Index A
Access Control Server (ACS)
activating NDG feature 8-19
adding devices as AAA clients without NDGs 8-17
adding managed devices 8-17
adding managed devices and configuring NDGs 8-27
adding multihomed devices 8-31
adding users 8-15
assigning roles to user groups 8-25
assigning roles to user groups with NDGs 8-27
assigning roles to user groups without NDGs 8-26
associating user roles and permissions 8-11
authentication fails 8-29
changes not appearing in Security Manager 8-30
configuring CiscoWorks AAA mode 8-23
configuring network device groups 8-18
configuring SMTP and e-mail for notifications 8-24
creating administration control user 8-20
creating local users in CiscoWorks 8-21
creating network device groups 8-19
customizing user roles 8-10
default roles 8-10
defining system identity user 8-15
devices not appearing in Security Manager 8-30
integrating with Security Manager 8-12
integration checklist 8-14
integration requirements 8-13
performing integration 8-15
performing integration in CiscoWorks 8-21
read-only access for system administrators 8-29
registering Security Manager 8-24
reinstalling server applications 5-3
restarting Daemon Manager 8-25
restoring access 8-31
troubleshooting 8-28
understanding user permissions 8-3
user permissions 8-4
using multiple versions of Security Manager 8-28
working after ACS becomes unreachable 8-30
accounts, user
managing 8-1
required 5-1
antivirus utilities, requirement to disable 4-3
applications
downgrading server 5-19
installing and configuring client 6-1
installing and upgrading server 5-1
logging into 6-10
required changes after upgrading server 5-15
uninstalling server 5-19
upgrading server 5-5
approve permissions 8-5
approver role 8-6
assign permissions 8-5
authorization, changes in ACS for devices 8-30
Auto Update Server (AUS)
installing 5-2
licensing 2-4, 2-7
logging into 6-12
overview 1-2
required user accounts 5-1
server requirements 3-4
uninstalling 5-19
upgrading 5-5
B
backup
committing pending data before performing 5-10
Cygwin limitations A-5
database 5-12
backup/restore upgrade path, definition of 5-6
back up database 5-13
bootstrapping devices 7-8
browser cookies 6-2
browsers
configuring required settings 6-1
configuring required settings for Firefox 6-3
configuring required settings for Internet Explorer 6-2
logging into applications 6-12
supported 3-7, 3-11
C
certificates
requirement to create 7-1
troubleshooting 4-3
Cisco Security Agent, caution while disabled 6-7
Cisco Security Agent, disabling 6-7
Cisco Security Agent (CSA)
installing 5-2
upgrading 5-5
CiscoWorks Common Services
assigning roles to users 8-7
associating user roles and permissions 8-11
available user roles 8-6
configuring AAA mode 8-23
creating administration control user in ACS 8-20
creating local user for Cisco Secure ACS 8-21
defining system identity user 8-22
installing 5-2
licensing 2-4, 2-7
logging into 6-12
overview 1-1
performing integration for Cisco Secure ACS 8-21
registering Security Manager with Cisco Secure ACS 8-24
required version 1-1
understanding user permissions 8-3
uninstalling 5-19
upgrading 5-5
client
clearing server list in Login window A-15
log files A-15
operating systems 3-10
requirements 3-10
troubleshooting after installation A-13
troubleshooting installation A-10
control permissions 8-5
cookies for browsers 6-2
Cygwin problems during database backup A-5
D
Daemon Manager
restarting after Cisco Secure ACS integration 8-25
database
backing up 5-12, 5-13
committing pending data before upgrade 5-10
restoring 5-14
date and time settings 3-1, 4-3
deploy permissions 8-5
devices
bootstrapping 7-8
changes to ACS authorization not appearing in Security Manager 8-30
directory encryption, restriction against 3-4
domain controllers (primary or backup), unsupported use 3-4
dual-screen setups A-16
E
e-mail address, Security Manager administrator 8-24
encrypted directories, restriction against 3-4
error messages
client installation A-10
server installation A-4
server uninstallation A-8
F
Firefox
cache size requirement 6-4
configuring required settings 6-3
disabling popup blocker 6-4
displaying help in new tab 6-5
editing the preferences file 6-3
enabling Javascript 6-4
supported versions 3-7, 3-11
for more information 7-8
H
help desk user role 8-6
HTTP, configuring non-default port 6-9
HTTPS
configuring non-default port 6-9
determining mode A-15
I
import permissions 8-5
indirect upgrade path, definition of 5-6
installation
Security Manager, AUS, Common Services 5-2
Security Manager client 6-6
troubleshooting client A-10
troubleshooting server A-4
using remote desktop or VNC 5-2
verifying 7-7
Internet Explorer
cache size requirement 6-3
configuring required settings 6-2
security settings 6-2
supported versions 3-7, 3-11
Internet Information Server (IIS), requirement to uninstall 4-2
J
Java requirements 3-7, 3-11
L
LAN Management Solution (LMS), unsupported use 4-2
LiaisonServlet error, troubleshooting A-6
licenses
Product Authorization Key (PAK) 2-2
Security Manager kit part numbers 2-8
Software License Claim Certificate 2-2
updating 5-17
local upgrade path, definition of 5-5
log files A-18
M
memory (RAM)
client requirements 3-11
modify permissions 8-4
N
Network Access Restriction (NAR) 8-13
network administrator role
Cisco Secure ACS 8-10
CiscoWorks 8-6
network device groups (NDGs)
activating NDG feature 8-19
associating with roles and user groups 8-27
configuring 8-18
creating 8-19
effect on user permissions 8-18
network operator role 8-6
O
operating systems
client 3-10
overview 1-1, 2-1
P
pdshow command 7-2
pending data, committing 5-10
performance
client recommendations 3-10
server best practices 4-1
server recommendations 3-4
Performance Monitor
logging into 6-12
overview 1-3
required user accounts 5-1
server requirements 3-4
uninstalling 5-19
updating licenses 5-17
upgrading 5-5
permissions
assigning roles in CiscoWorks 8-7
associating with user roles 8-11
categories 8-4
customizing for ACS 8-10
impact of NDGs 8-18
understanding 8-3
point patches
applying to a client 6-10
obtaining 5-18
popup blocker
disabling 6-5
disabling for Firefox 6-4
ports
comprehensive list of required TCP/UDP A-2
configuring non-default HTTP/HTTPS 6-9
list of typically required 3-1
processes
restarting server A-18
troubleshooting A-17
verifying 7-2
property files 5-10
R
remote desktop, using for installation 5-2
remote upgrade path, definition of 5-6
requirements
client 3-10
data and time settings 3-1, 4-3
general server 3-1
server 3-4
unsupported server configurations 3-4
Resource Manager Essentials (RME)
logging into 6-12
required user accounts 5-1
server requirements 3-4
uninstalling 5-19
updating licenses 5-17
upgrading 5-5
restorebackup.pl command 5-14
restore database 5-14
roles
Cisco Secure ACS users 8-9
CiscoWorks users 8-6
S
Security 1-2
security
server best practices 4-1
security administrator role 8-10
Security Manager
committing pending data before upgrade 5-10
component applications 1-1
downgrading server 5-19
getting started with 7-8
installing 5-2
logging in using browser 6-12
logging in using client 6-10
overview 1-2
related applications 1-3
required changes after upgrade 5-15
required user accounts 5-1
restarting Daemon Manager 8-25
server requirements 3-4
service startup requirements A-1
troubleshooting interaction with ACS 8-28
uninstalling server 5-19
updating licenses 5-17
upgrading server 5-5
Security Manager client
clearing server list in Login window A-15
configuring non-default HTTP/HTTPS port 6-9
determining HTTPS mode A-15
installing 6-6
locating client logs A-15
logging into 6-10
patching 6-10
resolving version mismatch A-15
running in dual-screen mode A-16
unable to upgrade 6-9
uninstalling 6-12
server
best practices for security 7-7
date and time settings 3-1, 4-3
general requirements 3-1
performance, best practices for enhancing 4-1
post installation tasks 7-1
preparation checklists 4-1
readiness checklist 4-3
requirements 3-4
security, best practices for enhancing 4-1
troubleshooting post-installation problems A-5
unsupported configurations 3-4
verifying processes 7-2
service packs
applying to a client 6-10
obtaining 5-18
services, minimum required for Windows 4-2
service startup requirements A-1
SMTP, configuring for ACS notifications 8-24
SSL certificate invalidation 4-3
storage, supported SAN 3-9
submit permissions 8-5
Sybase, requirement to disable 4-4
system administrator role 8-6
system identity user 8-15, 8-22
T
TACACS+
selecting as CiscoWorks AAA mode 8-23
using ACS as 8-12
TCP
comprehensive list of required ports A-2
list of typically required ports 3-1
Terminal Services, unsupported configuration 3-4
troubleshooting
ACS configurations 8-28
antivirus scanners 4-2
client after installation A-13
client installation A-10
client installer says old version is installed when it is not A-13
collecting server troubleshooting information A-17
Cygwin prevents backup A-5
dual-screen setups A-16
error messages
client installation A-10
server installation A-4
server uninstallation A-8
host-based intrusion software 4-2
incorrect interface appearance A-5
installation does not run A-16
installation hangs A-5, A-12
invalid SSL certificate 4-3
java.security.cert errors 4-3
LiaisonServlet error A-6
mapped drives A-7
missing product features A-5
overview A-1, B-1
restarting server processes A-18
reviewing installation log files A-18
security software conflicts 4-2
server installation A-4
server problems after installation A-5
server processes A-17
server self-test A-16
server uninstall A-8
unable to upgrade client 6-9
uninstallation does not run A-16
uninstallation hangs A-9
typographical conventions in this document 2-x
U
UDP
comprehensive list of required ports A-2
list of typically required ports 3-1
uninstallation
recommendation to restart servers 5-19
Security Manager client 6-12
server applications 5-19
troubleshooting server A-8
upgrade, verifying 7-7
user accounts
admin 5-1
casuser 5-1
creating 5-1
managing 8-1
System Identity 5-2
user permissions
assigning roles in CiscoWorks 8-7
associating with user roles 8-11
categories 8-4
customizing for ACS 8-10
impact of NDGs 8-18
understanding 8-3
user roles
associating with user permissions 8-11
available CiscoWorks user roles 8-6
Cisco Secure ACS 8-9
CiscoWorks 8-6
default ACS roles 8-10
V
version mismatch, resolving A-15
view permissions 8-4
VMWare supported versions 3-7
VNC, using for installation 5-2
W
web browsers
configuring required settings 6-1
logging into applications 6-12
supported 3-7, 3-11
Windows services, required 4-2
Index
A
Access Control Server (ACS)
activating NDG feature 8-19
adding devices as AAA clients without NDGs 8-17
adding managed devices 8-17
adding managed devices and configuring NDGs 8-27
adding multihomed devices 8-31
adding users 8-15
assigning roles to user groups 8-25
assigning roles to user groups with NDGs 8-27
assigning roles to user groups without NDGs 8-26
associating user roles and permissions 8-11
authentication fails 8-29
changes not appearing in Security Manager 8-30
configuring CiscoWorks AAA mode 8-23
configuring network device groups 8-18
configuring SMTP and e-mail for notifications 8-24
creating administration control user 8-20
creating local users in CiscoWorks 8-21
creating network device groups 8-19
customizing user roles 8-10
default roles 8-10
defining system identity user 8-15
devices not appearing in Security Manager 8-30
integrating with Security Manager 8-12
integration checklist 8-14
integration requirements 8-13
performing integration 8-15
performing integration in CiscoWorks 8-21
read-only access for system administrators 8-29
registering Security Manager 8-24
reinstalling server applications 5-3
restarting Daemon Manager 8-25
restoring access 8-31
troubleshooting 8-28
understanding user permissions 8-3
user permissions 8-4
using multiple versions of Security Manager 8-28
working after ACS becomes unreachable 8-30
accounts, user
managing 8-1
required 5-1
antivirus utilities, requirement to disable 4-3
applications
downgrading server 5-19
installing and configuring client 6-1
installing and upgrading server 5-1
logging into 6-10
required changes after upgrading server 5-15
uninstalling server 5-19
upgrading server 5-5
approve permissions 8-5
approver role 8-6
assign permissions 8-5
authorization, changes in ACS for devices 8-30
Auto Update Server (AUS)
installing 5-2
licensing 2-4, 2-7
logging into 6-12
overview 1-2
required user accounts 5-1
server requirements 3-4
uninstalling 5-19
upgrading 5-5
B
backup
committing pending data before performing 5-10
Cygwin limitations A-5
database 5-12
backup/restore upgrade path, definition of 5-6
back up database 5-13
bootstrapping devices 7-8
browser cookies 6-2
browsers
configuring required settings 6-1
configuring required settings for Firefox 6-3
configuring required settings for Internet Explorer 6-2
logging into applications 6-12
supported 3-7, 3-11
C
certificates
requirement to create 7-1
troubleshooting 4-3
Cisco Security Agent, caution while disabled 6-7
Cisco Security Agent, disabling 6-7
Cisco Security Agent (CSA)
installing 5-2
upgrading 5-5
CiscoWorks Common Services
assigning roles to users 8-7
associating user roles and permissions 8-11
available user roles 8-6
configuring AAA mode 8-23
creating administration control user in ACS 8-20
creating local user for Cisco Secure ACS 8-21
defining system identity user 8-22
installing 5-2
licensing 2-4, 2-7
logging into 6-12
overview 1-1
performing integration for Cisco Secure ACS 8-21
registering Security Manager with Cisco Secure ACS 8-24
required version 1-1
understanding user permissions 8-3
uninstalling 5-19
upgrading 5-5
client
clearing server list in Login window A-15
log files A-15
operating systems 3-10
requirements 3-10
troubleshooting after installation A-13
troubleshooting installation A-10
control permissions 8-5
cookies for browsers 6-2
Cygwin problems during database backup A-5
D
Daemon Manager
restarting after Cisco Secure ACS integration 8-25
database
backing up 5-12, 5-13
committing pending data before upgrade 5-10
restoring 5-14
date and time settings 3-1, 4-3
deploy permissions 8-5
devices
bootstrapping 7-8
changes to ACS authorization not appearing in Security Manager 8-30
directory encryption, restriction against 3-4
domain controllers (primary or backup), unsupported use 3-4
dual-screen setups A-16
E
e-mail address, Security Manager administrator 8-24
encrypted directories, restriction against 3-4
error messages
client installation A-10
server installation A-4
server uninstallation A-8
F
Firefox
cache size requirement 6-4
configuring required settings 6-3
disabling popup blocker 6-4
displaying help in new tab 6-5
editing the preferences file 6-3
enabling Javascript 6-4
supported versions 3-7, 3-11
for more information 7-8
H
help desk user role 8-6
HTTP, configuring non-default port 6-9
HTTPS
configuring non-default port 6-9
determining mode A-15
I
import permissions 8-5
indirect upgrade path, definition of 5-6
installation
Security Manager, AUS, Common Services 5-2
Security Manager client 6-6
troubleshooting client A-10
troubleshooting server A-4
using remote desktop or VNC 5-2
verifying 7-7
Internet Explorer
cache size requirement 6-3
configuring required settings 6-2
security settings 6-2
supported versions 3-7, 3-11
Internet Information Server (IIS), requirement to uninstall 4-2
J
Java requirements 3-7, 3-11
L
LAN Management Solution (LMS), unsupported use 4-2
LiaisonServlet error, troubleshooting A-6
licenses
Product Authorization Key (PAK) 2-2
Security Manager kit part numbers 2-8
Software License Claim Certificate 2-2
updating 5-17
local upgrade path, definition of 5-5
log files A-18
M
memory (RAM)
client requirements 3-11
modify permissions 8-4
N
Network Access Restriction (NAR) 8-13
network administrator role
Cisco Secure ACS 8-10
CiscoWorks 8-6
network device groups (NDGs)
activating NDG feature 8-19
associating with roles and user groups 8-27
configuring 8-18
creating 8-19
effect on user permissions 8-18
network operator role 8-6
O
operating systems
client 3-10
overview 1-1, 2-1
P
pdshow command 7-2
pending data, committing 5-10
performance
client recommendations 3-10
server best practices 4-1
server recommendations 3-4
Performance Monitor
logging into 6-12
overview 1-3
required user accounts 5-1
server requirements 3-4
uninstalling 5-19
updating licenses 5-17
upgrading 5-5
permissions
assigning roles in CiscoWorks 8-7
associating with user roles 8-11
categories 8-4
customizing for ACS 8-10
impact of NDGs 8-18
understanding 8-3
point patches
applying to a client 6-10
obtaining 5-18
popup blocker
disabling 6-5
disabling for Firefox 6-4
ports
comprehensive list of required TCP/UDP A-2
configuring non-default HTTP/HTTPS 6-9
list of typically required 3-1
processes
restarting server A-18
troubleshooting A-17
verifying 7-2
property files 5-10
R
remote desktop, using for installation 5-2
remote upgrade path, definition of 5-6
requirements
client 3-10
data and time settings 3-1, 4-3
general server 3-1
server 3-4
unsupported server configurations 3-4
Resource Manager Essentials (RME)
logging into 6-12
required user accounts 5-1
server requirements 3-4
uninstalling 5-19
updating licenses 5-17
upgrading 5-5
restorebackup.pl command 5-14
restore database 5-14
roles
Cisco Secure ACS users 8-9
CiscoWorks users 8-6
S
Security 1-2
security
server best practices 4-1
security administrator role 8-10
Security Manager
committing pending data before upgrade 5-10
component applications 1-1
downgrading server 5-19
getting started with 7-8
installing 5-2
logging in using browser 6-12
logging in using client 6-10
overview 1-2
related applications 1-3
required changes after upgrade 5-15
required user accounts 5-1
restarting Daemon Manager 8-25
server requirements 3-4
service startup requirements A-1
troubleshooting interaction with ACS 8-28
uninstalling server 5-19
updating licenses 5-17
upgrading server 5-5
Security Manager client
clearing server list in Login window A-15
configuring non-default HTTP/HTTPS port 6-9
determining HTTPS mode A-15
installing 6-6
locating client logs A-15
logging into 6-10
patching 6-10
resolving version mismatch A-15
running in dual-screen mode A-16
unable to upgrade 6-9
uninstalling 6-12
server
best practices for security 7-7
date and time settings 3-1, 4-3
general requirements 3-1
performance, best practices for enhancing 4-1
post installation tasks 7-1
preparation checklists 4-1
readiness checklist 4-3
requirements 3-4
security, best practices for enhancing 4-1
troubleshooting post-installation problems A-5
unsupported configurations 3-4
verifying processes 7-2
service packs
applying to a client 6-10
obtaining 5-18
services, minimum required for Windows 4-2
service startup requirements A-1
SMTP, configuring for ACS notifications 8-24
SSL certificate invalidation 4-3
storage, supported SAN 3-9
submit permissions 8-5
Sybase, requirement to disable 4-4
system administrator role 8-6
system identity user 8-15, 8-22
T
TACACS+
selecting as CiscoWorks AAA mode 8-23
using ACS as 8-12
TCP
comprehensive list of required ports A-2
list of typically required ports 3-1
Terminal Services, unsupported configuration 3-4
troubleshooting
ACS configurations 8-28
antivirus scanners 4-2
client after installation A-13
client installation A-10
client installer says old version is installed when it is not A-13
collecting server troubleshooting information A-17
Cygwin prevents backup A-5
dual-screen setups A-16
error messages
client installation A-10
server installation A-4
server uninstallation A-8
host-based intrusion software 4-2
incorrect interface appearance A-5
installation does not run A-16
installation hangs A-5, A-12
invalid SSL certificate 4-3
java.security.cert errors 4-3
LiaisonServlet error A-6
mapped drives A-7
missing product features A-5
overview A-1, B-1
restarting server processes A-18
reviewing installation log files A-18
security software conflicts 4-2
server installation A-4
server problems after installation A-5
server processes A-17
server self-test A-16
server uninstall A-8
unable to upgrade client 6-9
uninstallation does not run A-16
uninstallation hangs A-9
typographical conventions in this document 2-x
U
UDP
comprehensive list of required ports A-2
list of typically required ports 3-1
uninstallation
recommendation to restart servers 5-19
Security Manager client 6-12
server applications 5-19
troubleshooting server A-8
upgrade, verifying 7-7
user accounts
admin 5-1
casuser 5-1
creating 5-1
managing 8-1
System Identity 5-2
user permissions
assigning roles in CiscoWorks 8-7
associating with user roles 8-11
categories 8-4
customizing for ACS 8-10
impact of NDGs 8-18
understanding 8-3
user roles
associating with user permissions 8-11
available CiscoWorks user roles 8-6
Cisco Secure ACS 8-9
CiscoWorks 8-6
default ACS roles 8-10
V
version mismatch, resolving A-15
view permissions 8-4
VMWare supported versions 3-7
VNC, using for installation 5-2
W
web browsers
configuring required settings 6-1
logging into applications 6-12
supported 3-7, 3-11
Windows services, required 4-2