A. Cisco Configuration Engine is a highly scalable software application designed to facilitate rapid configuration changes across thousands of devices simultaneously. The application also supports image delivery to supported devices, integration points to higher-level systems, and Zero-Touch Deployment.
Q. Who can benefit by using the Cisco Configuration Engine?
A. Service providers and enterprises can benefit from this application. Service providers can use the it to automate the deployment of Cisco customer-premises-equipment (CPE)-based managed services and service provisioning, and the management of large-scale deployments of Cisco CPE and software image upgrades. Enterprises can use the Cisco Configuration Engine to automate large network deployments, CPE upgrades, branch-office service provisioning such as Cisco Unified Communications Manager Express, Cisco Unity® Express, signature-definition-file (SDF) security signature files, VPNs, firewalls, etc.
Q. What is Zero-Touch Deployment?
A. Zero-Touch Deployment is a Cisco service that allows rapid deployment of Cisco devices. The process start with the Cisco Configuration Express service that installs a "bootstrap" configuration on each device shipped. When those devices are connected to a network and powered on, they start searching for Cisco Configuration Engine, and then Cisco Configuration Engine downloads the proper running configuration for that specific device.
Q. Can I integrate my operations-support-system (OSS) application with Cisco Configuration Engine?
A. Yes, you can integrate Cisco Configuration Engine with just about any OSS. With the Web Services application programming interfaces (APIs), you have programmatic access to every feature inside Cisco Configuration Engine. With the Software Development Kit (SDK) you can easily obtain any data from Cisco Configuration Engine and direct it as though it is part of the OSS itself. You can purchase the optional SDK to integrate with the Cisco Configuration Engine. Please refer to the ordering guide for additional information http://www.cisco.com/en/US/products/sw/netmgtsw/ps4617/prod_how_to_order.html.
Q. What kind of hardware is required to support Cisco Configuration Engine?
A. Cisco Configuration Engine will run on a wide variety of Sun and PC-based hardware. For specific details, please refer to the data sheet.
Q. What operating systems and versions does Cisco Configuration Engine support?
A. The Cisco Configuration Engine Version 3.0 currently supports Solaris and Linux OS. For specific details, please refer to the data sheet.
Q. How is Cisco Configuration Engine scalable?
A. For Version 3.0 there is a Sun CD and a Linux CD. A single Sun server will support up to 25,000 devices, and a Linux server will support up to 10,000 devices using the recommended hardware. However, you can achieve higher multiples by using a Cisco Content Switching Module as a front end to Cisco Configuration Engine. Please refer to the data sheet for additional details.
Q. Is the Cisco Configuration Engine product highly available?
A. You can achieve fault tolerance by placing multiple configuration engines behind a Cisco Load Balancer. Please ask your Cisco account representative for the Cisco validated design for this solution.
Q. Do I need Cisco Configuration Engine if I have another management product from Cisco?
A. Maybe. Depending on your needs and the other products installed, you may need Cisco Configuration Engine to meet your speed and scalability requirements. Ask your Cisco account representative for more information with deference to your unique environment.
Q. Can I use an external Lightweight Directory Access Protocol (LDAP) server with Cisco Configuration Engine?
A. You can configure Cisco Configuration Engine to use either an internal or external LDAP server. You can select the type of LDAP to be implemented through the configuration engine setup utility. You do not have to configure LDAP itself when using internal LDAP. If you decide to use an external LDAP server, you need to extend the vendor's LDAP schema to be able to support Cisco Configuration Engine-specific object classes that are needed to represent the server and devices. For external LDAP configuration, you need to follow the LDAP vendor's installation and configuration procedures.
Q. How do I stop or start the internal LDAP server?
A. In order to gracefully shut down the internal LDAP server on the Cisco Configuration Engine server, use the following command: /etc/init.d/NetAppOpenLDAP stop to stop OpenLDAP server. NetAppOpenLDAP stop also performs data recovery to ensure data integrity.
To start the internal LDAP server, execute the following command:
/etc/init.d/NetAppOpenLDAP start.
When the LDAP server is not shut down gracefully by NetAppOpenLDAP, because of system crash, power outage, or manual kill, data corruption may occur and the LDAP server will not respond. To fix the problem, stop the OpenLDAP server and run the following command to recover data:
Q. Where are Cisco Configuration Engine log files located?
A. Cisco Configuration Engine offers log files for the main configuration engine components. The most important ones are located in: /var/log/CNSCE. The following list offers the log file name and its related component:
• appliance-setup.log: Status of setup/start/shutdown configuration engine
• websvc/websvc.log: Web service general log
• cfgsrv/cfgsrv/log: Config service log
• imgsrv/imgsrv.log: Image service log
• cfgsrv/exec-srv.log: Exec service log
• ce_monitor/ce_monitor.log: Configuration engine health status
• tomcat: Tomcat server logs
• evtgateway: Event gateway log (to see this log, you have to turn it on during setup)
Q. What is a TibGate?
A. Devices connect to the Cisco Configuration Engine through TCP/Secure Sockets Layer (SSL) connection; this connection is made to the event gateway or TibGate. Each TibGate port within Configuration Engine serves 500 devices.
TibGates are associated with port numbers. The Cisco Configuration Engine uses odd port numbers starting at 11011 for nonsecured device communication, and even port numbers starting at 11012 for secured device communication. You can check the status of a specific TibGate with the following command: /etc/init.d/EvtGateway status <port number>.
You can manually stop or start a specific TibGate with the following command: /etc/init.d/EvtGateway {stop / start} <port number>.
The configuration engine installation process performs a series of hardware checks to determine the number of CPUs, memory, and swap space in the system. Based on these parameters it determines the number of supported event gateways for the particular server.
Q. Why does a provisioned device still show up "RED" on the Cisco Configuration Engine web interface?
A. There are multiple reasons.
• To start, make sure that the device being provisioned has IP connectivity with the configuration engine server and conversely, perform a ping command.
• Second, make sure that the "Device ID" assigned on the bootstrap configuration file matches the one provisioned on the web interface.
• Third, if device authentication is enabled, check the password in the device. Also make sure that the device password is synchronized with the Cisco Configuration Engine.
Q. I am having trouble managing a device with Cisco Configuration Engine. How do I troubleshoot this problem?
A. It is important when you have connectivity problems with the provisioned device that you turn debug on. You need to use Telnet to your device and execute the following commands:
• Device> config t
• Device> enable
• Device# debug cns all
• Device# ter mon
The debug cns all command will give you the most output when the device and the configuration engine server are trying to establish connectivity. You can also use the debug cns ? command to a obtain list of the available Cisco Networking Services commands.
Q. Where can I find out more about Cisco Configuration Engine?
