Cisco Cisco Prime Infrastructure 3.0 White Paper
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 59 of 63
Health Monitor on the secondary Cisco Prime Infrastructure server provides status information on both the primary
and secondary Cisco Prime Infrastructure servers. Failback can be initiated through the secondary HM once the
primary Cisco Prime Infrastructure server has recovered from the failure condition. The failback process is always
initiated manually so as to avoid a flapping condition that can sometimes occur when there is a network
connectivity problem. More details on how to deploy Cisco Prime Infrastructure 3.0 HA can be found at
Configuring Cisco Prime Infrastructure Backup
It is strongly advisable to configure the backup plan in a more proactive manner. Backup can be configured by
navigating to Administration > Settings>Background Tasks > Prime Infrastructure Server Backup.
You can either use the default repository defaultRepo, or create an external backup repository. Enter credentials
for the remote repository and other relevant information and click Submit to create this new remote backup
repository.
Advanced System Settings
Data Retention
This feature allows you to specify how long the data is to be stored in Cisco Prime Infrastructure. By default you
can store the performance data as short, medium, and long-term data for 7, 31, and 378 days, respectively. You
can modify these numbers based on the available hard drive space. Navigate to Administration -> Settings ->
System Settings. Select Data Retention under General Tab to configure the data retention.
Server Tuning
The following sections explain how to enhance server security by eliminating or controlling individual points of
security exposure.
Disabling Insecure Services
You must disable non-secure services if not using them. For example: TFTP and FTP are not secure protocols.
These services are typically used to transfer firmware or software images to and from network devices and Cisco
Prime Infrastructure. They are also used for transferring system backups to external storage. We recommend using
secure protocols (such as SFTP or SCP) for such services.
Disabling Root Access
Administrative users can enable root shell access to the underlying operating system for trouble shooting
purposes. This access is intended for Cisco Support teams to debug product-related operational issues. We
recommend that you keep this access disabled, and enable it only when required. To disable root access, run the
command root_disable from the command line.
Using SNMPv3 Instead of SNMPv2
SNMPv3 is a higher security protocol than SNMPv2. You can enhance the security of communications between
their network devices and the Cisco Prime Infrastructure server by configuring the managed devices so that
management takes place using SNMPv3 instead of SNMPv2.
You can choose to enable SNMPv3 when adding new devices, importing devices in bulk, or as part of device
discovery.