Using Auto Update Server 1.0
Introduction
Download this chapter
IntroductionIntroduction
give_us_feedback

Table of Contents

Introduction
 AUS Product Overview
 AUS Product Features
 Understanding User Roles and Permissions

Introduction

The CiscoWorks Auto Update Server (AUS) 1.0 provides a web-based interface for upgrading device configuration files and software images on PIX Firewalls that use the auto update feature.

AUS is designed to interoperate with the Management Center for PIX Firewalls (PIX MC). See the PIX MC documentation for information on using PIX MC with AUS.

These topics help you understand AUS:

AUS Product Overview

The Auto Update Server (AUS) is a tool used to upgrade device configuration files and software images. The main advantage of AUS is that it primarily manages devices that obtain their addresses through DHCP, although it can be used to manage any device that uses the auto update feature. AUS supports remotely managed PIX Firewalls that are often dynamically addressed; a traditional network management server cannot manage dynamically addressed devices.

A network management server cannot directly initiate communication to devices that acquire their interface address using DHCP, because their IP addresses are not known ahead of time. Furthermore, these devices might not be up and running, or they might be behind firewalls and NAT boundaries when the management system needs to make changes.

The device uses the auto update feature to initiate a management connection to AUS at a periodic interval. The device gives AUS its current state and device information. AUS responds to the device by providing a list of versions for the software images and configuration files that the device should be running. The device compares the file versions with the versions it is running. If the versions are different, the device downloads the new versions from the URLs provided by AUS. Once the device is up to date with the new file versions, it sends AUS its state and device information again.

AUS Product Features

Auto Update Server includes the following features.

  • Global IP Address—AUS can be configured with a global IP address or can have an internal private address that is translated to external networks. If AUS has a global IP address, devices that connect to AUS for an update can be on the inside corporate network or behind a firewall that is performing NAT.
  • Deployment Behind a NAT Boundary—If you want to deploy AUS behind a NAT boundary in either the Enterprise network or in the Enterprise DMZ, then the PIX MC devices being managed by AUS must all be on the same side of the NAT boundary. For example, you can deploy AUS in the DMZ behind a NAT boundary and manage devices that were deployed only on the Internet; however, you cannot deploy AUS in the DMZ behind a NAT boundary with some devices using private addresses on the inside of the boundary and some outside on the Internet.
  • Number of Firewalls Supported—AUS facilitates the managing of up to one thousand firewalls. Firewalls operating in auto-update mode periodically contact AUS to upgrade software images, configurations, and versions of PDM, and to pass device information and status to AUS. Using AUS also facilitates the managing of devices that obtain their addresses through Dynamic Host Configuration Protocol (DHCP) or that sit behind Network Access Translation (NAT) boundaries.

Understanding User Roles and Permissions

AUS supports two methods for establishing authorization, authentication, and accounting (AAA) using either CiscoWorks2000 Server or Cisco Secure Access Control Server (ACS). Your method is chosen when you install common services, but you can change your method at any time.

For more information, see "User Roles and Permissions for AUS."