SUPPLEMENTAL LICENSE AGREEMENT FOR CISCO SYSTEMS NETWORK MANAGEMENT SOFTWARE: CISCO PRIME INFRASTRUCTURE
IMPORTANT - READ CAREFULLY : This Supplemental License Agreement (“SLA”) contains additional limitations on the license to the Software provided to Customer under the End User License Agreement between Customer and Cisco. Capitalized terms used in this SLA and not otherwise defined herein shall have the meanings assigned to them in the End User License Agreement. To the extent that there is a conflict among any of these terms and conditions applicable to the Software, the terms and conditions in this SLA shall take precedence.
By installing, downloading, accessing or otherwise using the Software, Customer agrees to be bound by the terms of this SLA. If Customer does not agree to the terms of this SLA, Customer may not install, download or otherwise use the Software.
ADDITIONAL LICENSE RESTRICTIONS:
Installation and Use. The Software components are provided to Customer solely to install, update, supplement, or replace existing functionality of the applicable Network Management Software product. Customer may install and use the following Software components:
– Cisco Prime Infrastructure: May be installed on a server in Customer's network management environment.
For each Software license granted, customers may install and run the Software on a single server to manage the number of network devices and codecs specified in the license file provided with the Software, or as specified in the Software License Claim Certificate. Customers whose requirements exceed the network device and codec limits must purchase upgrade licenses or additional copies of the Software. The network device and codec limits are enforced by license registration.
Reproduction and Distribution. Customers may not reproduce nor distribute the Software.
DESCRIPTION OF OTHER RIGHTS AND LIMITATIONS.
Refer to the Cisco Systems, Inc. End User License Agreement.
This section provides basic information about the product and this Guide.
Prime Infrastructure provides a single integrated solution for comprehensive lifecycle management of the wired or wireless access, campus, and branch networks, and rich visibility into end-user connectivity and application performance assurance issues. Prime Infrastructure accelerates the rollout of new services, secure access and management of mobile devices, making “Bring Your Own Device” (BYOD) a reality for corporate IT. Tightly coupling client awareness with application performance visibility and network control, Prime Infrastructure helps ensure uncompromised end-user quality of experience. Deep integration with the Cisco Identity Services Engine (ISE) further extends this visibility across security and policy-related problems, presenting a complete view of client access issues with a clear path to solving them.
Prime Infrastructure is supplied as an appliance, which is a virtual machine (VM) that includes the application itself and a secured, hardened, 64-bit Red Hat Linux Enterprise Server operating system. The appliance comes in two main forms:
Virtual : The virtual appliance is packaged as an Open Virtualization Archive (OVA) file, which must be installed on a user-supplied, qualified server running VMware ESXi. This form allows you to run on the server hardware of your choice. You can also install the virtual appliance in any of four configurations, each optimized for a different size of enterprise network. For hardware requirements and capacities for each of the virtual appliance’s size options, see Virtual Appliance Options.
Physical : The physical appliance is packaged as a rack-mountable server, with VMware ESXi and the Prime Infrastructure VM pre-installed and configured for you. You have a choice of standard and high-performance configurations. For physical appliance hardware specifications and capacities, see Physical Appliance Options.
Virtual Appliance Options
Users deploying the Prime Infrastructure virtual appliance can choose one of the four options shown in Table 1. The hardware that you supply must meet or exceed the specifications given in the “System Requirements” section of the table, under the option that you select.
Table 1 Prime Infrastructure Virtual Appliance Options
2.You can configure any combination of sockets and cores, the product of which must equal the number of virtual CPUs required. For example, if 16 virtual CPUs are required, you can configure 4 sockets with 4 cores, or 2 sockets with 8 cores, etc.
3.“Maximum groups” is the total number of all user-defined groups, out-of-the-box groups, device groups, and port groups
Physical Appliance Options
Users deploying the Prime Infrastructure physical appliance can choose from the Gen 1 or Gen 2 options shown in Table 2. The The Gen 1 and Gen 2 physical appliance capacities match those of the virtual appliance Standard and Professional options, respectively.
Table 2 Prime Infrastructure Physical Appliance Options
4.The Gen 2 Cisco UCS-based physical appliance is scheduled for release in the first quarter of calendar year 2015.
5.“Maximum groups” is the total number of all user-defined groups, out-of-the-box groups, device groups, and port groups
Web Client Requirements
All Prime Infrastructure users access the appliance from a client web browser. Web client requirements are:
Hardware—A Mac or Windows laptop or desktop compatible with one of the following tested and supported browsers:
– Google Chrome 34, 35, 36 or later
– Microsoft Internet Explorer 10, or 11 (No plug-ins are required.)
– Mozilla Firefox ESR 17, 24
– Mozilla Firefox 30 or later
Display resolution—We recommend that you set the screen resolution to 1280 x 800 or higher.
Adobe Flash Player—You must install Adobe Flash Player on the client machine for Prime Infrastructure features to work properly. We recommend that you download and install the latest version of the Adobe Flash Player from the Adobe website.
FIPS Mode Installation Option
The Prime Infrastructure virtual appliance offers a “FIPS Mode” installation option. This option is intended for customers who require the products they use to be compliant with FIPS-140-2 standards.
Federal Information Processing Standards (FIPS) are United States government computer security standards. The FIPS-140-2 series specify requirements for cryptography modules. For a more complete description, see http://www.nist.gov/itl/fips.cfm.
To verify whether the Prime Infrastructure system is operating in FIPS mode, use the system CLI command show security-status. For more information, see Checking On Server Security Status in the Cisco Prime Infrastructure 2.2 Administrator Guide.
When deciding whether to install in FIPS Mode, be aware that:
Installing Prime Infrastructure in FIPS Mode disables use of certain capabilities in order to comply with the cryptographic security requirements of FIPS-140-2. For more details, see the Best Practices: Server Security Hardening in the Cisco Prime Infrastructure 2.2 Administrator Guide.
Only the wireless management solution functionality in Prime Infrastructure is certified for FIPS compliance. You should not install in FIPS Mode if you use Prime Infrastructure to manage wired, or combinations of both wired and wireless, devices.
FIPS Mode is an installation option; you cannot disable it after installation. To use Prime Infrastructure in non-FIPS Mode, you must re-install the product.
If you enable FIPS mode, TFTP and FTP are disabled by default. SFTP is used for upload and download operations.
The Plug and Play features are not available if you enable FIPS mode.
If you enable FIPS mode, you cannot enable root, and access to the root-mode CLI is restricted.
If you install Prime Infrastructure 2.2 in FIPS Mode, you cannot restore to it a backup made on a non-FIPS enabled server. Conversely, you cannot restore a FIPS-enabled backup to a non-FIPS enabled Prime Infrastructure server. You can restore Prime Infrastructure versions prior to 2.2 on a non-FIPS enabled server only.
If You Are Upgrading From Previous Releases of Prime Infrastructure
This version of Prime Infrastructure does not offer an in-place upgrade. To upgrade to the latest version, you must instead install this version of Prime Infrastructure as a virtual appliance on a fresh server, or order it pre-installed on a fresh physical appliance. You can then migrate your data from your old Prime Infrastructure installation to the new one, using an application backup from the previous installation.
If you are currently using one of the following versions of Prime Infrastructure, you can back up your existing data and then restore that data to a different server running Prime Infrastructure 2.2:
Cisco Prime Infrastructure 2.1.2 (with the UBF patch)
Cisco Prime Infrastructure 2.1.1 (with the UBF patch)
Cisco Prime Infrastructure 22.214.171.124.87
Cisco Prime Infrastructure 1.4.2
Cisco Prime Infrastructure 1.4.1
Cisco Prime Infrastructure 126.96.36.199
If you are using a version earlier than 188.8.131.52 or 184.108.40.206.87, you will need to upgrade your server to version 220.127.116.11.87 (or version 18.104.22.168) before taking the backup.
If You Are Running Multiple Prime Infrastructure Versions
If you are running multiple previous releases of Prime Infrastructure (for example, you are running version 1.4.x and version 2.1.x), you must select one version from which to restore data. You cannot restore data from more than one Prime Infrastructure version. To combine data from multiple Prime Infrastructure versions:
2. Export your device inventory and maps from other Prime Infrastructure systems and import the information into the Prime Infrastructure 2.2 system.
Validating Your Backup
You should check the validity of your Prime Infrastructure backup data by setting up an additional Prime Infrastructure server (either a spare Prime Infrastructure appliance or a new Prime Infrastructure virtual machine) and perform the restore operation as explained in Restoring From Application Backups in the Cisco Prime Infrastructure 2.2 Administrator Guide. If you do not have an additional Prime Infrastructure system to validate the backup, take at least two backups to reduce the risk of losing data.
If the restore operation does not work, or there are problems with the backed up image, try taking another backup from a production system, or try restoring from an earlier Prime Infrastructure backup.
If you cannot create a verified backup before installing this version of Prime Infrastructure, open a support case with Cisco TAC.
Installing Cisco Prime Infrastructure
Follow the instructions in the Related Topics to install the Prime Infrastructure virtual appliance.
Before installing the Prime Infrastructure virtual appliance, you must ensure that:
VMware ESXi is installed and configured on the machine that you plan to use as the Prime Infrastructure server. See the VMware documentation for information on setting up and configuring a VMware host. If you are using VMware ESX 5.5, you must use vSphere Client or ESX5.5U2 Client to manage the virtual machine. Do not edit the virtual machine settings and do not extend or manually add additional disks to the configuration.
The installed VMware ESXi host is reachable.
See the VMware documentation on how to install the VMware vSphere Client. After the virtual host is available on the network, you can browse to its IP address to display a web-based interface from which you can install the VMware vSphere Client.
The Prime Infrastructure OVA is saved to the same machine where your VMware vSphere Client is installed. Depending on your arrangement with Cisco, you may download the OVA file from Cisco.com or use your Cisco-supplied installation media.
Step 1 Launch your VMware vSphere Client and connect to the ESXi host or vCenter server.
Step 2 Choose File > Deploy OVF Template.
Step 3 Click Browse to access the location where you have saved the OVA file on your local machine, then click Next.
Step 4 Verify the details on the OVF template details page, then click Next.
Step 5 In the End User License Agreement window, click Accept, then click Next.
Step 6 In the Name and Location window, specify:
In the Name field, enter the name of the new virtual machine.
In the Inventory Location area, select the appropriate folder. (If the vSphere Client is connected directly to an ESXi host, this option does not appear.)
Step 7 Click Next.
Step 8 In the Deployment Configuration window, select the desired configuration (for example, Express, Standard, Professional, etc.) and view the resources required for the configuration you selected.
Note We recommend that you reserve 100% of CPU and memory resources for optimal performance.
Step 9 Click Next.
Step 10 In the Host/Cluster window, select the host or cluster on which you want to deploy the OVF template, then click Next. (If the vSphere Client is connected directly to an ESXi host, this option does not appear.)
Step 11 In the Storage window, select the datastore that has the required space requirements described in Virtual Appliance Options, then click Next.
Step 12 In the Disk Format window, select Thick Provision Lazy Zeroed to provision the virtual machine virtual disks, then click Next. Do not select Thin Provision because if there is no free disk space when the virtual machine needs it, Prime Infrastructure will fail.
Step 13 In the Network Mapping window, select a network for the virtual machine to use, then click Next.
Step 14 In the Ready to Complete window, review your settings, select Power on After Deployment, then click Finish.
Depending on your network speed and the IOPS of the server, the deployment can take a few minutes to complete.
Installing the Server
After you deploy the Prime Infrastructure OVA, you must configure the virtual appliance to install and start Prime Infrastructure.
Step 1 If the virtual machine is not already powered on, in the VMware vSphere Client, right-click the deployed virtual appliance and choose Power > Power On.
Step 2 Click the Console tab.
After the server boots up, you’ll see the localhost login prompt.
Step 3 At the localhost login prompt, enter setup.
Step 4 The console prompts you for the following parameters:
Hostname—The host name of the virtual appliance.
IP Address—The IP address of the virtual appliance.
IP default netmask—The default subnet mask for the IP address.
IP default gateway—The IP address of the default gateway.
Default DNS domain—The default domain name.
Primary nameserver—The IP address of the primary name server.
Secondary name servers—The IP address if the secondary name server, if available. You can add up to three secondary name servers.
Primary NTP server—The IP address or host name of the primary Network Time Protocol server you want to use. (time.nist.gov is the default).
Secondary NTP servers—The IP addresses or host names of the secondary NTP servers to be used when the primary is not available.
Clock time—The clock time based on the server’s time zone.
Username—The name of the first administrative user (known as “admin”). This is the administrator account used to log in to the server via the console or SSH. You can accept the default, which is admin.
Password—Enter the admin user password and then confirm it.
Step 5 When you are done entering these values, the installer application tests the network configuration parameters that you entered. If the tests are successful, it begins installing Prime Infrastructure.
Step 6 When the application installation is complete, you will be prompted for the following post-installation parameters:
High Availability Role Selection—Enter yes at the prompt if you want this installed server to serve as the failback secondary server in a high availability implementation. You will be prompted to provide an authentication key to be used for high availability registration. If you enter no at the prompt, the server will act as the primary server (standalone) and the installation will proceed with the following prompts:
Web Interface Root Password—Enter and confirm the password used for the default root administrator. This is the account used to log in to the Prime Infrastructure web user interface for the first time and set up other user accounts.
Enabling FIPS Mode—Specify yes if you want to install Prime Infrastructure in a Federal Information Processing Standards (FIPS) 140-2 compliant mode of operation (before selecting this option, be sure you have read and understand the section FIPS Mode Installation Option).
Step 7 Select Yes to proceed with the installation, or select No to re-enter high availability and FIPS mode options.
Step 8 When the installation is complete, the appliance reboots and you are presented with a login prompt.
Step 9 Log in to the virtual machine using the “admin” username and password that you specified in Step 4.
Migrating Data From Previous Releases of Prime Infrastructure
To restore your data from Prime Infrastructure 1.4.x or 2.1.x to your newly installed Prime Infrastructure 2.2 server, follow these steps:
Note If you are running multiple previous releases of Prime Infrastructure (for example, you are running version 1.4.x and version 2.1.x), you must select one version from which to restore data. You cannot restore data from more than one Prime Infrastructure version. See If You Are Running Multiple Prime Infrastructure Versions.
Step 1 Configure the new Prime Infrastructure host to use the same remote backup repository as the old host. For details, see Using Remote Backup Repositories in the Cisco Prime Infrastructure 2.2 Administrator Guide.
Step 4 After the new Prime Infrastructure 2.2 server is operational, decommission your previous server.
Assurance Data after Migration
After restoring Prime Infrastructure 1.4.x data on a new Prime Infrastructure 2.2 virtual or physical appliance, you need to rehost your Assurance license only. All other licenses are automatically applied to the new server. For new license requests, email email@example.com.
When you move your data to Prime Infrastructure 2.2, the following Assurance data is not migrated:
Raw NetFlow information
Custom NetFlow reports
Packet capture files
Processed non-aggregated data, such as PFR data and URLs
Aggregated data is migrated depending on from which version of Prime Infrastructure the data is backed up and then restored:
From Prime Infrastructure 1.4.x to 2.2—Assurance data is not migrated. (Your Assurance license must also be reissued when you migrate from Prime Infrastructure 1.4 to 2.2.)
From Prime Infrastructure 2.1.x to 2.2—1-hour and 1-day aggregated data is migrated.
From Prime Infrastructure 2.2 to 2.2—5-minute, 1-hour, and 1-day aggregated data is migrated.
Resynchronizing WLC Configurations
After you restore the backup of the previous version on the 2.2 version of Prime Infrastructure, your server’s records of Cisco Wireless LAN Controller configurations might be out of sync with the configurations stored on those devices. Resynchronize them using the following steps before continuing.
Step 1 Log in to Prime Infrastructure.
Step 2 Choose Inventory > Network Devices > Wireless Controller. Prime Infrastructure displays a list of all the controllers it is managing, including all Cisco WLCs.
Step 3 Select Refresh Config from Controller, then select Use the configuration on the controller currently, then click Go.
When the process completes, you should see a Refresh Configuration Report with a “Success” status value.
If the refresh process fails, click Audit Now to see any attribute mismatches.
Step 4 Repeat steps 3 and 4 for all your other WLCs.
Logging in to the Prime Infrastructure User Interface
Follow these steps to log in to the Prime Infrastructure user interface through a web browser:
Step 1 Launch one of the Supported Browsers (see Web Client Requirements) on a different computer from the one on which you installed and started Prime Infrastructure.
Step 2 In the browser’s address line, enter https: //ipaddress, where ipaddress is the IP address of the server on which you installed Prime Infrastructure. The Prime Infrastructure user interface displays the Login window.
When you access Prime Infrastructure for the first time, some browsers will display a warning that the site is untrusted. When this happens, follow the prompts to add a security exception and download the self-signed certificate from the Prime Infrastructure server. After you complete this procedure, the browser will accept the Prime Infrastructure server as a trusted site in all future login attempts.
Step 4 Click Login to log in to Prime Infrastructure. The user interface is now active and available for use. The home page appears.
If any licensing problems occur, a message appears in an alert box. If you have an evaluation license, the number of days until the license expires is shown. You are also alerted to any expired licenses. You have the option to go directly to the Administration > Licenses page to address these problems.
Step 5 To ensure system security, choose Administration > Users, Roles & AAA > Change Password to change the password for the root administrator.
To exit the user interface, close the browser page or click Logout in the top-right corner of the page. Exiting a Prime Infrastructure user interface session does not shut down Prime Infrastructure on the server.
If a system administrator stops the Prime Infrastructure server during your Prime Infrastructure session, your session ends, and the browser displays this message: “The page cannot be displayed.” Your session does not re-associate to Prime Infrastructure when the server restarts. You must start a new Prime Infrastructure session.
Users should complete the tasks listed in the “Getting Started” chapter of the Cisco Prime Infrastructure 2.2 User Guide. After you complete these tasks, you are ready to start monitoring and configuring your network.
The following topics provide reference information about Prime Infrastructure and its support options.
Step 1 In the VMware vSphere client, right-click the Prime Infrastructure virtual appliance.
Step 2 Power off the virtual appliance.
Step 3 Click Delete from Disk to remove the Prime Infrastructure virtual appliance.
Navigation and Documentation Reference
This section provides information about navigational paths to access Prime Infrastructure features, and the details of the sections where the features are covered in the Cisco Prime Infrastructure 2.2 User Guide.
Table 4 Navigation and Documentation Reference
Navigation in Cisco Prime Infrastructure
Section in Cisco Prime Infrastructure User Guide
Administration > Licenses
Administration > Users, Roles & AAA
Controlling User Access
Discovering your network
Inventory > Device Management > Discovery
Setting up virtual domains
Administration > Virtual Domains
Using monitoring dashboards
Dashboard > General
Operating the Network
Using templates for configuring and monitoring
Configuration > Templates > Features & Technologies or Monitor > Monitoring Policies
Designing the Network
Using templates for wireless configuration
Configuration > Templates > Controller Template Launch Pad
Note We sometimes update the documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
Subscribe to the What’s New in Cisco Product Documentation as an RSS feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service. Cisco currently supports RSS Version 2.0.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.