Quick Start Guide for the VPN/Security Management Solution 2.1
VMS Bundle Component Installation
Download this chapter
VMS Bundle Component InstallationVMS Bundle Component Installation
give_us_feedback

Table of Contents

VMS Bundle Component Installation
System Requirements
 Installation Sequence
 Verifying Your Installations

VMS Bundle Component Installation

This chapter describes the system requirements and procedures for installing CiscoWorks Common Services, Management Center for PIX Firewalls (PIX MC), Management Center for IDS Sensors (IDS MC), and Monitoring Center for Security (Security Monitor). It also includes procedures to verify that you successfully installed the components.

System Requirements

CiscoWorks Common Services, PIX MC, IDS MC, and Security Monitor are components of the VPN/Security Management Solution (VMS).

You can install VMS CDs on Windows 2000. Table 2-1 shows VMS server requirements for Windows 2000 systems.

Table 2-1   Server Requirements

System Component  Requirement 

Hardware
  • IBM PC-compatible with a CD-ROM drive
  • Color monitor with video card capable of 16-bit colors

Processor

Pentium, 1 GHz, minimum

Operating System

You must have one of the following operating systems:

  • Windows 2000 Server, Service Pack 2 or Service Pack 3
  • Windows 2000 Professional, Service Pack 2 or Service Pack 3

Note CiscoWorks Common Services has not been tested with any other Windows or Windows 2000 operating system or service pack; therefore, installing CiscoWorks Common Services on any other operating system is not supported.

File System

NTFS

Memory

1 Gigabyte, minimum

Virtual Memory

2 Gigabytes, minimum

Hard Drive Space

9 Gigabytes of free hard drive space, minimum

Note The actual amount of hard drive space required depends upon the number of CiscoWorks Common Services client applications you are installing and the number of devices you are managing with the client applications.

Additionally, you should not install CiscoWorks Common Services on a Windows server that is running any of the following services:

  • Primary domain controller
  • Backup domain controller
  • Terminal server

You can access all product features from a client that fulfills the hardware, software, and browser requirements. Table 2-2 shows client hardware and software requirements.

Table 2-2   Client Hardware and Software Requirements

System Component Requirement

Hardware/Software

IBM PC-compatible computer with 300 MHz or faster Pentium processor running one of the following:

  • Windows 98
  • Windows NT 4.0 Workstation
  • Windows NT 4.0 Server
  • Windows 2000 Advanced Server
  • Windows 2000 Server or Professional Edition with Service Pack 2 or Service Pack 3
  • Solaris SPARCstation or Sun Ultra 10 with a 333MHz processor running one of the following operating systems:
    • Solaris 2.7
    • Solaris 2.8

Hard Drive Space
  • 400 MB virtual memory (for Windows)
  • 512 MB swap space (for Solaris)

Memory

256 MB, minimum

Web Browser

You must also install one of the following HTML browsers:

  • Microsoft Internet Explorer 6.0 or 5.5 with Service Pack 2, and Java Virtual Machine (JVM) 5.00.3186 or later.

Note PIX MC, Auto Update Server, and Router MC run only on Internet Explorer version 6.0 or 5.5 with Service Pack 2, and Java Virtual Machine (JVM) 5.00.3186 or later.

  • Netscape Navigator 4.79 (for Windows).
  • Netscape Navigator 4.76 (for Solaris).
Note   CiscoWorks Common Services requires the Java Plugin from Sun Microsystems Java Runtime Environment (JRE) 1.3.1. CiscoWorks Common Services is not compatible with Java Plugin from JRE versions 1.2.x, 1.4.x, or any maintenance releases of JRE 1.3.1 (such as 1.3.1_01, 1.3.1_02, and so on). If the required JRE is not present on the client system, CiscoWorks Common Services downloads and installs it automatically; you do not need to install the JRE before accessing CiscoWorks Common Services. However, if an incompatible version of the JRE is present on the client system, you must remove it before accessing CiscoWorks Common Services. If you do not, some features of CiscoWorks Common Services may not function properly.

Installation Sequence

Complete the following tasks to install CiscoWorks Common Services, PIX MC, IDS MC, and/or Security Monitor.

Step 1   Bootstrap the managed devices.

Ensure that any supported devices you plan to manage, including PIX Firewalls and sensors, are installed on your network and that you can Telnet from the server to the managed device.

For more information, see "Network Device Preparation."

Step 2   Prepare the server and client systems.

Ensure that the server(s) on which you plan to install VMS components meet the minimum server system requirements. Additionally, ensure that any clients you will use to access the VMS components meet the minimum client system requirements.

For more information, see System Requirements.

Step 3   Install CiscoWorks Common Services.

Before you can install PIX MC, IDS MC, or Security Monitor, you must install CiscoWorks Common Services.

For more information, see Installing CiscoWorks Common Services as a Standalone Server.

Step 4   Install PIX MC.

PIX MC allows you to manage PIX Firewalls. You must install PIX MC on a server where CiscoWorks Common Services is installed.

For more information, see Installing PIX MC.

Step 5   Install IDS MC.

IDS MC allows you to manage IDS Sensors. You must install IDS MC on a server where CiscoWorks Common Services is installed.

For more information, see Installing IDS MC.

Step 6   Install Security Monitor.

Security Monitor allows you to collect, monitor, and view IDS Sensor postoffice events and PIX Firewall syslog messages. You must install Security Monitor on a server where CiscoWorks Common Services is installed.

Note   For deployments in your production network and optimal performance, we recommend that you install Security Monitor on a server separate from the one running your Management Centers.

For more information, see Installing Security Monitor.

Step 7   Verify your installations.

Ensure that you successfully installed CiscoWorks Common Services, PIX MC, IDS MC, and Security Monitor.

For more information, see Verifying Your Installations.




Installing CiscoWorks Common Services as a Standalone Server

This section describes how to install CiscoWorks Common Services without first installing CiscoWorks. CiscoWorks Common Services contains the desktop and user authentication and authorization components found in CiscoWorks. However, you cannot run CiscoWorks applications, such as Resource Management Essentials, on a standalone installation of CiscoWorks Common Services.

Note   For information about installing CiscoWorks Common Services on a server where CiscoWorks is already installed, see Installing CiscoWorks Common Services 1.0 on Windows 2000.

Before You Begin

  • Obtain a license for CiscoWorks Common Services and make it available on the target server or floppy disk.
  • Disable any virus scanning or intrusion detection software that may be running in the background on the server. These types of software can interfere with the installation.
  • Close all other running programs.
  • If you are reinstalling CiscoWorks Common Services, make sure the target directory is empty or does not exist before beginning the installation.

To install CiscoWorks Common Services in a standalone configuration, follow these steps:

Step 1   Put the Common Services 1.0 CD-ROM in the server CD-ROM drive, and then click Install on the Installer page that appears.

The CiscoWorks Common Services installation program starts. The Welcome page of the installation application appears.

If the installation program does not start, select Start > Run from the Windows taskbar, and then enter d:/setup in the Run dialog box, where d is the drive letter of the CD-ROM drive. Press Enter to start the installation program.

Step 2   Click Next.

The Software License Agreement page appears.

Step 3   To accept the terms of the license agreement, click Yes.

Note    If you do not accept the terms of the license agreement, click No. The install wizard closes.

If you accepted the terms of the license agreement, the Choose Destination Location page appears. The default installation directory, C:\Program Files\CSCOpx, appears in the Destination Folder area.

Step 4   To change the default installation directory, click Browse and perform one of the following steps:

  • Enter a new path in the Path field. If the directory specified does not exist, the installation program creates it.
  • Use the Directories and Drives fields to navigate to an existing directory.

Step 5   Click Next to continue.

The System Requirements page appears.

Step 6   Review the requirements to ensure that the drive specified has enough free space for the installation. If the selected drive does not have enough free space, perform one of the following steps:

  • Click Back to return to the Choose Destination Location screen and select a drive that meets the drive space requirements.
  • Click Cancel to terminate the installation. You need to either install additional drive space on the target system or install CiscoWorks Common Services on a system that has the drive space requirements.

Verify that the system has enough memory. If the system does not have enough memory, click Cancel to terminate the installation. You should either install additional memory in the target system or install CiscoWorks Common Services on a system that meets the minimum memory requirements.

If your system meets all of the system requirements, click Next.

The Select License File screen appears.

Step 7   Enter the path to the license file in the License file location field. You can also use the Browse button to navigate to the correct license file. Click Next to continue.

Note    You can bypass this step by clicking Skip. However, some of the client applications will not function if you do not enter a valid license. Refer to your client application documentation to note the licensing requirements for the applications you plan to install.

The Account Information page appears.

Step 8   Enter the password used to log in to Windows in the Password and Confirm Password fields. Click Next to continue.

If the two passwords do not match, the system prompts you to enter them again. If the passwords match, the Ports Configuration page appears.

Step 9   To change the external port numbers used by the Lock Manager (lm.exe) and database (fms.exe) services, enter the new information in the following fields:

  • LM Port—The port used by Lock Manager. The default value is 1272. Use the default value unless it conflicts with another application on the server.
  • FMS Port—The port used by the CiscoWorks Common Services database. The default value is 9652. Use the default value unless it conflicts with another application on the server.

Click Next to continue.

The Database Configuration page appears.

Step 10   Enter the information used by the SQL database component of CiscoWorks Common Services:

  • Server Port—The port used by the SQL database. The default value is 10033. Use the default value unless it conflicts with another application on the server.
  • Password—The password used by the SQL database. The password must be at least 4 characters long.
  • Confirm Password—The same value you entered in the Password field.

Click Next to continue.

The Apache Server Configuration page appears.

Step 11   Enter the information used by the Apache server component of CiscoWorks Common Services:

  • HTTPS Port—The port used by Apache for Secure Socket Layer (SSL) requests. Use the default value, 443, unless it conflicts with another application on the server.
  • Email Address—The e-mail address of the system administrator (required).
  • SMTP Server—The DNS name or IP address of your SMTP server.

Click Next to continue.

The Certificate Generation page displays.

Step 12   Enter the following information required to generate the local certificate. The local certificate is used for authentication and authorization when you login to the CiscoWorks desktop:

  • Country Code—A two-character code for the country where the CiscoWorks Common Services server is located.
  • State—The name of the state or province where the CiscoWorks Common Services server is located.
  • City—The name of the city where the CiscoWorks Common Services server is located.
  • Company—Your company name.
  • Organization—The name of the organization or division you work in.
  • Domain—The name of the domain the server resides in.
  • Certificate Password—A password for the certificate. The password must have a minimum of 4 and a maximum of 10 alphanumeric characters.
  • Confirm Password—The same value you entered in the Certificate Password field.
Note    You cannot leave any of the fields blank. If one of the above fields does not apply to you, enter any text of your choosing in the field.

Click Next to continue.

The Create Shortcuts page appears.

Step 13   To create a shortcut on the Windows desktop, select the Create a shortcut... check box, and then click Next to continue.

The Verification page appears.

Step 14   Review your settings. If you need to change any settings, click Back to return to the setting you need to change. Click Next to continue.

The Start Copying Files page appears. During the file copy, the system prompts you four different times to change passwords for the following components:

  • The casuser account (the user created by CiscoWorks Common Services to run the desktop services)
  • The "admin" account
  • The "guest" account
  • The CMF database
Note    If you abort the installation during the file copy stage, you must run the uninstall program before you attempt to install CiscoWorks Common Services again.

Step 15   To accept the default passwords, click No.

Note    The default password for the admin account is "admin". The default password for the "guest" account is none (blank). You can change these passwords at a later time. The default passwords for causer and the database are generated by the system; you cannot change them later.

To change a password, follow these steps:

a. Click Yes.

b. Enter the password in the Password field.

c. Re-enter the password in the Confirm field.

d. Click OK.

The installation may take a few minutes to complete while the components are installed and the services are configured. When the installation is complete, the Restart page appears.

Step 16   Select Yes and click Finish to restart the computer. Select No and click Finish to restart the computer at a later time.

Note    You must restart the computer before you use CiscoWorks Common Services.



Installing PIX MC

This section describes how to install PIX MC. This procedure assumes that you have already installed CiscoWorks Common Services.

To install PIX MC, follow these steps:

Step 1   Log in as the local administrator on the system on which you installed CiscoWorks Common Services.

This user account must be the same one used to install CiscoWorks Common Services.

Step 2   Insert the PIX MC CD into the CD-ROM drive, and then click Install on the Installer page that appears.

If the installation program does not start, select Start > Run from the Windows taskbar, and then enter d:/setup in the Run dialog box, where d is the drive letter of the CD-ROM drive. Press Enter to start the installation program.

The Welcome page appears.

Step 3   Click Next.

The Software License Agreement page appears.

Step 4   To accept the terms of the license agreement, click Yes.

Note    If you do not accept the terms of the license agreement, click No. The install wizard closes.

The System Requirements page lists the details of your available system resources compared with the requirements of PIX MC.

Caution   If your system does not meet the system requirements, we recommend that you exit the installation and see your system administrator for assistance installing the application.

Step 5   Click Next.

The Verification page lists the details of the installation and asks you to confirm that you want to proceed.

Step 6   Click Next.

Installation progress is displayed while files are copied and tools are configured. PIX MC is installed by default in the same location where CiscoWorks Common Services is installed. That default location is C:\Program files\CSCOpx. When the installation is complete, the Setup Complete page appears.

Step 7   Click Finish.




Installing IDS MC

This section describes how to install IDS MC.

This procedure assumes that you have already installed CiscoWorks Common Services.

Tip For enhanced performance, we recommend that you install IDS MC and Security Monitor on separate servers. If you are installing IDS MC and Security Monitor on the same server, follow the installation procedure in Installing Management Center for IDS Sensors 1.0 and Monitoring Center for Security 1.0 on Windows 2000.

To install IDS MC, follow these steps:

Step 1   Log in as the local administrator on the system on which you installed CiscoWorks Common Services.

Step 2   Insert the Monitoring Center for Security and Management Center for IDS Sensors CD into the CD-ROM drive, and then click Install on the Installer page that appears.

If the installation program does not start, select Start > Run from the Windows taskbar, and then enter d:/setup in the Run dialog box, where d is the drive letter of the CD-ROM drive. Press Enter to start the installation program.

The Welcome page appears.

Step 3   Click Next to begin the installation.

The Software License Agreement page appears.

Step 4   To accept the terms of the license agreement, click Yes.

Note    If you do not accept the terms of the license agreement click No. The install wizard closes.

Step 5   Select the Custom installation radio button. Then, click Next.

Step 6   To install IDS MC, select the IDS MC only radio button. Then, click Next.

The System Requirements page appears.

Step 7   Verify that your system meets the minimum disk space and memory requirements. Then, click Next.

The Verification page appears.

Step 8   Verify the selected components. Then, click Next.

The Select Database Location page appears.

Step 9   By default, the database is located in the directory where CiscoWorks Common Services is installed. To specify a different directory for the IDS database, enter a file path in the Database file location field. Then, click Next.

The Select Database Password page appears.

Step 10   Enter the database password in the Password field. Then, to confirm the password, reenter it in the Confirm Password field. Then, click Next.

The Restart page appears.

Step 11   Select Yes, I want to restart my computer now and click Finish to restart the computer. Select No, I will restart my computer later and click Finish to restart the computer at a later time.

Note    You must restart the computer before you use IDS MC.



Installing Security Monitor

This section describes how to install Security Monitor.

This procedure assumes that you have already installed CiscoWorks Common Services.

Tip For enhanced performance, we recommend that you install IDS MC and Security Monitor on separate servers. If you are installing IDS MC and Security Monitor on the same server, follow the installation procedure in Installing Management Center for IDS Sensors 1.0 and Monitoring Center for Security 1.0 on Windows 2000.

To install Security Monitor, follow these steps:

Step 1   Log in as the local administrator on the system on which you installed CiscoWorks Common Services.

Step 2   Insert the Monitoring Center for Security and Management Center for IDS Sensors disc into the CD-ROM drive, and then click Install on the Installer page that appears.

If the installation program does not start, select Start > Run from the Windows taskbar, and then enter d:/setup in the Run dialog box, where d is the drive letter of the CD-ROM drive. Press Enter to start the installation program.

The Welcome page appears.

Step 3   Click Next to begin the installation.

The Software License Agreement page appears.

Step 4   To accept the terms of the license agreement, click Yes.

Note    If you do not accept the terms of the license agreement click No. The install wizard closes.

Step 5   Select the Custom installation radio button. Then, click Next.

Step 6   To install Security Monitor, select the Security Monitor only radio button. Then, click Next.

The System Requirements page appears.

Step 7   Verify that your system meets the minimum disk space and memory requirements. Then, click Next.

The Verification page appears.

Step 8   Verify the selected components. Then, click Next.

The Select Database Location page appears.

Step 9   By default, the database is located in the directory where CiscoWorks Common Services is installed. To specify a different directory for the IDS database, enter a file path in the Database file location field. Then, click Next.

The Select Database Password page appears.

Step 10   Enter the database password in the Password field. To confirm the password, reenter it in the Confirm Password field. Then, click Next.

The Select CW2000 Syslog Port page appears.

Step 11   Specify which UDP port CiscoWorks uses. The value can be between 1 and 65,535. By default, CiscoWorks uses UDP port 52514. We recommend that you use the default port value. Then, click Next.

The Configure Communication Properties page appears.

Step 12   To submit the communication properties for this host, enter the appropriate values in the Host ID, Organization ID, IP Address, Host Name, and Organization Name fields. Then, click Next.

The properties are used to establish the communication infrastructure for this host and the IDS sensor. The Restart page appears.

Step 13   Select Yes, I want to restart my computer now and click Finish to restart the computer. Select No, I will restart my computer later and click Finish to restart the computer at a later time.

Note    You must restart the computer before you use Security Monitor.



Verifying Your Installations

This section describes how to log in to CiscoWorks and how to verify installation of CiscoWorks Common Services, PIX MC, Security Monitor, and Security Monitor. It contains the following sections:

Verifying the CiscoWorks Common Services Installation

You can verify the success of the installation before you log in to CiscoWorks Common Services.

To verify the CiscoWorks Common Services installation, follow these steps:

Step 1   Open a DOS prompt, enter net start, and press Enter.

A list of Windows 2000 services appears.

Step 2   Verify that the following services are running:

  • Apache WebServer
  • CMF rsh/rcp service
  • CMF syslog service
  • CMF tftp service
  • CW2000 Daemon Manager
  • CW2000 Device Agent Framework
  • CW2000 KRS Database
  • CW2000 Lock Manager
  • CW2000 Sybase Server
  • CW2000 Tomcat Servlet Engine
  • CW2000 Web Server
  • JRun Proxy Server for CW2000

If any of these services is not present, reboot the system to start the services. If the missing services do not appear after rebooting the server, the installation was unsuccessful.




Logging in to CiscoWorks2000

The CiscoWorks2000 Server desktop is the interface for the CiscoWorks network management applications, including Security Monitor, IDS MC, and PIX MC. The desktop is a graphical user interface that runs in a browser. For additional information about the CiscoWorks2000 Server desktop, see Getting Started with the CiscoWorks2000 Server Desktop.

Before you log in, make sure that your browser is configured correctly for CiscoWorks. For more information, see Installing CiscoWorks Common Services 1.0 on Windows 2000.

If you have installed CiscoWorks and are logging in for the first time, you can use the reserved "admin" username and password.

To log in to CiscoWorks, follow these steps:

Step 1   Access the CiscoWorks2000 Server from your web browser.

Step 2   Enter admin in both the Name and Password fields of the Login Manager.

Note    If you changed the default password for the admin account during the install, use that new password. If you did not change the default password when you installed CiscoWorks Common Services, we strongly recommend that you perform Step 4 to change it.

Step 3   Click Connect or press Enter. You are now logged in.

Step 4   Select Server Configuration > Setup > Security > Modify My Profile to change the admin password.

:ch02.fm




Verifying Installation by Checking Package Options

You can verify the installation of PIX MC, IDS MC, and Security Monitor in the Packages Installed section of the About the Server page from the CiscoWorks2000 desktop.

To verify installation from the About the Server page, follow these steps:

Step 1   Select Server Configuration > About the Server > Applications and Versions.

The About the Server page appears.

Step 2   Verify that IDS MC and Security Monitor are listed in the Applications Installed list of the About the Server page and that Management Center for PIX Firewalls is listed in the Packages Installed list.