Cisco Cisco Security Manager 4.6 Guía De Instalación
21
Deployment Planning Guide for Cisco Security Manager 4.6
OL-31289-01
Deployment Scenarios
Note
For enabling event archival, additional storage capacity the same size as the primary store or bigger is
required.
required.
Note
1) The above sizing guidelines are based on firewall devices having an average of 600 rules with approx.
20,000 associated objects in total. If the number of rules is much larger than this number, either the
number of devices supported in the deployment could be reduced or you could consider partitioning the
device management across multiple servers.
20,000 associated objects in total. If the number of rules is much larger than this number, either the
number of devices supported in the deployment could be reduced or you could consider partitioning the
device management across multiple servers.
2) Please note that when performing a configuration change deployment to a large number of devices in
a single job, the total time for deployment depends on the actual device response (i.e., the time taken for
Security Manager to connect to the device, fetch the latest configuration, etc.). Therefore, it is advisable
to consider deployment jobs with under one hundred (< 100) devices per job.
a single job, the total time for deployment depends on the actual device response (i.e., the time taken for
Security Manager to connect to the device, fetch the latest configuration, etc.). Therefore, it is advisable
to consider deployment jobs with under one hundred (< 100) devices per job.
To increase the deployment scalability, you could also consider the following:
a) AUS for ASA-based branch firewalls; see
.
b) Cisco CNS CE for IOS-based branch devices; see
3) It is also possible to tune the Security Manager server to increase the total number of devices to which
deployment updates can occur in parallel. This depends on the configuration size of the devices in the
inventory, device response times/locations, etc. To tune such parameters for large retail deployments,
please get in touch with the Cisco Technical Assistance Center (TAC).
deployment updates can occur in parallel. This depends on the configuration size of the devices in the
inventory, device response times/locations, etc. To tune such parameters for large retail deployments,
please get in touch with the Cisco Technical Assistance Center (TAC).
Deployment Scenarios
There are various deployment scenarios possible for Security Manager applications. When deciding on
a deployment scenario, you should consider the following important factors, which can affect system
performance:
a deployment scenario, you should consider the following important factors, which can affect system
performance:
Operating System
One of the following:
•
Microsoft Windows 2008 Enterprise Server 64-bit SP2
•
Microsoft Windows 2008 Enterprise Server 64-bit R2 SP1
Recommended Sizings
Max number of
devices
devices
up to 2500 retail branch firewalls
Maximum
Cumulative EPS
Supported
Cumulative EPS
Supported
15,000 Events per second [this value is a 9:1 ratio of syslogs to IPS SDEE
(i.e., 13,500 syslog + 1500 SDEE)]
(i.e., 13,500 syslog + 1500 SDEE)]
Max concurrent users
Five (5) concurrent users at most (accounting for both configuration-only
users and users using event and/or reporting screens)
users and users using event and/or reporting screens)
Table 7
Large Retail Deployment (continued)