Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco Prime Infrastructure 3.0
  5. White Paper

Cisco Cisco Prime Infrastructure 3.0 White Paper

Download
Page of 63
 
 
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. 
Page 59 of 63 
Health Monitor on the secondary Cisco Prime Infrastructure server provides status information on both the primary 
and secondary Cisco Prime Infrastructure servers. Failback can be initiated through the secondary HM once the 
primary Cisco Prime Infrastructure server has recovered from the failure condition. The failback process is always 
initiated manually so as to avoid a flapping condition that can sometimes occur when there is a network 
connectivity problem. More details on how to deploy Cisco Prime Infrastructure 3.0 HA can be found a
 
Configuring Cisco Prime Infrastructure Backup 
It is strongly advisable to configure the backup plan in a more proactive manner. Backup can be configured by 
navigating to Administration > Settings>Background Tasks > Prime Infrastructure Server Backup.  
You can either use the default repository defaultRepo, or create an external backup repository. Enter credentials 
for the remote repository and other relevant information and click Submit to create this new remote backup 
repository. 
Advanced System Settings 
Data Retention 
This feature allows you to specify how long the data is to be stored in Cisco Prime Infrastructure. By default you 
can store the performance data as short, medium, and long-term data for 7, 31, and 378 days, respectively. You 
can modify these numbers based on the available hard drive space. Navigate to Administration -> Settings -> 
System Settings. Select Data Retention under General Tab to configure the data retention. 
Server Tuning  
The following sections explain how to enhance server security by eliminating or controlling individual points of 
security exposure. 
Disabling Insecure Services  
You must disable non-secure services if not using them. For example: TFTP and FTP are not secure protocols. 
These services are typically used to transfer firmware or software images to and from network devices and Cisco 
Prime Infrastructure. They are also used for transferring system backups to external storage. We recommend using 
secure protocols (such as SFTP or SCP) for such services.  
Disabling Root Access 
Administrative users can enable root shell access to the underlying operating system for trouble shooting 
purposes. This access is intended for Cisco Support teams to debug product-related operational issues. We 
recommend that you keep this access disabled, and enable it only when required. To disable root access, run the 
command root_disable from the command line. 
Using SNMPv3 Instead of SNMPv2 
SNMPv3 is a higher security protocol than SNMPv2. You can enhance the security of communications between 
their network devices and the Cisco Prime Infrastructure server by configuring the managed devices so that 
management takes place using SNMPv3 instead of SNMPv2.  
You can choose to enable SNMPv3 when adding new devices, importing devices in bulk, or as part of device 
discovery.