Q. What is Cisco® Application Networking Manager (ANM)?
A. Cisco ANM software is part of the Cisco Application Control Engine (ACE) product family and is a critical component of any data center or cloud computing architecture that requires centralized configuration, operation, and monitoring of Cisco data center networking equipment and services. Cisco ANM provides this management capability for the Cisco ACE devices, as well as operations management for the Cisco Content Services Switch (CSS), Cisco Content Switching Module (CSM), Cisco Content Switching Module with SSL (CSM-S), and Cisco Global Site Selector (GSS). Cisco ANM focuses on providing provisioning capability for Cisco ACE devices including Cisco ACE Modules and Cisco ACE 4710 appliances. It also supports operations management and monitoring for Cisco ACE devices as well as for the Cisco CSS, CSM, and CSM-S. In addition, Cisco ANM extends this operations support to the Cisco GSS for securely delegated activation and suspension of Domain Name System (DNS) rules and virtual IP answers and answer groups. It also integrates with VMware virtual data center environments, providing continuity between the application server and network operator and increasing application network services awareness and capabilities while reducing the burden of operating and managing those services.
Q. Who should deploy Cisco ANM?
A. Cisco ANM is designed for enterprises and service providers (especially managed hosting service providers) using the Cisco ACE Module and Cisco ACE appliances, as well as those seeking operations support not only for Cisco ACE devices but also for Cisco CSS, CSM, CSM-S, and GSS devices.
Q. Are all versions of Cisco ACE, CSS, CSM, and CSM-S devices supported?
Q. What versions of Cisco GSS devices are supported?
A. Operations management of Cisco GSS requires Cisco GSS 3.0(2) and Cisco ANM 2.0 or higher.
Q. What is new in Cisco ANM 4.2?
A. Cisco ANM 4.2 provides several new features, including:
• Dynamic workload scaling (DWS): Cisco ANM 4.2 allows you to configure DWS, which is a Cisco ACE feature that permits on-demand access to remote resources, such as VMware virtual machines that you own or lease from an Internet service provider (or cloud service provider). This feature uses Cisco Nexus® 7000 Series Switches with Cisco Overlay Transport Virtualization (OTV), which is a Cisco Data Center Interconnect (DCI) technology used to create a Layer 2 link over an existing IP network between geographically distributed data centers.
Cisco ANM 4.2 supports the DWS feature for Cisco ACE Software Release A4 (2.0) for both the Cisco ACE Module and Cisco ACE appliances as follows:
– Real Servers and Virtual Servers windows permit monitoring of DWS.
– Operations window allows you to track the real-server location (local or remote) and virtual-server DWS state (for example, load balancing traffic sent to local virtual machines only or to both local and remote virtual machines).
– Topology window shows the real-server location and server farm DWS state.
• Cisco ANM backups for use with the Cisco ANM server and Cisco ANM virtual appliance: Cisco ANM virtual appliances can now create or use Cisco ANM backups for restore and upgrade operations. The Cisco ANM backups created on the virtual appliance and the Cisco ANM server software can be used interchangeably across both installations. For instance, a Cisco ANM backup on a Cisco ANM server with a compatible version can be restored or upgraded on a Cisco ANM virtual appliance, and a Cisco ANM virtual appliance can be restored on a Cisco ANM server.
Cisco ANM 4.2 includes the following new virtual appliance command-line interface (CLI) commands to facilitate the creation and use of the Cisco ANM backups:
– anm-tool load-inventory: Loads a Cisco ANM backup image created either by the Cisco ANM server using the /opt/CSCOanm/bin/anm-tool backup command or by the Cisco ANM virtual appliance using the anm-tool save-inventory command
– anm-tool save-inventory: Produces an image that can be used to restore or upgrade a Cisco ANM server on either a Cisco ANM virtual appliance or server
• Remote authorization of Cisco ANM users: Cisco ANM 4.2 supports remote authorization through TACACS+ server. When Cisco ANM authorizes a remote user, it sends a request to the TACACS+ server, which returns the role and domain names of the requested user. The definitions of roles and domains are stored locally on Cisco ANM. Combining this feature with the existing remote authentication feature allows you to set up Cisco ANM so that all Cisco ANM user authentication and authorization is performed remotely using a TACACS+ server.
Cisco ANM 4.2 also introduces the Fallback to Local option for TACACS+, RADIUS, and Active Directory (AD) and Lightweight Directory Access Protocol (LDAP). When this feature is enabled, Cisco ANM falls back to the local user when the authentication, authorization, and accounting (AAA) server is unreachable.
• Source email address for email alerts: Cisco ANM 4.2 provides an option to set the Mail From email address when specifying the Simple Mail Transfer Protocol (SMTP) server to use for outgoing email alerts (Monitor > Settings > SMTP Configuration). By default, the Mail From address is set to anm@hostname. You can request email alerts when configuring a threshold group (Monitor > Alarm Notifications > Threshold Groups) or when enabling the Historical Data Export feature (Monitor > Settings > Historical Data Export). With this feature, your SMTP server can check the source of email alerts by using the Mail From email address.
• Health monitor probe for redirect real servers and server farms: Cisco ANM 4.2 supports the Cisco ACE capability to probe the destination of a redirect real server, which is accomplished by associating a health probe with a redirect server farm or a redirect real server. The following Cisco ACE software releases support this health probe feature:
– Cisco ACE Module: A4(2.0) and A2(3.2a)
– Cisco ACE appliance: A4(2.0) and A3(2.7)
Using Cisco ANM 4.2, you can configure a routed health probe when configuring a redirect real server (Config > Devices > Load Balancing > Real Servers) or server farm (Config > Devices > Load Balancing > Server Farms).
• Operations enhancement: You can specify the customized username and password prompts to use when importing a Cisco Catalyst® 6500 Series Switch or Cisco 7600 Series Router to Cisco ANM. Cisco ANM 4.2 also offers improved on-demand polling response time for real and virtual servers from the Operations and Monitoring windows, and it reduces the activate and suspend operation waiting times for real and virtual servers from the Operations window.
For more information about the new features, see the user guide for Cisco ANM 4.2.
Q. Where can I find documentation and more information about Cisco ANM features?
Cisco ANM Hardware, Operating System, and Environment
Q. On what hardware and operating system does Cisco ANM run?
A. Cisco ANM can be run either as Cisco ANM Virtual Appliance for VMware or as an application on a dedicated server as Cisco ANM for Red Hat Enterprise Linux.
Cisco ANM Virtual Appliance for VMware is run as a virtual machine in a VMware vSphere 4.0, 4.1, or 4.2 environment. There is no change to the Cisco ANM user's web interface, nor does the use of this appliance affect the way that Cisco ANM manages network devices. When deployed, this appliance is nearly identical to Cisco ANM run on a standalone Linux server; it is a complete computing system, including the application and operating system and an interface similar to the Cisco IOS® Software interface for administration functions such as backing up and restoring the system and configuring Simple Network Management Protocol (SNMP) properties. Cisco ANM Virtual Appliance for VMware is currently supported in standalone mode, not in clustered mode, in VMware vCenter.
Cisco ANM for Red Hat Enterprise Linux runs on a dedicated customer-supplied server as specified in the installation guide for Cisco ANM at http://www.cisco.com/en/US/products/ps6904/prod_installation_guides_list.html for each version of Cisco ANM. The installation files for Cisco ANM Virtual Appliance for VMware are provided in the same package as those for Cisco ANM for Red Hat Enterprise Linux 32- and 64-bit solutions.
In a data center design, a Cisco ANM virtual appliance is interchangeable with Cisco ANM for Red Hat Enterprise Linux. This interchangeability makes the appliance easy to deploy and scale; allows more efficient utilization of hardware resources; and eliminates the need to acquire, install, and maintain the operating system separately.
Q. Do I have to provide the operating system for Cisco ANM?
A. For Cisco ANM Virtual Appliance for VMware, the OS is embedded in the virtual appliance so no OS is required from the customer, although the required VMware is the responsibility of the customer. For Cisco ANM for Red Hat Enterprise Linux, the customer must supply the OS for Cisco ANM. In this case, Cisco ANM is delivered as a ready-to-install disk that installs only the Cisco ANM application. The required Red Hat Enterprise Server Linux OS must be preinstalled on the customer-provided hardware. You can obtain the necessary OS through an evaluation or purchased subscription at http://redhat.com/rhn.
Q. Which version of Red Hat Linux can I use to support Cisco ANM?
Q. How often are the supported versions of the operating system updated and is every version supported?
A. Because Cisco ANM is tested for security, performance, and efficiency on specific versions of the OS, and in keeping with generally accepted best practices for administration of operations support systems, updates to the versions of the OS supported by Cisco ANM generally occur only when new releases of Cisco ANM will benefit from updating to more recent versions of the OS, when updating is needed to keep within OS end-of-support guidelines, or when updating is required to maintain system security. Although an OS vendor may release additional updates to an offering, Cisco ANM will generally not update support to include those releases unless one of the reasons mentioned here applies.
Q. I prefer to use another type of the Linux OS. Can I use that in place of the Red Hat Enterprise Server Linux specified for Cisco ANM?
A. Cisco ANM supports only the specified versions of the Linux OS. Due to variations in software packages, layouts, and services in other variants of Linux, use of other than the specified versions will in the worst case cause Cisco ANM to fail to install or operate properly, and at best the installation will be unsupported by Cisco.
Q. The minimum disk space requirement is 120 GB. What is this spaced used for?
A. Cisco ANM uses disk space for its real-time configuration and status database as well as for storage of statistical data, logging, and audit files. Since the introduction of monitoring dashboards and graphing in Cisco ANM 3.0, the storage space for statistical data collection has been increased, though the requirement for disk storage has not been significantly increased because the amount of data collected in even a large-scale Cisco ANM implementation is resolved to data sets that are relatively small in terms of gigabytes of storage space. The planned direction for Cisco ANM is to provide offload and export capabilities for the statistical data set to enable off-system analysis, thereby reducing long-term data storage requirements.
Q. Should I consider even larger storage capacity, and if so, why?
A. When selecting a server configuration for Cisco ANM, customers may want to consider installing more than 80 GB storage capacity to eliminate the need for an upgrade to meet possible future data storage requirements, such as would be necessary to support capacity planning or reporting functions that may be added to Cisco ANM at some time in the future.
Q. Are there any specific disk space requirements with respect to directory layout?
A. Yes. Cisco ANM requires at least the following allocations of specific disk space requirements:
• /opt/CSCOanm: 1 GB
• /var/lib/anm: 40 GB
• /var/lib/mysql: 3 GB
Q. Can I get more capacity and performance from my Cisco ANM if I load it on a more powerful or larger-capacity platform?
A. You may be able to increase Cisco ANM performance by running it on a more powerful or larger-capacity platform as long as the platform meets the specified system requirements. Although Cisco ANM is a multithread, multiprocessor-aware application, no specific improvements are claimed when it is used on systems more powerful than those specified. Given at least the required server resources, Cisco ANM will gain most advantage from resource increases from enhanced CPU performance, expanding memory up to at least 4 GB, and from disk storage systems with higher-speed transfer capability. The maximum capacity of 50 Cisco ACE devices plus 40 Cisco CSS, CSM, or CSM-S devices plus 3 Cisco GSS clusters cannot be increased by using a larger-capacity platform.
Q. Is Cisco ANM available as an appliance-based offering?
A. Although Cisco ANM is available as a virtual appliance for VMware, it is not available as a hardware-based appliance.
Q. Can I run other applications on the same physical server platform as Cisco ANM for Red Hat Enterprise Linux?
A. No. Because of performance specifications and support issues, Cisco ANM must run on a dedicated platform for Cisco ANM only. Consider the use of Cisco ANM Virtual Appliance for VMware as an alternative.
Q. Can Cisco ANM be run from within a virtual machine, such as a VMware virtual machine, without using Cisco ANM Virtual Appliance for VMware?
A. Although Cisco ANM is a fairly well-behaved application and so may be suited to run in a virtual machine environment such as that provided by VMware, Cisco supports only the implementation using Cisco ANM Virtual Appliance for VMware.
Q. Does Cisco ANM support high availability, and if so, how?
A. Cisco ANM supports high-availability configurations by implementing a hot-standby server that is directly connected to the primary server through a Layer 2 connection within the same subnet: for instance, a dedicated Ethernet LAN connection. The hot-standby server maintains synchronization with the primary server by means of real-time database replication.
Q. If I cannot use the Cisco ANM built-in high-availability option, what other methods can be used for redundancy?
A. Cisco ANM 2.0 and higher includes an autosynchronization feature that enables the Cisco ANM server to automatically update the device configuration for any managed Cisco ACE device, even when changes are made other than through the Cisco ANM being used. As a result, it is possible to establish more than one running Cisco ANM server, with both managing the same devices, using external adminstrative controls or the Cisco ANM role-based access control (RBAC) features. Generally, only one Cisco ANM server should be operated as the primary manager, with the other run as a shadow manager. This configuration does require additional maintenance tasks related to duplicate user administration and duplicate initial import of managed Cisco ACE devices, but otherwise it can be used to implement a reliable form of high availability even over geographically separated management sites. Ask your Cisco account representative for additional information presented in the Cisco ANM disaster recovery solution guide.
Q. What are the required file locations for Cisco ANM for Red Hat Enterprise Linux?
Q. Does Cisco ANM for Red Hat Enterprise Linux require root access on the host OS for installation?
Q. Does Cisco ANM for Red Hat Enterprise Linux create user accounts on the host OS?
A. Yes. Cisco ANM generates three local users - anm, anm-mysql, and monit - which are used to run local daemon processes in both standalone and high-availability configurations. In the high-availability configuration, Cisco ANM creates a fourth user: hacluster. Unlike administrator-created user accounts, these accounts cannot be used to log in and do not appear in Cisco ANM users lists because they are solely system-level accounts.
Q. Can I change the security certificates used by Cisco ANM users for secure access to the Cisco ANM server using the users' browser clients?
A. Yes. Customers can install their own security credentials in place of those shipped with Cisco ANM 2.1 and higher.
Q. Does Cisco ANM use any client-side Java extensions to the user's web browser?
A. Client-side Java extensions are not required.
Ordering and Fulfillment
Q. How do I order Cisco ANM?
A. Cisco ANM is available for purchase through regular Cisco sales and distribution channels worldwide. To place an order, visit the Cisco Ordering homepage.
Q. How is Cisco ANM licensed?
A. To simplify deployment and help ensure that all Cisco ACE customers can gain the advantages of the Cisco ACE portfolio, including Cisco ANM capabilities, Cisco is offering Cisco ANM 4.1 and 4.2 free of charge. Existing Cisco ANM server licenses will fulfill the licensing requirements for customers upgrading to Cisco ANM 4.1 and 4.2. Additional licensing beyond the base Cisco ANM server software is no longer required.
Q. How is the Cisco ANM high-availability option licensed?
A. Additional licensing beyond a second license for the Cisco ANM base server software for the Cisco ANM high-availability server is no longer required. Therefore, for each pair of primary and standby Cisco ANM high-availability servers, two licenses for the Cisco ANM base server software are required. During installation, the user can designate whether the license is to be used for the primary or the standby high-availability server.
Q. Are any free Cisco ANM licenses available for Cisco ACE management?
A. Yes. To simplify deployment and help ensure that all Cisco ACE customers can gain the advantages of the Cisco ACE portfolio, including Cisco ANM capabilities, Cisco is offering Cisco ANM 4.1 and 4.2 free of charge. Existing Cisco ANM server licenses will fulfill the licensing requirements for customers upgrading to Cisco ANM 4.1 and 4.2. Additional licensing beyond the base Cisco ANM server software is no longer required. Addition of Software Application Support (SAS) is recommended (for an additional charge).
Q. Will I get Cisco ANM free if I order one or more Cisco ACE devices?
A. No. Cisco ANM must be ordered to be received by the customer. The base Cisco ANM server software has a list price of US$0, but it is not bundled with any Cisco ACE products. Addition of SAS is recommended (for an additional charge).
Q. Are software support contracts available, and if so, how are they ordered?
A. Yes. You can purchase a one-year SAS contract that provides Cisco Technical Assistance Center (TAC) support, access to software maintenance patches at Cisco.com Software Center, and Cisco ANM minor updates. You can order this contract in the same way that you order Cisco ANM itself.
Q. Why is only SAS offered and not Software Application Support plus Upgrades (SASU) or Cisco SMARTnet® Service?
A. All versions of Cisco ANM are offered as free upgrades to all prior licensed customers. Therefore, no support offering covering upgrades is required or offered.
Q. I understand that the basic Cisco ANM server software can be ordered for free. Does that include the SAS contract?
A. Although a SAS contract can be purchased for the Cisco ANM server software, the price is based on the corresponding nondiscounted value.
Q. Is there a cost to upgrade from prior versions of Cisco ANM 1.0 to Cisco ANM 4.2?
A. There is no charge to upgrade from any version of Cisco ANM to the most recent Cisco ANM release. All Cisco ANM customers are eligible for upgrades to Cisco ANM 4.2 without charge.
Q. What are the requirements for upgrading from prior versions of Cisco ANM to Cisco ANM 3.0 to enable upgrade to Cisco ANM 4.2?
• Cisco ANM 3.0 supports upgrading on the same server from all Cisco ANM 2.0 versions.
• Customers upgrading from Cisco ANM 1.0 must first upgrade to Cisco ANM 2.0 before migrating to Cisco ANM 3.0.
• Customers upgrading from Cisco ANM 2.0 running on Red Hat Enterprise Linux 4.0 must upgrade to Red Hat Enterprise Linux 5 (base server) Update 2 (5.2) or Update 3 (5.3) 32-bit Server Edition (Linux 2.6 kernel), following the instructions provided in the installation guide for Cisco ANM 3.0 at http://www.cisco.com/en/US/products/ps6904/prod_literature.html.
• All existing Cisco ANM customers are eligible for upgrades to Cisco ANM 3.0 without charge. Customers with Cisco ANM 1.2 and 2.0 licenses can reuse their current Cisco ANM licenses when upgrading to Cisco ANM 3.0 on the same server platform.
• Customers wanting to rehost their Cisco ANM on a different server platform should contact Cisco TAC or Global Licensing Operations as usual for information about rehosting their existing licenses.
Q. How many Cisco ACE virtual contexts can Cisco ANM manage?
A. Cisco ANM can manage up to 250 contexts per module. System capability depends on the load and configuration complexity.
Q. How many Cisco ACE devices can Cisco ANM manage?
A. Cisco ANM can manage up to 50 Cisco ACE devices deployed across up to 50 Cisco Catalyst 6500 Series chassis for modules, depending on the configuration and system load.
Q. How many Cisco CSS, CSM, and CSM-S devices can Cisco ANM manage?
A. Simultaneously with Cisco ACE management, Cisco ANM can manage up to 40 Cisco CSS, CSM, and CSM-S devices.
Q. How many Cisco GSS devices can Cisco ANM manage?
A. Simultaneously with Cisco ACE management, Cisco ANM 2.0 and higher can manage up to three clusters of Cisco GSS devices running Cisco GSS 3.0(2) or higher. Each cluster can include up to 16 Cisco GSS devices, so the total number of Cisco GSS devices that one Cisco ANM can manage is 48.
Q. Can more than one person log in and use Cisco ANM at the same time?
A. Yes. Up to 25 users can be simultaneously logged in to the same Cisco ANM server.
Cisco ACE, CSS, CSM, and CSM-S Support
Q. Does Cisco ANM support high-availability mode?
A. Yes. Cisco ANM can be installed in high-availability mode when a backup Cisco ANM server is present.
Q. Does Cisco ANM support Cisco ACE high availability?
A. Yes. Cisco ANM can manage redundant high-availability Cisco ACE pairs.
Q. Can more than one Cisco ANM system manage the same Cisco ACE device?
A. This configuration is not recommended unless adminstrative methods are used to avoid contention for mangement of the managed devices. There is no way for one Cisco ANM to detect that another Cisco ANM instance is installed and operating (except in high-availability configurations). If more than one Cisco ANM system must manage the same Cisco ACE device at the same time, then implementation of the Cisco ANM autosynchronization capability is highly recommended. This feature helps reduce the time between the moment when the commands from one Cisco ANM affect a Cisco ACE device and the moment when the other Cisco ANM is updated with these changes.
(Also see the question "If I cannot use the Cisco ANM built-in high-availability option, what other methods can be used for redundancy?" earlier in this document.)
Q. Can I group together virtual contexts on different Cisco ACE devices?
A. Yes. Groups can contain contexts from different Cisco ACE Modules and chassis. In the group display, the chassis name is prepended to the name of the virtual context so that you know the physical hardware that contains the context.
Q. Are there any limitations when using Cisco ANM to create new virtual servers?
A. Yes. The Cisco ANM virtual server is an abstraction of Cisco ACE settings such as the resource class, policy, and class map. Therefore, it is possible to alter the Cisco ACE virtual context configuration at the command line in a manner that is not understood by Cisco ANM. Unless you are an expert systems user, Cisco recommends that you use Cisco ANM to make any updates to your virtual server entries. You can access additional parameters under More Settings where available or use the advanced view for more complex or detailed configurations.
Q. I cannot see the virtual IP active and inactive status in real time. Why?
A. This situation occurs because of the way Cisco ACE provides virtual IP data. Cisco ANM uses the Cisco ACE CLI to display the service policy data containing the virtual IP status. The data cannot be retrieved and parsed in real time, so the user must click the Details button on the Operations page to display the virtual IP status.
Q. How does the number of contexts affect the module import function?
A. The length of time increases with an increasing number of contexts.
Cisco ANM Administration and Integration
Q. What backup and restore functions are available for Cisco ANM itself?
A. Administrative functions in Cisco ANM support backup and restoration of the inventory and configuration data stored on the Cisco ANM server.
Q. Does Cisco ANM integrate with third-party products?
A. Customers interested in integration with third-party products are encouraged to contact the Cisco ANM product management team to discuss specific implementation requirements.
Q. Can I export configuration data?
A. Cisco includes a relational database for Cisco ANM at no additional cost to store the configuration and monitoring data. There is no export capability for this data, but users can use the Cisco ANM web services API to access lists of devices, virtual contexts, servers farm, real servers, and associated VMware virtual machines. Examples of the use of the Cisco ANM web services API are available at the Cisco Developers Network at developer.cisco.com.
Q. Can I export monitoring data?
A. In Cisco ANM 3.0 and higher, the monitoring graphs provide the capability to export the data presented in each graph. Cisco ANM 4.0 provides users with an optional statistical data export facility so that they can export the raw data collected, which is then used in the operations and monitoring views. This data can be used to identify baselines and trends as well as perform capacity planning based on application networking services utilization and performance over time. Note that this raw data does not contain the combined or calculated data used for some of the operations and monitoring views, but that Cisco ANM does provide a data dictionary in XML schema format to enable users to perform their own desired calculations.