PDF(109.9 KB) View with Adobe Reader on a variety of devices
Updated:August 4, 2005
The Cisco® Configuration Engine provides a unified, secure solution for automating the deployment of Cisco customer premises equipment (CPE). The Cisco Configuration Engine scalably distributes device and service configuration files and software images to one device or a group of devices, thereby reducing operating costs and deployment time to enable new services and customers.
The Cisco Configuration Engine is a highly scalable software application running on a Cisco 2116 Intelligence Engine]hardware platform and can be used by Cisco customers to manage as many as 5000 CPE devices, including Cisco routers, Cisco switches, and Cisco PIX devices. The Cisco Configuration Engine is a self-contained, rack-mountable, one-rack-unit (1-RU) device that requires minimal configuration and can be deployed without any changes to a customer's operation or business processes. Cisco Configuration Engine is ready to deploy and accessible through a Web-based GUI or Web services such as Extensible Markup Language (XML) and Simple Object Access Protocol (SOAP).
Service provider or large enterprise customers are faced with similar challenges of deploying and managing large volumes of network devices. This complexity is further increased when service providers or large enterprises introduce integrated managed enterprise service applications such as IP Communications, security, and VPNs. Traditionally, customers deploy management products from hardware vendors, which often do not meet operational challenges for managing the service-oriented network. The Cisco Configuration Engine architecture addresses customers' operational concerns such as scalability, performance, programmatic interfaces, and the flexibility to customize CPE deployments to meet their business and operation requirements. Adapting to standards-based Web and networking technologies, the Cisco Configuration Engine supports a highly scalable, available, distributed, and fault-tolerant architecture, enabling customers to customize core components to meet their requirements. Figure 1 shows a high-level overview of a fault-tolerant, distributed Cisco Configuration Engine implementation.
® Software devices connect to the Cisco Configuration Engine through persistent and secure TCP connections over Secure Sockets Layer (SSL), enabling the distribution of device and service configuration to thousands of devices in minutes. The Cisco Configuration Engine is shipped with all the necessary software components and an embedded data repository to quickly begin managing devices. As shown in Figure 1, customers managing large volumes of Cisco devices can adapt a distributed, highly available, fault-tolerant architecture with no single point of failure.
In this scenario, all Cisco configuration engines can share a common external data repository, which can be duplicated for redundancy. Because Cisco IOS Software devices connect to the Cisco Configuration Engine through persistent TCP connections, a Cisco Configuration Engine failure will lead to a loss of connectivity. Customers can optionally deploy a Cisco Content Switch to load balance Cisco IOS Software device connections. In case of failure, the Cisco Content Switch can be configured to move the connections to another Cisco Configuration Engine appliance.
Figure 1. High-Level Overview of a Cisco Configuration Engine Implementation
PRIMARY FEATURES AND BENEFITS
Major components of the Cisco Configuration Engine include:
• Data repository-The Cisco Configuration Engine supports an embedded data repository. Customers have an option to map to an external Lightweight Directory Access Protocol (LDAP) directory at setup. An external directory can be duplicated to support redundant data repository in case of failure.
• Web-based GUI-The Cisco Configuration Engine supports an intuitive, task-oriented, feature-rich, Web-based GUI. In addition to standard features such as a hierarchical view, groups, jobs, log files, and a scheduler, the Cisco Configuration Engine includes advanced features such as job customization, policy-based creation of dynamic virtual groups, and support for both embedded and external data repositories.
• Services-The Cisco Configuration Engine supports configuration and software image and file distribution services. Customers can choose one device or a group of devices to distribute device and service configurations, provide policy-based distribution and activation of software images, distribute files such as signature definition files (SDFs) for security
• Velocity template engine-The Cisco Configuration Engine supports the Velocity template engine, a widely used tool from Apache. The Velocity template engine enables customers to develop their own scripts, implementing logic to generate and validate configurations dynamically through interaction with devices.
• Web services-For customers who prefer to integrate programmatically, the Cisco Configuration Engine offer rich set of APIs based on Web services (XML/SOAP). The Cisco Configuration Engine adapts to industry-standard Web and Internet protocols, reducing the complexity of integration, and it supports secure communication based on HTTPS/SSL between the customer application and the Cisco Configuration Engine. Web services are available for configuration, image, and administrative services.
• Device development module-Devices not enabled with embedded Cisco IOS Software agents are supported using an embedded gateway module to enable customers to develop and register their own device adapters. This allows customers to communicate or manage devices not supported by the Cisco Configuration Engine.
• Security is the most important concern customers face. The Cisco Configuration Engine security implementation includes the following:
– Cisco IOS Software devices connect to the Cisco Configuration Engine through SSL, and all communication happens over an encrypted link.
– Prior to accepting any change request, Cisco IOS Software devices validate the public key from the Cisco Configuration Engine through Cisco IOS Software trust points.
– Customers using Web services can connect to the Cisco Configuration Engine securely over SSL.
The Cisco Configuration Engine automates the configuration of Cisco devices during initial deployments and in subsequent reconfigurations. This complete, automatic device deployment and configuration solution relieves service providers and large enterprise customers of the need to send technicians to customer sites, affording the customers fast activations for new services. Network administrators who manage large networks can also take advantage of the solution to distribute configurations, IP Security (IPSec) keys, passwords, and so on to a device or to groups of devices.
Version 1.5 extends Cisco Configuration Engine capabilities to offer:
• Secure Zero-Touch Deployment of services and software image
• Secure policy-based distribution of configurations, software images, SDFs, and Cisco CallManager Express feature scripts to one device or a group of devices
• Enhancements to the Web GUI to support features previously available only through integration with another application
• Dynamic work flow-enabled and user-programmable Velocity template engine
• XML/SOAP Web services for programmatic interface
What Is New for the Cisco Configuration Engine 1.5?
Enhancements to the Cisco Configuration Engine Web GUI
Starting with the Cisco Configuration Engine 1.5, the Web GUI supports all the functionality previously available only through integration with another application. Enhancements enable customers use the Cisco Configuration Engine out of the box, addressing operation concerns. New features include:
• Hierarchical representation of devices
• Dynamic search and creation of virtual groups
• Sending of configuration and mages to one group or a group of devices from the GUI
• Device cloning
• Bulk upload tool
Velocity Template Engine
The Cisco Configuration Engine 1.5 supports the dynamic, user-customizable Velocity template engine from Apache in addition to existing templates to enable customers to migrate to the Velocity template as needed. Primary benefits of using the Velocity template engine include:
• User customization based on device configuration and service activation requirements
• Support for Java, Perl, Expect, and other scripting tools
• Dynamic configuration generation by customers through interaction with the device
• Workflow control to enable customers to complete multiple jobs
• Ability of customers to develop and plug in scripts to validate device attributes entered by network operations center (NOC) personnel
• Support for scripts to autopopulate attribute values retrieved from a customer's data repository
Configuration and Image Services
The Cisco Configuration Engine 1.5 extends the configuration and image services functionality to include:
• E-page/e-mail notification after successful completion or failure of configuration updates and image distribution and activation
• Concept of batch size to enable customer to update thousands of devices but limit the number of simultaneous updates
• State information to monitor and update the outcome of service requests
• Policy-based image distribution and activation to validate device resources before upgrading software images
Today Web services play an important role in transforming enterprise application integration across all aspects of business. Customers prefer Web services because of their ease of use and low-cost integration based on open standards. The Cisco Configuration Engine 1.5 introduces support for Web services with a complete set of APIs in parallel with all the features supported through the Web GUI. Immediate benefits to customers integrating with the Cisco Configuration Engine using Web services include:
• Secure HTTPS/SSL communication between the customer application and the Cisco Configuration Engine
• Flexibility and ease of integration, reducing the cost of implementation
• XML/SOAP Web Services Description Language (WSDL) available for administrative, configuration, and image services; all features supported from the Web GUI can be accessed programmatically through Web services
• No dependency on the OS; standards based
Table 1 lists benefits and features of the Cisco Configuration Engine 1.5. Table 2 lists supported devices.
Table 1. Benefits and Features of the Cisco Configuration Engine
Support for 5000 CPE Devices Using SSL Transport
• This scalable solution enables large-scale secure deployment and management of Cisco CPE over SSL and allows users to reduce deployment costs and service turn uptime.
• Time to implement new service significantly reduced through eliminating staging and manual processes
• Common solution for all Cisco IOS Software CPEs across multiple access technologies (leased line, Frame Relay, ATM, cable, DSL, Ethernet, and modem)
• Scalable solution to implement services such as IP telephony, VPNs, firewalls, and so on
• Feature-rich Web GUI enables customer to use product out of the box
• Configuration or image update to one device or group of devices
Velocity Template Engine
• Customizable to meet customer's business and operation requirements
• Support for scripting languages (Java, Perl, and so on)
• Work flow control
• Configuration update to one device or group of devices
• E-mail/e-page notification of outcome
• Configuration delivered to thousands of devices successfully in minutes rather than hours
• Policy-based validation of device resources
• Support for devices behind firewall or using dynamic IP address
• E-mail/e-page notification of outcome
• XML/SOAP WSDL available for all features supported from Web GUI
• Secure communication between customer application and Cisco Configuration Engine
• Ease of implementation
Device Module Development
• Southbound APIs to support customer scripts to communicate to devices
• Protocol independent (Simple Network Management Protocol [SNMP], HTTP, Secure Shell [SSH] Protocol, Perl, and so on)
Support For Zero-Touch Deployment Feature In Cisco PIX Devices, Incremental Configuration Updates, and Image Distribution
• Reduced deployment cost and time
• Improved productivity
• Scalable software image upgrades
• Simplified network management
Table 2. Devices Supported
Cisco IOS Software Platform
Minimum Cisco IOS Software Required
• Cisco 1800 Series integrated services routers
• Cisco 2800 Series integrated services routers
• Cisco 3800 Series integrated services routers
Cisco IOS Software releases 12.3(8)T and above
• Cisco SOHO 70 and 90 series routers
• Cisco 800 Series routers
• Cisco 1700 Series modular access routers
• Cisco IAD2400 Series integrated access devices
Cisco IOS Software releases 12.3T and 12.3M
• Cisco 2600 Series multiservice platforms
• Cisco 3700 Series multiservice access routers
• Cisco AS5300 Series universal gateways
• Cisco AS5800 Series universal gateways
• Cisco 7200 Series routers
• Cisco 7300 Series routers
• Cisco 7500 Series routers
• Cisco Catalyst
® 2950 Series switches
• Cisco Catalyst 3550 Series switches
• Cisco Catalyst 3750 Series switches
• Cisco Catalyst 3760 Series switches
Cisco IOS Software Release 12.1(11)EA1
• Cisco Catalyst 4500 Series switches
• Cisco 7600 Series routers
Cisco IOS Software Release 12.1(13)E
• Cisco 10000 Series routers
• Cisco 10720 Router
• Cisco 12000 Series routers
Cisco IOS Software Release 12.0(27)S
• Cisco PIX Firewall
PIX OS later than 6.2.1
The Cisco Configuration Engine supports the following platforms through SSH embedded in the Cisco Configuration Engine:
• Cisco IOS Software devices
• Cisco Catalyst OS
• Cisco CSS 11000 Series content services switches
Cisco Configuration Engine 1.5: includes Cisco 2116 Intelligence Engine and Version1.5 software, with 2500-device license and option to purchase 5000-device license
License upgrade for Cisco Configuration Engine 1.5 from 2500-device license to 5000-device license
Minor release update for Cisco Configuration Engine software for Cisco 2115 Intelligence Engine customers that need Version 1.5 software and do not have Software Application Support contract
Cisco Configuration Engine: SDK 1.6
Cisco Configuration Engine: SDK upgrade
SERVICE AND SUPPORT
® offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you to protect your network investment, optimize network operations, and prepare the network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, see
Cisco Technical Support Services or
Cisco Advanced Services.