Introduction to Component Applications
The Security Manager installer enables you to install certain applications and, when you do, requires that you install certain other applications. This section describes those applications and their interdependencies:
From version 4.21 onwards, Cisco Security Manager terminates whole support, including support for any bug fixes or enhancements, for all Aggregation Service Routers, Integrated Service Routers, Embedded Service Routers, and any device operating on Cisco IOS software, including the following devices:
Common Services
Common Services 4.2.2 is bundled by default with Security Manager 4.24.
Common Services provides the framework for data storage, login, user role definitions, access privileges, security protocols, and navigation. It also provides the framework for installation, data management, event and message handling, and job and process management. Common Services supplies essential server-side components to Security Manager that include the following:
-
SSL1 libraries
-
An embedded SQL database
-
The Apache webserver
-
The Tomcat servlet engine
-
The CiscoWorks home page
-
Backup and restore functions
Note |
Device and Credential Repository (DCR) functionality within Common Services is not supported in Security Manager 4.24. |
Note |
In this version 4.24, CiscoSSL version 1.1.1k and Apache version 2.4.43 is being used. |
Security Manager
Cisco Security Manager is an enterprise-class management application designed to configure firewall, VPN services on Cisco network and security devices. Cisco Security Manager can be used in networks of all sizes—from small networks to large networks consisting of thousands of devices—by using policy-based management techniques. Cisco Security Manager works in conjunction with the Cisco Security Monitoring, Analysis, and Response System (MARS). Used together, these two products provide a comprehensive security management solution that addresses configuration management, security monitoring, analysis, and mitigation.
Note |
For more information about Security Manager, visit http://www.cisco.com/go/csmanager . For more information about Cisco Security MARS, visit http://www.cisco.com/go/mars . |
To use Security Manager, you must install server and client software.
Security Manager offers the following features and capabilities:
-
Service-level and device-level provisioning of VPN, firewall, and intrusion prevention systems from one desktop
-
Device configuration rollback
-
Network visualization in the form of topology maps
-
Workflow mode
-
Predefined and user-defined FlexConfig service templates
-
Integrated inventory, credentials, grouping, and shared policy objects
-
Convenient cross-launch access to related applications:
-
When you install the server software, you also install read-only versions of the following device managers: Adaptive Security Device Manager (ASDM) and Security Device Manager (SDM)
-
When you install the server software, you also install a cross-launch point to (but not actual installation of) Cisco Prime Security Manager.
-
You can add ASA devices from Security Manager to Auto Update Server (AUS).
-
-
Integrated monitoring of events generated by ASA devices. You can selectively monitor, view, and examine events from ASA devices by using the Event Viewer feature.
Auto Update Server
If you choose to install AUS, you can install it on the same server where you install Security Manager or on a different server, such as a server in your DMZ. AUS and Security Manager can share device inventory information and other data. AUS uses a browser-based user interface and requires Common Services.
AUS enables you to upgrade device configuration files and software images on Adaptive Security Appliance (ASA) devices that use the auto update feature. AUS supports a pull model of configuration that you can use for device configuration, configuration updates, device OS updates, and periodic configuration verification. In addition, supported devices that use dynamic IP addresses in combination with the Auto Update feature can use AUS to upgrade their configuration files and pass device and status information.
AUS increases the scalability of your remote security networks, reduces the costs involved in maintaining a remote security network, and enables you to manage dynamically addressed remote firewalls.
For more information about AUS you can refer to the AUS documentation located at the Security Manager site: http://www.cisco.com/go/csmanager .