A. Cisco Application Networking Manager (ANM) helps enable centralized provisioning, operations, and basic monitoring of Cisco data center networking equipment and services. Cisco ANM 2.0 focuses on providing provisioning capability for Cisco Application Control Engine (ACE) devices, including Cisco ACE Modules and Cisco ACE 4710 Application Control Engine appliances. It also supports operations management and monitoring for Cisco ACE devices as well as for the Cisco Content Services Switch (CSS), Cisco Content Switching Module (CSM), and Cisco Content Switching Module with SSL (CSM-S). In addition, Cisco ANM extends this operations support to the Cisco ACE Global Site Selector (GSS) for securely delegated activation and suspension of Domain Name System (DNS) rules and virtual IP answers and answer groups.
Q. Who should deploy Cisco ANM?
A. Cisco ANM is designed for enterprises and service providers (especially managed hosting service providers) using Cisco ACE Modules and Cisco ACE appliances, as well as those seeking operations support not only for Cisco ACE devices but also for Cisco CSS, CSM, CSM-S, and GSS devices.
Q. Are all versions of Cisco ACE, CSS, CSM, and CSM-S devices supported?
A. Generally all versions of Cisco ACE devices are supported by Cisco ANM (starting with Cisco ACE Appliance Software Release 3.0.0A13). Support for Cisco CSS, CSM, and CSM-S is limited to specifically tested, recent releases. The specific versions of Cisco ACE, CSS, CSM, and CSM-S supported are listed in the Supported Devices table for Cisco ANM 2.0, available at http://www.cisco.com/en/US/products/ps6904/products_device_support_tables_list.html.
Q. What versions of Cisco GSS devices are supported?
A. Operations management of Cisco GSS requires Cisco GSS 3.0(2) and Cisco ANM 2.0.
Q. What is new in Cisco ANM 2.0?
A. Cisco ANM 2.0 provides several new features, including:
• Support for Cisco ACE 3.1 appliance software: Support for Cisco ACE 4710 Appliance running Cisco ACE 3.1 appliance software
• Support for Cisco ACE GSS Software Release 3.0(2): Operations support for Cisco ACE GSS 3.0(2), which enables securely delegated activation and suspension of DNS rules and virtual IP answers and answer groups; support includes GSS master (GSSM) discovery and on-demand retrieval and display of operational status and click information for DNS rules and virtual IP answers and answer groups
• SSL enhancements
– Wizard-based provisioning workflow to set up SSL keys, certificates, and proxy and perform certificate signing request (CSR) generation, including certificate and key association views across managed devices controlled by Cisco ANM role-based access control (RBAC)
– Enhanced certificate and key importation with appropriate error messaging when an imported certificate or key is invalid or a certificate is imported as a key or a key as a certificate
– Automation of certificate and key synchronization across Cisco ACE running in high-availability pairs
• Access control list (ACL) enhancements: Enhanced ACL display with user-friendly view to manage ACLs or individual entries within ACLs and an ACL-to-interface association view
• Configuration autosynchronization: Autosynchronization from Cisco ACE to Cisco ANM for device configuration changes made out of band (other than through Cisco ANM)
• Audit logging: All user activity for actions taken in Cisco ANM (who did what, when, and from where) logged and made available for review and export by authorized users
• Administrative enhancements: Expanded presentation of default values on configuration screens, and visual and user interface enhancements for clarity and consistency
Q. What is new in Cisco ANM 1.2?
A. Cisco ANM 1.2 provides several new features, including:
• Expanded Cisco ACE device support: Support encompasses Cisco ACE modules ACE10-6500-K9 and ACE20-MOD-K9 and Cisco ACE 4710 appliances; specific support information is documented in the Supported Devices table for the Cisco ANM 1.2, available separately on Cisco.com.
• Cisco CSS, CSM, and CSM-S operations support: Server managers can now monitor the configured and operating states of all assigned services and servers not only on Cisco ACE devices, but also across the Cisco CSS, CSM, and CSM-S infrastructure. By taking advantage of the Cisco ANM secure delegation capabilities, server managers can perform their daily management tasks, such as taking one or more real servers in and out of service, with options for graceful shutdown or cleared connections and without needing to know the type of network device supporting their servers (Cisco ACE, CSS, CSM, or CSM-S), the network topology, or other network operations. Adding further capability, user-defined filters enable quick segmentation of the server managers' delegated views according to the criteria that best fits their needs.
• Reusable building blocks for rapid provisioning: Common configuration of service elements such as health monitoring probes and server farms can be defined once and reused multiple times. Using these building blocks helps ensure compliance with common configuration policies, speeds deployment of common configurations for standardization of policies, and facilitates separation and delegation of configuration and service deployment tasks. RBAC is used to limit access to only authorized users for network resources for virtual contexts of Cisco ACE devices, content networking and load balancing, and SSL services, as well as Cisco CSS, CSM, and CSM-S with their virtual and real servers. This enforcement facilitates user group access to individual application services to simplify administration and removes unnecessary overhead between network administrators, network operations center (NOC) staff, systems operators, and server managers, increasing productivity of all operational staff. It also allows administrative tasks to be securely delegated without the need to grant full device access.
• Enhanced granularity of RBAC: Cisco ANM RBAC has been enhanced to facilitate more granularity in control and delegation of authority. Administrators can now define access control to 32 levels of tasks, providing nearly four times more granularity than in the prior release. Combined with the capability to create custom domains (or areas of control) across all devices, this feature enables exceptional control of user authorization and delegation.
• Inclusion of Cisco ACE device RBAC configuration: In addition to the systemwide RBAC capability provided by Cisco ANM that spans all its managed devices, each Cisco ACE device has a powerful capability to implement its own internal RBAC separately and independently of Cisco ANM. Cisco ANM 1.2 now includes the capability to configure roles and domains on all managed Cisco ACE devices through the Cisco ANM GUI. The Cisco ACE device RBAC configuration is separate from Cisco ANM's own RBAC controls, which span multiple devices, and provides additional granularity especially useful in a multidevice environment. By combining both systemwide Cisco ANM RBAC and Cisco ACE RBAC, customers can easily implement rigorous access control.
• Expanded device and service monitoring: Enhancements in monitoring include global polling settings and enhanced service and event views. Also included is the capability for operators to define threshold-crossing alerts for both device and service health and availability for all managed devices. The enhanced service views include system, traffic summary, resource usage, virtual VIP address, service path, load-balancing statistics, and application acceleration views. These views are available for each virtual context as well as on the device group level and are supported as appropriate for Cisco ACE, CSS, CSM, and CSM-S devices. The events view is enhanced by parsing IP and port information from traffic-related events and provides the capability to sort based on this information. Driven by Simple Network Management Protocol (SNMP) traps and syslogs, an events view is supported for Cisco ACE devices. Cisco ANM can be configured to generate notifications to external systems through SNMP traps or email, or both, whenever a defined threshold is crossed or a threshold-crossing alert is cleared.
• Additional remote authentication options: In addition to local, TACACS+ (ACS), and RADIUS user authentication, administrators can choose remote user authentication using Lightweight Directory Access Protocol (LDAP) or Microsoft Active Directory through LDAP.
Q. Where can I find more information about these features and documentation for Cisco ANM?
A. Information about these features and documentation for Cisco ANM is available at http://www.cisco.com/go/anm.
Cisco ANM Hardware, Operating System, and Environment
Q. On what hardware and operating system does Cisco ANM run?
A. Cisco ANM runs on a customer-supplied server running Red Hat Enterprise Linux, as specified in the Supported Devices table for the Cisco ANM 2.0.
Q. Do I have to provide the operating system for Cisco ANM 2.0?
A. Yes, Cisco ANM 2.0 is delivered as a ready-to-install disk that installs only the Cisco ANM 2.0 application. The required Red Hat Enterprise Server Linux operating system must be preinstalled on the customer-provided hardware. You can obtain the necessary OS through an evaluation or purchase subscription at http://redhat.com/rhn.
Q. I prefer to use another type of Linux. Can I use that in place of the Red Hat Enterprise Server Linux specified for Cisco ANM?
A. Cisco ANM supports only the specified versions of the Linux operating system. Due to variations in software packages, layouts, and services in other variants of Linux, use of other than the specified versions will at worst cause Cisco ANM to fail to install or operate properly, and at best the installation will be unsupported by Cisco.
Q. The minimum disk space requirement is 60 GB, with the recommended space being at least 80 GB. What is this spaced used for?
A. Cisco ANM 2.0 uses disk space for both its real-time configuration and status database, as well as for storage of statistical data, logging, and audit files.
Q. Should I consider even larger storage capacity, and if so, why?
A. When selecting a server configuration for Cisco ANM, customers may want to consider installing more than 80 GB storage capacity to eliminate the need for an upgrade to meet possible future data storage requirements, such as would be necessary to support capacity planning or reporting functions that can be added to Cisco ANM.
Q. Are there any specific disk space requirements with respect to directory layout?
A. Yes, Cisco ANM requires at least the following allocations of specific disk space requirements:
• /opt/CSCOanm: 1 GB
• /var/lib/anm: 40 GB
• /var/lib/mysql: 3 GB
Q. Can I get more capacity and performance for my Cisco ANM 2.0 application if I load it on a more powerful or larger-capacity platform?
A. You may be able to increase Cisco ANM performance by running it on a more powerful or larger-capacity platform as long as the platform meets the specified system requirements. While Cisco ANM is a multithread, multiprocessor-aware application, no specific improvements are claimed when it is used on systems more powerful than those specified. The capacity maximum of 50 Cisco ACE devices plus 40 Cisco CSS, CSM, or CSM-S devices plus 3 Cisco GSS clusters cannot be increased by using a larger-capacity platform.
Q. Is Cisco ANM available as an appliance-based offering?
A. Cisco ANM is not available as an appliance-based offering.
Q. Can I run other applications on the same platform as Cisco ANM?
A. No, because of performance specifications and support issues, Cisco ANM 2.0 must run on a dedicated platform for Cisco ANM only.
Q. Can Cisco ANM be run from within a virtual machine, such as VMware?
A. Cisco ANM is a fairly well-behaved application and thus may be suited for running in a virtual machine environment, such as that provided by VMware. However, installation and operation within a virtual machine environment are not specifically tested or supported by Cisco, and support for any such implementation is solely the responsibility of the customer.
Q. Does Cisco ANM 2.0 support high availability, and if so, how?
A. Cisco ANM 2.0 supports high-availability configurations by implementing a hot-standby server that is directly connected to the primary server through a dedicated Ethernet LAN connection. The hot-standby server maintains synchronization with the primary server by means of real-time database replication.
Q. What are the default file locations for Cisco ANM 2.0?
Q. Does Cisco ANM require root access on the host OS for installation?
A. Yes.
Q. Does Cisco ANM create user accounts on the host OS?
A. Yes; the generated account name is anm.
Q. Does Cisco ANM use any client-side Java extensions to the user's web browser?
A. No client-side Java extensions are required.
Ordering and Fulfillment Information
Q. How do I order Cisco ANM?
A. Cisco ANM is available for purchase through regular Cisco sales and distribution channels worldwide. To place an order, visit the Cisco Ordering homepage.
Q. How is Cisco ANM 2.0 licensed?
A. Cisco ANM 2.0 is sold based on the number and type of devices to be managed and, where applicable, the number of additional virtual contexts licensed per Cisco ACE device. Any single module or appliance is counted as a device, regardless of that device's use in a high-availability pairing when device high availability is implemented. SKUs are provided for 5, 10, 20, and 50 Cisco ACE devices, and for 10 and 40 Cisco CSS, CSM, and CSM-S devices. For Cisco ACE devices, the device license includes support for the default (included with the device) license for 5 virtual contexts. SKUs are also provided to enable management of 20, 50, 100, and 250 additionally licensed virtual contexts per Cisco ACE device, which must be matched with additional virtual context licenses installed on the managed Cisco ACE device. Cisco GSS support is included in the ANM-SERVER-20-K9 base server software and does not require separate licensing.
Q. How is the Cisco ANM high-availability option licensed?
A. The Cisco ANM high-availability secondary server must have exactly the same Cisco ANM licensing as the primary server. The product list shows the high-availability versions with the same part numbers as the standard versions except for the addition of -H in the product ID and HA in the product description. The Cisco ANM high-availability version is priced at approximately 25 percent of the price for the primary server because of its hot-standby, nonproduction role. In some situations, both the original primary and the hot-standby server may need to be operated simultaneously as the primary Cisco ANM server; this approach is supported and allowed for up to 90 days per year per the terms included in the Cisco ANM supplemental end-user license agreement provided with each Cisco ANM license.
Q. Are there any free licenses of Cisco ANM for Cisco ACE management?
A. Yes, the basic Cisco ANM server software license, which can be ordered free, supports up to two Cisco ACE devices with the default five virtual contexts and up to three clusters of Cisco GSS devices. If either Cisco ACE device has additional virtual context licensing (such as ACE-VIRT-020), the customer must purchase Cisco ANM virtual context licensing to match that on the device in order to manage that device.
Q. Are device counts additive?
A. Yes, with Cisco ANM 2.0, device counts (within each device type) are additive. The exception is that the two Cisco ACE devices for which the Cisco ANM server software license provides support are not included in the additive counts: when the SKU for a Cisco ANM license for up to five Cisco ACE devices is added to the Cisco ANM server software license, the total number of managed Cisco ACE devices is five.
Q. Will Cisco ANM manage a Cisco ACE device for which additional virtual context licenses have been added but for which additional virtual contexts have not been created?
A. No, Cisco ANM requires a matching Cisco ANM virtual context license for each Cisco ACE device with additional licensed virtual context capability. For instance, if Cisco ANM is to manage two Cisco ACE Modules on which licenses for 20 virtual contexts (ACE-VIRT-020) have been installed, then a corresponding pair of 20 virtual context license for one Cisco ACE (ANM-AV-020) must be installed on the Cisco ANM server managing those modules.
Q. Are software support contracts available, and if so, how are they ordered?
A. Yes, you can purchase a 1-year Software Application Support (SAS) contract that provides Cisco Technical Assistance Center (TAC) support, access to software maintenance patches on Cisco.com Software Center, and Cisco ANM minor updates. You can order this contract in the same way as you order Cisco ANM itself.
Q. I understand that the basic Cisco ANM server software, with support for up to two Cisco ACE devices with the default five virtual contexts, can be ordered for free. Does that include the SAS contract as well?
A. Although an SAS contract can be purchased for the Cisco ANM server software, the price is based on the corresponding nondiscounted value.
Q. Does the Cisco ANM 2.0 SAS contract provide upgrade entitlement to Cisco ANM 3.0?
A. No, the SAS contract does not cover entitlement between major software revisions, such as Cisco ANM 2.0 to 3.0.
Q. Is there a cost to upgrade from Cisco ANM 1.x to 2.0?
A. There is no charge to upgrade from Cisco ANM 1.x to 2.x. All Cisco ANM 1.x customers are eligible for upgrade without charge to Cisco ANM 2.0.
Q. What are the requirements for upgrading form Cisco ANM 1.2 to 2.0?
A. Existing customers migrating from Cisco ANM 1.2 can use their existing Cisco ANM 1.2 license keys for Cisco ANM 2.0. Existing Cisco ANM 1.2 installations can be upgraded to Cisco ANM 2.0 in place on existing servers running Red Hat Enterprise Linux 4.2 to 4.5 but are encouraged to upgrade to Red Hat Enterprise Linux 5.2 (32-bit) within 6 months of release of Cisco ANM 2.0.
Existing customers migrating from Cisco ANM 1.0 or 1.1 will require generation of license keys and should contact licensing@cisco.com or open a TAC case (TAC Global Licensing Operations) to request key generation. Existing Cisco ANM 1.0 or 1.1 installations can be upgraded to Cisco ANM 2.0 in place on existing servers running Red Hat Enterprise Linux 4.2 to 4.5 but are encouraged to upgrade to Red Hat Enterprise Linux 5.2 (32-bit) within 6 months of release of Cisco ANM 2.0.
Customers wanting to rehost their Cisco ANM platforms should contact Cisco TAC Global Licensing Operations as usual for rehosting licenses.
Q. How many Cisco ACE virtual contexts can Cisco ANM manage?
Q. How many Cisco ACE devices can Cisco ANM manage?
A. Cisco ANM can manage up to 50 Cisco ACE devices deployed across up to 50 Cisco Catalyst® 6500 Series chassis for modules, depending on the configuration and system load.
Q. How many Cisco CSS, CSM, and CSM-S devices can Cisco ANM manage?
A. Simultaneously with Cisco ACE management, Cisco ANM can manage up to 40 Cisco CSS, CSM, and CSM-S devices.
Q. How many Cisco GSS devices can Cisco ANM manage?
A. Simultaneously with Cisco ACE management, Cisco ANM can manage up to three clusters of Cisco GSS devices running Cisco GSS 3.0(2). Each cluster can include up to 16 Cisco GSS devices, so the total number of Cisco GSS devices that one Cisco ANM can manage is 48.
Q. Can more than one person log in and use Cisco ANM 2.0 at the same time?
A. Yes, up to 25 users can be simultaneously logged in to the same Cisco ANM server.
Cisco ACE, CSS, CSM, and CSM-S Support
Q. Does Cisco ANM support high-availability mode?
A. Yes, Cisco ANM can be installed in high-availability mode when a backup Cisco ANM server is present.
Q. Does Cisco ANM support Cisco ACE high availability?
A. Yes, Cisco ANM can manage redundant high-availability Cisco ACE pairs.
Q. Can more than one Cisco ANM 2.0 system manage the same Cisco ACE device?
A. This configuration is not recommended. There is no way for one Cisco ANM to detect that another Cisco ANM instance is installed and operating (except in high-availability configurations), and this situation may lead to undesired system changes. If more than one Cisco ANM 2.0 system must manage the same Cisco ACE device at the same time, then implementation of the Cisco ANM 2.0 autosynchronization capability is highly recommended. This feature helps reduce the time between when the commands from one Cisco ANM affect a Cisco ACE device and the other Cisco ANM is updated that such changes have occurred.
Q. Can I group together virtual contexts on different Cisco ACE devices?
A. Yes, groups can contain contexts from different Cisco ACE Modules and chassis. In the group display, the chassis name is prepended to the name of the virtual context so that you know the physical hardware that contains the context.
Q. Are there any limitations when using Cisco ANM to create new virtual servers?
A. Yes, the Cisco ANM virtual server is an abstraction of Cisco ACE settings such as the resource class, policy, and class map. Therefore, it is possible to alter the Cisco ACE virtual context configuration at the command line in a manner that is not understood by Cisco ANM. Unless you are an expert systems user, Cisco recommends that you use Cisco ANM 2.0 to make any updates to your virtual server entries. Use the Advanced view if you need more than basic service deployment.
Q. I cannot look at the virtual IP up and down status in real time. Why?
A. This situation occurs because of the way Cisco ACE provides virtual IP datCisco ANM uses the Cisco ACE command-line interface (CLI) to display the service policy data containing the virtual IP status. Retrieving and parsing the data are not possible in real time, so the user must click the Details button on the Operations page to display the virtual IP status.
Q. How is the Module Import function affected by the number of contexts?
A. The length of time increases with an increasing number of contexts.
Cisco ANM Administration and Integration
Q. What backup and restore functions are available?
A. Backup and restore functions are provided for the Cisco ANM server.
Q. Does Cisco ANM 2.0 integrate with third-party products?
A. There are no exposed APIs that can be used by third-party vendors in this release, though a web services API has been implemented as a north bound interface to Cisco ANM 2.0. Customers interested in this function are encouraged to contact the Cisco ANM product management team to discuss specific implementation requirements.
Q. Can I export configuration or monitoring data?
A. Cisco includes a relational database for Cisco ANM at no additional cost to store the configuration and monitoring data. There is no export capability for this data.
Comparison with CiscoWorks Hosting Solution Engine and Hosting Solution Software
Q. How does CiscoWorks Hosting Solution Engine (HSE) and CiscoWorks Hosting Solution Software (HSS) compare with Cisco ANM?
A. CiscoWorks HSE and CiscoWorks HSS are predecessor products that provided management support for Cisco CSS, CSM, and CSM-S devices. While these products did provide a limited capability for performing provisioning, monitoring, and reporting for Cisco CSS, CSM, and CSM-S devices, their greatest value was in facilitating operations management through delegated activation or suspension of real and virtual servers (services) within RBAC-enforced secure access. Cisco ANM provides complete provisioning, operations management, and basic monitoring of Cisco ACE Modules and appliances. Starting with Cisco ANM 1.2, with appropriate licensing, the operations and basic monitoring capabilities are extended to include Cisco CSS, CSM, and CSM-S.
Q. Can I run Cisco ANM on my CiscoWorks HSE appliance?
A. No, the CiscoWorks HSE appliance cannot be used as a server for Cisco ANM due to insufficient memory and limited performance. CiscoWorks HSE hardware, namely the Cisco 1105 and Cisco 1140 for HSE appliances, are fixed-configuration devices. No components of the Cisco 1105 or Cisco 1140 for HSE can be upgraded or replaced in the field.
Q. I am running CiscoWorks HSS on one of the supported reference platforms. Can I run Cisco ANM on this platform?
A. Yes, the reference platforms supported by CiscoWorks HSS were specifically scaled to allow support of Cisco ANM either as is or with a minor upgrade. All supported reference platforms have sufficient processor and memory capacity, though you may need to upgrade disk capacity on some CiscoWorks HSS platforms to meet the recommended 60 GB minimum for Cisco ANM 1.2.
Q. I already own one or more CiscoWorks HSE appliances or CiscoWorks HSS. How can I migrate to the Cisco ANM offering?
A. There is no system or data transfer tool or method that supports migration from CiscoWorks HSE or HSS to Cisco ANM. Customers wanting to do so should implement Cisco ANM separately and plan their migration from CiscoWorks HSE and HSS operations to Cisco ANM operations as best suits their production environment.
Q. Is a specific technology migration or other discount program available for customers wanting to move from CiscoWorks HSE or HSS to Cisco ANM?
A. For CiscoWorks HSE customers, no discount program is available for migration to Cisco ANM; CiscoWorks HSE customers should purchase Cisco ANM following their normal purchasing methods. To receive instructions regarding special migration offers to which they may be entitled, CiscoWorks HSS customers should contact the Cisco ANM product management team by sending email to eval-anm@external.cisco.com.
