System Requirements

Table Of Contents

System Requirements

Hardware Requirements for a Single-Node Site

Server Configuration for Single-Node Site

Hardware Requirements for a Dual-Node Site

Server Configuration for Dual-Node Site

Software Requirements for a Local Redundancy Configuration

Software Requirements for a Geographic Redundancy Configuration

Software Requirements for Replication without Clustering

Preinstallation Worksheets

Local Redundancy Configuration Worksheet

Geographic Redundancy Configuration Worksheet


System Requirements


This chapter describes reference configurations for installing Security Manager in an HA or DR environment. This chapter contains the following sections:

Hardware Requirements for a Single-Node Site

Hardware Requirements for a Dual-Node Site

Software Requirements for a Local Redundancy Configuration

Software Requirements for a Geographic Redundancy Configuration

Software Requirements for Replication without Clustering


Note There are numerous configurations possible using different hardware setups. Consult the respective Microsoft and Symantec/VERITAS Hardware Compatibility Lists (HCLs).



Note Although we make every attempt to ensure the availability of third-party hardware and software platforms specified for Security Manager, we reserve the right to change or modify system requirements due to third-party vendor product availability or changes that are beyond our control.


Hardware Requirements for a Single-Node Site

To install Security Manager in a single-node HA environment, you can configure a fault-tolerant storage array or use internal disks.

Server Configuration for Single-Node Site

The following are the server hardware specifications for a single-node site:

Server which meets the basic processor and RAM requirements as described in Installation Guide for Cisco Security Manager 3.1.

Minimum of one Ethernet interface (two recommended)

Minimum of two physical drives (six recommended)

Figure 1-1 shows using two Ethernet connections from the server to the switch/router network for redundancy. If an Ethernet port or switch fails, communication to the server is maintained. If this level of network redundancy is not required, then you can use a single connection to the switch/router network (i.e., Eth 2 and its associated Ethernet switch are optional).

Figure 1-1 Ethernet Connections for a Single-Node Site

Hardware Requirements for a Dual-Node Site

To install Security Manager in a dual-node HA environment, you need two servers that can access a shared storage array.

Server Configuration for Dual-Node Site

The following are the server hardware specifications for a a dual-node site:

Server that meets the basic processor and RAM requirements, as described in Installation Guide for Cisco Security Manager 3.1.

Minimum of two Ethernet interfaces (Four recommended)

Minimum of one internal physical drive (Two recommended)

Minimum of one external drive (Two recommended; Four recommended if using replication)

Figure 1-2 depicts the configuration of a dual-node site, showing the Ethernet and external storage connections. Two Ethernet connections are used from the server to the switch/router network for redundancy. If an Ethernet port or switch fails, communications to the server is maintained. If this level of network redundancy is not required, then you can use a single connection to the switch/router network (i.e., Eth 4 and its associated Ethernet switch are optional). Two direct Ethernet connections are made between the servers for cluster heartbeat communications, although second heartbeat connection (Eth 3) is optional.

Figure 1-2 Ethernet and Storage Connections for a Dual-Node Site

Software Requirements for a Local Redundancy Configuration

The following software is required to install Security Manager in a local redundancy HA configuration:

Cisco Security Manager 3.1

Symantec VERITAS Storage Foundation HA for Windows 4.3 with Maintenance Pack 1 or Symantec VERITAS Storage Foundation HA for Windows 5.0

Symantec Dynamic Multipathing Option

Security Manager is licensed for each active server in an HA/DR configuration. For example, in a local redundancy configuration with two servers in the cluster, you only need to purchase one copy of Security Manager, since Security Manager is active on only one server at any given time.

VERITAS Storage Foundation HA for Windows is licensed on a per-node basis. In the same local redundancy configuration example, each server needs to have its own license for running VERITAS Storage Foundation HA for Windows.

The VERITAS Dynamic Multipathing Option is required only if you plan to use external storage with more than one host bus adapter in a server, which provides multiple paths between the server and storage.

Software Requirements for a Geographic Redundancy Configuration

The following software is required to install Security Manager in a geographic redundancy DR configuration:

Cisco Security Manager 3.1

Symantec VERITAS Storage Foundation HA for Windows 4.3 with Maintenance Pack 1 and Global Cluster Option or Symantec VERITAS Storage Foundation HA/DR for Windows 5.0

Symantec VERITAS Volume Replicator Option

Symantec VERITAS Dynamic Multipathing Option

Security Manager is licensed per active server in an HA/DR configuration. For example, in a geographic redundancy configuration with a single-node cluster at site A and a single-node cluster at Site B, you only need to purchase one copy of Security Manager, since Security Manager is only active on one server at any given time.

VERITAS Storage Foundation HA for Windows is licensed on a per-node basis. In the same geographic redundancy configuration example with two servers (one per cluster), each server needs to have its own license for running VERITAS Storage Foundation HA for Windows.

The VERITAS Volume Replicator Option is licensed on a per-node basis.

The VERITAS Global Cluster Option (4.3) is licensed on a per-site basis.

The VERITAS Dynamic Multipathing Option is only required only if you plan to use external storage with more than one host bus adapter in a server, which provides multiple paths between the server and storage.

Software Requirements for Replication without Clustering

The following software is required to install Security Manager in a geographic redundancy DR configuration without clustering:

Cisco Security Manager 3.1

Symantec VERITAS Storage Foundation for Windows 4.3 with Maintenance Pack 1 or Symantec VERITAS Storage Foundation Basic for Windows 5.0

Symantec VERITAS Volume Replicator Option

Symantec VERITAS Dynamic Multipathing Option

Security Manager is licensed for each active server in an HA/DR configuration. For example, in a geographic redundancy configuration with replication running between a primary server and a secondary server, you need to purchase only one copy of Security Manager, because Security Manager is active on only one server at any given time.

VERITAS Storage Foundation for Windows 4.3 is licensed on a per-node basis. In the same geographic redundancy configuration example with two servers, each server must have its own license for running VERITAS Storage Foundation for Windows 4.3.

VERITAS Storage Foundation Basic for Windows 5.0 works with up to four volumes and is available for free download from Symantec.

The VERITAS Volume Replicator Option is licensed on a per-node basis.

The VERITAS Dynamic Multipathing Option is required only if you plan on using external storage with more than one host bus adapter in a server, which provides multiple paths between the server and storage.

Preinstallation Worksheets

Local Redundancy Configuration Worksheet

Before you install Security Manager in a local redundancy HA configuration, write down the information outlined in Table 1-1. The information will assist you in completing the installation.

Table 1-1 Preinstallation Worksheet for a Local Redundancy Configuration 

Information
Primary Site

Shared Disk Group Name

datadg

Shared Volume Name

cscopx

Drive Letter for Security Manager

 

Cluster Name:

CSManager_Primary

Cluster ID:

01

Security Manager Virtual IP Address/Subnet mask:

 

Cluster Service Virtual IP Address/Subnet mask:

 
 
Primary Server
Secondary Server

Hostname:

   

Public Network Interface #1 and IP Address/Subnet Mask:

   

Public Network Interface #22 and IP Address/Subnet Mask:

   

Private Cluster Interconnect #1:

   

Private Cluster Interconnect #2:

   

1 Must be an integer between 0 and 255 and unique for clusters in the same subnet.

2 Required if a second NIC will be used to access the public network for redundancy.


Geographic Redundancy Configuration Worksheet

If you are installing Security Manager in a geographic redundancy DR configuration, write down the information outlined in Table 1-2. The information will assist you in completing the installation.

Table 1-2 Preinstallation Worksheet for a Geographic Redundancy Configuration 

Information
Primary Site
Secondary Site

Disk Group

datadg

datadg

Data Volume

cscopx

cscopx

Drive Letter for Security Manager

   

Storage Replicator Log Volume

data_srl

data_srl

Replicated Data Set

CSM_RDS

Replicated Volume Group

CSM_RVG

Cluster Name:

CSManager_Primary

CSManager_Secondary

Cluster ID:

01

11

Security Manager Virtual IP Address/Subnet Mask:

   

Replication Virtual IP Address/Subnet Mask

   

Cluster Service Virtual IP Address/Subnet Mask2 :

   
 
Primary Server
Secondary Server
Primary Server
Secondary Server

Hostname:

       

Public Network Interface #1 and IP Address/Subnet Mask:

       

Public Network Interface #2 and IP Address/Subnet Mask:3 :

       

Private Cluster Interconnect #14 :

       

Private Cluster Interconnect #23:

       

1 Must be an integer between 0 and 255 and unique for clusters in the same subnet.

2 Required only for clusters using two servers or multiple adapters to access the public network. For a single server cluster with only one network adapter to access the public network, the fixed IP address of this adapter can be used.

3 Required if you are using a second NIC to access the public network for redundancy.

4 Required only for clusters using two servers.