-
null
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The following topics describe the windows and dialog boxes that are related to configuration deployment:
•Deployment Manager Window (Non-Workflow Mode)
•Deployment Manager Window (Workflow Mode)
•Deployment Schedules Tab, Deployment Manager
Use the Deployment Manager window to manage deployment jobs and schedules. You can display a list of deployment jobs, view job details, deploy and redeploy configurations to devices, abort deployment jobs, roll back to previous configurations on selected devices, and create schedules to automatically generate deployment jobs.
Navigation Path
Click the Deployment Manager button on the Main toolbar or select Tools > Deployment Manager.
Related Topics
•Overview of the Deployment Process, page 17-2
•Viewing Deployment Status and History for Jobs and Schedules, page 17-16
•Deploying Configurations in Non-Workflow Mode, page 17-17
•Deploying Configurations Using an Auto Update Server or CNS Configuration Engine, page 17-25
•Deploying Configurations to a Token Management Server, page 17-26
•Managing Device Communication Settings and Certificates, page 5-21
•Previewing Configurations, page 17-27
•Redeploying Configurations to Devices, page 17-28
•Aborting Deployment Jobs, page 17-29
•Rolling Back Configurations to Devices Using the Deployment Manager, page 17-38
•Creating or Editing Deployment Schedules, page 17-30
•Suspending or Resuming Deployment Schedules, page 17-31
Field Reference
|
|
---|---|
This tab shows individual deployment jobs. Select a job in the upper pane to view its details in the tabs in the lower pane. |
|
Name |
The name of the job. |
Last Action |
The date and time that the job or status was changed based on the time zone of the server, not the time zone of the client. |
Status |
The state of each job. For a description of the states, see Job States in Non-Workflow Mode, page 17-5. |
Changed By |
The name of the user who modified the job. |
Description |
The description of the job. Double-click the icon to see the description. |
Type |
The type of job with respect to scheduling. A one time job was not created from a regularly recurring job, whereas a recurring job was. |
Deploy button |
Click this button to deploy the generated CLI commands to the selected devices or files. The Deploy Saved Changes dialog box opens (see Deploy Saved Changes Dialog Box). |
Refresh button |
Click this button to reload job information from the Security Manager server. If the message Auto Refresh is On is displayed beneath the table, the job list is automatically refreshed periodically. Note The auto refresh setting is configured in the administration settings for deployment: select Tools > Security Manager Administration > Deployment. |
Redeploy button |
Click this button to redeploy the selected job, which deploys the generated CLI commands to the selected devices or files. The Redeploy Job dialog box opens (see Redeploy a Job Dialog Box). |
Abort button |
Click this button to abort the selected job if it is in the Deploying state. The Abort Deployment Job dialog box opens (see Abort the Job Dialog Box. |
Rollback button |
Click this button to roll back the configuration of devices in the job to the previous configuration. The Deployment Rollback dialog box opens (see Rollback a Job Dialog Box). |
Summary tab |
Displays summary information about the status of the selected deployment job, such as the status of the job, the name of the deployment job, the number of devices included in the job, the number of devices deployed successfully, and number of device deployed with errors. |
Details tab |
Displays detailed information for the selected job. The table lists each device included in the job, whether deployment succeeded or failed, and a summary of the number of warnings, errors, or failures for the device. Select a device in the table to view the results for that device: •Double-click the icon in the Config column to view the configuration (see Config Version Viewer (Preview Configuration) Dialog Box). If you deleted the device from the inventory, the configuration and transcript might not be available. •If you were deploying to the device, double-click the icon in the Transcripts column to view a transcript of the commands sent to the device and the device's responses. •When you select a device, the Messages box in the lower left contains a summary of the messages generated for the deployment. Select an item to view its description to the right. You might have to enlarge the window to make the Description box visible. If applicable, there might also be information on the actions you can take to resolve the problems. |
Use this tab to schedule regular deployment jobs. For detailed information about this tab, see Deployment Schedules Tab, Deployment Manager |
Use the Deployment Manager window to manage deployment jobs and schedules. You can display a list of deployment jobs, view job details, deploy and redeploy configurations to devices, abort deployment jobs, roll back to previous configurations on selected devices, and create schedules to automatically generate deployment jobs. You can also track changes made to deployment jobs and schedules.
Navigation Path
Click the Deployment Manager button on the Main toolbar or select Tools > Deployment Manager.
Related Topics
•Overview of the Deployment Process, page 17-2
•Viewing Deployment Status and History for Jobs and Schedules, page 17-16
•Deploying Configurations in Workflow Mode, page 17-19
•Deploying Configurations Using an Auto Update Server or CNS Configuration Engine, page 17-25
•Deploying Configurations to a Token Management Server, page 17-26
•Managing Device Communication Settings and Certificates, page 5-21
•Creating and Editing Deployment Jobs, page 17-20
•Submitting Deployment Jobs, page 17-22
•Approving and Rejecting Deployment Jobs, page 17-22
•Deploying a Deployment Job in Workflow Mode, page 17-23
•Discarding Deployment Jobs, page 17-24
•Previewing Configurations, page 17-27
•Redeploying Configurations to Devices, page 17-28
•Aborting Deployment Jobs, page 17-29
•Rolling Back Configurations to Devices Using the Deployment Manager, page 17-38
Field Reference
|
|
---|---|
This tab shows individual deployment jobs. Select a job in the upper pane to view its details in the tabs in the lower pane. |
|
Name |
The name of the job. |
Last Action |
The date and time that the job or status was changed based on the time zone of the server, not the time zone of the client. |
Status |
The state of each job. For a description of the states, see Job States in Workflow Mode, page 17-7. |
Changed By |
The name of the user who modified the job. |
Description |
The description of the job. Double-click the icon to see the description. |
Create button |
Click this button to create a new job. The Create a Job dialog box opens (see Deployment—Create or Edit a Job Dialog Box). |
Open button |
Click this button to open the selected job. The Edit a Job dialog box opens (see Deployment—Create or Edit a Job Dialog Box). |
Close button |
Click this button to close and save all changes made while the selected job was open. You can close a job when it is in the Edit Open or the Submit Open state. Normally, you do not need to close a job, because you will typically submit, approve, deploy, or schedule the job for deployment. However, if the Security Manager server is suddenly unavailable or your login session times out, a job might be left in the Edit Open state. If this happens, you can close it manually by selecting it and clicking Close. |
Submit button |
Click this button to submit the selected job for approval. You can submit a job when it is in the Edit or the Edit Open state. The Submit Deployment Job dialog box opens (see Submit Deployment Job Dialog Box). This button is active only if you are using Workflow mode with a deployment job approver. |
Reject button |
Click this button to reject the selected job if you are not satisfied with the configurations generated for the devices. You can reject jobs only in workflow mode with a deployment job approver. After a job is rejected, it can be opened for editing or discarded. You are prompted to enter an optional comment to explain why you are rejecting the job. |
Approve button |
Click this button to approve the selected job. After a job is approved, it can be deployed. You are prompted to enter an optional comment to explain why you are approving the job. |
Discard button |
Click this button to discard the selected job. You can discard a job when it is in any state except Deployed, Deployment Failed, or Aborted. Once discarded, the job cannot be edited, submitted, approved, or deployed. The job state is shown as discarded until the job is purged from the system either automatically as set on the Workflow settings page or manually (for more information, see Workflow Page, page A-42). You are prompted to enter an optional comment to explain why you are discarding the job. |
Refresh button |
Click this button to reload job information from the Security Manager server. If the message Auto Refresh is On is displayed beneath the table, the job list is automatically refreshed periodically. Note The auto refresh setting is configured in the administration settings for deployment: select Tools > Security Manager Administration > Deployment. |
Deploy button |
Click this button to deploy the job, which deploys the generated CLI commands to the selected devices or files. If the job is in the Approved state, the Deploy Job dialog box opens (see Deploy Job Dialog Box). If the job is in the deployed, failed, or aborted state then the Redeploy Job dialog box opens (see Redeploy a Job Dialog Box). |
Abort button |
Click this button to abort the selected job if it is in the Deploying state. A warning asks you to confirm the action. |
Rollback button |
Click this button to deploy the previously deployed configuration to the devices in the selected job. The Deployment Rollback dialog box opens (see Rollback a Job Dialog Box). |
Summary tab |
Displays summary information about the status of the selected deployment job, such as the status of the job, the name of the deployment job, the number of devices included in the job, the number of devices deployed successfully, and the number of devices deployed with errors. |
Details tab |
Displays detailed information for the selected job. The table lists each device included in the job, whether deployment succeeded or failed, and a summary of the number of warnings, errors, or failures for the device. Select a device in the table to view the results for that device: •Double-click the icon in the Config column to view the configuration (see Config Version Viewer (Preview Configuration) Dialog Box). If you deleted the device from the inventory, the configuration and transcript might not be available. •If you were deploying to the device, double-click the icon in the Transcripts column to view a transcript of the commands sent to the device and the device's responses. •When you select a device, the Messages box in the lower left contains a summary of the messages generated for the deployment. Select an item to view its description to the right. You might have to enlarge the window to make the Description box visible. If applicable, there might also be information on the actions you can take to resolve the problems. |
History tab |
Displays a log of the changes that have been made to the selected job. The information includes the state changes, the user who made the change, the date and time of the change (based on the Security Manager server time), and any comments the user entered to document the change. |
Use this tab to schedule regular deployment jobs. For detailed information about this tab, see Deployment Schedules Tab, Deployment Manager. |
Use the Deployment Schedules tab on the Deployment Manager window to create regularly recurring deployment jobs. Whenever the scheduled deployment time occurs, Security Manager creates a specific deployment job based on the scheduled job.
Navigation Path
Click the Deployment Manager button on the Main toolbar or select Tools > Deployment Manager, and then click the Deployment Schedules tab in the upper pane.
Related Topics
•Overview of the Deployment Process, page 17-2
•Creating or Editing Deployment Schedules, page 17-30
•Suspending or Resuming Deployment Schedules, page 17-31
Field Reference
|
|
---|---|
This table shows deployment job schedules. Select a schedule in the table to view its details in the tabs in the lower pane. |
|
Name |
Name of the job schedule. Jobs created from this schedule use this name plus a time stamp. |
Status |
The status of the schedule: •Edit—In Workflow mode, the schedule is being created. You can open it and change its settings. No jobs are created from schedules that are being edited. •Active—Deployment jobs will be created according to this schedule. •Suspended—The schedule was suspended and no jobs are being created by it. You can restart the schedule by selecting it and clicking Resume. |
Recurrence |
How often deployment jobs will be created from this schedule. |
Next Run |
The date and time a deployment job will next be created from this schedule. |
Last Run |
The date and time of the most recent deployment job created from this schedule. |
Schedule End |
The date and time the schedule is no longer active. If the schedule has no end date, Active Indefinitely is indicated. |
Description |
The description of the job schedule. Double-click the icon to see the description. |
Create button |
Click this button to create a deployment job schedule. The Schedule dialog box opens where you can create the schedule (see Schedule Dialog Box. |
Open button |
Click this button to open the selected schedule. The Schedule dialog box opens where you can view or modify the schedule (see Schedule Dialog Box). In non-Workflow mode, modifying the schedule does not change its status. In Workflow mode, the status changes to Edit, and you must resubmit it for approval. |
Close button (Workflow mode only) |
Click this button to close and save all changes made while the schedule was open. You can close a schedule when it is in the Edit Open or the Submit Open state. Typically, you will have to close schedules only if the Security Manager server becomes unavailable while you have a schedule open. |
Submit button (Workflow mode only) |
Click this button to submit the selected schedule for approval if you are operating in Workflow mode with an approver. You can submit a schedule when it is in the Edit or the Edit Open state. You are prompted for an optional comment to explain the submission, and an e-mail is generated to the approver in Workflow mode. |
Reject button (Workflow mode only) |
Click this button to reject the selected schedule. You are prompted for an optional comment to explain the rejection, and an e-mail is generated to the approver and submitter in Workflow mode. |
Approve button (Workflow mode only) |
Click this button to approve the selected schedule. You are prompted for an optional comment to explain the approval, and an e-mail is generated to the approver and submitter in Workflow mode. |
Discard button |
Click this button to discard the selected schedule. You can discard a schedule unless there is an active deployment job that was created from the schedule. (You can wait for the job to finish, or abort the job and then discard the schedule.) You are prompted for an optional comment to explain the discard, and an e-mail is generated to the approver and submitter in Workflow mode. |
Refresh button |
Click this button to reload schedule information from the Security Manager server. If the message Auto Refresh is On is displayed beneath the table, the schedule list is automatically refreshed periodically. Note The auto refresh setting is configured in the administration settings for deployment: select Tools > Security Manager Administration > Deployment. |
Suspend button |
Click this button to suspend the selected schedule. Suspending the schedule does not delete the schedule, but it prevents the creation of deployment jobs based on it. You are prompted for a comment to explain the suspension, and an e-mail is generated to the approver in Workflow mode. |
Resume button |
Click this button to reactivate a suspended schedule. You are prompted for a comment to explain the suspension, and an e-mail is generated to the approver in Workflow mode. |
Summary tab |
Displays summary information about the selected schedule. Besides the fields shown in the table, summary information includes the number of devices included in the schedule and the user ID of the person who last changed the schedule. |
Devices tab |
Displays the devices that are included in the selected schedule. These are the devices to which configurations are deployed when a deployment job is created from the schedule. To change the device list, click Open, then click Add Devices on the Schedule dialog box. |
History tab |
Displays a log of the changes that have been made to the selected schedule. The information includes the state changes, the user who made the change, the date and time of the change (based on the Security Manager server time), and any comments the user entered to document the change. |
Jobs tab |
Displays a list of the deployment jobs that have been created based on the selected schedule. Information includes the name of the job, the date and time the job was created based on server time (not the client time), and the job status. If you select a job, and click the Deployment Job tab, the selected job is highlighted and you can view the job details. For information on job status, see these topics: •Job States in Workflow Mode, page 17-7 |
The following topics provide details about the dialog boxes used when you create or deploy deployment jobs or schedules:
•Deploy Saved Changes Dialog Box
•Deployment—Create or Edit a Job Dialog Box
•Edit Deploy Method Dialog Box
•Warning - Partial VPN Deployment Dialog Box
•Config Version Viewer (Preview Configuration) Dialog Box
•Submit Deployment Job Dialog Box
•Deployment Workflow Commentary Dialog Box
•Deployment Status Details Dialog Box
Use the Deploy Saved Changes dialog box in non-Workflow mode to select specific devices for deployment.
Also consider the following:
•Modifying a subset of devices that are part of a VPN might make the VPN inoperable. If you select a subset of devices that are part of a VPN and click OK, a warning appears. See Warning - Partial VPN Deployment Dialog Box.
•You cannot select devices that were included in other deployment jobs that are in an active state (Edit, Edit Open, and Approved). You can select devices that were included in other deployment jobs that are in the Deployed, Failed, Discarded, or Aborted states.
•Firewall service modules (FWSMs) and Intrusion Detection System service modules (IDSMs) contain virtual devices. Security Manager considers the module and the virtual devices to be separate devices.
•Some changes to the FWSM might require the Catalyst Multiservice function card (MSFC) to be updated as well. If you select an FWSM that has these types of changes, Security Manager notifies you that you must include the MSFC in the deployment job, and it will select the MSFC device for you automatically. However, if the MSFC is already included in another active deployment job, you cannot include the MSFC in the current deployment job. You must remove the MSFC from the other deployment job, discard the other deployment job, or include the FWSM in the other deployment job.
Navigation Path
Do one of the following in non-Workflow mode:
•Select File > Submit and Deploy or click the Submit and Deploy Changes button on the toolbar.
•Select File > Deploy.
•Click the Deployment Manager button on the Main toolbar and click the Deployment Jobs tab if it is not active. Click Deploy.
Security Manager validates all of the policy changes that were made since the last deployment. If the validation results in errors, either click Cancel and resolve the errors before attempting to deploy again or click OK to proceed to the Deploy Saved Changes dialog box.
Related Topics
•Overview of the Deployment Process, page 17-2
•Deploying Configurations in Non-Workflow Mode, page 17-17
•Deploying Configurations Using an Auto Update Server or CNS Configuration Engine, page 17-25
•Deploying Configurations to a Token Management Server, page 17-26
•Managing Device Communication Settings and Certificates, page 5-21
•Previewing Configurations, page 17-27
•Job States in Non-Workflow Mode, page 17-5
Field Reference
|
|
---|---|
Device Selector |
The device selector lists all devices for which policy changes were made but not yet deployed, and initially all changed devices are selected for deployment. All device groups that contain changed devices are shown, and you can select or deselect the devices using the device group folder. If you select or deselect a device that appears in more than one group, it is selected or deselected in all groups; however, a device is deployed to only once in the job. Right-click and select Expand All to open all of the folders. To preview the configuration for a device, right-click the device and select Preview Config. |
Edit deploy method button |
Click this button to change the deployment method for the devices in the job (that is, whether you are deploying the configuration to the device or to a configuration file). The Edit Deploy Method dialog box opens (see Edit Deploy Method Dialog Box). |
Add other devices button |
Click this button to add devices whose configurations have not changed to the deployment job. The Add Other Devices dialog box opens (see Add Other Devices Dialog Box). |
Deploy button |
Click this button to start the deployment job for the selected devices, which generates the required configuration files and applies them according to your selected deployment method. The Deployment Status Details dialog box opens to display the status of the job (see Deployment Status Details Dialog Box). |
Use the Deployment—Create a Job or Edit a Job dialog boxes to create or edit a deployment job in Workflow mode. Deployment jobs are used to deploy your policy configurations to the devices.
When creating deployment jobs, consider the following:
•Modifying a subset of devices that are part of a VPN might make the VPN inoperable. If you select a subset of devices that are part of a VPN and click OK, a warning appears. See Warning - Partial VPN Deployment Dialog Box.
•You cannot select devices that were included in other deployment jobs that are in an active state (Edit, Edit Open, Submitted, Submitted Open, Approved, or Rejected). You can select devices that were included in other deployment jobs that are in the Deployed, Failed, Discarded, or Aborted states.
•Firewall service modules (FWSMs) and Intrusion Detection System service modules (IDSMs) contain virtual devices. Security Manager considers the module and the virtual devices to be separate devices.
•Some changes to the FWSM might require the Catalyst Multiservice function card (MSFC) to be updated as well. If you select an FWSM that has these types of changes, Security Manager notifies you that you must include the MSFC in the deployment job, and it will select the MSFC device for you automatically. However, if the MSFC is already included in another active deployment job, you cannot include the MSFC in the current deployment job. You must remove the MSFC from the other deployment job, discard the other deployment job, or include the FWSM in the other deployment job.
Navigation Path
Do one of the following from the Deployment Jobs tab on the Deployment Manager window.
•Click Create to create a new job.
•Select an editable job and click Open.
Related Topics
•Overview of the Deployment Process, page 17-2
•Creating and Editing Deployment Jobs, page 17-20
•Working with Deployment and the Configuration Archive, page 17-15
•Job States in Workflow Mode, page 17-7
•Deployment Manager Window (Workflow Mode)
Field Reference
|
|
---|---|
|
|
Name |
The name for the deployment job. Each job must have a unique name. Because the job name enables you to distinguish one job from another, you should assign a name that reflects the contents of the job. You cannot change the name when editing a job. |
Description |
(Optional) A description for the deployment job. You cannot change the description when editing a job. |
|
|
Device Selector |
The device selector lists all devices for which policy changes were made but not yet deployed, and initially all changed devices are selected for deployment. All device groups that contain changed devices are shown, and you can select or deselect the devices using the device group folder. If you select or deselect a device that appears in more than one group, it is selected or deselected in all groups; however, a device is deployed to only once in the job. Right-click and select Expand All to open all of the folders. |
Edit deploy method button |
Click this button to change the deployment method for the devices in the job (that is, whether you are deploying the configuration to the device or to a configuration file). The Edit Deploy Method dialog box opens (see Edit Deploy Method Dialog Box). |
Add other devices button |
Click this button to add devices whose configurations have not changed to the deployment job. The Add Other Devices dialog box opens (see Add Other Devices Dialog Box). |
|
|
Close the job |
Saves the job so that you can make additional changes later. |
Approve the job |
Saves and simultaneously approves the job, which you can deploy later. These fields appear if you select this option: •Comments—Comments about the job approval. •Submitter—The e-mail address of the person submitting the job for approval. Notifications of job state changes are sent to this address, which is initially the e-mail address associated with the user account you used to log into Security Manager. |
Deploy the job |
Saves and simultaneously approves and deploys the job. These fields appear if you select this option: •Options—Whether to Deploy Now or Schedule. If you select Schedule, additional fields appear where you can specify the date and time when the job should be run. The time is in 24-hour format and is based on the time zone of the Security Manager server, which is not necessarily the same time zone that you are currently in. The target time must be at least five minutes in the future. •Comments—Comments about the deployment job. •Send Deployment Status Notification—Whether Security Manager should send e-mail notifications whenever the job status changes. If you select this option, enter the e-mail addresses of the people who should receive notifications in the Job Completion Recipients field. If you enter multiple addresses, separate them with commas. The field initially contains the default approver and your e-mail addresses. |
|
|
Submit the job |
Whether to submit the job for approval. By default this check box is selected. |
Approver E-mail |
The e-mail address of the approver if you are submitting the job for approval. The default approver e-mail address is entered in the field, but you can change it. |
Comments |
Comments you want to send to the approver, if any. |
Submitter E-mail |
The e-mail address of the submitter. The field initially contains the e-mail address associated with the user account you used to log in, but you can change it to another address. |
Use the Edit Deploy Method dialog box to specify whether to deploy the generated configurations directly to the devices in the network or to create configuration files in a directory on the Security Manager server.
Navigation Path
Click Edit Deploy Method in the Create or Edit a Job (Workflow mode) or Deploy Saved Changes (non-Workflow mode) dialog boxes.
Related Topics
•Understanding Deployment Methods, page 17-10
•Creating and Editing Deployment Jobs, page 17-20
•Deploying Configurations in Non-Workflow Mode, page 17-17
•Deploying Configurations in Workflow Mode, page 17-19
•Deploying Configurations Using an Auto Update Server or CNS Configuration Engine, page 17-25
•Deploying Configurations to a Token Management Server, page 17-26
•Managing Device Communication Settings and Certificates, page 5-21
•Deployment—Create or Edit a Job Dialog Box
•Deploy Saved Changes Dialog Box
Field Reference
|
|
---|---|
Device |
The name of the device. |
Method |
The deployment method to use: •Device—Deploys the configuration directly to the device or to the transport mechanism specified for the device. For more information, see Deploying Directly to a Device, page 17-10 or Deploying to a Device through an Intermediate Server, page 17-11. •File—Deploys the configuration file to a directory on the Security Manager server. If you select File, specify the directory to which you want to deploy the configuration file in the Destination column. For more information, see Deploying to a File, page 17-12. Note To set the deployment method for more than one device at a time, select the desired rows, right-click and select Edit Selected Deploy Method. The Edit Selected Deploy Method dialog box opens where you can make your selections. |
Destination |
If you selected File in the Method field, enter the directory to which you want to deploy the configuration file. Click Browse to select from a list of available directories. |
Preview Config button |
Click this button to display the proposed configuration changes for the selected device. You can compare it to the last deployed configuration or the current running configuration. For more information, see Config Version Viewer (Preview Configuration) Dialog Box. |
Out of Band Change Behavior |
Click the radio button corresponding to the action you want Security Manager to take regarding changes made directly on the device using the CLI. For a complete explanation of how to handle out-of-band changes, including the meaning of the available options, see Understanding How Out-of-Band Changes are Handled, page 17-13. |
Use the Add Other Devices dialog box to select devices for the deployment job or schedule. The devices in the list might not have active policy changes. When you are creating a job, you might want to add devices that do not have policy changes if a device was manually modified and you want to return the device to its previous configuration (the configuration stored in the Security Manager database).
Navigation Path
To open this dialog box, do one of the following:
•From the Create or Edit a Job dialog boxes, click Add other devices.
•From the Deploy Saved Changes dialog box, click Add other devices.
•From the Schedule dialog box, click Add devices.
Related Topics
•Deployment—Create or Edit a Job Dialog Box
•Creating and Editing Deployment Jobs, page 17-20
•Including Devices in Deployment Jobs or Schedules, page 17-9
•Deploy Saved Changes Dialog Box
•Deploying Configurations in Non-Workflow Mode, page 17-17
•Deploying Configurations in Workflow Mode, page 17-19
•Deploying Configurations Using an Auto Update Server or CNS Configuration Engine, page 17-25
•Deploying Configurations to a Token Management Server, page 17-26
•Managing Device Communication Settings and Certificates, page 5-21
•Creating or Editing Deployment Schedules, page 17-30
Field Reference
|
|
---|---|
Available Devices |
The list of all devices in the inventory whether or not they contain proposed policy changes. Select the devices to include in the job or schedule and click >> to move the devices to the Selected Devices field. You can display a subset of devices based on the filtering criteria you define. For more information, see Filtering Items in Selectors, page 2-14. |
Selected Devices |
The list of devices you selected for inclusion in the job or schedule. To remove devices, select them and click <<. |
Use the Partial VPN Deployment dialog box to select other devices that are part of a VPN to which you are deploying configurations.
When you create a deployment job and the job contains devices in a VPN, you must select all of the devices in the VPN. If you select a subset of devices and try to deploy to only those devices, this dialog box appears so that you can select the other devices that are part of the VPN.
Navigation Path
•Workflow mode—If you select a subset of devices in a VPN in the Create or Edit a Job dialog box, this dialog box appears when you click OK.
•Non-Workflow mode—If you select a subset of devices in a VPN in the Deploy Saved Changes dialog box, this dialog box appears when you click Deploy.
Related Topics
•Deployment—Create or Edit a Job Dialog Box
•Creating and Editing Deployment Jobs, page 17-20
•Deploy Saved Changes Dialog Box
•Deploying Configurations in Non-Workflow Mode, page 17-17
•Deploying Configurations in Workflow Mode, page 17-19
•Deploying Configurations Using an Auto Update Server or CNS Configuration Engine, page 17-25
•Deploying Configurations to a Token Management Server, page 17-26
•Managing Device Communication Settings and Certificates, page 5-21
Field Reference
Use the Config Version Viewer dialog box to display the proposed changes, last deployed configuration, or current running configuration for a device.
If you preview the configuration for a virtual sensor, the preview that you see is for the parent device, not the virtual sensor, because the configuration for a virtual sensor is stored on the parent device.
Note Before opening the Config Version Viewer dialog box, Security Manager validates the configuration. If any errors or warnings occur, the Preview Messages dialog box appears. The dialog box lists all of the messages, including their severity and possible solutions. Click OK to continue to the Config Version Viewer dialog box.
Navigation Path
There are many ways to preview a configuration. You can select a device from the Device selector and select Tools > Preview Configuration, or you can click the Preview Config button in several dialog boxes. For more information on previewing configurations, see Previewing Configurations, page 17-27.
Tip You can also right click a device in Map view and select Preview Configuration.
Related Topics
•Previewing Configurations, page 17-27
•Managing Device Communication Settings and Certificates, page 5-21
Field Reference
When workflow is turned on with a deployment job approver, jobs must be submitted for approval before policy changes can be deployed to devices.
Navigation Path
To access this dialog box, do one of the following:
•From the Create a Job dialog box, select the Submit the job checkbox.
•From the Deployment Manager window, select the job on the Deployment Jobs tab and click Submit.
Related Topics
•Submitting Deployment Jobs, page 17-22
•Deployment—Create or Edit a Job Dialog Box
•Deployment Manager Window (Workflow Mode)
•Job States in Workflow Mode, page 17-7
Field Reference
When you perform an action in the Deployment Manager while working in Workflow mode, you are prompted to enter a comment to describe the action. The comments are preserved in the history for the job or schedule.
The title of the dialog box indicates the action you are taking. Enter an optional comment and click OK to perform the action.
Navigation Path
In Workflow mode, select a job or schedule in the Deployment Manager and click the appropriate button to perform the desired action.
Use the Deploy Job dialog box to start an approved deployment job in Workflow mode.
Navigation Path
In Workflow mode, from the Deployment Manager window, select the approved job on the Deployment Jobs tab and click Deploy.
Related Topics
•Overview of the Deployment Process, page 17-2
•Deployment Manager Window (Workflow Mode)
•Deploying Configurations in Workflow Mode, page 17-19
•Deploying Configurations in Workflow Mode, page 17-19
•Deploying Configurations Using an Auto Update Server or CNS Configuration Engine, page 17-25
•Deploying Configurations to a Token Management Server, page 17-26
•Managing Device Communication Settings and Certificates, page 5-21
•Job States in Workflow Mode, page 17-7
Field Reference
The Deployment Status Details dialog box appears while configurations are being deployed to selected devices. It displays summary information about the job, status about the deployment to each device, and messages indicating why the deployment failed.
In the Deployment Details table, select a row corresponding to a device to display deployment status messages for that device.
Note You can click Close to close this dialog box and continue working in Security Manager while deployment continues.
Navigation Path
From the Deploy Saved Changes dialog box, click Deploy.
Related Topics
•Overview of the Deployment Process, page 17-2
•Deploy Saved Changes Dialog Box
•Deployment Job Approval, page 17-9
•Deploying Configurations in Non-Workflow Mode, page 17-17
•Deploying Configurations Using an Auto Update Server or CNS Configuration Engine, page 17-25
•Deploying Configurations to a Token Management Server, page 17-26
•Managing Device Communication Settings and Certificates, page 5-21
•Device Communication Page, page A-11
Field Reference
|
|
---|---|
|
|
Progress Status Bar |
A visual representation and percentage of devices that were successfully updated. |
Status |
The status of the deployment. The possible states are Deploying, Aborted, Successful, and Failed. For descriptions of these states, see Job States in Non-Workflow Mode, page 17-5. |
Deployment Job Name |
The name of the deployment job. |
Devices To Be Deployed |
The total number of devices in the deployment job. |
Devices Deployed Successfully |
The number of devices that were updated successfully. |
Devices Deployed With Errors |
The number of devices that failed to be updated. |
This table lists the devices that are included in the deployment job. |
|
Device |
The name of the device. |
Status |
The status of the deployment to the device. For descriptions of these states, see Job States in Non-Workflow Mode, page 17-5. |
Summary |
The number of warnings, errors, and failures for the device. |
Method |
The method of deployment to the device. Possible methods are File and Device. |
Config |
The device configuration file. Double click the icon to preview the configuration for a device. For more information, see Config Version Viewer (Preview Configuration) Dialog Box. |
Transcript |
The commands Security Manager issued to the device and the responses from the device during deployment if you are deploying to the device (instead of deploying to a file). Double-click the icon to see the transcript for a device. |
Messages |
The warning, error, and failure messages, as indicated by the severity icon. When you select an item, the Description box to the right describes the message in detail. The Action box to the right provides information on how you can correct the problem. |
Refresh button |
Click this button to update the status information. |
Abort button |
Click this button to abort the deployment job. You can abort deployment jobs only while they are in the Deploying, Scheduled, or Rolling Back state. Aborting a job stops deployment of configuration files to pending devices, but has no effect on devices to which deployments are in progress (commands are being written to a device) or to which deployment has already completed successfully. |
You can manually halt a job that is in the Deploying state. Only pending deployments to devices are halted. Successful deployments and those that are in progress are not affected by the abort operation.
If you want to abort the job, click OK.
Navigation Path
From the Deployment Manager window, select the job (which must be in the Deploying state) and click Abort. You can also abort a job from the Deployment Status dialog box.
Related Topics
•Aborting Deployment Jobs, page 17-29
•Deployment Manager Window (Non-Workflow Mode)
•Deployment Manager Window (Workflow Mode)
•Job States in Non-Workflow Mode, page 17-5
•Job States in Workflow Mode, page 17-7
You can redeploy a deployment job if you want to. This is especially valuable for jobs in the Failed or Aborted states. You can redeploy to all devices in the job, or you can select specific devices (such as the devices to which deployment failed).
Navigation Path
Do one of the following:
•(Non-Workflow mode) From the Deployment Manager window, select the job and click Redeploy.
•(Workflow mode) From the Deployment Manager window, select the job and click Deploy.
Related Topics
•Redeploying Configurations to Devices, page 17-28
•Job States in Non-Workflow Mode, page 17-5
•Job States in Workflow Mode, page 17-7
•Understanding Deployment Methods, page 17-10
Field Reference
|
|
---|---|
Selection |
Whether to include the device in the redeployment job. By default, all the devices with the status Failed are selected. |
Name |
The name of the device. |
Method Destination |
The deployment method to use: •Device—Deploys the configuration directly to the device or to the transport mechanism specified for the device. For more information, see Deploying Directly to a Device, page 17-10 or Deploying to a Device through an Intermediate Server, page 17-11. •File—Deploys the configuration file to a directory on the Security Manager server. If you select File, specify the directory to which you want to deploy the configuration file in the Destination column. Click Browse to select from a list of available directories. For more information, see Deploying to a File, page 17-12. Note To set the deployment method for more than one device at a time, select the desired rows, right-click and select Edit Selected Deploy Method. The Edit Selected Deploy Method dialog box opens where you can make your selections. |
Previous status |
The status of the previous deployment. |
Last Updated By |
The name of the deployment job that updated the device. |
Preview Config button |
Click this button to display the proposed configuration changes for the selected device. You can compare it to the last deployed configuration or the current running configuration. For more information, see Config Version Viewer (Preview Configuration) Dialog Box. |
Out of Band Change Behavior |
Click the radio button corresponding to the action you want Security Manager to take regarding changes made directly on the device using the CLI. For a complete explanation of how to handle out-of-band changes, including the meaning of the available options, see Understanding How Out-of-Band Changes are Handled, page 17-13. |
Use the Rollback a Job dialog box to revert the configurations of the devices in the job to their last good configurations. You might want to roll back configurations if you determine that there is something wrong with the new configurations.
If there are no previous configurations for a device in the configuration archive, you cannot roll back the configuration. You can roll back configurations only to configurations that were deployed to the device, not to a file. Besides using the Deployment Manager to roll back to the last good configuration, you can use the Configuration Archive to roll back to any past configuration.
Navigation Path
From the Deployment Manager window, select the job (which must be in the Deployed or Failed states) on the Deployment Jobs tab and click Rollback. You might be prompted with a warning; click OK when prompted to confirm the operation and open the Rollback a Job dialog box.
Related Topics
•Overview of the Deployment Process, page 17-2
•Rolling Back Configurations to Devices Using the Deployment Manager, page 17-38
•Aborting Deployment Jobs, page 17-29
•Deployment Manager Window (Non-Workflow Mode)
•Deployment Manager Window (Workflow Mode)
•Job States in Non-Workflow Mode, page 17-5
•Job States in Workflow Mode, page 17-7
Field Reference
|
|
---|---|
Selection |
Whether to include the device in the rollback job. By default, all the devices with the status Succeeded are selected. |
Name |
The name of the device. |
Method |
The deployment method, File or Device. You can select only devices that use the Device method when rolling back configurations. |
Previous Status |
The status of the previous deployment. |
Last Updated By |
The name of the deployment job that updated the device. |
Preview Config button |
Click this button to display the proposed configuration changes for the selected device. You can compare it to the last deployed configuration or the current running configuration. For more information, see Config Version Viewer (Preview Configuration) Dialog Box. |
Use the Schedule dialog box to create a regularly recurring deployment job.
Navigation Path
Select Tools > Deployment Manager to open the Deployment Manager window, click the Deployment Schedules tab in the upper pane, and do one of the following:
•Click Create to create a new schedule.
•Select a schedule and click Open to view or modify its properties.
Related Topics
•Creating or Editing Deployment Schedules, page 17-30
•Suspending or Resuming Deployment Schedules, page 17-31
Field Reference
|
|
---|---|
This group defines the name of the job and the job's notification requirements. |
|
Name |
The name of the job. When individual deployment jobs are created from this schedule, a time stamp is added to the job name. |
Description |
The description of the purpose of the job. |
Approver Email (Workflow only) |
The e-mail address of the person who should approve the schedule. |
Comments (Workflow only) |
(Optional) Information to help the approver evaluate the schedule when you save this schedule. |
Submitter Email (Workflow only) |
The e-mail address of the person who is submitting this schedule for approval. This field initially contains the e-mail address associated with the user account you used to log into Security Manager, but you can change it. |
Require Deployment Status Notifications (Workflow only) |
Whether to send e-mail messages for any change in the job status for the job schedule or any job created from it. Messages are sent to the approver and the submitter. |
The fields in this group define the job schedule. |
|
Start Date |
The first day of the schedule. Click the calendar icon to select the date from a calendar. |
Time (Start) |
The time of day to run the schedule. The time is in 24-hour format and is based on the server time zone, not the client time zone. |
Recurrence |
How often to create a deployment job based on this schedule: •One time—Run this job once on the day specified as the start date at the specified start time. •Hourly—Run this job on an hourly schedule. Specify the number of hours between deployment jobs. •Daily—Run this job on a daily schedule. Specify the number of days between deployment jobs. •Weekly—Run this job on the specified days of the week. •Monthly—Run this job on a monthly schedule. Select the day of the month to run the job, and the number of months between deployment jobs. |
Run Indefinitely End Date and Time |
The expiration date and time for the schedule. Deployment jobs are not created after this time. Select Run Indefinitely if you do not want the schedule to expire. |
This table lists the devices that are included in the deployment job. To add devices to the list, or to remove them from it, click Add devices, which opens the Add Other Devices dialog box (see Add Other Devices Dialog Box). If Security Manager is configured to use user-login credentials for accessing devices, your username and password are captured during schedule creation. If you change your password, you will need to recreate the schedule. |
The Configuration Archive stores configuration versions for each device managed by Security Manager. If you delete a device from Security Manager, all of the device's configurations are also deleted from the Configuration Archive.
You can use Configuration Archive to:
•View the transcript of a configuration deployment for a selected device.
•View and compare configuration versions.
•View CLI differences between deployed configuration versions.
•Roll back to an earlier configuration version, provided that the configuration originated from the device. You should roll back configurations only under extreme circumstances. For more information, see these topics:
–Understanding Configuration Rollback, page 17-33
–Using Rollback to Deploy Archived Configurations, page 17-40
•Add the current running configuration for a device to the archive.
You can sort the list of configuration versions for a device by clicking on the column heading that you want to sort on. Clicking the column heading toggles between sorting the rows in ascending or descending order. You can also control the fields displayed by right-clicking on any column heading and selecting or deselecting the desired column names under the Show Columns command.
Navigation Path
Select Tools > Configuration Archive.
Related Topics
•Configuration Archive Page, page A-2
•Viewing and Comparing Archived Configuration Versions, page 17-32
•Understanding Configuration Rollback, page 17-33
•Using Rollback to Deploy Archived Configurations, page 17-40
•Understanding Rollback for Devices in Multiple Context Mode, page 17-34
•Understanding Rollback for Failover Devices, page 17-34
•Understanding Rollback for Catalyst 6500/7600 Devices, page 17-35
•Understanding Rollback for IPS and IOS IPS, page 17-35
•Adding Configuration Versions from a Device to the Configuration Archive, page 17-31
Field Reference
|
|
---|---|
Device Selector Filter |
Lists the devices in the device inventory. Select a device to see the configuration versions for the device that are available in the archive. These are displayed in the right pane. You can display a subset of devices based on the filtering criteria you define. For more information, see Filtering Items in Selectors, page 2-14. |
Version ID |
The version number of the configuration version. By default, this column is not displayed. To display it, right click any column heading and select Show Columns > Version ID. |
Created On |
The date and time that the configuration version was archived. |
Created By |
The user ID or system ID associated with adding the configuration version to the archive. If there are two names in the form username1(username2), the first name is the user who initiated the request, and the name in parentheses is the system identity user. For more information on the system identity trust user, see the Installation Guide for Cisco Security Manager. |
Archival Source |
The origin of the archiving event (for example, User Request, Deployment, Discovery). |
Creation Comment |
A description about how or why the configuration version was created. |
Transcript Icon |
When double-clicked, displays a transcript of a configuration version that was deployed to a device. A transcript is the log file of transactions between Security Manager and a device captured during a deployment or rollback operation. It includes commands sent and received between server and device from the time of the deployment or rollback request, but it does not include communication that occurs during the initial discovery phase of deployment, when Security Manager obtains the current configuration from the device. |
View button |
Click this button to display the selected configuration in the Config Version Viewer window (see Configuration Version Viewer), where you can also compare the configuration to other configuration versions. |
Rollback button |
Click this button to roll the device configuration back to the selected configuration version, provided that the configuration originated from the device. You should roll back configurations only under extreme circumstances. For more information see these topics: •Understanding Configuration Rollback, page 17-33 •Using Rollback to Deploy Archived Configurations, page 17-40 |
Add from Device button |
Click this button to have Security Manager retrieve the current running configuration from the device and add it as a configuration version to the archive. This is useful for any device whose configuration might have been changed directly in its CLI. For more information on adding configuration versions, see Adding Configuration Versions from a Device to the Configuration Archive, page 17-31. |
Use the Config Version Viewer window (when opened from the Configuration Archive) to view previous configurations for a device and to compare them to other archived configurations. You can compare any version to any other version in the archive for a selected device. The selected version appears in the left pane, and you can select another version for comparison from the list on the upper right of this window. For more information on viewing and comparing versions, see Viewing and Comparing Archived Configuration Versions, page 17-32.
Navigation Path
Select Tools > Configuration Archive, select a device whose configuration you want to view, select the configuration, and click View.
Related Topics
•Viewing and Comparing Archived Configuration Versions, page 17-32
•Adding Configuration Versions from a Device to the Configuration Archive, page 17-31
Field Reference
Use the Transcript Viewer window to view the record of messages exchanged between Security Manager and a device. A transcript is the log file of transactions between Security Manager and a device captured during a deployment or rollback operation. It includes commands sent and received between server and device from the time of the deployment or rollback request, but it does not include communication that occurs during the initial discovery phase of deployment, when Security Manager obtains the current configuration from the device. For more information, see Viewing and Comparing Archived Configuration Versions, page 17-32.
Navigation Path
•Configuration Archive—Select Tools > Configuration Archive to open the Configuration Archive, select the device for which you want to view a transcript and double-click the Transcript icon in the row for the desired configuration version.
•Deployment Manager—Select Tools > Deployment Manager to open the Deployment Manager, select the deployment job that includes the desired device deployment, select the Details tab in the lower pane, and double-click the Transcript icon in the row for the desired device.
Related Topics
•Viewing and Comparing Archived Configuration Versions, page 17-32
•Deployment Manager Window (Non-Workflow Mode)
•Deployment Manager Window (Workflow Mode)
Field Reference
|
|
---|---|
Version ID |
The configuration version for which you are viewing transcripts: •Previous—Display the transcripts for the version in the sequence before the one currently selected. •Next—Display the transcripts for the version in the sequence after the one currently selected. •Last—Display the transcripts for the last version in the list. •Specific Date and Time—Display the transcripts for the version created on that date and time. |
Transcript Type |
The type of transcript that you want to view. Some configuration versions have more than one transcript associated with them. Use this field to select which transcript to view. |
Transcript Window |
Displays the selected transcript. You can select text and copy it to the clipboard for pasting in a text editor. |
View button |
Click this button to display the related configuration in the Config Version Viewer window (see Configuration Version Viewer). |
Print button |
Click this button to print the transcript. |