PDF(168.5 KB) View with Adobe Reader on a variety of devices
Updated:July 21, 2008
® Configuration Engine provides a unified, secure solution for automating the deployment of Cisco customer premises equipment (CPE). This scalable product distributes device and service configuration files and software images to one device or a group of devices, thereby reducing operating costs and deployment time to enable new services and customers.
The Cisco Configuration Engine is a highly scalable software application running on a Solaris or Linux server; with this application customers can manage CPE devices, including Cisco routers, Cisco switches, and Cisco PIX
® devices. Cisco Configuration Engine is accessible through a web-based GUI or web services such as XML and Simple Object Access Protocol (SOAP).
Service provider and large enterprise customers face similar challenges of deploying and managing large volumes of network devices. This complexity is further increased when they introduce integrated managed enterprise service applications such as IP communications, security, and VPNs. Traditionally, customers deploy management products from hardware vendors, which often do not meet operational challenges for managing the service-oriented network.
The Cisco Configuration Engine architecture addresses customers' operational concerns such as scalability, performance, programmatic interfaces, and the flexibility to customize CPE deployments to meet their business and operation requirements. Adapting to standards-based web and networking technologies, the Cisco Configuration Engine supports a highly scalable, available, distributed, and fault-tolerant architecture, allowing customers to customize core components to meet their requirements. Figure 1 shows a high-level overview of a fault-tolerant, distributed Cisco Configuration Engine implementation.
® Software devices connect to the Cisco Configuration Engine through persistent and secure TCP connections over Secure Sockets Layer (SSL), facilitating the distribution of device and service configuration to thousands of devices in minutes. The Cisco Configuration Engine is shipped with all the necessary software components and an embedded data repository to quickly begin managing devices. As shown in Figure 1, customers managing large volumes of Cisco devices can adapt a distributed, highly available, fault-tolerant architecture with no single point of failure.
In this scenario, all Cisco Configuration Engines can share a common external data repository, which can be duplicated for redundancy. Because Cisco IOS Software devices connect to the Cisco Configuration Engine through persistent TCP connections, a Cisco Configuration Engine failure will lead to a loss of connectivity. Customers can optionally deploy a Cisco Content Switching Module to load balance Cisco IOS Software device connections and then configure the switch to move the connections to another Cisco Configuration Engine appliance if failure occurs.
Figure 1. High-Level Overview of a Cisco Configuration Engine Implementation
Primary Features and Benefits
The Cisco Configuration Engine automates the configuration of Cisco devices during initial deployments and in subsequent reconfigurations. This complete, automatic device deployment and configuration solution relieves service providers and large enterprise customers of the need to send technicians to customer sites, affording the customers fast activations for new services. Network administrators who manage large networks can also take advantage of the solution to distribute configurations, IP Security (IPsec) keys, passwords, and so on to a device or to groups of devices.
Key features of the Cisco Configuration Engine include:
Configuration and Image Services
The Cisco Configuration Engine supports configuration and software image and file distribution services. Customers can choose one device or a group of devices to distribute device and service configurations, provide policy-based distribution and activation of software images, or distribute files such as signature definition files (SDFs) for security. Some highlights include:
• Secure Zero-Touch Deployment of services and software image
• Secure policy-based distribution of configurations, software images, SDFs, and Cisco Unified Communications Manager Express feature scripts to one device or a group of devices
• E-page or email notification after successful completion or failure of configuration updates and image distribution and activation
• Concept of batch size to enable customers to update thousands of devices but limit the number of simultaneous updates
• State information to monitor and update the outcome of service requests
• Policy-based image distribution and activation to validate device resources before upgrading software images
The Cisco Configuration Engine supports an intuitive, task-oriented, feature-rich, web-based GUI. In addition to standard features such as a hierarchical view, groups, jobs, log files, device cloning, bulk upload tool, and a scheduler, the Cisco Configuration Engine includes advanced features such as job customization, policy-based creation of dynamic virtual groups, and support for both embedded and external data repositories.
Velocity Template Engine
The Cisco Configuration Engine supports the Velocity Template Engine, a widely used tool from Apache. The Velocity Template Engine enables customers to develop their own scripts, implementing logic to generate and validate configurations dynamically through interaction with devices. Primary benefits of using this tool include:
• User customization based on device configuration and service activation requirements
• Support for Java, Perl, Expect, and other scripting tools
• Dynamic configuration generation by customers through interaction with the device
• Workflow control to enable customers to complete multiple jobs
• Ability of customers to develop and plug in scripts to validate device attributes entered by network-operations-center (NOC) personnel
• Support for scripts to autopopulate attribute values retrieved from a customer's data repository
For customers who prefer to integrate programmatically, the Cisco Configuration Engine offers a rich set of application programming interfaces (APIs) based on web services (XML/SOAP). The Cisco Configuration Engine adapts to industry-standard web and Internet protocols, reducing the complexity of integration, and it supports secure communication based on HTTPS and Secure Sockets Layer (SSL) between the customer application and the Cisco Configuration Engine. Web services are available for configuration, image, and administrative services. Immediate benefits to customers integrating with the Cisco Configuration Engine using web services include:
• HTTPS and SSL communication between the customer application and the Cisco Configuration Engine is secure.
• Flexibility and ease of integration reduce the cost of implementation.
• XML/SOAP Web Services Description Language (WSDL) is available for administrative, configuration, and image services; all features supported from the web GUI can be accessed programmatically through web services.
• There is no dependency on the OS; the API is standards-based.
Device Development Module
Devices not enabled with embedded Cisco IOS Software agents are supported using an embedded gateway module to enable customers to develop and register their own device adapters. This module allows customers to communicate or manage devices not supported by the Cisco Configuration Engine.
The Cisco Configuration Engine supports an embedded data repository. Customers can map to an external Lightweight Directory Access Protocol (LDAP) directory at setup. They also can duplicate an external directory to support a redundant data repository in case of failure.
Security is the most important concern that customers face. The Cisco Configuration Engine security implementation includes the following:
• Cisco IOS Software devices connect to the Cisco Configuration Engine through SSL, and all communication happens over an encrypted link.
• Prior to accepting any change request, Cisco IOS Software devices validate the public key from the Cisco Configuration Engine through Cisco IOS Software trust points.
• Customers using web services can connect to the Cisco Configuration Engine securely over SSL.
Table 1 lists the features and benefits of the Cisco Configuration Engine 2.0. Table 2 lists supported devices.
Table 1. Features and Benefits of Cisco Configuration Engine
Support for CPE devices using SSL transport
• This scalable solution enables large-scale secure deployment and management of Cisco CPE over SSL and allows customers to reduce deployment costs and service turn uptime.
• Time to implement new services is significantly reduced through eliminating staging and manual processes.
• This common solution supports all Cisco IOS Software CPE across multiple access technologies (leased line, Frame Relay, ATM, cable, DSL, Ethernet, and modem).
• With this scalable solution customers can implement services such as IP telephony, VPNs, firewalls, and so on.
• The feature-rich web GUI allows customers to use the product out of the box.
• The solution offers a configuration or image update to one device or group of devices.
Velocity template engine
• The engine is customizable to meet customers' business and operation requirements.
• The engine supports scripting languages (Java, Perl, and so on).
• With the engine customers can control work flow.
• Customers can update the configuration to one device or group of devices.
• Customers can configure email or e-page notification of outcome.
• Configuration changes are delivered to thousands of devices successfully in minutes rather than hours.
• The solution offers policy-based validation of device resources.
• The solution supports devices behind the firewall or devices that use dynamic IP addresses.
• Customers can configure email or e-page notification of outcome.
• XML/SOAP WSDL is available for all features supported from the web GUI.
• Communication between the customer's application and the Cisco Configuration Engine is secure.
• Implementation is easy.
Device module development
• Southbound APIs support customer scripts to communicate to devices.
• The solution is protocol-independent (Simple Network Management Protocol [SNMP], HTTP, Secure Shell [SSH] Protocol, Perl, and so on).
Support for Zero-Touch Deployment feature In Cisco PIX devices, incremental configuration updates, and image distribution
• Deployment cost and time are reduced.
• Productivity is improved.
• Software image upgrades are scalable.
• Network management is simplified.
Table 2. Devices Supported
Cisco IOS Software Platform
Minimum Cisco IOS Software Required
• Cisco 1800 Series Integrated Services Routers
• Cisco 2800 Series Integrated Services Routers
• Cisco 3800 Series Integrated Services Routers
Cisco IOS Software Releases 12.3(8)T and later
• Cisco SOHO 70 and SOHO 90 Series Routers
• Cisco 800 Series Routers
• Cisco 1700 Series Modular Access Routers
• Cisco IAD2400 Series Integrated Access Devices
Cisco IOS Software Releases 12.3T and 12.3M
• Cisco Unified Communications 500 Series for Small Business
Cisco IOS Software Releases 12.4(11)XW, 12.4(20)T, and later
• Cisco 2600 Series Multiservice Platforms
• Cisco 3700 Series Multiservice Access Routers
• Cisco AS5300 Series Universal Gateways
• Cisco AS5800 Series Universal Gateways
• Cisco 7200 Series Routers
• Cisco 7300 Series Routers
• Cisco 7500 Series Routers
• Cisco Catalyst
® 2950 Series Switches
• Cisco Catalyst 3550 Series Switches
• Cisco Catalyst 3560 Series Switches
• Cisco Catalyst 3750 Series Switches
• Cisco Catalyst 3760 Series Switches
Cisco IOS Software Release 12.1(11)EA1
• Cisco Catalyst 4500 Series Switches
• Cisco 7600 Series Routers
Cisco IOS Software Release 12.1(13)E
• Cisco 10000 Series Routers
• Cisco 10720 Router
• Cisco 12000 Series Routers
Cisco IOS Software Release 12.0(27)S
• Cisco PIX Firewall
Cisco PIX OS later than 6.2.1
Table 3 gives the system requirements of Cisco Configuration Engine.
Table 3. Cisco Configuration Engine System Requirements
Table 4. Ordering Information for Cisco Configuration Engine 2.0
Config Engine 2.0 media kit
Config Engine 2.0 RTU for 10 devices
Config Engine 2.0 RTU for 100 devices
Config Engine 2.0 RTU for 1000 devices
Config Engine 2.0 RTU for 10000 devices
Config Engine 2.0 media kit Upgrade
RTU 1.5-2.0 upgrade
RTU 1.5-2.0 upgrade
Config Engine 2.0 Developers Kit
Table 5. Ordering Information for Cisco Configuration Engine 2.0 Support
SP SAS Config Engine 2.0 Media Kit
SP SAS Config Engine 2.0 Developers Kit
SP SAS Config Engine 2.0TRU for 10 devices
SP SAS Config Engine 2.0TRU for 10K devices
SP SAS Config Engine 2.0TRU for 100 devices
SP SAS Config Engine 2.0TRU for 1000 devices
SW App SUPP Config Engine 2.0 Media Kit
SW App SUPP Config Engine 2.0 Developers Kit
SW App SUPP Config Engine 2.0 for 10 devices
SW App SUPP Config Engine 2.0 for 10K devices
SW App SUPP Config Engine 2.0 for 100 devices
SW App SUPP Config Engine 2.0 for 1000 devices
*The SP part numbers are applicable to service providers and the CON part numbers are applicable to enterprises.
Service and Support
Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services can help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business.