device to implement the policy definitions.

•Previous—Shows the configuration on the device prior to the last successful deployment. If the device was not previously included in a deployed session, no previous configuration will be available.

---

Note When previewing proposed configurations for a hub in an activity, you will not see the commands that will be written to the hub as a result of VPN configurations on a peer spoke. You can only preview these commands within the context of a deployment session.

---

Follow this procedure to view the configurations for a device within a deployment session.

Before you Begin

Make sure that you are working within the context of an open deployment. See Viewing Deployment Status Information (Workflow Disabled Mode) for more information.

Procedure

---

Step 1 Select Deployment > View Configs. The View Configs page appears.

Step 2 Open the Object Selector and select the device for which you want to see configurations.

---

Note The Object Selector only displays the devices that are included in the open job.

---

Step 3 From the TOC, select the type of configuration you want to view for the selected device, for example, incremental Telnet, full, current, and so forth. The relevant page showing the configurations for the device appears.

---

Managing Deployment in Workflow Enabled Mode

When workflow mode is enabled, the deployment of settings and policies to devices is always done within the context of a deployment job. When you create a job, you specify the devices or device groups to which you want to deploy configurations. Router MC translates the committed policy configurations for each device into command line interface (CLI) commands. These CLI commands can be previewed and deployed either directly to the devices in the network or to an output file (by a user with the authority to do so).

Devices Available For Inclusion in Jobs

When you create a job, you select the devices or device groups to include in the job. When a device is selected for a specific job, it cannot be selected for any other job until the original job has been deployed or rejected. In addition, if a device has been imported within the context of a specific activity and the activity has not yet been approved, the device will not be available for inclusion in jobs. This is because until the activity is approved, the device will not be committed to the Router MC database.

Router MC preselects devices on which policy changes have been made but have not been deployed, as a recommended minimum for the job.

See Selecting Devices for the Job for more information.

Devices Automatically Added to the Job by Router MC

In certain cases, Router MC must generate commands for devices that are affected by the policies defined on the devices selected for the job. Router MC automatically adds the relevant devices to the job and generates the necessary commands. For example, if you define a tunnel policy on a spoke, and you select the spoke for the job, Router MC will add the spoke's assigned hub to the job. During job generation, Router MC generates commands for both peers so that the VPN configuration will be complete and the tunnel can be established.

Deployment Options

You have the following deployment options:

•You can deploy the configurations directly to the devices in your network. In this case, Router MC is responsible for writing the CLI commands to the devices, through secure shell (SSH).

•You can deploy the configurations to an output file. Router MC creates a configuration file for each device in the job and places the files in a directory of your choice. If you deploy configurations to a file, you must transfer the configurations from the file to your devices at a later stage. Deploying configurations to a file is useful when the devices are not yet in place in your network (known as greenfield deployment), or if you have your own mechanisms in place to transfer configurations to your devices, or if you want to delay deployment.

---

Note Router MC generates and deploys committed policy configurations only, meaning the configurations from approved activities. Configurations defined in activities that have not yet been approved cannot be deployed because they have not yet been committed to the database. See Chapter 1, "Working with Activities" for information about activities.

---

Preview of CLI Commands to be Deployed

Within the context of an open job, you can view the proposed CLI commands generated for the devices included in that job. These are the commands that will be deployed to the devices to implement the VPN or firewall policy definitions. You can view either the full proposed device configuration, meaning a combination of the device's current configuration and the commands added/removed by Router MC, or the incremental proposed configuration, meaning only the commands added by Router MC to implement the policy definitions.

See Viewing Device Configurations for more information.

The following topics provide information about managing deployment in Workflow Enabled mode:

•Understanding Job Statuses

•Managing Jobs

•Creating a Job

•Viewing a Job's Deployment Status

•Viewing Device Configurations

Understanding Job Statuses

Jobs can have the following statuses:

•Generating—Configurations for the devices in the job are currently being generated. You can monitor the generation progress for specific devices in the Status section of the Deployment tab and in the Job Details page, accessed by clicking on the job's name in the list. See Viewing a Job's Deployment Status for more information.

•Generated—Configurations for all the devices in the job have been generated. The configurations can now be viewed in the View Configs section of the Deployment tab. See Viewing Device Configurations for more information.

•Rejected—The job, including all its generated configurations, has been rejected. When a job is rejected, its devices immediately become available for inclusion in other jobs. No actions can be performed on a rejected job but you can view the configurations generated for the job and the status of the job (accessed from the Status option under the Deployment tab).

•Deploying—The configurations generated for the job are currently being deployed to the devices or to an output directory (depending on the option selected during job creation). You can monitor the generation progress for specific devices in the Status section of the Deployment tab and in the Job Details page, accessed by clicking on the job's name in the list. See Viewing a Job's Deployment Status for more information.

•Deployed—The configurations for all the devices in the job have been deployed to the devices or to output files.

•Rollback in Progress—The configurations that were on the devices prior to deployment are currently being restored (to a specified directory).

•Rollback Complete—The configurations that were on the devices prior to deployment have been restored.

•Failed—Deployment to one or more devices in the job failed. You can see the reasons for the deployment failure in the Job Deployment Status page. See Viewing a Job's Deployment Status for more information. A job that was aborted also shows as Failed.

Managing Jobs

The Jobs page is accessed by selecting Workflow > Job Management. It contains a list of existing jobs and their statuses. From this page, you can create new jobs, and perform various actions on existing jobs. See Table 1-3 for a description of the Jobs page.

The currently open job is displayed in the top right corner of pages in the Workflow tab. This enables you to see the job context within which you are working. If no job is open, the word None will be displayed.

The following topics provide information about managing jobs:

•Creating a Job

•Opening a Job

•Deploying a Job

•Redeploying a Job

•Rejecting a Job

•Reverting to the Previous Configuration (Rollback)

•Aborting a Job

•Viewing Device Configurations

Table 1-3 describes each element in the Jobs page.

Table 1-3 Jobs—GUI Reference 

UI Element	Description
# column	Sequentially numbers the jobs in the list.
Radio button column	Enables you to select a job and then perform the required action on the job, for example, open it, deploy it, and so forth.
Name column	Displays the name of the job. You can click on a job name to see details about the job, including the devices in the job and what stage they have reached relative to the job status. For example, if the job status is Deploying, you can see the devices for which deployment has been completed, pending devices, and failed devices. The Job Details page refreshes automatically every ten seconds.
Status Column	Displays the status of the job, for example, deploying, deployed, rejected, and so forth. See Understanding Job Statuses for information about job statuses.
Last Action Column	Displays the last action done on the job, for example, opened by user, deployed by user, and so forth.
Rows per page list box	Enables you to change the number of jobs displayed per page.
Create button	Click to create a new job.
Open button	Click to open the selected job.
Approve button	Click to approve the selected job. This button is only present if job approval is enabled in the System Settings under the Admin tab. If so, jobs must be approved before they can be deployed.
Deploy button	Click to deploy the generated CLI commands to the devices or files.
Redeploy button	Click to redeploy the job.
Roll Back button	Click to revert to the previous configuration on the devices in the job.
Reject button	Click to reject the selected job if you are not satisfied with the configurations generated for the devices.
Abort button	Click to stop the selected job during deployment.

Creating a Job

To deploy your policy configurations to your devices, you must first create a job. When creating a job, you specify the devices to which you want to deploy the configurations and whether you want to deploy directly to the devices or to an output file.

You create a job using the Job wizard. The following topics describe the tasks you must do to create a job using this wizard:

•Accessing the Job Wizard

•Selecting Devices for the Job

•Selecting Deployment Options

•Reviewing Generation Errors and Warnings

•Viewing a Summary of the Job

Accessing the Job Wizard

You can access the Job wizard from the Jobs page. To access the wizard, complete the steps in this procedure.

Procedure

---

Step 1 Select Workflow > Job Management. The Jobs page appears. It contains a list of jobs (if any jobs have previously been created). See Table 1-3 for a description of the Jobs page.

Step 2 Click Create.

The first page of the Job wizard appears. The steps in the wizard are listed in the TOC on the left side of the page.

---

Naming the Job

The Name and Description page of the Job wizard appears when you click the Create button in the Jobs page. It enables you to specify a name and description for the job. Each job must have a unique name.

After you have finished creating the job, it is listed by name in the Jobs page (see Table 1-3 for more information). Because the job name enables you to distinguish one job from another, you should assign a logical name and description that reflect the contents of the job.

Procedure

---

Step 1 Enter a name and description in the fields provided. See Table 1-4 for descriptions of the fields.

Step 2 Click Next. The Select Devices page appears. Proceed to Selecting Devices for the Job.

---

Table 1-4 describes each element in the Name and Description page of the Job wizard.

Table 1-4 Job Name—GUI Reference 

UI Element	Description
Name field	Enter a unique name for the job, for identification purposes.
Description field	Enter a description of the job.
Next button	Click to go to the next page in the wizard.
Cancel button	Click to exit the wizard without saving your settings.

Selecting Devices for the Job

The Select Devices page of the Job wizard enables you to specify the devices for which you want to generate and deploy configurations. Configurations can be generated for committed policy definitions only.

The hierarchy of devices available for selection contains only devices that are not currently included in another job.

You can select individual devices for the job or you can select multiple devices simultaneously by selecting Global or a device group. If you select Global, all available devices will be selected for deployment (all devices that are not currently included in another job). If you select a device group, all available device groups and devices that are descendents of that device group in the device hierarchy will be selected for deployment. If you select a High Availability (HA) group, all the hubs in the group will be selected for deployment. Furthermore, if you select one hub in an HA group, all the other hubs in the group will be selected.

---

Note Router MC automatically preselects devices on which policy changes have been made but have not yet been deployed. You can deselect these devices if you do not want them included in the current job.

---

Procedure

---

Step 1 In the All tab, select the devices for which you want to generate and deploy configurations. See Table 1-5 for a description of the Select Devices page.

Step 2 Click Next. If Router MC has added devices to the job, a dialog box appears and lists the added devices and the reason they were added. When you close the dialog box, the Deployment Options page appears. Proceed to Selecting Deployment Options.

---

Table 1-5 describes each element in the Select Devices page of the Job wizard.

Table 1-5 Select Devices—GUI Reference 

UI Element	Description
All tab	Enables you to select devices for the job from the device hierarchy. Select the check box next to an object to select that object and all its descendents in the hierarchy. Click again to deselect an object. Devices or device groups that are currently included in other jobs are not available for selection and are not shown in the device hierarchy. Router MC automatically preselects devices on which policy changes have been made but have not yet been deployed.
Selection tab	Displays the devices you have selected for the job. Select the check box to deselect the device and automatically remove it from the Selection tab.
Back button	Click to return to the previous page in the wizard.
Next button	Click to go to the next page in the wizard. If Router MC has added devices to the job, a dialog box appears and lists the added devices and the reason they were added.
Cancel button	Click to exit the wizard without saving your settings.

Selecting Deployment Options

The Deployment Options page of the Job wizard enables you to specify whether you want to deploy the generated configurations directly to the devices in the network or to files in an output directory. The main advantage of deploying configurations to a files is that you can create configurations for devices that are not yet in place in your network.

If you deploy to files, Router MC creates a configuration file for each device in the job, in the format DeviceName.cfg. You must specify the directory on the Router MC server in which you want Router MC to create the configuration files. You can specify whether the configuration files should contain the full configuration for the devices or the incremental configuration, meaning only the CLI commands added and removed as a result of the committed policy definitions. Configuration files are in TFTP format so that you can upload them to your devices using TFTP.

If you deploy to files, you are responsible for transferring the configurations to your devices. Router MC assumes that you have done this, so the next time you deploy to the same devices, the generated incremental commands are based on the configurations from the previous deployment.

Procedure

---

Step 1 Select a radio button to specify whether to deploy to devices or files. See Table 1-6 for a description of the Deployment Options page.

Step 2 If you selected Deploy to File, specify the directory to which the files should be written.

Step 3 Select the available check boxes, as required. See Table 1-6 for a description of the check boxes.

Step 4 Click Next. The Error Checking page appears. Proceed to Reviewing Generation Errors and Warnings.

---

Table 1-6 describes each element in the Deployment Options page of the Job wizard.

Table 1-6 Deployment Options—GUI Reference 

UI Element	Description
Deploy To radio buttons	Select a radio button to specify whether you want to deploy configurations to the devices or to files.
Output Directory field	For deployment to file only. Specify the full path to the directory on the Router MC server in which you want Router MC to place the configuration files. For example, c:/out.
Deploy full configuration to file check box	For deployment to file only. Select the check box if you want the file to contain the full configuration, meaning the current configuration plus the configuration resulting from translation of committed policy definitions to CLI commands. If this check box is unchecked, the file will contain the incremental configuration only.
Deploy only to running config (disable write memory) check box	Select if you only want to deploy configurations to the running configuration on the devices, which will not be saved. By default, write memory is enabled.
Back button	Click to return to the previous page in the wizard.
Next button	Click to go to the next page in the wizard.
Cancel button	Click to exit the wizard without saving your settings.

Reviewing Generation Errors and Warnings

The Error Checking page of the Job wizard enables you to view errors and warnings pertaining to the proposed deployment of configurations to the devices in the job. See Table 1-7 for a description of the Error Checking page.

•Errors are generated for items that will cause the deployment to fail or for items that must be corrected before generation of CLI commands can start. For example, if no IP address was specified for a device's VPN interface. If there are errors, you will not be able to continue with the creation of the job. If the error relates to job wizard definitions, you can correct the error in the relevant wizard page and continue with the job creation process. Otherwise, you must click the Cancel button to close the Job wizard, correct the specified problem and then create a new job. If you corrected the problem successfully, the error will not appear in the Error Checking page for the new job.

•Warnings are generated to call your attention to certain items that might affect the deployment. For example, a warning might indicate that you have not defined an IKE policy and that the default policy will be used.

Procedure

---

Step 1 Review the listed errors and warnings, if any.

Step 2 If there are errors in the list, click Cancel to exit the wizard, or go back to the device selection page of the wizard and change your device selection for the job. If there are warnings but no errors, you can either continue with the job creation process or cancel it.

Step 3 If Summary appears in the TOC, click Next. The Summary page appears. Proceed to Viewing a Summary of the Job.

OR

If Summary does not appear in the TOC, click Finish to complete the job creation, or go back to a previous step in the wizard to change your definitions, as required.

If your application does not require approval of jobs, on clicking Finish, a message appears asking you if you want to deploy the job immediately. If you do, click Yes. Otherwise, you can deploy the job from the Jobs page. See Deploying a Job for more information.

---

Table 1-7 describes each element in the Error Checking page of the Job wizard.

Table 1-7 Error Checking—GUI Reference 

UI Element	Description
Message Type column	Indicates the type of message, either error or warning. Errors are indicated by a red icon. Warnings are indicated by a yellow icon. If there are errors in the list, you cannot continue with the job creation process. See Reviewing Generation Errors and Warnings for more information.
Subject column	Indicates the module or policy type to which the error/warning message relates.
Device/Group column	Indicates the device or group to which the error/warning message relates.
Description column	Provides the reason the error or warning was generated.
Back button	Click to return to the previous page in the wizard.
Next button	Available only if Summary appears in the TOC. See Defining System Settings, page 1-1. Click to go to the next page in the wizard. Note that if any errors are listed, you will not be able to complete the job creation process.
Finish button	Available only if Summary does not appear in the TOC. See Defining System Settings, page 1-1. Click to exit the wizard and complete the job creation or modification process.
Cancel button	Click to exit the wizard without saving your settings.

Viewing a Summary of the Job

---

Note If the Show Summary Step in Wizards check box in the System Settings page, is deselected, the Summary page is not available. See Defining System Settings, page 1-1 for more information.

---

The Summary page provides an overview of your job definitions for your verification. See Table 1-8 for a description of this page.

Procedure

---

Step 1 Verify that your job definitions are correct.

Step 2 Click Finish to complete the creation of the job or go back to a previous step in the wizard to change your definitions, as required.

If your application does not require approval of jobs, on clicking Finish, a message appears asking you if you want to deploy the job immediately. If you do, click Yes. Otherwise, you can deploy the job from the Jobs page. See Deploying a Job for more information.

---

Table 1-8 describes each element in the Job Summary page of the Job wizard.

Table 1-8 Job Summary—GUI Reference 

UI Element	Description
Job Creation Summary area	Lists all your definitions for the job.
Back button	Click to go back to the previous page in the wizard.
Finish button	Click to complete the job creation process and start the generation of configurations for the selected devices. After clicking Finish, a message appears asking you if you want to deploy the job immediately. If you do, click Yes. Otherwise, you can deploy the job from the Jobs page.
Cancel button	Click to exit the wizard without saving your settings.

Opening a Job

You must open a job to:

•View the CLI commands that were generated for the devices in the job.

•View details about the deployment status of devices in a job.

Procedure

---

Step 1 Select Workflow > Job Management. The Jobs page appears, listing the available jobs.

Step 2 Select the radio button next to the job you want to open and click Open. The name of the open job appears in the top right corner of the page.

---

Approving a Job

In some organizations, jobs must be approved by a user with the appropriate permissions before they can be deployed. By default, jobs do not have to be approved, however, this setting can be changed in the Application Settings page under the Admin tab.

If job approval is required, the approver can preview the proposed configurations for the devices in a job and then either approve or reject the job. See Viewing Device Configurations for information about viewing the CLI commands generated for the devices in the job. See Defining System Settings, page 1-1 for information about job approval settings.

---

Note The Approve option will not be available for jobs if approval of jobs is disabled in the System Settings under the Admin tab.

---

Procedure

---

Step 1 Select Workflow > Job Management. The Jobs page appears, listing the available jobs.

Step 2 Select the radio button next to the job you want to approve.

Step 3 Click Approve.

The job status changes to Approved.

---

Deploying a Job

When you deploy a job, you transfer the configurations generated for the devices in the job to the devices in the network directly or to files in a specified output directory (depending on which option you chose when creating the job). See Managing Deployment in Workflow Enabled Mode for more information about jobs.

When a job has been deployed, its devices become available for inclusion in other jobs.

You can deploy a job from the Jobs page, as described in the procedure below. When you deploy a job, the Job Deployment Status page appears, indicating the status of the devices in the job. See Viewing a Job's Deployment Status for more information.

---

Note Deployment might take from a few minutes to an hour or more, depending on the number of devices in the job.

---

Procedure

---

Step 1 Select Workflow > Job Management. The Jobs page appears, listing the available jobs.

Step 2 Select the radio button next to the job you want to deploy.

Step 3 Click Deploy.

The Job Deployment Status page appears. The job status changes to Deploying. When the deployment is complete, the job status changes to Deployed.

---

Redeploying a Job

You can redeploy a job if necessary. For example, if the previous deployment failed, you could correct the problems that caused the deployment to fail and then redeploy the job. Another example is if you want to change the directory to which configurations are deployed. You can also use the redeploy option to resume an aborted job.

During redeployment, configurations are only written to devices for which the previous deployment failed.

You can redeploy a job from the Jobs page, as described in the procedure below.

---

Note You can only redeploy jobs with a status of Failed.

---

Procedure

---

Step 1 Select Workflow > Job Management. The Jobs page appears, listing the available jobs.

Step 2 Select the radio button next to the job you want to redeploy.

Step 3 Click Redeploy. The Redeploy Job dialog box appears.

Step 4 Specify the directory to which you want to deploy configurations for the job's devices.

Step 5 Click Redeploy. The job status changes to Deploying. When the deployment is complete, the job status changes to Deployed.

---

Rejecting a Job

You can reject a generated job if necessary and if you have the permissions to do so. For example, if you see problems in the proposed configurations generated for the devices in the job, you can reject the job so that those configurations never reach the devices. When you reject a job, the devices in the job immediately become available for inclusion in other jobs.

A rejected job cannot be deployed but it can be opened to view its generated configurations.

You can reject a job from the Jobs page, as described in the procedure below.

Procedure

---

Step 1 Select Workflow > Job Management. The Jobs page appears, listing the available jobs.

Step 2 Select the radio button next to the job you want to reject.

Step 3 Click Reject. The job status changes to Rejected.

---

Reverting to the Previous Configuration (Rollback)

After deployment, you can revert to the devices' previous configuration, meaning the device configuration prior to deployment. This is known as rollback. You can choose whether to roll back the configuration on all the devices in the job or only on devices for which deployment failed. Rollback will only be implemented on devices that are not currently included in another job.

You can view the configuration that will be restored upon rollback. See Viewing Device Configurations for more information.

If a device has been included in multiple jobs, its previous configuration is the configuration prior to the deployment of the last job in which the device was included. When you perform rollback on a job, the devices' previous configuration becomes the current configuration, and the devices no longer have a previous configuration. Therefore, you can only perform successful rollback for a device once. If you roll back another job in which the same device was included, no current configurations will be available for that device when you select View Configs under the Workflow tab.

---

Note Rollback is not done to live devices. The previous configuration is copied to a specified directory, even if you originally deployed directly to your devices.

---

You can do rollback from the Jobs page, as described in the procedure below.

---

Note You can only do rollback on jobs with a status of Deployed, Redeployed, or Failed. If the job status is Redeployed, the configurations from the most recent deployment will be restored.

---

Procedure

---

Step 1 Select Workflow > Job Management. The Jobs page appears, listing the available jobs.

Step 2 Select the radio button next to the job you want to roll back.

Step 3 Click Roll Back. The Rollback dialog box appears.

Step 4 Specify the output directory in which the previous configurations should be placed.

Step 5 Select the Rollback Only Failed Devices check box if you only want to roll back the devices in the job that failed.

Step 6 Click Roll Back. The job status changes to Rollback in Progress and then to Rollback Complete when the rollback process has finished.

---

Aborting a Job

You can stop a job during deployment. If Router MC has not yet begun to write commands to a device in the job, the device's deployment status will become "Failed". If commands are currently being written to a device, the deployment will continue to completion. Aborting a job has no effect on devices in the job that have already been deployed.

To resume deployment, you can redeploy the job. See Redeploying a Job for more information.

---

Note You can only abort jobs with a status of Deploying.

---

Procedure

---

Step 1 When you start deploying a job, the Job Deployment Status page appears, showing the deployment status of each device in the job. To abort the job, click Abort in the Job Deployment Status page. Alternatively, you can return to the Jobs page, select the deploying job, and click Abort.

A dialog box appears requesting confirmation of the Abort operation.

Step 2 Click Yes. The job status changes to Failed.

---

Viewing a Job's Deployment Status

Router MC enables you to view the deployment status of a job and of each device in the job relative to the job status. For example, if the job status is Deploying, you can see if the deployment process for each device is pending, in progress, failed, or completed. Likewise, if the job status is Generating, you can see the generation status of each device in the job. In addition, if a process on a device has failed, you can see the reason for the failure.

Procedure

---

Step 1 Open the Jobs page (select Workflow > Job Management), and then open the required job. The job name appears in the top right corner of the page. See Opening a Job for the procedure for opening a job.

Step 2 Click Status under the Workflow tab. The Job Deployment Status page appears (see Table 1-9).

---

Table 1-9 describes each element in the Job Deployment Status page.

Table 1-9 Job Deployment Status—GUI Reference 

UI Element	Description
Job Name field	Displays the name of the open job.
Status field	Displays the status of the open job.
Last Action field	Displays the last action performed on the job and the date and time at which it was performed.
Description field	Displays the description provided when the job was created.
Deployment Details field	Displays the deployment options selected during job creation.
Last Output Directory field	Displays the directory currently specified as the target directory for deployment or redeployment or rollback.
Device Name column	Displays the name of each device in the job.
Device Group column	Displays the device group to which each device belongs.
Device Type column	Displays whether the device is a hub or a spoke.
Device Status column	Displays the status of the device relative to the job status. The status can be Pending, In Progress, Completed, or Failed. If the status is Failed, you can click on Failed in this column to display the reason(s) for the failure and to see the last commands that were deployed to the device.
Status Time column	Displays the time at which the current status of the device was recorded.
VPN Connection Status column	Indicates whether or not a hub-spoke VPN connection exists. The VPN connection status can be: •Connected—Deployment to the spoke and at least one hub was successful. •Primary hub failed—Deployment to the primary hub failed but there is a connection with the secondary hub. •Secondary hub failed—Deployment to the secondary hub failed but there is a connection with the primary hub. •Both hubs failed—Deployment to the spoke was successful but deployment to both hubs failed, therefore, there is no connection. •Disconnected—Deployment to the spoke failed. •N/A—This information is not applicable if the device is an unmanaged spoke or a hub. Note The connection status for a hub will always be N/A because the hub potentially has many spoke connections. To see the connection status of a specific hub-spoke connection, look at the VPN Connection Status column for the relevant spoke. In addition, the connection status for a firewall device is N/A because there is no VPN connection.
Policy Change column	Indicates whether any policy changes were made on the device since the job was created and the configurations for the device were generated.
Refresh button	Click to refresh the page to see the latest device status.
Abort button	Click to stop the deployment. See Aborting a Job for more information.
Rows per page list box	Enables you to change the number of table rows displayed per page.

Viewing the Deployment Status of Devices

In the Reports tab, you can view a report listing all the devices in your inventory and their deployment status. See Viewing the Deployment Report, page 1-2 for more information.

Viewing Device Configurations

Router MC enables you to view the CLI commands that will be written to your devices (or to configuration files) to implement your VPN and firewall definitions. You can preview device configurations before you submit an activity or before deployment, or you can confirm the configurations after deployment.

When viewing configurations for devices within the context of an activity (in the Configuration tab), you will see commands for the policies in the activity, even if the activity has not been approved and the configurations have not been committed to the database. This enables you to preview the commands that will be generated and if necessary, to edit the policies in the activity. You will also see commands for previously committed policies.

When viewing configurations for devices within the context of a job (in the Workflow tab), you will see only commands generated for committed policies. You will not see configurations for policies in activities that have not been approved and whose configurations have not been committed to the database.

Within the context of an open activity or job, you have the following options for viewing a device's configurations:

•Incremental—Shows the CLI commands generated by Router MC for the device, in the current activity or job. You can view the incremental device configurations in Telnet or TFTP format.

The incremental view can also show the Router MC policies from which the generated CLI commands originated. You can choose whether to show this information by enabling or disabling an option in the System Settings under the Admin tab. See Defining System Settings, page 1-1 for more information.

•Full—Shows the proposed complete configuration on the device after deployment, including the incremental configuration and the previous configuration on the device.

•Current—Shows the current configuration on the device. If deployment has not yet taken place, the current configuration reflects the configuration on the device when the device was imported.

If configurations have previously been deployed to the device, the current configuration reflects the full configuration on the device after the last deployment, including the commands that were on the device previously and the commands that Router MC wrote to the device to implement the policy definitions.

•Previous (under Workflow tab only)—Shows the configuration on the device prior to the last successful deployment. If you do the rollback operation for the job, this is the configuration that will be restored on the device. If the device was not previously included in a deployed job, no previous configuration will be available.

---

Note When previewing proposed configurations for a hub in an activity, you will not see the commands that will be written to the hub as a result of VPN configurations on a peer spoke. You can only preview these commands within the context of a job.

---

Follow this procedure to view the configurations for a device.

Before you Begin

Make sure that you are working within the context of an open activity or job.

Procedure

---

Step 1 To preview configurations for a device within an activity, select Configuration > View Configs. To view configurations for a device within a job, select Workflow > View Configs. The View Configs (activities) or View Configs (jobs) page appears.

Step 2 Open the Object Selector and select the device for which you want to see configurations.

---

Note When you are viewing configurations from the Workflow tab and you have a job open, the Object Selector only displays the devices that are included in the open job.

---

Step 3 From the TOC, select the type of configuration you want to view for the selected device, for example, incremental Telnet, full, current, and so forth. The relevant page showing the configurations for the device appears.

---