Cisco Cisco Security Manager 4.6 Guía De Instalación
4
Deployment Planning Guide for Cisco Security Manager 4.6
OL-31289-01
Cisco Security Manager 4.6 Applications
Use CSM server IP address as source IP address
When this option is enabled in the config file, all syslog messages forwarded from the Security Manager
server will have the Security Manager server's IP address as the source IP address of the syslog message.
server will have the Security Manager server's IP address as the source IP address of the syslog message.
For configuration and setup details, refer to
on Cisco.com.
Caution
Spoofing IP addresses can be achieved only if it has been allowed by network policy.
Common Services 4.2.2
CiscoWorks Common Services 4.2.2 (Common Services) is required for Security Manager 4.6 and Auto
Update Server 4.6 to work. Common Services is installed by default when you select Security Manager
4.6 or Auto Update Server 4.6 for installation.
Update Server 4.6 to work. Common Services is installed by default when you select Security Manager
4.6 or Auto Update Server 4.6 for installation.
Common Services provides the framework for data storage, login, user role definitions, access
privileges, security protocols, and navigation. It also provides the framework for installation, data
management, event and message handling, and job and process management. Common Services supplies
essential server-side components to Security Manager that include the following:
privileges, security protocols, and navigation. It also provides the framework for installation, data
management, event and message handling, and job and process management. Common Services supplies
essential server-side components to Security Manager that include the following:
•
SSL libraries
•
An embedded SQL database
•
The Apache web server
•
The Tomcat servlet engine
•
The CiscoWorks home page
•
Backup and restore functions
For more information, refer to the Common Services documentation that is included with the Security
Manager installation. To do this, log on to the server where you installed Security Manager, double-click
the Cisco Security Manager icon, log on, click Server Administration, and then click Help.
Manager installation. To do this, log on to the server where you installed Security Manager, double-click
the Cisco Security Manager icon, log on, click Server Administration, and then click Help.
Local RBAC Using Common Services
Prior to Security Manager 4.3, the major advantages of using Cisco Secure ACS were (1) the ability to
create highly granular user roles with specialized permission sets (for example, allowing the user to
configure certain policy types but not others) and (2) the ability to restrict users to certain devices by
configuring network device groups (NDGs). These granular privileges (effectively “role-based access
control,” or RBAC) were not available in Security Manager 4.2 and earlier versions, unless you used
Cisco Secure ACS. These granular privileges (RBAC) are available in Security Manager 4.3 and later
versions because they use Common Services 4.0 or later, in which local RBAC is available without the
use of ACS. For more information, refer to the
create highly granular user roles with specialized permission sets (for example, allowing the user to
configure certain policy types but not others) and (2) the ability to restrict users to certain devices by
configuring network device groups (NDGs). These granular privileges (effectively “role-based access
control,” or RBAC) were not available in Security Manager 4.2 and earlier versions, unless you used
Cisco Secure ACS. These granular privileges (RBAC) are available in Security Manager 4.3 and later
versions because they use Common Services 4.0 or later, in which local RBAC is available without the
use of ACS. For more information, refer to the
.
Auto Update Server 4.6
AUS enables you to upgrade device configuration files and software images on PIX Security
Appliance (PIX) and Adaptive Security Appliance (ASA) devices that use the auto update feature.
AUS supports a pull model of configuration that you can use for device configuration, configuration
updates, device OS updates, and periodic configuration verification. In addition, supported devices
that use dynamic IP addresses in combination with the Auto Update feature can use AUS to upgrade
their configuration files and pass device and status information.
Appliance (PIX) and Adaptive Security Appliance (ASA) devices that use the auto update feature.
AUS supports a pull model of configuration that you can use for device configuration, configuration
updates, device OS updates, and periodic configuration verification. In addition, supported devices
that use dynamic IP addresses in combination with the Auto Update feature can use AUS to upgrade
their configuration files and pass device and status information.