Cisco Cisco Security Manager 4.11 Guía De Instalación
31
Deployment Planning Guide for Cisco Security Manager 4.11
Installation Guidelines
Installation in VMware’s Virtual Machine Environment
Security Manager supports running in VMware ESXi 5.1U2 and VMware ESXi versions up to ESXi 6.0.
Other VMware environments such as VMware Server and VMware Workstation are not supported.
Other VMware environments such as VMware Server and VMware Workstation are not supported.
You can use any server operating system supported by Security Manager as guest operating system for
VMware. The VMware qualification effort involved running the same set of performance and durability
tests that are performed on Security Manager running on a regular non-virtualized server. Test results
have shown that running Security Manager in VMware ESX Server 4.0 introduces a modest amount of
application performance degradation which varies based on the size of the reference network involved
and the specific test case. Deployment of Security Manager in VMware environment is only suitable for
smaller size of network.
VMware. The VMware qualification effort involved running the same set of performance and durability
tests that are performed on Security Manager running on a regular non-virtualized server. Test results
have shown that running Security Manager in VMware ESX Server 4.0 introduces a modest amount of
application performance degradation which varies based on the size of the reference network involved
and the specific test case. Deployment of Security Manager in VMware environment is only suitable for
smaller size of network.
One area where the performance degradation was usually large was the case of performing a deployment
to large number of PIX or ASA devices or a device with large number of rules (on the order of 5 to 50
thousands rules). In this case the deployment took much longer than acceptable speed. For VMware
performance best practices you should refer to the following document:
to large number of PIX or ASA devices or a device with large number of rules (on the order of 5 to 50
thousands rules). In this case the deployment took much longer than acceptable speed. For VMware
performance best practices you should refer to the following document:
However, you should avoid tuning any of the advanced VMware parameters, as the default values or
settings are generally optimal.
settings are generally optimal.
It is also recommended to use one of the later generation servers with a processor that includes
technology specifically designed to improve the efficiency of virtualization. For example, good results
were obtained when testing Security Manager running in VMware ESX Server 4.0 on an Intel® Xeon®
X5500 series Quad-core processor, which includes Intel® Virtualization Technology (IVT). AMD offers
64-bit x86 architecture processors with virtualization extensions, which they refer to as AMD
Virtualization (AMD-V).
technology specifically designed to improve the efficiency of virtualization. For example, good results
were obtained when testing Security Manager running in VMware ESX Server 4.0 on an Intel® Xeon®
X5500 series Quad-core processor, which includes Intel® Virtualization Technology (IVT). AMD offers
64-bit x86 architecture processors with virtualization extensions, which they refer to as AMD
Virtualization (AMD-V).
For virtual machine hardware and software requirements, refer to
,
High-Availability/Disaster Recovery
You can deploy Security Manager in a high-availability or disaster recovery configuration to
significantly improve application availability and survivability in the event of a server, storage, network,
or site failure. These deployment options are covered in detail in the applicable Security Manager high
availability documentation
(
significantly improve application availability and survivability in the event of a server, storage, network,
or site failure. These deployment options are covered in detail in the applicable Security Manager high
availability documentation
(
http://www.cisco.com/c/en/us/support/security/security-manager/products-installation-guides-list.htm
Note
A single CSM license is enough to use CSM in VMware HA/DR scenario.
Installation Guidelines
For detailed instructions on Security Manager installation, refer to the
.