Guest

Cisco IP Solution Center Security Management

Cisco IP Solution Center Security Manager

Data Sheet


Cisco IP Solution Center Security Management


Unified Service Management Platform for VPN, Metro Ethernet, and Security Services
With the phenomenal growth of e-commerce, Internet security has become an important and integral component of business, playing a critical role in corporate survival and maintaining a competitive advantage.
As corporations increasingly deploy security devices throughout their networks, the process of individual device configuration can cause an exponential increase in operational costs. Individual device configuration can also lead to inconsistent policies across the network, creating potential network security vulnerabilities. An effective Internet security solution, therefore, does not only consider security devices and security technology; it must incorporate management of the security services. Cisco integrated network security solutions enable organizations to protect productivity gains and reduce operating costs. Cisco IP Solution Center is the latest addition to the Cisco Security Management product portfolio.

Introduction

The Cisco® IP Solution Center Security Management Application management solution (Figure 1) provides enterprises and service providers with a robust and centralized management platform that minimizes the operational costs of network security and prevents inconsistent security policies. It also enables effective deployment and management throughout the entire life cycle of security services, including policy-based virtual private network (VPN), firewall, and Network Address Translation (NAT) provisioning, as well as integrated security monitoring and security vulnerability reporting (via integration with third-party security software vendors).

Technology Overview

The Cisco IP Solution Center Security management solution eliminates common deployment and management issues by elevating the technology administrator's role to that of business manager, as opposed to low-level, device-specific policy manager and administrator. Cisco IP Solution Center implements a business-centric, policy-level management model that allows our customers to define high-level policies, while the application of those policies to specific network devices is offloaded to the Cisco IP Solution Center software. The Cisco IP Solution Center Security Management application provides complete support for the provisioning and management of LAN-to-LAN VPN, as well as remote-access VPN, Easy VPN, Dynamic Multipoint VPN, firewall, NAT, and quality-of-service (QoS) technologies for Cisco platforms such as routers based on Cisco IOS® Software, Cisco PIX® security appliances, and Cisco VPN 3000 Series concentrators.

Cisco IP Solution Center Security Management solution offers complete life-cycle management, from creating the security policy to real-time provisioning, service activation, service auditing, service assurance, and policy reconfiguration. Cisco IP Solution Center was designed to effectively accommodate the dynamic nature of security technologies, facilitating fast additions of devices, device upgrades or relocations, and other changes that allow customers to responsively address the needs of corporate clients. Designed for reliability, scalability, and flexibility, Cisco IP Solution Center enables customers to maintain security with no service disruptions.


Figure 1
Cisco IP Solution Center Security Management Application Accurately and Cost-Effectively Manages the Complete Life-Cycle of a Security Service Deployment

Features

  • Policy-based security management: Cisco IP Solution Center centrally manages the configuration of firewall and VPN site-to-site VPN, network-based VPN, remote-access VPN, DMVPN, and Easy VPN devices, allowing customers to effectively deploy hundreds of thousands of security policies to their networks.
  • Cisco IP Solution Center Security Policy Manager allows customers to define global service-level policies. The software will then automatically generate the device-level commands and provision the network accordingly. Once defined, global policies can be reused across multiple networks. This powerful management platform enables customers to:
    • Easily manage full-mesh, hub-and-spoke, or partial-mesh VPN topologies
    • Efficiently deploy site-to-site, network-based VPN, remote-access VPN, DMVPN, and Easy VPN technologies
    • Manage integrated generic routing encapsulation (GRE)
    • Design and deploy complex firewall rules
    • Automate failover and load-balancing configuration
    • Enable large-scale NAT configuration
    • Manage integrated QoS services

Figure 2
Cisco IP Solution Center Topology View


Figure 3
IP Solution Center Service Inventory View

  • Easy and automatic, or "plug and play," deployment: As business increases, companies typically add new security devices to their networks. Cisco IP Solution Center, working in collaboration with embedded Cisco CNS intelligent agents, can detect and manage newly added security devices dynamically and automatically. This gives our customers the ability to rapidly and dynamically deploy security services in a cost-effective manner. Once a new device is added to the network, the intelligent, embedded Cisco CNS Agent informs the Cisco CNS 2100 Series server, which operates Cisco IP Solution Center software, in real time of all the latest information about that particular device. Subscribing to the Cisco CNS Message Bus, Cisco IP Solution Center is then able to dynamically manage the security policy, which applies to each new device, accordingly. Because of the dynamic nature of networks, device configuration or status can be changed at any time. The intelligent, embedded Cisco CNS Agent can notify the Cisco CNS 2100 Series server of all the changes in network security devices—such as the change of the Dynamic Host Configuration Protocol (DHCP)-assigned IP address, loop-back interface, and so on—creating a network security management environment that does not require human intervention.

Figure 4
Plug and Play Deployment

  • Flexible administration: Cisco IP Solution Center provides role-based access control (RBAC) administration to enable granular management privileges control over network devices, services, provision actions, user groups, and all other possible components. Users can define administrative roles once and easily assign these roles to multiple users and user groups.
  • High-performance service auditing: Cisco IP Solution Center Service Auditor validates IP service configurations and identifies faults to ensure high network integrity and service quality. Cisco IP Solution Center also generates reports about the status of service deployment (requested, pending, deployed, or operating). Service assurance features ensure that IP service target devices remain provisioned correctly and that the service itself is operational.
  • Service-level agreement (SLA) monitoring and reporting: Cisco IP Solution Center SLA Manager monitors IP-aware SLAs for round-trip times, availability, and usage. Thresholds can be configured that allow violations to be reported and recorded for billing purposes.
  • Highly scalable open architecture: Cisco IP Solution Center is a highly scalable, open security management platform. The system's four-tier architecture, consisting of client, interface, control, and distribution tiers, means it can manage tens of thousands of security systems and devices.

Benefits

Cisco IP Solution Center eliminates common deployment and management issues by elevating the service administrator's role to that of business manager, as opposed to low-level, device-specific policy manager and administrator. Cisco IP Solution Center implements a business-centric, service-level management model that allows companies to define high-level policies, while the application of those policies to specific network devices is offloaded to the Cisco IP Solution Center software.

Cisco IP Solution Center simplifies management of complex multiple-access, multiple-platform IP services, and also reduces management costs. Cisco IP Solution Center service options provide service-level provisioning, service-aware performance and service-level assurance, and service-aware usage. Accepted worldwide by more than 160 leading corporations, Cisco IP Solution Center (evolution of well-established Cisco VPNSC) is the standalone management solution for effective management of converging services, supporting a unified view of VPN, metro Ethernet, security, and QoS services through a common repository of information across all these packet-based services.

Cisco IP Solution Center provides the software management application that enables rapid and accurate deployment of security services. Simultaneously, the solution simplifies management of complex, multiple-access, multiple-platform security services. The Cisco IP Solution Center Security Management application provides full support for the provisioning and management of LAN-to-LAN VPN, Remote Access VPN, EZ VPN, and DMVPN services using IOS CPEs, VPN 3000 concentrators and PIX devices, as well as Firewall, NAT, and QoS services.

System Requirements

UNIX Platforms

For workstation recommendations, see Table 1. For workstation recommendations for running IP Solution Center running High Availability, see Table 2.

Table 1   Workstation Recommendations for IP Solution Center

Number of Edge Devices Workstation RAM Swap Space Disc Space Number of Operators
Up to 1500

Sun Fire 280R (1 CPU)

2 GB

4 GB

36+ GB

10

More than 1500

Sun Fire V480 (4 CPUs)

4 GB

8 GB

Two 36+ GB

20+


Note:    The Number-of-Operators column indicates the Cisco recommendation for the number of concurrent IP Solution Center operators running instances of the IP Solution Center Console. This number does not represent the maximum number of operators.

Table 2   Workstation Recommendations for Cisco IP Solution Center with the High Availability Feature

Workstations RAM Disk Space
Two Sun Netra 20 Servers

2 GB per workstation

Two 36-GB 10,000-RPM disk drives for each workstation




Software

Solaris 8 and Sun Cluster Release 3.0 with Update 1 (see the Sun Web site or documentation) must be run in failover, not scalable mode. Users must be trained to run Sun Cluster before using the Cisco IP Solution Center High Availability feature.

To help find the correct Sun hardware to run Cisco IP Solution Center, Cisco Systems provides the Sun Cisco Optimized Platform Recommendation Table, which includes recommended order numbers for the Sun workstations and a description of required and optional components.

Web GUI client:

  • Internet Explorer 6.0 or above
  • Netscape 7.0 or above
  • Mozilla 1.0 on UNIX machines
  • Java Web Start 1.4.0

For More Information

Visit the Cisco IP Solution Center product page for more information.