The Cisco® Configuration Engine provides a unified, secure solution for automating the deployment of Cisco customer premises equipment (CPE). This scalable product distributes device and service configuration files and software images to one device or a group of devices, thereby reducing operating costs and deployment time to enable new services and customers.
The Cisco Configuration Engine is a highly scalable software application running on a Solaris or Linux server; with this application you can manage your CPE devices, including Cisco routers, Cisco switches, and Cisco PIX® devices. Cisco Configuration Engine is accessible through a web-based GUI or web services such as XML and Simple Object Access Protocol (SOAP).
Service provider and large enterprise customers face similar challenges of deploying and managing large volumes of network devices. This complexity is further increased when they introduce managed services such as unified communications, security, and VPNs. Traditionally, customers deploy management products from hardware vendors, which often do not meet operational challenges for managing the service-oriented network.
The Cisco Configuration Engine architecture addresses your operational concerns such as scalability, performance, programmatic interfaces, and the flexibility to customize CPE deployments to meet your business and operation requirements. Adapting to standards-based web and networking technologies, the Cisco Configuration Engine supports a highly scalable, available, distributed, and fault-tolerant architecture, allowing you to customize core components to meet your requirements. Figure 1 shows a high-level overview of a fault-tolerant, distributed Cisco Configuration Engine implementation.
Cisco IOS® Software devices connect to the Cisco Configuration Engine through persistent and secure TCP connections over Secure Sockets Layer (SSL), facilitating the distribution of device and service configuration to thousands of devices in minutes. The Cisco Configuration Engine is shipped with all the necessary software components and an embedded data repository to quickly begin managing devices. As shown in Figure 1, when managing large volumes of Cisco devices you can adapt a distributed, highly available, fault-tolerant architecture with no single point of failure.
In this scenario, all Cisco Configuration Engines can share a common external data repository, which you can duplicate for redundancy. Because Cisco IOS Software devices connect to the Cisco Configuration Engine through persistent TCP connections, a Cisco Configuration Engine failure will lead to a loss of connectivity. You can optionally deploy a Cisco Content Switching Module to load balance Cisco IOS Software device connections and then configure the switch to move the connections to another Cisco Configuration Engine appliance if failure occurs.
Figure 1. High-Level Overview of a Cisco Configuration Engine Implementation
What's New in Cisco Configuration Engine 3.0?
• Solaris 10 and Red Hat 4.0 support
• Increased scalability up to 30,000 devices on a single Cisco CE server
• Cisco Validated Designs for high availability and scalability with multiple Cisco CEs
• Refreshed product collateral and end-customer documentation
• Certification on latest Sun hardware
• Several customer requested featurettes and maintenance bugs
Primary Features and Benefits
The Cisco Configuration Engine automates the configuration of Cisco devices during initial deployments and in subsequent reconfigurations. This complete, automatic device deployment and configuration solution relieves service providers and large enterprise customers of the need to send technicians to customer sites, affording the customers fast activations for new services. Network administrators who manage large networks can also take advantage of the solution to distribute configurations, IP Security (IPSec) keys, passwords, and so on to a device or to groups of devices.
Key features of the Cisco Configuration Engine are discussed in the following sections.
Configuration and Image Services
The Cisco Configuration Engine supports configuration and software image and file distribution services. You can choose one device or a group of devices to distribute device and service configurations, provide policy-based distribution and activation of software images, or distribute files such as signature definition files (SDFs) for security. Some highlights include:
• Secure Zero-Touch Deployment of services and software image
• Secure policy-based distribution of configurations, software images, SDFs, and Cisco Unified Communications Manager Express feature scripts to one device or a group of devices
• E-page or email message notification after successful completion or failure of configuration updates and image distribution and activation
• Concept of batch size to enable you to update thousands of devices but limit the number of simultaneous updates
• State information to monitor and update the outcome of service requests
• Policy-based image distribution and activation to validate device resources before upgrading software images
The Cisco Configuration Engine supports an intuitive, task-oriented, feature-rich, web-based GUI. In addition to standard features such as a hierarchical view, groups, jobs, log files, device cloning, bulk upload tool, and a scheduler, the Cisco Configuration Engine includes advanced features such as job customization, policy-based creation of dynamic virtual groups, and support for both embedded and external data repositories.
Velocity Template Engine
The Cisco Configuration Engine supports the Velocity Template Engine, a widely used tool from Apache. The Velocity Template Engine enables you to develop your own scripts, implementing logic to generate and validate configurations dynamically through interaction with devices. Primary benefits of using this tool include:
• User customization based on device configuration and service activation requirements
• Support for Java, Perl, Expect, and other scripting tools
• Dynamic configuration generation that you can do through interaction with the device
• Workflow control to enable you to complete multiple jobs
• Ability for you to develop and plug in scripts to validate device attributes entered by network-operations-center (NOC) personnel
• Support for scripts to autopopulate attribute values retrieved from a customer's data repository
If you prefer to integrate programmatically, the Cisco Configuration Engine offers a rich set of application programming interfaces (APIs) based on web services (XML and SOAP). The Cisco Configuration Engine adapts to industry-standard web and Internet protocols, reducing the complexity of integration, and it supports secure communication based on HTTPS and SSL between your application and the Cisco Configuration Engine. Web services are available for configuration, image, and administrative services. The immediate benefits of integrating with the Cisco Configuration Engine using web services include:
• HTTPS and SSL communication between your application and the Cisco Configuration Engine is secure.
• Flexibility and ease of integration reduce the cost of implementation.
• XML and SOAP Web Services Description Language (WSDL) is available for administrative, configuration, and image services; you can access all features supported from the web GUI programmatically through web services.
• There is no dependency on the operating system; the API is standards-based.
Device Development Module
Devices not enabled with embedded Cisco IOS Software agents are supported using an embedded gateway module, so you can develop and register your own device adapters. This module allows you to communicate with and manage devices not supported by the Cisco Configuration Engine.
The Cisco Configuration Engine supports an embedded data repository. You can map to an external Lightweight Directory Access Protocol (LDAP) directory at setup. You also can duplicate an external directory to support a redundant data repository in case of failure.
Security is your most important concern. The Cisco Configuration Engine security implementation includes the following:
• Cisco IOS Software devices connect to the Cisco Configuration Engine through SSL, and all communication happens over an encrypted link.
• Prior to accepting any change request, Cisco IOS Software devices validate the public key from the Cisco Configuration Engine through Cisco IOS Software trust points.
• If you use web services you can connect to the Cisco Configuration Engine securely over SSL.
Table 1 lists the features and benefits of the Cisco Configuration Engine 3.0. Table 2 lists supported devices.
Table 1. Features and Benefits of Cisco Configuration Engine
Support for CPE Devices Using SSL Transport
• This scalable solution enables large-scale secure deployment and management of Cisco CPE over SSL and allows you to reduce deployment costs and service turn uptime.
• Time to implement new services is significantly reduced by eliminating staging and manual processes.
• This common solution supports all Cisco IOS Software CPE across multiple access technologies (leased line, Frame Relay, ATM, cable, DSL, Ethernet, and modem).
• With this scalable solution you can implement services such as IP telephony, VPNs, firewalls, and so on.
• The feature-rich web GUI allows you to use the product out of the box.
• The solution offers a configuration or image update to one group or group of devices.
Velocity Template Engine
• The engine is customizable to meet your business and operation requirements.
• The engine supports scripting languages (Java, Perl, and so on).
• With the engine you can control work flow.
• You can update the configuration to one device or a group of devices.
• You can configure email or e-page message notification of outcome.
• Configuration changes are delivered to thousands of devices successfully in minutes rather than hours.
• The solution offers policy-based validation of device resources.
• The solution supports devices behind the firewall or devices that use dynamic IP addresses.
• You can configure email or e-page message notification of outcome.
• XML and SOAP WSDL are available for all features supported from the web GUI.
• Communication between your application and the Cisco Configuration Engine is secure.
• Implementation is easy.
Device Module Development
• Southbound APIs support your scripts to communicate to devices.
• The solution is protocol-independent (Simple Network Management Protocol [SNMP], HTTP, Secure Shell [SSH] Protocol, Perl, and so on).
Support for Zero-Touch Deployment Feature in Cisco PIX Devices, Incremental Configuration Updates, and Image Distribution
• Deployment cost and time are reduced.
• Productivity is improved.
• Software image upgrades are scalable.
• Network management is simplified.
Table 2. Devices Supported
Cisco IOS Software Platform
• Cisco 1900, 2900 and 3900 ISR G2 Routers
• * Cisco 800 Series Integrated Services Routers
• Cisco 1800 Series Integrated Services Routers
• Cisco 2800 Series Integrated Services Routers
• Cisco 3200 Series Rugged Integrated Services Routers
• Cisco 3800 Series Integrated Services Routers
• Cisco SOHO 70 and SOHO 90 Series Routers
• Cisco 1700 Series Modular Access Routers
• Cisco 2600 Series Multiservice Platforms
• Cisco 3600 Series Multiservice Platforms
• Cisco 3700 Series Multiservice Access Routers
• Cisco Unified Communications 500 Series for Small Business
• * Cisco 500 Series Secure Routers
• Cisco AS5300 Series Universal Gateways
• Cisco AS5400 Series Universal Gateways
• Cisco AS5800 Series Universal Gateways
• Cisco IAD2400 Series Integrated Access Devices
• * Cisco IAD880 Series
Access and Metropolitan Switches
• Cisco Catalyst® 2950 Series Switches
• Cisco Catalyst 2960 Series Switches
• Cisco Catalyst 3550 Series Switches
• Cisco Catalyst 3560 Series Switches
• Cisco Catalyst 3560-E Series Switches
• Cisco Catalyst 3750 Series Switches
• Cisco Catalyst 3750-E Series Switches
• Cisco Catalyst 4500 Series Switches
• Cisco ME 3400 Series Ethernet Access Switches
• Cisco ME 3400E Series Ethernet Access Switches
• Cisco ME 3750 Metro Series Switches
• Cisco ME 4900 Series Ethernet Switches
• * Cisco Catalyst 6500 Series Switches
Aggregation and Core Routers
• Cisco 7200 Series Routers
• Cisco 7300 Series Routers
• Cisco 7500 Series Routers
• Cisco ASR 1000 Series Aggregation Services Routers
• Cisco 7600 Series Routers
• Cisco 10000 Series Routers
• Cisco 10700 Series Routers
• * Cisco 12000 Series Routers
Mobile Wireless Routers
• Cisco MWR 1900 Mobile Wireless Routers
• * Cisco MWR 2900 Mobile Wireless Routers
The Cisco Configuration Engine supports the following platforms through SSH embedded in the Cisco Configuration Engine:
• Cisco IOS Software devices
• Cisco Catalyst OS devices
• Cisco CSS 11000 Series Content Services Switches
• Cisco VPN 3000 Series Concentrators
• Cisco access points
• Cisco PIX devices
Note: For Zero-Touch Deployment using Cisco Configuration Engine, please ensure the ISR and ISR G2 routers are ordered with the option of no configuration. Please use ISR-CCP-EXP-NOCONF or ISR-CCP-CD-NOCONF option when ordering ISR G2 1900, 2900 and 3900 routers; use CCP-EXPRESS-NOCF or CCP-CD-NOCF option when ordering ISR 800, 1800, 2800 and 3800 routers.
Table 3 gives the system requirements of Cisco Configuration Engine.
Table 3. Cisco Configuration Engine System Requirements
Linux Platform (Red Hat v4.0)
Solaris Platform (Solaris 10)
Recommended hardware for 20,000 devices:
• Intel Xeon processors 4 @ 2.33 GHz
• 4-GB RAM
• Hard Drive: 72-GB
Recommended hardware for 30,000 devices:
• Sun T1000, 8 core, 1.0 GHz UltraSPARC T1 Processor
* The SP part numbers are applicable to service providers and the CON part numbers are applicable to enterprises.
Service and Support
Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services can help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business.