Cisco Cisco Security Manager 4.0 Guía De Instalación
3
Deployment Planning Guide for Cisco Security Manager 4.0
OL-23415-01
Cisco Security Manager 4.0 Applications
with the CiscoWorks LAN Management Solution (LMS). There is useful deployment information
about RME included in the CiscoWorks LAN Management Solution Deployment Guide, although
be aware that some information does not apply in the case of RME bundled with Security Manager.
about RME included in the CiscoWorks LAN Management Solution Deployment Guide, although
be aware that some information does not apply in the case of RME bundled with Security Manager.
For more information about RME, refer to the documentation located at:
•
Performance Monitor 4.0
Performance Monitor is a health and performance monitoring application with a special emphasis
on security devices and services. Performance Monitor supports the ability to proactively detect
network performance issues before they become critical; helps identify portions of the network
which are overloaded and potentially require extra resources; and provides rich historical health and
performance information for after-the-fact investigations and analyses. Performance Monitor
supports monitoring remote-access VPN, site-to-site VPN, firewall, web server load-balancing and
SSL termination. Performance Monitor uses a browser-based, graphical user interface and requires
Common Services 3.3. For more information about Performance Monitor, refer to the
documentation located at
on security devices and services. Performance Monitor supports the ability to proactively detect
network performance issues before they become critical; helps identify portions of the network
which are overloaded and potentially require extra resources; and provides rich historical health and
performance information for after-the-fact investigations and analyses. Performance Monitor
supports monitoring remote-access VPN, site-to-site VPN, firewall, web server load-balancing and
SSL termination. Performance Monitor uses a browser-based, graphical user interface and requires
Common Services 3.3. For more information about Performance Monitor, refer to the
documentation located at
•
Cisco CSA 5.2.0.282
This is a stand-alone host security agent software that is installed on Security Manager server. This
component is installable only on Windows 2003 32-bit environment. Security Manager installation
will automatically detect the OS and install this software if it is supported.
component is installable only on Windows 2003 32-bit environment. Security Manager installation
will automatically detect the OS and install this software if it is supported.
Related Applications
Other applications are available from Cisco that integrate with Security Manager to provide additional
features and benefits:
features and benefits:
•
Cisco Security Monitoring Analysis and Response System (MARS)
Security Manager supports policy <> event cross-linkages with MARS for firewall and IPS. Using
the Security Manager client you highlight specific firewall rules or IPS signatures and request to see
the events related to those rules or signatures, respectively. Using the MARS interface you can select
firewall or IPS events and request to see the matching rule or signature in Security Manager. These
policy <> event cross-linkages are especially useful for network connectivity, firewall rule
troubleshooting, identifying unused rules, and signature tuning activities. The policy <> event
cross-linkage feature is explained in detail in the User Guide for Cisco Security Manager 4.0. For
more information about MARS you can visit
the Security Manager client you highlight specific firewall rules or IPS signatures and request to see
the events related to those rules or signatures, respectively. Using the MARS interface you can select
firewall or IPS events and request to see the matching rule or signature in Security Manager. These
policy <> event cross-linkages are especially useful for network connectivity, firewall rule
troubleshooting, identifying unused rules, and signature tuning activities. The policy <> event
cross-linkage feature is explained in detail in the User Guide for Cisco Security Manager 4.0. For
more information about MARS you can visit
.
•
Cisco Secure Access Control Server (ACS)
You can optionally configure Security Manager to use ACS for authentication and authorization of
Security Manager users. ACS supports defining custom user profiles for fine-grained role based
authorization control (RBAC) and the ability to restrict users to specific sets of devices. For details
on configuring Security Manager and ACS integration refer to the Installation Guide for Cisco
Security Manager 4.0. For more information about ACS you can visit
Security Manager users. ACS supports defining custom user profiles for fine-grained role based
authorization control (RBAC) and the ability to restrict users to specific sets of devices. For details
on configuring Security Manager and ACS integration refer to the Installation Guide for Cisco
Security Manager 4.0. For more information about ACS you can visit
.
•
Cisco CNS Configuration Engine
Security Manager supports the use of Cisco Configuration Engine 3.0 as a mechanism for deploying
device configurations. Security Manager deploys the delta configuration file to the Cisco
Configuration Engine, where it is stored for later retrieval from the device. Devices, such as Cisco
IOS routers, PIX and ASA firewalls that use a Dynamic Host Configuration Protocol (DHCP) server,
contact the Cisco Configuration Engine for configuration (and image) updates. Security Manager
also supports management of devices that have static IP address via CNS configuration engine. In
device configurations. Security Manager deploys the delta configuration file to the Cisco
Configuration Engine, where it is stored for later retrieval from the device. Devices, such as Cisco
IOS routers, PIX and ASA firewalls that use a Dynamic Host Configuration Protocol (DHCP) server,
contact the Cisco Configuration Engine for configuration (and image) updates. Security Manager
also supports management of devices that have static IP address via CNS configuration engine. In