Cisco Cisco Security Manager 4.0 インストールガイド
5
Deployment Planning Guide for Cisco Security Manager 4.12
Cisco Security Manager 4.12 Applications
Cisco Secure ACS. These granular privileges (RBAC) are available in Security Manager 4.3 and later
versions because they use Common Services 4.0 or later, in which local RBAC is available without the
use of ACS. For more information, refer to the
versions because they use Common Services 4.0 or later, in which local RBAC is available without the
use of ACS. For more information, refer to the
Auto Update Server 4.12
Auto Update Server (AUS) enables you to upgrade device configuration files and software images
on PIX Security Appliance (PIX) and Adaptive Security Appliance (ASA) devices that use the auto
update feature. AUS supports a pull model of configuration that you can use for device
configuration, configuration updates, device OS updates, and periodic configuration verification. In
addition, supported devices that use dynamic IP addresses in combination with the Auto Update
feature can use AUS to upgrade their configuration files and pass device and status information.
on PIX Security Appliance (PIX) and Adaptive Security Appliance (ASA) devices that use the auto
update feature. AUS supports a pull model of configuration that you can use for device
configuration, configuration updates, device OS updates, and periodic configuration verification. In
addition, supported devices that use dynamic IP addresses in combination with the Auto Update
feature can use AUS to upgrade their configuration files and pass device and status information.
In this method, Security Manager deploys configuration updates to the AUS server, and the managed
device contacts the AUS server to download new configuration updates using a periodic time
interval, a specific date and time, or on demand.
device contacts the AUS server to download new configuration updates using a periodic time
interval, a specific date and time, or on demand.
AUS increases the scalability of your remote security networks, reduces the costs involved in
maintaining a remote security network, and enables you to manage dynamically addressed remote
firewalls.
maintaining a remote security network, and enables you to manage dynamically addressed remote
firewalls.
AUS uses a browser-based, graphical user interface and requires Common Services 4.2.2. For more
information about AUS, refer to the documentation located at
information about AUS, refer to the documentation located at
Related Applications
Other applications are available from Cisco that integrate with Security Manager to provide additional
features and benefits:
features and benefits:
Cisco Secure Access Control Server (ACS) 4.2.x
You can optionally configure Security Manager to use ACS for authentication and authorization of
Security Manager users. ACS supports defining custom user profiles for fine-grained role-based access
control (RBAC) and the ability to restrict users to specific sets of devices or operations.
Security Manager users. ACS supports defining custom user profiles for fine-grained role-based access
control (RBAC) and the ability to restrict users to specific sets of devices or operations.
For details on configuring Security Manager and ACS integration refer to the
. For more information about ACS you can visit
.
Cisco CNS Configuration Engine 3.5 and 3.5(1)
Security Manager supports the use of Cisco Configuration Engine 3.5 and 3.5(1) as a mechanism for
deploying device configurations. Security Manager deploys the delta configuration file to the Cisco
Configuration Engine, where it is stored for later retrieval from the device. Devices such as Cisco IOS
routers, PIX, and ASA firewalls that use a Dynamic Host Configuration Protocol (DHCP) server contact
the Cisco Configuration Engine for configuration (and image) updates. Security Manager also supports
management of devices which have a static IP address via CNS configuration engine. In such cases, the
discovery is done live and the deployments to the device happen via the CNS configuration engine.
deploying device configurations. Security Manager deploys the delta configuration file to the Cisco
Configuration Engine, where it is stored for later retrieval from the device. Devices such as Cisco IOS
routers, PIX, and ASA firewalls that use a Dynamic Host Configuration Protocol (DHCP) server contact
the Cisco Configuration Engine for configuration (and image) updates. Security Manager also supports
management of devices which have a static IP address via CNS configuration engine. In such cases, the
discovery is done live and the deployments to the device happen via the CNS configuration engine.
For more information about the Configuration Engine you can visit