Cisco Prime Infrastructure 2.2 Quick Start Guide

About This Guide

This guide describes how to install Cisco Prime Infrastructure 2.2.

For detailed information about configuring and managing this product, see the Cisco Prime Infrastructure 2.2 Administrator Guide and the Cisco Prime Infrastructure 2.2 User Guide.

This guide explains how to install Prime Infrastructure as a virtual appliance on customer-supplied hardware. Prime Infrastructure is also available as a physical appliance. For information on how to install the physical appliance, see the Cisco Prime Infrastructure 2.2 Appliance Hardware Installation Guide.

Product Overview

Prime Infrastructure provides a single integrated solution for comprehensive lifecycle management of the wired or wireless access, campus, and branch networks, and rich visibility into end-user connectivity and application performance assurance issues. Prime Infrastructure accelerates the rollout of new services, secure access and management of mobile devices, making “Bring Your Own Device” (BYOD) a reality for corporate IT. Tightly coupling client awareness with application performance visibility and network control, Prime Infrastructure helps ensure uncompromised end-user quality of experience. Deep integration with the Cisco Identity Services Engine (ISE) further extends this visibility across security and policy-related problems, presenting a complete view of client access issues with a clear path to solving them.

Key Features

For:

• An overview of Prime Infrastructure features and benefits, see the latest Cisco Prime Infrastructure Data Sheets.
• Information about frequently used Prime Infrastructure features, see the Cisco Prime Infrastructure 2.2 User Guide.
• Information about features intended for administrators, see the Cisco Prime Infrastructure 2.2 Administrator Guide.

About Cisco Prime Infrastructure Licensing

Prime Infrastructure licenses control the features that you can use and the number of devices you can manage using those features. For more information about:

• Cisco Prime Infrastructure license types and how to order them, see the Cisco Prime Infrastructure 2.2 Ordering and Licensing Guide.
• How to apply purchased licenses, see the Cisco Prime Infrastructure 2.2 User Guide.

Understanding System Requirements

Prime Infrastructure is supplied as an appliance, which is a virtual machine (VM) that includes the application itself and a secured, hardened, 64-bit Red Hat Linux Enterprise Server operating system. The appliance comes in two main forms:

• Virtual : The virtual appliance is packaged as an Open Virtualization Archive (OVA) file, which must be installed on a user-supplied, qualified server running VMware ESXi. This form allows you to run on the server hardware of your choice. You can also install the virtual appliance in any of four configurations, each optimized for a different size of enterprise network. For hardware requirements and capacities for each of the virtual appliance’s size options, see Virtual Appliance Options.
• Physical : The physical appliance is packaged as a rack-mountable server, with VMware ESXi and the Prime Infrastructure VM pre-installed and configured for you. You have a choice of standard and high-performance configurations. For physical appliance hardware specifications and capacities, see Physical Appliance Options.

Virtual Appliance Options

Users deploying the Prime Infrastructure virtual appliance can choose one of the four options shown in Table 1. The hardware that you supply must meet or exceed the specifications given in the “System Requirements” section of the table, under the option that you select.

Physical Appliance Options

Users deploying the Prime Infrastructure physical appliance can choose from the Gen 1 or Gen 2 options shown in Table 2. The The Gen 1 and Gen 2 physical appliance capacities match those of the virtual appliance Standard and Professional options, respectively.

Web Client Requirements

All Prime Infrastructure users access the appliance from a client web browser. Web client requirements are:

• Hardware—A Mac or Windows laptop or desktop compatible with one of the following tested and supported browsers:

– Google Chrome 34, 35, 36 or later

– Microsoft Internet Explorer 10, or 11 (No plug-ins are required.)

– Mozilla Firefox ESR 17, 24

– Mozilla Firefox 30 or later

• Display resolution—We recommend that you set the screen resolution to 1280 x 800 or higher.
• Adobe Flash Player—You must install Adobe Flash Player on the client machine for Prime Infrastructure features to work properly. We recommend that you download and install the latest version of the Adobe Flash Player from the Adobe website.

FIPS Mode Installation Option

The Prime Infrastructure virtual appliance offers a “FIPS Mode” installation option. This option is intended for customers who require the products they use to be compliant with FIPS-140-2 standards.

Federal Information Processing Standards (FIPS) are United States government computer security standards. The FIPS-140-2 series specify requirements for cryptography modules. For a more complete description, see http://www.nist.gov/itl/fips.cfm .

To verify whether the Prime Infrastructure system is operating in FIPS mode, use the system CLI command show security-status. For more information, see Checking On Server Security Status in the Cisco Prime Infrastructure 2.2 Administrator Guide.

When deciding whether to install in FIPS Mode, be aware that:

• Installing Prime Infrastructure in FIPS Mode disables use of certain capabilities in order to comply with the cryptographic security requirements of FIPS-140-2. For more details, see the Best Practices: Server Security Hardening in the Cisco Prime Infrastructure 2.2 Administrator Guide.
• Only the wireless management solution functionality in Prime Infrastructure is certified for FIPS compliance. You should not install in FIPS Mode if you use Prime Infrastructure to manage wired, or combinations of both wired and wireless, devices.
• FIPS Mode is an installation option; you cannot disable it after installation. To use Prime Infrastructure in non-FIPS Mode, you must re-install the product.
• If you enable FIPS mode, TFTP and FTP are disabled by default. SFTP is used for upload and download operations.
• The Plug and Play features are not available if you enable FIPS mode.
• If you enable FIPS mode, you cannot enable root, and access to the root-mode CLI is restricted.
• If you install Prime Infrastructure 2.2 in FIPS Mode, you cannot restore to it a backup made on a non-FIPS enabled server. Conversely, you cannot restore a FIPS-enabled backup to a non-FIPS enabled Prime Infrastructure server. You can restore Prime Infrastructure versions prior to 2.2 on a non-FIPS enabled server only.

If You Are Upgrading From Previous Releases of Prime Infrastructure

This version of Prime Infrastructure does not offer an in-place upgrade. To upgrade to the latest version, you must instead install this version of Prime Infrastructure as a virtual appliance on a fresh server, or order it pre-installed on a fresh physical appliance. You can then migrate your data from your old Prime Infrastructure installation to the new one, using an application backup from the previous installation.

If you are currently using one of the following versions of Prime Infrastructure, you can back up your existing data and then restore that data to a different server running Prime Infrastructure 2.2:

• Cisco Prime Infrastructure 2.1.2 (with the UBF patch)
• Cisco Prime Infrastructure 2.1.1 (with the UBF patch)
• Cisco Prime Infrastructure 2.1.0.0.87
• Cisco Prime Infrastructure 1.4.2
• Cisco Prime Infrastructure 1.4.1
• Cisco Prime Infrastructure 1.4.0.45

If you are using a version earlier than 1.4.0.45 or 2.1.0.0.87, you will need to upgrade your server to version 2.1.0.0.87 (or version 1.4.0.45) before taking the backup.

If you are running multiple versions of Prime Infrastructure from which you want to migrate data, see If You Are Running Multiple Prime Infrastructure Versions.

Remember that backups can only be restored to a new Prime Infrastructure server that is the same size or bigger than your previous server. See FIPS Mode Installation Option.

To back up your data from a previous supported version of Prime Infrastructure, follow these steps:

Step 1 If you have not already done so: Set up a remote backup repository for the Prime Infrastructure version you are currently running. For details, see Using Remote Backup Repositories in the Cisco Prime Infrastructure 2.2 Administrator Guide.

Step 2 Take an application backup of the Prime Infrastructure version you are currently running, and store the backup in the remote repository. For details, see Taking Application Backups in the Cisco Prime Infrastructure 2.2 Administrator Guide.

Step 3 Verify the integrity of the backup as explained in Validating Your Backup.

If You Are Running Multiple Prime Infrastructure Versions

If you are running multiple previous releases of Prime Infrastructure (for example, you are running version 1.4.x and version 2.1.x), you must select one version from which to restore data. You cannot restore data from more than one Prime Infrastructure version. To combine data from multiple Prime Infrastructure versions:

1. Perform the restore operation for one Prime Infrastructure system running a previous Prime Infrastructure version. See Migrating Data From Previous Releases of Prime Infrastructure.

2. Export your device inventory and maps from other Prime Infrastructure systems and import the information into the Prime Infrastructure 2.2 system.

Validating Your Backup

You should check the validity of your Prime Infrastructure backup data by setting up an additional Prime Infrastructure server (either a spare Prime Infrastructure appliance or a new Prime Infrastructure virtual machine) and perform the restore operation as explained in Restoring From Application Backups in the Cisco Prime Infrastructure 2.2 Administrator Guide. If you do not have an additional Prime Infrastructure system to validate the backup, take at least two backups to reduce the risk of losing data.

If the restore operation does not work, or there are problems with the backed up image, try taking another backup from a production system, or try restoring from an earlier Prime Infrastructure backup.

If you cannot create a verified backup before installing this version of Prime Infrastructure, open a support case with Cisco TAC.

Before You Begin Installation

Before installing the Prime Infrastructure virtual appliance, you must ensure that:

• VMware ESXi is installed and configured on the machine that you plan to use as the Prime Infrastructure server. See the VMware documentation for information on setting up and configuring a VMware host. If you are using VMware ESX 5.5, you must use vSphere Client or ESX5.5U2 Client to manage the virtual machine. Do not edit the virtual machine settings and do not extend or manually add additional disks to the configuration.
• The installed VMware ESXi host is reachable.

See the VMware documentation on how to install the VMware vSphere Client. After the virtual host is available on the network, you can browse to its IP address to display a web-based interface from which you can install the VMware vSphere Client.

• The Prime Infrastructure OVA is saved to the same machine where your VMware vSphere Client is installed. Depending on your arrangement with Cisco, you may download the OVA file from Cisco.com or use your Cisco-supplied installation media.

Deploying the OVA from the VMware vSphere Client

Make sure that all of the system requirements are met before you deploy the OVA. Review the sections Understanding System Requirements and Before You Begin Installation.

Step 1 Launch your VMware vSphere Client and connect to the ESXi host or vCenter server.

Step 2 Choose File > Deploy OVF Template.

Step 3 Click Browse to access the location where you have saved the OVA file on your local machine, then click Next.

Step 4 Verify the details on the OVF template details page, then click Next.

Step 5 In the End User License Agreement window, click Accept, then click Next.

Step 6 In the Name and Location window, specify:

• In the Name field, enter the name of the new virtual machine.
• In the Inventory Location area, select the appropriate folder. (If the vSphere Client is connected directly to an ESXi host, this option does not appear.)

Step 7 Click Next.

Step 8 In the Deployment Configuration window, select the desired configuration (for example, Express, Standard, Professional, etc.) and view the resources required for the configuration you selected.

Note We recommend that you reserve 100% of CPU and memory resources for optimal performance.

Step 9 Click Next.

Step 10 In the Host/Cluster window, select the host or cluster on which you want to deploy the OVF template, then click Next. (If the vSphere Client is connected directly to an ESXi host, this option does not appear.)

Step 11 In the Storage window, select the datastore that has the required space requirements described in Virtual Appliance Options, then click Next.

Step 12 In the Disk Format window, select Thick Provision Lazy Zeroed to provision the virtual machine virtual disks, then click Next. Do not select Thin Provision because if there is no free disk space when the virtual machine needs it, Prime Infrastructure will fail.

Step 13 In the Network Mapping window, select a network for the virtual machine to use, then click Next.

Step 14 In the Ready to Complete window, review your settings, select Power on After Deployment, then click Finish.

Depending on your network speed and the IOPS of the server, the deployment can take a few minutes to complete.

Installing the Server

After you deploy the Prime Infrastructure OVA, you must configure the virtual appliance to install and start Prime Infrastructure.

Step 1 If the virtual machine is not already powered on, in the VMware vSphere Client, right-click the deployed virtual appliance and choose Power > Power On.

Step 2 Click the Console tab.

After the server boots up, you’ll see the localhost login prompt.

Step 3 At the localhost login prompt, enter setup.

Step 4 The console prompts you for the following parameters:

• Hostname—The host name of the virtual appliance.
• IP Address—The IP address of the virtual appliance.
• IP default netmask—The default subnet mask for the IP address.
• IP default gateway—The IP address of the default gateway.
• Default DNS domain—The default domain name.
• Primary nameserver—The IP address of the primary name server.
• Secondary name servers—The IP address if the secondary name server, if available. You can add up to three secondary name servers.
• Primary NTP server—The IP address or host name of the primary Network Time Protocol server you want to use. (time.nist.gov is the default).
• Secondary NTP servers—The IP addresses or host names of the secondary NTP servers to be used when the primary is not available.
• System Time Zone—The time zone code you want to use. See the list of supported time zones in the System Time Zones section of the Cisco Prime Infrastructure Appliance Hardware Installation Guide.
• Clock time—The clock time based on the server’s time zone.
• Username—The name of the first administrative user (known as “admin”). This is the administrator account used to log in to the server via the console or SSH. You can accept the default, which is admin.
• Password—Enter the admin user password and then confirm it.

Tip Keep your Prime Infrastructure password in safe place. If you forget the password, see Recovering Administrator Passwords on Virtual Appliances in the Cisco Prime Infrastructure 2.2 Administrator Guide.

Step 5 When you are done entering these values, the installer application tests the network configuration parameters that you entered. If the tests are successful, it begins installing Prime Infrastructure.

Step 6 When the application installation is complete, you will be prompted for the following post-installation parameters:

• High Availability Role Selection—Enter yes at the prompt if you want this installed server to serve as the failback secondary server in a high availability implementation. You will be prompted to provide an authentication key to be used for high availability registration. If you enter no at the prompt, the server will act as the primary server (standalone) and the installation will proceed with the following prompts:
• Web Interface Root Password—Enter and confirm the password used for the default root administrator. This is the account used to log in to the Prime Infrastructure web user interface for the first time and set up other user accounts.
• Enabling FIPS Mode—Specify yes if you want to install Prime Infrastructure in a Federal Information Processing Standards (FIPS) 140-2 compliant mode of operation (before selecting this option, be sure you have read and understand the section FIPS Mode Installation Option).

Step 7 Select Yes to proceed with the installation, or select No to re-enter high availability and FIPS mode options.

Step 8 When the installation is complete, the appliance reboots and you are presented with a login prompt.

Step 9 Log in to the virtual machine using the “admin” username and password that you specified in Step 4.

Step 10 Run the ncs status command (see Checking Prime Infrastructure Server Status in the Cisco Prime Infrastructure 2.2 Administrator Guide) to verify that the processes have restarted. You should see the following process statuses:

• Non-FIPS (Standalone): All Processes are up and running.
• FIPS (Standalone): FTP, TFTP, and PnP are disabled. Other processes are running.
• Secondary server: Health Monitor Process is running. (This is the only process that should be running on the secondary server.)

Migrating Data From Previous Releases of Prime Infrastructure

To restore your data from Prime Infrastructure 1.4.x or 2.1.x to your newly installed Prime Infrastructure 2.2 server, follow these steps:

Note If you are running multiple previous releases of Prime Infrastructure (for example, you are running version 1.4.x and version 2.1.x), you must select one version from which to restore data. You cannot restore data from more than one Prime Infrastructure version. See If You Are Running Multiple Prime Infrastructure Versions.

Step 1 Configure the new Prime Infrastructure host to use the same remote backup repository as the old host. For details, see Using Remote Backup Repositories in the Cisco Prime Infrastructure 2.2 Administrator Guide.

Step 2 Restore the application backup on the remote repository to the new host, as explained in Restoring From Application Backups in the Cisco Prime Infrastructure 2.2 Administrator Guide.

Step 3 When the process is complete:

• Instruct users to clear the browser cache on all client machines that accessed an older version of Prime Infrastructure before they try to connect to the upgraded Prime Infrastructure server.
• If you are using Prime Infrastructure to manage Cisco Wireless LAN Controllers, see Resynchronizing WLC Configurations.
• Synchronize your devices as explained in Synchronizing Devices in the Cisco Prime Infrastructure 2.2 User Guide .

Step 4 After the new Prime Infrastructure 2.2 server is operational, decommission your previous server.

Assurance Data after Migration

After restoring Prime Infrastructure 1.4.x data on a new Prime Infrastructure 2.2 virtual or physical appliance, you need to rehost your Assurance license only. All other licenses are automatically applied to the new server. For new license requests, email licensing@cisco.com.

When you move your data to Prime Infrastructure 2.2, the following Assurance data is not migrated:

• Raw NetFlow information
• Custom NetFlow reports
• Packet capture files
• Processed non-aggregated data, such as PFR data and URLs

Aggregated data is migrated depending on from which version of Prime Infrastructure the data is backed up and then restored:

• From Prime Infrastructure 1.4.x to 2.2—Assurance data is not migrated. (Your Assurance license must also be reissued when you migrate from Prime Infrastructure 1.4 to 2.2.)
• From Prime Infrastructure 2.1.x to 2.2—1-hour and 1-day aggregated data is migrated.
• From Prime Infrastructure 2.2 to 2.2—5-minute, 1-hour, and 1-day aggregated data is migrated.

Resynchronizing WLC Configurations

After you restore the backup of the previous version on the 2.2 version of Prime Infrastructure, your server’s records of Cisco Wireless LAN Controller configurations might be out of sync with the configurations stored on those devices. Resynchronize them using the following steps before continuing.

Step 1 Log in to Prime Infrastructure.

Step 2 Choose Inventory > Network Devices > Wireless Controller. Prime Infrastructure displays a list of all the controllers it is managing, including all Cisco WLCs.

Step 3 Select Refresh Config from Controller, then select Use the configuration on the controller currently, then click Go.

When the process completes, you should see a Refresh Configuration Report with a “Success” status value.

If the refresh process fails, click Audit Now to see any attribute mismatches.

Step 4 Repeat steps 3 and 4 for all your other WLCs.

Logging in to the Prime Infrastructure User Interface

Follow these steps to log in to the Prime Infrastructure user interface through a web browser:

Step 1 Launch one of the Supported Browsers (see Web Client Requirements) on a different computer from the one on which you installed and started Prime Infrastructure.

Step 2 In the browser’s address line, enter https: //ipaddress , where ipaddress is the IP address of the server on which you installed Prime Infrastructure. The Prime Infrastructure user interface displays the Login window.

When you access Prime Infrastructure for the first time, some browsers will display a warning that the site is untrusted. When this happens, follow the prompts to add a security exception and download the self-signed certificate from the Prime Infrastructure server. After you complete this procedure, the browser will accept the Prime Infrastructure server as a trusted site in all future login attempts.

Step 3 Enter the root administrator username and password, as specified when Installing the Server.

Step 4 Click Login to log in to Prime Infrastructure. The user interface is now active and available for use. The home page appears.

If any licensing problems occur, a message appears in an alert box. If you have an evaluation license, the number of days until the license expires is shown. You are also alerted to any expired licenses. You have the option to go directly to the Administration > Licenses page to address these problems.

Step 5 To ensure system security, choose Administration > Users, Roles & AAA > Change Password to change the password for the root administrator.

To exit the user interface, close the browser page or click Logout in the top-right corner of the page. Exiting a Prime Infrastructure user interface session does not shut down Prime Infrastructure on the server.

If a system administrator stops the Prime Infrastructure server during your Prime Infrastructure session, your session ends, and the browser displays this message: “The page cannot be displayed.” Your session does not re-associate to Prime Infrastructure when the server restarts. You must start a new Prime Infrastructure session.

Getting Started Using Prime Infrastructure

After you install Prime Infrastructure, you must perform additional tasks to begin managing your network. If you are an administrator, see the following sections in the Administrator Setup Tasks in the Cisco Prime Infrastructure 2.2 Administrator Guide:

• Configuring Data Sources for Prime Infrastructure with Assurance, including enabling NetFlow and Performance Agent.
• Managing Disk Space Issues on Prime Infrastructure servers.
• Renewing AAA Settings.
• Prime Infrastructure Software Updates

For information about installing the Cisco Plug and Play Application, see the Cisco Plug and Play Application User Guide.

Users should complete the tasks listed in the “Getting Started” chapter of the Cisco Prime Infrastructure 2.2 User Guide . After you complete these tasks, you are ready to start monitoring and configuring your network.

Ports Used by Prime Infrastructure and Assurance

Table 3 lists the ports used by Prime Infrastructure and Assurance. These ports must be open in firewalls if you are using these services.

Removing the Prime Infrastructure Virtual Appliance

Removing Prime Infrastructure using the following method will permanently delete all data on the server, including server settings and local backups. You will be unable to restore your data unless you have a remote backup. For other methods of removal, see Removing Prime Infrastructure in the Cisco Prime Infrastructure 2.2 Administrator Guide.

Step 1 In the VMware vSphere client, right-click the Prime Infrastructure virtual appliance.

Step 2 Power off the virtual appliance.

Step 3 Click Delete from Disk to remove the Prime Infrastructure virtual appliance.

Navigation and Documentation Reference

This section provides information about navigational paths to access Prime Infrastructure features, and the details of the sections where the features are covered in the Cisco Prime Infrastructure 2.2 User Guide.

Related Documentation

The Cisco Prime Infrastructure 2.2 Documentation Overview lists all documentation available for Prime Infrastructure:

Note We sometimes update the documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What’s New in Cisco Product Documentation as an RSS feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service. Cisco currently supports RSS Version 2.0.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2012-2015 Cisco Systems, Inc. All rights reserved.