Table Of Contents
VPN/Security Management Solution 2.2
SUPPLEMENTAL LICENSE AGREEMENT
VPN/Security Management Solution Overview
VMS Contents
What's New?
Server and Client System Requirements
VMS System Requirements
Browser Requirements
VMS Installation on Windows
Important Installation Notes for Windows
Securing Windows 2000
Order of Installation
Uninstalling Cisco IDS Host Sensor and Console
Installing VMS Management and Monitoring Center 2.2 Applications on Windows from the Startup Disk
Verifying the Integrity of VMMC Files
Installing CiscoWorks Common Services and Service Pack 2 on Windows
Installing Management Center for Firewalls on Windows
Installing Auto Update Server on Windows
Installing Management Center for VPN Routers on Windows
Installing Management Center for IDS Sensors and Monitoring Center for Security on Windows
Installing Management Center for Cisco Security Agents
Installing Resource Manager Essentials on Windows
Installing VPN Monitor
Update for 99% CPU Utilization (CSCdt73198)
VMS Installation on Solaris
Important Installation Notes for Solaris
Order of Installation for Solaris
Installing CiscoWorks Common Services and SP2 on Solaris
Installing VMS Management and Monitoring Center 2.2 Applications on Solaris from the Startup Disk
Installing Management Center for Firewalls on Solaris
Installing Management Center for VPN Routers on Solaris
Installing Auto Update Server on Solaris
Installing Monitoring Center for Performance on Solaris
Installing Management Center for IDS Sensors and Monitoring Center for Security on Solaris
Installing Resource Manager Essentials on Solaris
Post-Installation
Component Registration for Windows
Component Registration for Solaris
Where to Go Next
Related Documentation
Obtaining Documentation
Cisco.com
Documentation CD-ROM
Ordering Documentation
Documentation Feedback
Obtaining Technical Assistance
Cisco TAC Website
Opening a TAC Case
TAC Case Priority Definitions
Obtaining Additional Publications and Information
Quick Start
VPN/Security Management Solution 2.2
1 SUPPLEMENTAL LICENSE AGREEMENT
SUPPLEMENTAL LICENSE AGREEMENT FOR CISCO SYSTEMS NETWORK MANAGEMENT SOFTWARE: CiscoWorks VPN/SECURITY MANAGEMENT SOLUTION
(UNRESTRICTED AND RESTRICTED VERSIONS)
IMPORTANT—READ CAREFULLY: This Supplemental License Agreement ("SLA") contains additional limitations on the license to the Software provided to Customer under the Software License Agreement between Customer and Cisco. Capitalized terms used in this SLA and not otherwise defined herein shall have the meanings assigned to them in the Software License Agreement. To the extent that there is a conflict among any of these terms and conditions applicable to the Software, the terms and conditions in this SLA shall take precedence.
By installing, downloading, accessing or otherwise using the Software, Customer agrees to be bound by the terms of this SLA. If Customer does not agree to the terms of this SLA, Customer may not install, download or otherwise use the Software. When used below, the term "server" refers to central processor unit.
ADDITIONAL LICENSE RESTRICTIONS
•
Twenty Device Restricted Version. Customer may manage up to twenty (20) devices across all components provided in this bundle with the exception of the Management Center for Cisco Security Agents. The Management Center for Cisco Security Agents can manage unlimited Cisco Security Agent devices that are licensed and purchased separately for deployment in the Customer's network environment. A device is defined as having its own IP address in the Customer's network environment. Please refer to the component installation guide for further device definition. Customers whose requirements exceed the restricted version limit of twenty (20) devices must upgrade to the unrestricted version of the Software.
•Installation and Use. The Software components are provided to Customer solely to install, update, supplement, or replace existing functionality of the applicable Network Management Software product. Customer may install and use following Software components:
–Common Services: Contains shared resources used by other components in this bundle. If some components of this bundle are installed on separate servers, a copy of Common Services may be installed with each component in Customer's network management environment.
–Management Center for Cisco Security Agents (CSA MC): May be installed on one (1) server in Customer's network management environment.
Note Customer may use CSA MC to manage an unlimited number of purchased Cisco Security Agents that are licensed and purchased separately.
–Cisco Security Agents: Includes three (3) server agent licenses specifically for use with the VMS server(s). Agents may not be used with any other non-VMS server. Additional agents must be purchased separately.
–Management Center for Performance: May be installed on one (1) server in Customer's network management environment.
–Management Center for IDS Sensors: May be installed on one (1) server in Customer's network management environment.
–Monitoring Center for Security: May be installed on one (1) server in Customer's network management environment.
–Management Center for Firewalls: May be installed on one (1) server in Customer's network management environment.
–Auto Update Server: May be installed on one (1) server in Customer's network management environment.
–Management Center for VPN Routers: May be installed on one (1) server in Customer's network management environment.
–Resource Manager Essentials (RME): May be installed on one (1) server in Customer's network management environment.
–VPN Monitor: May be installed on one (1) server in Customer's network management environment.
•Reproduction and Distribution. Customer may not reproduce nor distribute software.
DESCRIPTION OF OTHER RIGHTS AND LIMITATIONS.
Please see the Cisco Systems, Inc. Software License Agreement.
2 VPN/Security Management Solution Overview
CiscoWorks VPN/Security Management Solution (VMS), an integral part of the SAFE blueprint for network security, combines web-based tools for configuring, monitoring, and troubleshooting enterprise virtual private networks (VPNs), firewalls, and network and host-based intrusion detection systems (IDS). CiscoWorks VMS delivers the industry's first robust and scalable foundation and feature set that addresses the needs of small and large-scale VPN and security deployments.
This guide introduces network administrators to the basic tasks involved in installing VPN/Security Management Solution. This guide does not present the full scope of tasks and features provided by the software it introduces. For additional guidance on how to effectively deploy VMS, see the supplement to this document, CiscoWorks VPN/Security Management Solution Deployment Guide found on Cisco.com, at http://www.cisco.com/en/US/products/sw/cscowork/ps2330/products_white_paper09186a00801aa80c.shtml.
This section contains a list of package contents and "What's New?" information. Table 1 describes the capability of individual components.
VMS Contents
VMS 2.2 contains the Quick Start Guide for the VPN/Security Management Solution 2.2 and the following four sub-boxes:
•VMS Management and Monitoring Centers for Windows (VMMC)—Contains the VMMC Startup Disk and provides the following components:
–CiscoWorks Common Services
–Management Center for Firewalls
–Auto Update Server
–Management Center for VPN Routers
–Management Center for IDS Sensors
–Monitoring Center for Security
–Management Center for Cisco Security Agents
•CiscoWorks VPN Monitor for Windows—Contains release notes and VPN Monitor CD-ROMs.
•CiscoWorks Common Services for Solaris
–CiscoWorks Common Services
•VMS Management and Monitoring Centers for Solaris (VMMC)—Contains the VMMC Startup Disk and provides the following components:
–Management Center for Firewalls
–Auto Update Server
–Management Center for VPN Routers
–Management Center for IDS Sensors
–Monitoring Center for Security
–Monitoring Center for Performance
•CiscoWorks Resource Manager Essentials —Contains release notes and the Resource Manager Essentials for Windows and Solaris CD-ROMs.
What's New?
VMS 2.2 introduces two new components. Management Center for Cisco Security Agents 4.0.1 (CSA MC) provides intrinsic, distributed security to your enterprise by deploying agents that defend against the proliferation of attacks across networks and systems. These agents use a set of rules provided by the Management Center and are selectively assigned to each client node on your network by the network administrator.
This version of VMS also introduces the Monitoring Center for Performance 2.0 (Performance Monitor), which monitors and troubleshoots the health and performance of services that contribute to enterprise network security. Performance Monitor enables users, without requiring expertise with IPSec or other security technologies, to increase service availability by isolating and troubleshooting significant events in their network as they occur.
VMS 2.2 provides installation of all Management Centers (MCs) from a single Installation CD-ROM (Startup Disk): VMS Management and Monitoring Centers 2.2 (VMMC). CiscoWorks Common Services (Common Services) was upgraded to include Service Pack 2 (SP2). All Management Centers were updated.
Each functional area of VMS is enhanced: firewall management, router management, IDS management, and security monitoring.
Major enhancements are:
•Solaris support for IDS management, security monitoring, firewall and router management.
•Ability to graphically illustrate the correlation between various metrics associated with active VPNs, and on a per device basis, identify all the networks and users connected by VPNs on Solaris systems.
•Cisco Catalyst Firewall Service Module (FWSM) and Cisco PIX Security appliance syslog reports feature supported by Security Monitor.
•Support for Cisco Catalyst Firewall and VPN service modules.
•Extended support for security routers that includes firewall services, high availability VPNs, and multiple hub and spoke environments.
•Support for IDS 4.1.
•Improved host-based IDS functions that protects servers, and distributed firewall protection for desktops through replacement of the Cisco IDS Host Sensor with Cisco security agents based on Okena technology.
•Simplified installation of most CiscoWorks VMS functions from a single CD-ROM.
Table 1 VMS Components and Attributes
This component...
|
Enables you to....
|
CiscoWorks Common Services 2.2 with Service Pack 2
|
Provide common software and services for VMS components.
CiscoWorks Common Services 2.2 provides:
•Common Services 2.2—A set of shared application services.
•CiscoView 5.5—A graphical device management tool.
•Integration Utility 1.5—An integration module that supports third-party Network Management Systems (NMS).
•Support for Java Plug-in 1.4.1_02.
|
Management Center for Firewalls 1.2.2 (Firewall MC)
|
•Configure PIX Firewalls and Cisco Catalyst Firewall Services Module (FWSM).
|
Auto Update Server 1.1 (AUS)
|
•Manage PIX Firewall and IOS dynamically addressed devices.
|
Management Center for VPN Routers 1.2.1 (Router MC)
|
•Configure security routers, Catalyst 6000 VPN Service Modules, and IOS firewalls.
|
Management Center for IDS Sensors 1.2.3 for Windows (IDS MC)
|
•Configure network-based IDS Sensors and Catalyst 6000 Intrusion Detection Service Modules (IDSM).
|
Monitoring Center for Security 1.2.3 for Windows (Security Monitor)
|
•Monitor network-based and host-based IDS events and FWSM and PIX Firewall syslogs.
|
Management Center for Cisco Security Agents 4.0.1 (CSA MC)
|
•Configure and manage Cisco Security Agents to protect servers, and provides distributed firewall protection for desktops.
|
VPN Monitor 1.2.1
|
•Monitor IPSec-based, site-to-site, and remote access VPNs.
|
Resource Manager Essentials 3.5 (RME)
|
•Manage network inventory and device changes, network configuration, and software image updates.
|
Monitoring Center for Performance 2.0 (Performance Monitor)
|
•Monitor and troubleshoot the health and performance of services that affect enterprise network security.
|
3 Server and Client System Requirements
You can install all VMS components except Performance Monitor on Windows systems. You can install all components except VPN Monitor and CSA MC on Solaris systems as well. This section contains VMS system requirements and CSA MC browser requirements.
Note Although VMS and LAN Management Solution (LMS) can coexist, we recommend that they reside on separate servers for optimal performance. See the CiscoWorks VPN/Security Management Solution Deployment Guide found on Cisco.com, at http://www.cisco.com/en/US/products/sw/cscowork/ps2330/products_white_paper09186a00801aa80c.shtml.
VMS System Requirements
Table 2 shows VMS server requirements and Table 3 shows VMS client requirements.
Note To successfully install VMS components, please make sure that Terminal Services is turned off. See your Microsoft documentation.
Do not install any VMS components on a Windows server that is running any of the following services:
•Primary domain controler.
•Backup domain controler.
•Terminal server.
Table 2 VMS Server Requirements
Component
|
Minimum Requirement
|
Hardware
|
•One of the following:
–IBM PC-compatible with 1 GHz or faster Pentium processor.
or
–Sun UltraSPARC 60 MP with 440 MHz or faster processor.
or
–Sun UltraSPARC III (Sun Blade 2000 Workstation or Sun Fire 280R Workgroup Server).
•Color monitor with video card capable of 16-bit colors.
•CD-ROM drive.
•100BaseT or faster connection.
|
Operating System
|
You must have one of the following operating systems:
•Windows 2000 Professional, Server, and Advanced Server (Service Pack 4).
Note Support for Advanced Server requires turning Terminal Services off. See your Microsoft documentation.
•Sun Solaris 2.8 with these patches:
–109742 has been replaced by 108528-13.
–109322 has been replaced by 108827-15.
–109279 has been replaced by 108528-13.
–108991 has been replaced by 108827-15.
–111626-01.
–111327-02.
–110945-02.
–110934-01.
–110898-02.
–110700-01.
–109326-05.
–108827-30.
–108652-51.
–108528-18.
–108921-14.
–108940-24.
–110951-01.
–110662-02.
–110615-01.
–110286-02.
–109324-02.
–111085-02.
–108964-06.
|
|
|
| |
File System
|
NTFS.
|
Memory
|
1 Gigabytes minimum.
|
Virtual Memory
|
2 Gigabytes minimum.
|
Hard Drive Space
|
9 Gigabytes of free hard drive space, minimum.
Note The actual amount of hard drive space required depends upon the number of CiscoWorks Common Services client applications you are installing and the number of devices you are managing with the client applications.
|
Table 3 VMS Client Requirements
Component
|
Minimum Requirement
|
Hardware/Software
|
You must have one of the following:
•IBM PC-compatible computer with 300-MHz or faster Pentium processor running one of the following:
–Windows 2000 Server, or Professional Edition with Service Pack 4.
–Windows XP Professional with Service Pack 1A.
•Solaris SPARCstation or Sun Ultra 10 with a 333-MHz processor running the Solaris 2.8 operating system.
|
Hard Drive Space
|
•400 MB virtual memory (for Windows).
•512 MB swap space (for Solaris).
|
Java
|
Sun Java Plug-in 1.4.1_02.
|
Memory
|
256 MB minimum.
|
Web Browser
|
You must also install one of the following HTML browsers:
•Microsoft Internet Explorer 6.0, Service Pack 1 for Windows operating systems.
•Netscape Navigator 4.79/7.1 on any of the Windows platforms.
Caution AUS, CSA MC, Firewall MC, and Router MC require Navigator 7.1 on Windows platforms and Navigator 7.0 on Solaris platforms.
|
Browser Requirements
All VMS components support Internet Explorer 6.0 with Service Pack 1 on Windows platforms. CSA MC supports Explorer Version 5.5 or higher. All components must have cookies and JavaScript enabled. This means using a maximum setting of "medium" as your Internet security setting. Locate this feature from the Tools > Internet Options menu. Select the Security tab.
Table 4 identifies Netscape Navigator support by individual components where these requirements differ from VMS as a whole.
Table 4 Netscape Navigator Support
Component
|
Windows Browser Requirements
|
Solaris Browser Requirements
|
CiscoWorks Common Services (Common Services)
|
•Netscape Navigator 4.79
•Netscape Navigator 7.1
|
•Netscape Navigator 4.76
•Netscape Navigator 7.0
|
Management Center for Firewalls (Firewall MC)
|
•Netscape Navigator 7.1
|
•Netscape Navigator 7.0
|
Auto Update Server (AUS)
|
•Netscape Navigator 7.1
|
•Netscape Navigator 7.0
|
Management Center for IDS Sensors (IDS) and Security Monitor
|
•Netscape Navigator 4.79
|
•Netscape Navigator 4.76
|
Management Center for VPN Routers (Router MC)
|
•Netscape Navigator 7.1
|
•Netscape Navigator 7.0
|
Management Center for Cisco Security Agents (CSA MC)
|
•Netscape Navigator 7.1 (with cookies and Java Script enabled)1
|
•Netscape Navigator 7.0 (with cookies and Java Script enabled)2
|
Resource Manager Essentials (RME)
|
•Netscape Navigator 4.79
•Netscape Navigator 7.1
|
•Netscape Navigator 4.76
•Netscape Navigator 7.0
|
VPN Monitor
|
•Netscape Navigator 7.1
|
•Netscape Navigator 7.0
|
Monitoring Center for Performance (Performance Monitor)
|
•Netscape Navigator 4.79
|
•Netscape Navigator 4.76
|
Note When you access the CSA MC user interface from the CiscoWorks Desktop Server, access will be through SSL. See the "Important Installation Notes for Windows" section.
4 VMS Installation on Windows
This section describes installation procedures for CiscoWorks VMS Management and Monitoring Centers (VMMC) component applications, VPN Monitor, and RME. It also provides uninstalling procedures for Cisco IDS Host Sensor and Console (Cisco HIDS).
Caution Information in this Quick Start Guide is intended
only for first time installation of VMS components. These instructions should
not be followed and could cause harm to systems with existing live deployments. Please see your individual component's installation documentation listed in the
"Related Documentation" section for upgrade instructions.
Before you begin
•Verify all system requirements are met. See the "VMS System Requirements" section.
•Close all open or active programs. Do not run other programs during installation.
Note Verify Terminal Services is not running during installation. See your Microsoft documentation.
Important Installation Notes for Windows
This section contains important information that you should read before you begin installation:
•The CSA MC-recommended deployment is to have only CSA MC and Security Monitor installed as part of your VMS bundle on the CSA MC system. When you install CSA MC, an agent containing the policies necessary to protect CSA MC and other limited CiscoWorks daemons and operations is automatically installed as well. The policies that this agent enforces are fairly restrictive and are appropriate if you are running the recommended deployment.
If you are running non-VMS products or software on the CiscoWorks server, this restrictive policy might impede these other products. If you do install non-VMS products, you might need to remove the restrictive policy from the agent protecting the system, leaving you with a more open policy. Without the restrictive policy, the system remains protected, but the policy allows more products to run on the system and access network resources. Therefore, the system is inherently less secure. If you want to deploy CSA MC on a system running non-VMS software, navigate to the CiscoWorks VMS Systems group and remove the CiscoWorks Restrictive VMS Module from the group.
Note If you feel comfortable doing so, you can edit the CiscoWorks Restrictive VMS Module instead of removing it. Your edits enable the actions your other installed products require. See Using Management Center for Cisco Security Agents 4.0 at http://www.cisco.com/en/US/products/sw/cscowork/ps5212/products_user_guide_book09186a008019b759.html for more information.
•Common Services installation will be extended because of the automatic installation of component patches, including SP2, which will follow automatically after you install Common Services.
•Only those with administrative privileges can perform the installations.
•CiscoWorks applications are installed in the default directory SystemDrive:\Program Files\CSCOpx. If you select another directory during installation, the application is installed in that directory.
•If errors occur during installation, check the installation log in the root directory on the drive where the operating system is installed. Each installation creates a new log file. For example, the CiscoWorks Common Services installation creates SystemDrive:\CiscoWorks_setupxxx.log, where xxx is the log file for the last CiscoWorks application installed.
•You can click Cancel at any time to end the installation. However, any changes to your system (for example, installation of new files or changes to system files) will not be undone.
•If you want to use secure access between the client browser and the management server, you can enable or disable SSL from the CiscoWorks desktop.
•If SSL is enabled:
–The URL begins with https instead of http to indicate a secure connection.
–The port number following the server name is 1742 instead of 1741.
You cannot enable SSL on the CiscoWorks Server if there is an application that is not SSL-compliant installed on the server.
Note We recommend that you have SSL enabled during installation unless you are using other CiscoWorks components that do not support SSL. CSA MC cannot be installed on a server if you have components that do not support SSL. For help with SSL, consult the User Guide for CiscoWorks Common Services 2.2.
•The VMMC Startup Disk might not perform optimally when accessed from a remote drive. We recommend that you avoid remote installations. Network inconsistencies might cause installation errors if you are installing from a remote mount point.
Securing Windows 2000
The least secure component of a system defines how secure the system is. Before installing your server software, you should take some basic steps to secure the target server and operating system:
•Install the operating system on its own partition. Installing the operating system on one partition, and your software and data on another, protects your data and applications from viruses and attempted security breaches.
•Use strong passwords. A strong password has at least eight characters and contains numbers, letters (both uppercase and lowercase), and symbols. You can edit the Local Security Policy to configure Windows 2000 to require strong passwords.
•Avoid creating network shares. If you must create a network share, secure the shared resources with strong passwords. However, network shares are strongly discouraged, and you should disable NETBIOS completely.
•Disable unnecessary accounts. Remove the default Guest account. Make sure that all remaining accounts are protected with strong passwords. Require a password to log in.
•Secure the Registry. Disable or limit remote access to the Registry.
•Apply all hotfixes and security patches. Visit the Microsoft website regularly and apply the most recent security patches. Use the Windows Update feature regularly to ensure that the most recent critical updates are installed on the server.
•Disable unused and unneeded services. At a minimum, Windows requires the following services to run: DNS Client, Event Log, Plug & Play, Protected Storage, and Security Accounts Manager. Check your software documentation for any additional Windows services required by your software. Do not install IIS.
•Disable all network protocols except Internet Protocol (TCP/IP). Other protocols can be used to gain access to your server. Limiting the network protocols used limits the access points to your server. If you are not using network shares on the server, disable NETBIOS.
•Monitor the security of your system regularly. Log and review system activity. Use security tools, such as the Microsoft Security Configuration Tool Set (MSCTS) and Fport, to periodically review the security configuration of your system. You can obtain MSCTS from the Microsoft website.
•Limit physical access to your server. If your server contains removable media drives, set the server to boot from the hard drive first. Your data can be compromised if someone boots your server from a floppy disk. You can typically set the boot order in the system BIOS. Make sure you protect the BIOS with a strong password.
•Do not install remote access or administration tools on the server. These tools provide a point of entry to your server and are considered a security risk.
• Run a virus scanning application on the server. Virus scanning software can prevent trojan horse applications from infecting your server. Update the virus signatures regularly.
Order of Installation
This section presents a high level overview of recommended installation steps. We recommend reading through the order of installation steps suggested here and then referring to the appropriate sections that follow for more detailed instructions.
Step 1 If applicable, uninstall Cisco HIDS and Console. See the "Uninstalling Cisco IDS Host Sensor and Console" section.
Note If the CSA MC or the agent installer detects any Cisco IDS Host Sensor software on the system, the installation stops.
Step 2 Use the vmmc_verify_digest.exe executable file from Cisco.com, or on the VMMC Startup Disk to verify that all media on the CD-ROM is authentic and error free. See the "Verifying the Integrity of VMMC Files" section.
Step 3 Install Common Services from the VMMC Startup Disk. See the "Installing CiscoWorks Common Services and Service Pack 2 on Windows" section.
Note The installation of SP2 will start automatically once Common Services installation is complete and you reboot your system. You must wait while the SP2 installation takes place. This will take approximately 7 minutes.
Step 4 Install desired VMMC applications on the VMMC Startup Disk any order. See any of the following:.
• "Uninstalling Cisco IDS Host Sensor and Console" section.
• "Installing VMS Management and Monitoring Center 2.2 Applications on Windows from the Startup Disk" section.
• "Installing CiscoWorks Common Services and Service Pack 2 on Windows" section.
• "Installing Management Center for Firewalls on Windows" section.
• "Installing Auto Update Server on Windows" section.
• "Installing Management Center for VPN Routers on Windows" section.
• "Installing Management Center for IDS Sensors and Monitoring Center for Security on Windows" section.
• "Installing Management Center for Cisco Security Agents" section.
Note If you chose to install CSA MC first and you try to install another component, the CSA MC agent component might disallow the action or it might display multiple queries to which you must respond. See the "Disabling CSA MC Agent Software to Install Other Components" section for instructions on disabling and re-enabling agent software.
Step 5 Install RME. See the "Installing Resource Manager Essentials on Windows" section.
Step 6 Install VPN Monitor. See the "Installing VPN Monitor" section.
Step 7 See the "Post-Installation" section for important registration and setup information.
Uninstalling Cisco IDS Host Sensor and Console
We recommend that you uninstall the Cisco IDS Host Sensor and Cisco IDS Host Sensor Console software before installing any VMS components. In particular, if CSA MC or the agent installer detects any Cisco IDS Host Sensor software on the system, the installation stops.
Uninstalling Cisco HIDS
Before You Begin
You must change the mode of the Host Sensor (Agent) installed on the Console host before you uninstall the Console. The following procedure provides steps for changing the Agent mode.
Note These uninstallation steps along with any additional information you might need to successfully uninstall Cisco HIDS can also be found on Cisco.com, at http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/host/host25/install/.
To uninstall the Console:
Step 1 To change the Agent mode:
a. Log into the Console.
b. To display the Agent Management view, click Agents.
c. Select the Agent that is installed on the Console host.
d. If the Agent is in SecureSelect-Warning mode, close the Console.
e. To change the Agent mode to SecureSelect-Warning mode, right-click the Agent and select Set to SecureSelect-Warning Mode.
f. Close the Console.
Step 2 From the Windows taskbar, select Start > Programs > Cisco HIDS > Cisco HIDS Uninstall.
The Install Shield Wizard appears.
Step 3 Click Yes in the Uninstall Setup window to remove the Cisco IDS Host Console. The publickey and serverkey are copied to the PreserveKeys folder.
Step 4 Click OK to remove the Console.
Step 5 Click Finish to reboot the computer and complete the uninstallation.
Installing VMS Management and Monitoring Center 2.2 Applications on Windows from the Startup Disk
You can use the VMMC Startup Disk to install any Management Center component from a single CD-ROM. Follow the steps listed here to locate component documentation included on the Startup Disk, begin the installation, and then go to the VMMC installation steps below for the components you would like to install.
Note We strongly recommend you verify the integrity of your files before beginning VMMC installation. See the "Verifying the Integrity of VMMC Files" section.
Step 1 Insert the VMMC Startup Disk into the CD-ROM drive. At the top level of the directory structure, you will see folders corresponding to each VMMC component. From here, you can double-click any component folder to view and access that components' Documentation directory and for a complete listing of all necessary component information and installation files.
Step 2 If autorun is enabled on your system, the CiscoWorks VMS Management and Monitoring Centers Installer window opens automatically.
Step 3 If autorun is not enabled, click Start > Run. In the Run dialog box, enter e:\autorun.exe, where e is your CD-ROM drive.
The CiscoWorks VMS Management and Monitoring Centers 2.2 Setup Program splash screen appears.
Step 4 Click Install.
The CiscoWorks InstallShield wizard appears listing all VMMC components and requesting you to select the check boxes for the components you want to install. There are also options to Select All and to Cancel installation.
Step 5 Select all those components you want to install.
Note Select All will not proceed if any of the items selected require a system reboot. Those components (Common Services and CSA MC) requiring a reboot must be installed before the Select All option will work.
Step 6 Click Next. The InstallShield Wizard prompts you with a screen showing which components you selected and giving you the choice to reconsider your choices, cancel, or proceed.
Step 7 Click Install to continue.
Step 8 The Startup Disk begins running the installation scripts in the order selected from the menu with which you were presented earlier.
Note If you install Common Services, Router MC, and/or IDS MC, you will be prompted to restart the system. We recommend that you restart before continuing with remaining component installation. Repeat steps 2 and 3 to restart the VMMC Install Shield Wizard so that you can install other VMMC tools.
Note CSA MC will automatically restart the system. Repeat steps 2 and 3 to restart the VMMC Install Shield Wizard so that you can install other VMMC tools.
Step 9 Go to the section corresponding to each component below for typical installation instructions.
Verifying the Integrity of VMMC Files
The VMMC Startup Disk provides a vmmc_verify_digest.exe executable file with which you can perform integrity checks for all files on the Startup Disk. This tool is also available on Cisco.com for those who have an account established. We recommend that the tool be downloaded from this location to ensure maximum security.
To verify the authenticity and integrity of your VMMC files:
Step 1 Do one of the following:
•Go to http://www.cisco.com/public/sw-center/cw2000/vms-planner.shtml to securely obtain a verify_digests.exe file and enter run vmmc_verify_digest.exe at the DOS command prompt.
or
•Insert the VMMC Startup Disk into your CD-ROM drive and enter run vmmc_verify_digest.exe at the DOS command prompt.
Caution When you download the digest file, make sure your browser is in https mode for a secure download.
The vmmc_verify_digest.exe file runs though a list of files that it needs to verify. After this is done, you will be prompted for the directory where the files are located.
Note You can press any key to exit after the verification of the files on the CD or local directory.
Step 2 Highlight the Startup Disk location by browsing the folders on the CD-ROM and pressing enter. Verify_digests.exe will validate each file.
Note You can enter the CD-ROM drive letter and check the files on the Startup Disk itself or you can copy the files to your system and check them from the directory to which they were copied.
The output displays OK if the files are authentic. If any files are found to be inauthentic (that is, not from Cisco) or corrupt, Failure is displayed.
Step 3 Do one of the following:
•If you receive any failure messages please see your system administrator before proceeding with VMMC installation.
or
•Check the location of the files if you receive a File not found message. This means that the digest program cannot locate a file.
Step 4 Proceed with installation if there are no failure messages.
Installing CiscoWorks Common Services and Service Pack 2 on Windows
Note You must install Common Services and SP2 before any other VMS component.
Step 1 After you select the check box for Common Services on the VMMC Install Shield Wizard, Common Services will always be the first application installed.
Note To run the Common Services installation manually, insert the VMMC Startup Disk into your CD-ROM drive, locate the Common Services top level directory, and double-click the setup.exe file.
Step 2 Follow the prompts, entering all required information. We recommend that you select an Express installation. Select another installation option only if you want to specify a destination directory other than SystemDrive:\Program Files\CSCOpx. For additional assistance, see Installation and Setup Guide for CiscoWorks Common Services (includes CiscoView) for Windows.
Note In order to have the most recent updates for Common Services you must install CiscoWorks VMS Update1 at this point.
Step 3 Install CiscoWorks VMS Update 1 by clicking the setup.exe file located in the Patches > VMSUpdate folder.
Step 4 You must restart your system before installing any more VMS components.
Once reboot is complete, and you initiate installation of one or more VMS components, a screen will appear stating, "Please wait, installer is checking your system...".
You will then receive the following error message: Common Services SP2 is not installed. Installation of Common Services SP2 will begin now. Followed by the following Installer message: Installing Common Services SP2. This will take approximately 7 minutes. Please wait....
When SP2 installation completes, the installation of two Patch updates will begin. No user intervention is required but you will see a splash screen that says Installing Patch CSCec43722-1. A minimized DOS window will be present on your desktop while this installation takes place. Should you maximize the window during the patch installation you will see that the Patch is being installed.
In very quick succession after the installation of Patch update CSCec43722-1, a second Patch Update installation will begin, signified by a splash screen that says Installing Patch CSCed18592-1. There will also be a minimized DOS window on your desktop during this Patch installation.
Note These Patch installations occur very rapidly, in quick succession and require no user intervention.
Step 5 Repeat any necessary steps described in the "Installing VMS Management and Monitoring Center 2.2 Applications on Windows from the Startup Disk" section.
Installing Management Center for Firewalls on Windows
Note You must install Common Services and SP2 before any other VMS component.
Step 1 After you select the check box for Managing PIX Firewalls, Catalyst Firewall SM on the VMMC Install Shield Wizard, Firewall MC installation will begin immediately after Common Services and SP2 installations are complete.
Note If Common Services 2.2 is installed on your system, you can run Firewall MC installation manually by inserting the VMMC Startup Disk into your CD-ROM drive, locating the Firewall MC top level directory, and double-clicking the setup.exe file.
Step 2 Follow the prompts, entering all required information. For additional assistance, see Installing Management Center for Firewalls 1.2.2 on Windows 2000 and Solaris 2.8.
Step 3 To use the activity approver email notification feature, you must configure the CiscoWorks email server. The email configuration option is provided in the Advanced installation, not the Typical installation of Common Services. If you did not configure the email server during installation, you can do so from the CiscoWorks desktop by selecting VPN/Security Management Solution > Administration > Common Services > Preferences.
Step 4 After Firewall MC and any other selected installations are complete, see the "Post-Installation" section for information on setting up the CiscoWorks Desktop Server.
Installing Auto Update Server on Windows
Note You must install Common Services and SP2 before any other VMS component.
Step 1 After you select the check box for Auto Update Server on the VMMC Install Shield Wizard, AUS installation will begin, in the order displayed.
Note If Common Services 2.2 is installed on your system, you can run AUS installation manually by inserting the VMMC Startup Disk into your CD-ROM drive, locating the AUS top level directory, and double-clicking the setup.exe file.
Step 2 Follow the prompts, entering all required information. For additional assistance, see Installing Auto Update Server 1.1 on Windows 2000 and Solaris.
After AUS and any other selected installations are complete, see the "Post-Installation" section for information on setting up the CiscoWorks Desktop Server.
Installing Management Center for VPN Routers on Windows
Note You must install Common Services and SP2 before any other VMS component.
Step 1 After you select the check box for Managing VPN Routers, Catalyst VPN SM, IOS Firewalls on the VMMC Install Shield Wizard, Router MC installation will begin, in the order shown.
Note If Common Services 2.2 is installed on your system, you can also run Router MC installation manually by inserting the VMMC Startup Disk into your CD-ROM drive, locating the Router MC top level directory, and double-clicking the setup.exe file.
Step 2 Follow the prompts, entering all required information. For additional assistance, see Release Notes for Management Center for VPN Routers 1.2.1 on Windows 2000 and Solaris.
Step 3 In both the Password field and the Confirm Password field, enter a password for internal access to the Router MC database. The password you provide is used automatically in the background to allow certain system events (such as backup and restore operations) to occur.
Step 4 To use the activity approver email notification feature, you must configure the CiscoWorks email server. The email configuration option is provided in the Advanced installation of Common Services (not in the Typical installation). If you did not configure the email server during installation, you can do so from the CiscoWorks desktop by selecting VPN/Security Management Solution > Administration > Common Services > Preferences.
Step 5 You must restart your system before installing any more VMS components. You will be returned to the VMMC Install Shield Wizard after the system reboots. Repeat any necessary steps described in the "Installing VMS Management and Monitoring Center 2.2 Applications on Windows from the Startup Disk" section.
After Router MC and any other selected installations are complete, see the "Post-Installation" section for information on setting up the CiscoWorks Desktop Server.
Installing Management Center for IDS Sensors and Monitoring Center for Security on Windows
Note You must install Common Services and SP2 before any other VMS component.
While it is possible to colocate the Security Monitor with other Management Centers, we recommend that you install Security Monitor on a server separate from your management application for a production network. This recommendation is based on the potentially heavy-traffic processing load that might result from monitoring Firewall MC or IDS Sensors or both.
Step 1 After you select the check box for Managing IDS Sensors, Catalyst IDS SM, and Security Monitoring on the VMMC Install Shield Wizard, IDS MC and Security Monitor installation will begin, in the order displayed.
Note If Common Services 2.2 is installed on your system, you can also run IDS MC and Security Monitor installation manually by inserting the VMMC Startup Disk into your CD-ROM drive, locating the IDS MC and Security Monitor top level directory, and double-clicking the setup.exe file.
Step 2 To install both IDS MC and Security Monitor, select the Typical installation radio button.
Step 3 To install either IDS MC or Security Monitor, select the Custom installation radio button. Then, click Next.
a. To install IDS MC, select the IDS MC only radio button and click Next.
b. To install Security Monitor, select the Security Monitor only radio button and click Next.
Step 4 Follow the prompts, entering all required information. You will be prompted to select a database location, enter a database password and specify UDP ports. For additional assistance, see Installing Management Center for IDS Sensors 1.2 and Monitoring Center for Security 1.2.
Step 5 You must restart your system before installing any more VMS components. You will be returned to the VMMC Install Shield Wizard after the system reboots. Repeat any necessary steps described in the "Installing VMS Management and Monitoring Center 2.2 Applications on Windows from the Startup Disk" section.
Step 6 After IDS MC, Security Monitor, and any other selected installations are complete, see the "Post-Installation" section for information on setting up the CiscoWorks Desktop Server.
Installing Management Center for Cisco Security Agents
When you install CSA MC, an agent containing the policies necessary to protect CSA MC and other CiscoWorks daemons and operations is automatically installed as well. The policies that are enforced by this agent protect CSA MC, other VMS components, and general CiscoWorks operations.
Uninstalling Cisco HIDS
CSA MC can be installed at any time from the Startup Disk before or after Common Services or any other application. However, because of potential incompatibilities between Cisco IDS Host Sensor software and Management Center for Cisco Security Agents (CSA MC), you must uninstall the Cisco IDS Host Sensor and Cisco IDS Host Sensor Console software before installing CSA MC or agent software. See the "Uninstalling Cisco IDS Host Sensor and Console" section.
Note Any system on which you are installing CSA MC must not have the Cisco IDS Host Sensor Console or the Cisco IDS Host Sensor installed. If the CSA MC or the agent installer detects any Cisco IDS Host Sensor software on the system, the installation stops.
CSA MC Component Registration
CSA MC installation will not run without the appropriate production license. If you haven't already done so, you must obtain a production license using the PAK label affixed to the claim certificate for CSA MC located in the separate licensing envelope. See the "Component Registration for Windows" section for details.
Before You Begin
CSA MC has some unique system requirements. Before installing this component, see the "Browser Requirements" section.
Disabling CSA MC Agent Software to Install Other Components
If you are installing or uninstalling various VMS components and you have a Cisco Security Agent protecting VMS, you should disable the agent service before you begin the installation or uninstallation of any other VMS component. (You do not have to do this when installing or uninstalling CSA MC.)
To disable the agent service:
Step 1 From a command prompt enter net stop "Cisco Security Agent".
Step 2 If you receive a prompt asking if you want to stop the agent service select Yes.
Step 3 Enter net start "Cisco Security Agent" to enable the service at any time.
Note If you do not disable the agent service and you try to alter a CiscoWorks system configuration, the agent might disallow the action or it might display multiple queries to which you must respond.
Installing CSA MC
Note You must install Common Services and SP2 before any other VMS component.
Step 1 After you select the check box for Managing Cisco Security Agents - Servers and Desktops on the VMMC Install Shield Wizard, CSA MC installation will begin, in the order in which you checked the boxes on the wizard.
Note To run the CSA MC installation manually, insert the VMMC Startup Disk into your CD-ROM drive, locate the CSA MC top level directory, and double-click the setup.exe file.
Step 2 Follow the prompts, entering all required information. For additional assistance, see Installing Management Center for Cisco Security Agents.
Step 3 If you are installing or uninstalling various VMS components and you have a Cisco Security Agent protecting VMS, see the "Disabling CSA MC Agent Software to Install Other Components" section.
Step 4 Register CSA MC using the PAK label affixed to the claim certificate for CSA MC located in the separate licensing envelope. See the "Component Registration for Windows" section for details.
Caution CSA MC installation will not run without the appropriate production license.
Step 5 When installation is complete, read Chapter 3, "Quick Start Configuration" for setup instructions. See the "Post-Installation" section of this document for information on setting up the CiscoWorks Desktop Server.
RME Gatekeeper Remote Access Issue
Remote access to the RME Gatekeeper daemon is not required for correct operation of any of the components in VMS. Therefore, remote client access to this daemon is normally disabled in the CiscoWorks VMS module policy. If you have non-VMS products installed on your VMS system that require the RME Gatekeeper daemon to be accessed remotely, modify the CSA MC VMS policy:
Step 1 Locate the rule with description CiscoWorks RME Gatekeeper daemon, server for UDP and TCP services in the CiscoWorks VMS Module policy in CSA MC.
Step 2 Enable this rule and regenerate the rule program.
Note Refer to Using Management Center for Cisco Security Agents 4.0 for instructions on enabling rules and regenerating rule programs.
Installing Resource Manager Essentials on Windows
Note RME is located on its own component CD-ROM.
Step 1 Locate the Installation and Setup Guide for Resource Manager Essentials on Windows on the component CD-ROM or on Cisco.com, as described in the "Related Documentation" section for prerequisite and setup information.
Step 2 Follow the steps in the section "Performing a New Installation", in
Chapter 1, "Installing RME."
Note We recommend that you change the RME database password when prompted to
do so.
Step 3 After you complete installation, verify that RME was installed correctly as follows:
a. Access the CiscoWorks desktop after following the installation and setup instructions in "Post-Installation" section.
b. Select System Configuration > About the Server > Applications and Versions. The CiscoWorks About the Server page appears.
c. Check the Applications Installed table. RME should be listed as installed and enabled on your system.
Step 4 Follow the steps in Chapter 2, "Preparing to Use RME" of the Installation and Setup Guide for Resource Manager Essentials on Windows.
Step 5 Reinsert the VMMC Startup Disk in order to apply the necessary patches.
Step 6 Install Incremental Device Update (IDU) 5.0 for Resource Manager Essentials 3.5 by clicking the setup.exe file located in the Patches folder on the VMMC Startup Disk.
Note You can also download the latest IDU from http://www.cisco.com/pcgi-bin/tablebuild.pl/cw2000-rme. See Installation and Setup Guide for Resource Manager Essentials on Windows, Software Release 3.5 for details.
Step 7 Install CiscoWorks VMS 2.2 Update 1 by clicking setup.exe from the Patches > VMSUpdate folder.
Step 8 See the "Post-Installation" section of this document for information on setting up the CiscoWorks Desktop Server.
Note Remote access to the RME Gatekeeper daemon is not required for correct operation of any of the components in VMS. Therefore, remote client access to this daemon is normally disabled through a deny rule in the "CiscoWorks VMS module" policy. See the "RME Gatekeeper Remote Access Issue" section for details.
Installing VPN Monitor
Note VPN Monitor is located on its own component CD-ROM.
Step 1 Locate Installing VPN Monitor on Windows 2000 and Solaris on the component CD-ROM or on Cisco.com, as described in the "Related Documentation" section for prerequisite and setup information.
Step 2 Follow the steps in the section "Installing VPN Monitor on Windows 2000 and Windows NT", in Chapter 2, "Installing and Uninstalling VPN Monitor on Windows 2000 and Windows NT."
Step 3 Follow the steps in Chapter 2, "Preparing to Use RME" of the Installation and Setup Guide for Resource Manager Essentials on Windows.
Step 4 See the "Post-Installation" section of this document for information on setting up the CiscoWorks Desktop Server.
Update for 99% CPU Utilization (CSCdt73198)
Caution This update should
not be installed if you are running other CiscoWorks solutions on the same server (e.g., LMS or RWAN).
On a system running the VMS server, you might experience high CPU usage under certain conditions. This high CPU utilization might be triggered by any of the following conditions:
•Network connection goes down.
•Switch to which the server is connected goes down and/or is rebooted.
•Ethernet cable becomes unplugged from the server.
•The netmask and/or IP address is changed.
An update that addresses this problem is available on the VMMC Startup Disk.
Step 1 Navigate to the Patches directory marked CSCdt73198-1 on the VMMC Installation Startup Disk.
Step 2 Follow the directions in the Readme file included in this directory.
5 VMS Installation on Solaris
This section describes installation procedures for Common Services, all VMS Management and Monitoring Center (VMMC) component applications that are available on the VMMC Solaris Startup Disk (Firewall MC, AUS, Router MC, IDS MC, Security Monitor, and Performance Monitor), and RME.
Caution Information in this Quick Start Guide is intended for first time installation of VMS components
only. These instructions should
not be followed and could cause harm to systems with existing live deployments. Please see your individual component's installation documentation the
"Related Documentation" section for upgrade instructions.
Before you begin
•Verify all system requirements are met. See the "VMS System Requirements" section.
•Close all open or active programs. Do not run other programs during the installation process.
Important Installation Notes for Solaris
This section contains important information that you should read before you begin installation:
•CiscoWorks applications are installed in the following default directory:
–/opt/CSCOpx
If you select another directory during installation, the application is installed in that directory.
•If you select an installation directory different from the default, the /opt/CSCOpx directory is created as a link to the directory you selected. If you remove the link after installation, the component might malfunction.
•If errors occur during installation, read through the installation log file /var/tmp/ciscoinstall.log.
•You can press Ctrl-C at any time to end the installation. However, any changes to your system (for example, installation of new files or changes to system files) will not be undone.
Note We do not recommend ending the installation, using Ctrl-C, or you will be required to manually clean up the installation directories.
•If you want to use secure access between the client browser and the management server, you can enable or disable SSL from the CiscoWorks desktop.
If SSL is enabled:
–The URL begins with https instead of http to indicate a secure connection.
–The port number following the server name is 1742 instead of 1741.
You cannot enable SSL on the CiscoWorks Server if any application that is not SSL-compliant is installed on the server.
Note We recommend that you have SSL enabled during installation unless you are using other CiscoWorks components that do not support SSL. For help with SSL, consult the User Guide for CiscoWorks Common Services 2.2.
•Network inconsistencies might cause installation errors if you are installing from a remote mount point.
Order of Installation for Solaris
This section presents a high level overview of recommended installation steps. We recommend reading through the order of installation steps suggested here and then referring to the appropriate sections that follow for detailed instructions.
Step 1 Install Common Services. See the "Installing CiscoWorks Common Services and SP2 on Solaris" section.
Step 2 Install desired VMMC applications on the VMMC Startup Disk any order. See any of the following:.
• "Installing VMS Management and Monitoring Center 2.2 Applications on Solaris from the Startup Disk" section.
• "Installing CiscoWorks Common Services and SP2 on Solaris" section.
• "Installing Management Center for Firewalls on Solaris" section.
• "Installing Management Center for VPN Routers on Solaris" section
• "Installing Auto Update Server on Solaris" section.
• "Installing Monitoring Center for Performance on Solaris" section.
• "Installing Management Center for IDS Sensors and Monitoring Center for Security on Solaris" section.
Step 3 Install RME. See the "Installing Resource Manager Essentials on Solaris" section.
Step 4 See the "Post-Installation" section for important setup information.
Installing CiscoWorks Common Services and SP2 on Solaris
Note Common Services and Service Pack 2 must be installed before any other VMS component.
Step 1 Locate Installation and Setup Guide for CiscoWorks Common Services (includes CiscoView) for Solaris on the component CD-ROM or on Cisco.com, as described in the "Related Documentation" section.
Step 2 In Chapter 2, "Installing CiscoWorks Common Services", read the section "Preparing to Install CiscoWorks Common Services." As explained in that section, be sure you:
•Have root access to the server on which you plan to install CiscoWorks Common Services.
•Know the server's IP address.
•Verify that the TCP ports that CiscoWorks Common Services uses will not create conflicts with existing applications.
Step 3 Determine the password that you want the CiscoWorks Common Services administrator to use. For rules to follow for forming passwords, see the section "Admin Password" in Appendix C, "Password Information."
Step 4 Follow the steps in the section "Performing a New Installation", in Chapter 2, "Installing CiscoWorks Common Services."
Note In order to have the most recent updates for Common Services you must install CiscoWorks VMS Update1 at this point.
Step 5 Install CiscoWorks VMS Update 1 from the VMMC Startup Disk by entering
Step 6 Follow the steps in the "Post-Installation" section of this document.
Step 7 After you complete the installation, prepare to use CiscoWorks Common Services by:
a. Configuring the CiscoWorks server.
b. Configuring your client.
Installing VMS Management and Monitoring Center 2.2 Applications on Solaris from the Startup Disk
Once Common Services is installed, you can use the VMMC Startup Disk to install any Management Center component. Follow the steps listed here to locate component documentation included on the Startup Disk, begin the installation, and then go to the VMMC installation steps below for the components you would like to install.
Step 1 Insert the VMMC Startup Disk into the CD-ROM drive. At the top level of the directory structure, you will see folders corresponding to each VMMC component. From here, you can view any component directory, view and access that component's documentation directory and view a complete list of all necessary component information and installation files.
Step 2 As root, mount the VMMC CD-ROM on the same system on which you installed Common Services.
Step 3 Run the installation program.
•For a local installation, enter:
cd /cdrom/cdrom0/
./setup.sh
•For a remote installation, enter:
cd remotedir
./setup.sh
where remotedir is the remote location where the CD-ROM is mounted.
The install script will immediately detect whether Common Services and Service Pack 2 are installed. If you inserted the VMMC Startup Disk before installing Common Services you will receive an error message asking you to insert the Common Services CD-ROM. Once you have successfully completed Common Services installation, the following message with appear, Common Services SP2 is not installed. This patch will now be installed. Press Enter to continue.
Step 4 Press Enter to install SP2.
Once SP2 installation completes, there will be another informational message stating CSCec43722-1 patch is not installed.This patch will now be installed. Press Enter to continue.
Step 5 Press Enter to install the CSCec43722-1 patch update.
In very quick succession after the installation of Patch update CSCec43722-1, a second Patch Update installation will begin, signified by a screen that says Installing Patch CSCed18592-1.
Note These Patch installations occur very rapidly, in quick succession and require no user intervention.
As the script continues, a welcome message and two full screens of informational text will go by, ending with a list of the VMMC components displayed as shown here:
1) Management Center for Firewalls
4) Suite for Performance Monitor Application
5) IDS MC/Security Monitor
Select one or more items using its number separated by comma or enter q to quit:
Step 6 Enter one or more of the numbers corresponding to the components you want to install or 6 to select all components.
A confirming message will appear stating, for example,
1) Management Center for Firewalls
2) Router-MC
The installation scripts will run in the order you have selected and you will immediately start seeing script messages display in rapid sequence across your screen.
Step 7 Go to the section corresponding to each component below for typical installation instructions.
Informational error messages appear at the end of each component installation but pass too quickly to be readable before the next component installation begins. When all the installation(s) you have chosen are completed, you will see this text:
3) Auto Update Server
, followed by a section of informational and error messages titled 4) Suite for Performance Monitor Application
.
The messages will appear again, organized by component. These messages will confirm that the installation was successful, instruct you as to which products require a reboot, what if any problems were encountered, and so on.
Step 8 Prepare the client system for use. See the "Post-Installation" section of this document for information on setting up the CiscoWorks Desktop Server.
Installing Management Center for Firewalls on Solaris
Note Common Services and SP2 must be installed before any other VMS component.
Step 1 Locate Installing Management Center for Firewalls 1.2.2 on Windows 2000 and Solaris 2.8 on the component CD-ROM or on Cisco.com, as described in the "Related Documentation" section for prerequisite and setup information.
Step 2 Follow Steps 1 to 3 in the "Installing VMS Management and Monitoring Center 2.2 Applications on Solaris from the Startup Disk" section.
Step 3 Follow the prompts in the installation script.
Caution We recommend that you back up all system and database files now to establish a system baseline, and to avoid having to reinstall any Management Center (MC) applications if data becomes corrupted. Use the backup command, described in Installing CiscoWorks Common Services 2.2 on Solaris, to back up your system files and database. Make sure the backed up data is stored on tape or CD-ROM.When the installation has finished, unmount the CD-ROM.
Step 4 When the installation has finished, unmount the CD-ROM.
Step 5 Prepare the client system for use. See the "Post-Installation" section of this document for information on setting up the CiscoWorks Desktop Server.
Installing Management Center for VPN Routers on Solaris
Note Common Services and SP2 must be installed before any other VMS component.
Step 1 Locate Installing Management Center for VPN Routers 1.2.1 on Windows 2000 and Solaris on the component CD-ROM or on Cisco.com, as described in the "Related Documentation" section for prerequisite and setup information.
Step 2 Follow Steps 1 to 3 in the "Installing VMS Management and Monitoring Center 2.2 Applications on Solaris from the Startup Disk" section.
Step 3 Follow the prompts in the installation script.
Step 4 When the installation has finished, unmount the CD-ROM.
Step 5 Prepare the client system for use. See the "Post-Installation" section of this document for information on setting up the CiscoWorks Desktop Server.
Installing Auto Update Server on Solaris
Note Common Services and SP2 must be installed before any other VMS component.
Caution Network inconsistencies might cause installation errors if you are installing from a remote mount point.
Step 1 Locate Installing Auto Update Server 1.1 on Windows 2000 and Solaris on the component CD-ROM or on Cisco.com, as described in the "Related Documentation" section for prerequisite and setup information.
Step 2 Follow Steps 1 to 3 in the "Installing VMS Management and Monitoring Center 2.2 Applications on Solaris from the Startup Disk" section.
Step 3 Follow the prompts in the installation script. Note the following important considerations that will affect your responses to the prompts:
•If you try to install AUS on an unsupported version of a platform or incorrect service pack, a message appears. You can continue the installation, but you must update your platform or service pack before using the component.
•If your server lacks disk space or memory, exit the installation when prompted, then ask your administrator for assistance.
•Because AUS is intended for deployment in a DMZ that can be accessed from the Internet, we recommend that you change the database password when prompted for maximum security.
Step 4 When the installation has finished, unmount the CD-ROM.
Step 5 Prepare the client system for use. See the "Post-Installation" section of this document for information on setting up the CiscoWorks Desktop Server.
Installing Monitoring Center for Performance on Solaris
Note Common Services and SP2 must be installed before any other VMS component.
Step 1 Locate Installing Monitoring Center for Performance 2.0 on Solaris on the component CD-ROM or on Cisco.com, as described in the "Related Documentation" section for prerequisite and setup information.
Step 2 Follow Steps 1 to 3 in the "Installing VMS Management and Monitoring Center 2.2 Applications on Solaris from the Startup Disk" section.
Step 3 Follow the prompts in the installation script.
Step 4 When the installation has finished, unmount the CD-ROM.
Step 5 Prepare the client system for use. See the "Post-Installation" section of this document for information on setting up the CiscoWorks Desktop Server.
Installing Management Center for IDS Sensors and Monitoring Center for Security on Solaris
Note Common Services must be installed before any other VMS component.
Step 1 Locate Installing Management Center for IDS Sensors 1.2 and Monitoring Center for Security 1.2 on the component CD-ROM or on Cisco.com, as described in the "Related Documentation" section.
Step 2 Read the prerequisites and make sure you:
•Have root access to the server on which you plan to install IDS MC and Security Monitor.
Note While it is possible to co-locate the Security Monitor with other Management Centers, we recommend that you install Security Monitor on a server separate from your management application for a production network. This recommendation is based on the potentially heavy traffic processing load that might result from monitoring PIX Firewalls or IDS Sensors, or both.
•Know the server's IP address.
•Verify that the TCP ports that these applications use will not create conflicts with existing applications.
•Adjust all other system parameters as indicated in this installation document.
Step 3 The installer will prompt you for an IDS MC database password and PostOffice settings that you must provide before proceeding with the installation.
Step 4 Follow the steps in the section "Installing IDS MC and Security Monitor, in Chapter 2, "Installing, Upgrading, and Uninstalling IDS MC and Security Monitor."
When all component installations you have chosen complete, the following message will appear in the Possible Warnings/Errors Encountered field under IDS MC/Security Monitor: 5) IDS MC/Security Monitor
Step 5 Reboot the system before performing any post-installation tasks.
Step 6 Read Chapter 3, "Preparing to Use IDS MC and Security Monitor" for setup instructions. See the "Post-Installation" section of this document for information on setting up the CiscoWorks Desktop Server.
Installing Resource Manager Essentials on Solaris
Step 1 Locate Installation and Setup Guide for Resource Manager Essentials on Solaris on the component CD-ROM or on Cisco.com, as described in the "Related Documentation" section for prerequisite and setup information.
Step 2 Log in as root on the system on which you installed Common Services.
Step 3 Mount the RME CD-ROM using either of the following methods:
• Mount the CD-ROM on the CiscoWorks Server system.
• Mount the CD-ROM on a remote Solaris system, then access it from the CiscoWorks Server system.
Step 4 Start the installation.
• For a local installation, enter:
cd /cdrom/cdrom0/
sh ./setup.sh
• For a remote installation, enter:
cd remotedir
sh ./setup.sh
where remotedir is the remote location where the CD-ROM is mounted.
Step 5 Follow the steps in the section "Performing a New Installation", in Chapter 1, "Installing Essentials."
Note We recommend that you change the RME database password when prompted to do so.
Step 6 Reinsert the VMMC Startup Disk in order to have the most recent device and feature updates.
Step 7 Install RME Incremental Device Update 5.0 from the VMMC Startup Disk by entering
Note You can also download the latest IDU from http://www.cisco.com/pcgi-bin/tablebuild.pl/cw2000-rme. See Installation and Setup Guide for Resource Manager Essentials on Windows, Software Release 3.5 for details.
Step 8 Install CiscoWorks VMS Update 1 from the VMMC Startup Disk by entering
cd VMS_Update1
sh ./setup.sh
Step 9 After you complete the installation, verify that RME was installed correctly as follows:
a. Access the CiscoWorks desktop. (See the "Post-Installation" section of this document for information on setting up the CiscoWorks Desktop Server)
b. Select System Configuration > About the Server > Applications and Versions. CiscoWorks About the Server page appears.
c. Check the Applications Installed table. RME should be listed as installed and enabled on your system. Follow the steps in Chapter 2 of the RME installation document, "Preparing to Use Essentials." See the "Post-Installation" section of this document for information on setting up the CiscoWorks Desktop Server.
6 Post-Installation
It is important that you see each component's installation guide to ensure that all setup tasks are complete. Once installation is complete:
•Perform any necessary component setup tasks. See the "Where to Go Next" section for your component's documents and locations.
•Register Common Services and CSA MC. See the "Component Registration for Windows" section and the "Component Registration for Solaris" section.
Caution Registering Common Services activates all Management Centers dependent upon Common Services. Without registration, these components will expire in 90 days.
You can uninstall VMS using the instructions in the application installation guides. Uninstall each application in the reverse order of its installation.
Note Do not uninstall CiscoWorks Common Services 2.2 before uninstalling applications dependent on it.
Component Registration for Windows
Registering Common Services will activate the Management Centers. During Common Services installation you will be presented with 90-day unrestricted license file that will allow you to begin using VMS applications, but will expire if no further action is taken. During CSA MC installation, you will be presented with a temporary license that will prevent you from using the application until you register CSA MC to receive a production license. For these reasons, we recommend that you obtain and install a production license immediately.
You must provide the Product Authorization Key (PAK) for both Common Services and CSA MC. The Common Services PAK, preprinted on a PAK label, is affixed to the VMMC box. The CSA MC PAK label is affixed to the claim certificate for CSA MC located in the licensing envelope which is also included in the VMMC box.
To obtain a production license for CSA MC, register your software in one of the following ways:
Step 1 If you are a registered user of Cisco.com, use this website:
http://www.cisco.com/pcgi-bin/Software/FormManager/formgenerator.pl
or
If you are not a registered user of Cisco.com, use this website: http://www.cisco.com/pcgi-bin/Software/FormManager/formgenerator.pl.
Step 2 After registration, the software license will be sent to the email address that you provided during the registration process. Retain this document with your VMS component software records.
Note See the Registration and Licensing Notes for CiscoWorks Common Services 2.2 contained in the VMMC box, and the CSA MC claim certificate, located in the VMMC Startup Disk envelope.
Component Registration for Solaris
Registering Common Services will activate the Management Centers. During Common Services installation you will be presented with 90-day unrestricted license file that will allow you to begin using VMS applications, but will expire if no further action is taken. We recommend that you obtain and install a production license immediately.
Note You must provide the Product Authorization Key (PAK) for both Common Services and CSA MC. The Common Services PAK, preprinted on a PAK label, is affixed to the VMMC box.
Register your software at one of the following web sites. You must provide the Product Authorization Key (PAK), which is located on a pre-preprinted PAK label, affixed to the VMMC box.To obtain a production license:
If you are a registered user of Cisco.com, use this website: http://www.cisco.com/pcgi-bin/Software/FormManager/formgenerator.pl.
or
If you are not a registered user of Cisco.com, use this website: http://www.cisco.com/pcgi-bin/Software/FormManager/formgenerator.pl.
After registration, the software license will be sent to the email address that you provided during the registration process. Retain this document with your VMS component software records.
Note See the Registration and Licensing Notes for CiscoWorks Common Services 2.2.
7 Where to Go Next
After you have installed the required products and have performed necessary post-installation tasks, you are ready to begin using VMS. For more information, see the following User Guides:
•User Guide for CiscoWorks Common Services 2.2
•Using Management Center for Firewalls 1.2
•Using Auto Update Server 1.1
•Using Management Center for VPN Routers 1.2.1
•Using Management Center for IDS Sensors 1.2
•Using Monitoring Center for Security 1.2
•Using Management Center for Cisco Security Agents 4.0
•User Guide for VPN Monitor
•User Guide for Resource Manager Essentials, Software Release 3.5
•Using Monitoring Center for Performance 2.0
You can access these documents:
•In PDF in the Documentation directory on the VMMC 2.2 Startup Disk.
•In HTML and PDF on Cisco.com:
a. Log into Cisco.com.
b. Select Products & Services > Network Management CiscoWorks > CiscoWorks VPN/Security Management Solution.
c. Select the appropriate component.
d. Select Technical Documentation > User Guides.
e. Select the document written for this release.
•From the online help integrated into each VMS component.
8 Related Documentation
Installation and user documentation can be found in PDF format on the VMMC list in each component's documentation directory. Release notes for each component contain a complete list of each component's documentation, along with ordering information. All VMS documentation can also be found on Cisco.com. Select Products & Services > Network Management CiscoWorks > CiscoWorks VPN/Security Management Solution > Versions and Options > CiscoWorks VPN/Security Management Solution 2.2.
Note Although we make effort to validate the accuracy of the information in the printed and electronic documentation, you should also review the documentation on Cisco.com for any updates.
Paper Documentation
•Quick Start Guide for the VPN/Security/Management Solution 2.2
•Readme for Management Center for Cisco Security Agents 4.0.1
•Registration and Licensing Notes for CiscoWorks Common Services 2.2
•Release Notes for CiscoWorks Common Services 2.2 (includes CiscoView 5.5) on Solaris 2000
•Release Notes for CiscoWorks Common Services 2.2 (includes CiscoView 5.5) on Windows 2000
•Release Notes for Management Center for Firewalls 1.2.2 on Windows 2000 and Solaris 2.8
•Release Notes for Auto Update Server 1.1 on Windows 2000 and Solaris
•Release Notes for Management Center for VPN Routers 1.2.1 on Windows 2000 and Solaris
•Release Notes for Management Center for IDS Sensors 1.2.3 and Monitoring Center for Security 1.2.3
•Release Notes for Management Center for Cisco Security Agents 4.0
•Release Notes for Monitoring Center for Performance 2.0 on Solaris
•Release Notes for Resource Manager Essentials on Solaris, Software Release 3.5
•Release Notes for Resource Manager Essentials on Windows, Software Release 3.5
•Release Notes for VPN Monitor 1.2.1 on Windows and Solaris
Online Help and All Other Documentation
•Online help, which can be accessed in two ways:
–Select an option from the navigation tree, then click Help.
–Click the Help button in the dialog box.
•PDF for:
–Installation and Setup Guide for CiscoWorks Common Services (includes CiscoView) on Windows
–User Guide for CiscoWorks Common Services 2.2
–Installing Management Center for Firewalls 1.2.2 on Windows 2000 and Solaris 2.8
–Using Management Center for Firewalls 1.2
–Supported Devices, OS Versions, and Commands for Management Center for Firewalls 1.2.1
–Installing Auto Update Server 1.1 on Windows 2000 and Solaris
–Using Auto Update Server 1.1
–Supported Devices and Software Versions for AUS 1.1
–Installing Management Center for VPN Routers 1.2.1 on Windows 2000 and Solaris
–Using Management Center for VPN Routers 1.2.1
–Supported Devices Table for Management Center for VPN Routers 1.2
–Installing Management Center for IDS Sensors 1.2 and Monitoring Center for Security 1.2
–Using Management Center for IDS Sensors 1.2
–Supported Devices and Software Versions for Management Center for IDS Sensors 1.2
–Using Monitoring Center for Security 1.2
–Supported Devices and Software Versions for Monitoring Center for Security 1.2
–Installing Management Center for Cisco Security Agents
–Using Management Center for Cisco Security Agents
–Installing Monitoring Center for Performance 2.0 on Solaris
–Using Monitoring Center for Performance 2.0
–Supported Devices and Software Versions for Monitoring Center for Performance 2.0
–Installation and Setup Guide for Resource Manager Essentials on Windows, Software Release 3.5
–Installation and Setup Guide for Resource Manager Essentials for Solaris, Software Release 3.5
–User Guide for Resource Manager Essentials, Software Release 3.5
–Supported Device Table for Resource Manager Essentials 3.5
Note Adobe Acrobat Reader 4.0 or later is required.
9 Obtaining Documentation
Cisco provides several ways to obtain documentation, technical assistance, and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation on the World Wide Web at this URL:
http://www.cisco.com/univercd/home/home.htm
You can access the Cisco website at this URL:
http://www.cisco.com
International Cisco websites can be accessed from this URL:
http://www.cisco.com/public/countries_languages.shtml
Documentation CD-ROM
Cisco documentation and additional literature are available in a Cisco Documentation CD-ROM package, which may have shipped with your product. The Documentation CD-ROM is updated regularly and may be more current than printed documentation. The CD-ROM package is available as a single unit or through an annual or quarterly subscription.
Registered Cisco.com users can order a single Documentation CD-ROM (product number DOC-CONDOCCD=) through the Cisco Ordering tool:
http://www.cisco.com/en/US/partner/ordering/ordering_place_order_ordering_tool_launch.html
All users can order annual or quarterly subscriptions through the online Subscription Store:
http://www.cisco.com/go/subscription
Click Subscriptions & Promotional Materials in the left navigation bar.
Ordering Documentation
You can find instructions for ordering documentation at this URL:
http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm
You can order Cisco documentation in these ways:
•Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Networking Products MarketPlace:
http://www.cisco.com/en/US/partner/ordering/index.shtml
•Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).
10 Documentation Feedback
You can submit e-mail comments about technical documentation to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate your comments.
11 Obtaining Technical Assistance
For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, the Cisco Technical Assistance Center (TAC) provides 24-hour-a-day, award-winning technical support services, online and over the phone. Cisco.com features the Cisco TAC website as an online starting point for technical assistance. If you do not hold a valid Cisco service contract, please contact your reseller.
Cisco TAC Website
The Cisco TAC website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The Cisco TAC website is available 24 hours a day, 365 days a year. The Cisco TAC website is located at this URL:
http://www.cisco.com/tac
Accessing all the tools on the Cisco TAC website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a login ID or password, register at this URL:
http://tools.cisco.com/RPF/register/register.do
Opening a TAC Case
Using the online TAC Case Open Tool is the fastest way to open P3 and P4 cases. (P3 and P4 cases are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Case Open Tool automatically recommends resources for an immediate solution. If your issue is not resolved using the recommended resources, your case will be assigned to a Cisco TAC engineer. The online TAC Case Open Tool is located at this URL:
http://www.cisco.com/tac/caseopen
For P1 or P2 cases (P1 and P2 cases are those in which your production network is down or severely degraded) or if you do not have Internet access, contact Cisco TAC by telephone. Cisco TAC engineers are assigned immediately to P1 and P2 cases to help keep your business operations running smoothly.
To open a case by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447
For a complete listing of Cisco TAC contacts, go to this URL:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
TAC Case Priority Definitions
To ensure that all cases are reported in a standard format, Cisco has established case priority definitions.
Priority 1 (P1)—Your network is "down" or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Priority 2 (P2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
Priority 3 (P3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Priority 4 (P4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
12 Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
•The Cisco Product Catalog describes the networking products offered by Cisco Systems, as well as ordering and customer support services. Access the Cisco Product Catalog at this URL:
http://www.cisco.com/en/US/products/products_catalog_links_launch.html
•Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press online at this URL:
http://www.ciscopress.com
•Packet magazine is the Cisco quarterly publication that provides the latest networking trends, technology breakthroughs, and Cisco products and solutions to help industry professionals get the most from their networking investment. Included are networking deployment and troubleshooting tips, configuration examples, customer case studies, tutorials and training, certification information, and links to numerous in-depth online resources. You can access Packet magazine at this URL:
http://www.cisco.com/packet
•iQ Magazine is the Cisco bimonthly publication that delivers the latest information about Internet business strategies for executives. You can access iQ Magazine at this URL:
http://www.cisco.com/go/iqmagazine
•Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:
http://www.cisco.com/en/US/about/ac123/ac147/about_cisco_the_internet_protocol_journal.html
•Training—Cisco offers world-class networking training. Current offerings in network training are listed at this URL:
http://www.cisco.com/en/US/learning/index.html
