Cisco Security Manager

Table Of Contents

Installation and Release Notes for Cisco Performance Monitor 3.1

Contents

New and Changed Features in this Release

Installation Requirements

Scalability

Installing Performance Monitor

Installing from the DVD

Installing from Cisco.com

Uninstalling and Reinstalling Performance Monitor

Uninstalling Performance Monitor

Reinstalling Performance Monitor

Known Problems

Related Documentation

Obtaining Documentation, Obtaining Support, and Security Guidelines

Installation and Release Notes for Cisco Performance Monitor 3.1

---

Revised: April 20, 2007,
Text Part Number: OL-12595-01

When you purchase Cisco Security Manager 3.1 (Security Manager), your license grants you the right to download, install, and use Cisco Performance Monitor 3.1 (Performance Monitor).

Performance Monitor is a browser-based tool that monitors and troubleshoots the health and performance of services that contribute to network security. It helps you to isolate, analyze, and troubleshoot events in your network as they occur, so that you can increase service availability. Supported service types are remote-access VPN, site-to-site VPN, firewall, web server load-balancing, and proxied SSL.

This guide supplements the Installation Guide for Cisco Security Manager 3.1 that you received with your copy of Security Manager. Although your version of that guide does not describe any installation procedure for Performance Monitor specifically, it does describe a broad framework of prerequisites, best practices, checklists, troubleshooting tips, and other material to ensure that all of your Security Manager software — including Performance Monitor — can be installed successfully.

This guide contains:

•High-level descriptions of the hardware and software requirements for installation.

•High-level instructions for installing, upgrading to, and uninstalling Performance Monitor.

•Bug ID numbers and headlines for problems that were fixed for this release of Performance Monitor.

•Bug ID numbers, headlines, and descriptions for known problems that might affect you as a Performance Monitor user. If you access this document in HTML or PDF form, you can click any ID number to see the release note enclosure in the Bug Toolkit on Cisco.com. A release note enclosure contains symptoms, conditions, and workaround information.

---

Note Before you install Performance Monitor, we recommend that you read and follow all of the relevant guidance in the Security Manager installation guide.

---

Contents

New and Changed Features in this Release

This section describes new and changed features in the Performance Monitor 3.1

•(New) Performance Monitor adds device support for Adaptive Security Appliance (ASA) 5505 and Firewall Services Module (FWSM) software release 3.2(1).

•(New) Integration of Performance Monitor 3.1 with Security Manager 3.1—Performance Monitor 3.1 can be configured as a status provider to Security Manager 3.1. As a status provider, Performance Monitor collects the status of events, such as VPN tunnels, device connectivity, and CPU usage threshold, and reports them to Security Manager. Performance Monitor, which is an external status provider, must be registered with Security Manager and needs to be authenticated by Security Manager to send status on events it is monitoring. You must add a device to both the Security Manager inventory and Performance Monitor and enable polling for the device in Performance Monitor for its status to be collected and displayed by the Security Manager client. Once credentials are authenticated, Security Manager begins to receive the status of events. You can use the Inventory Status window in the Security Manager GUI to view the events reported by status providers. See the User Guide for Cisco Security Manager 3.1 for more information.

Installation Requirements

You can use Performance Monitor as a standalone product or install it on the same server with Security Manager, Cisco Auto Update Server (AUS), RME, or all three. In any of these installations, you must also install Common Services 3.0.5, or Performance Monitor cannot work.

Performance Monitor by default uses SNMP trap port 162.

---

Note CiscoWorks Common Services 3.0.5 is required for Performance Monitor to work. You can install Performance Monitor only after you install Common Services from the Security Manager 3.1 installation DVD. Performance Monitor cannot coexist on a server with any patched or unpatched Common Services version earlier than 3.0.5.

---

Requirements for installation and operation vary in relation to the presence of other software on your server and according to the way you use Performance Monitor.

You can install Performance Monitor on a Windows-based server that uses one CPU or multiple CPUs.

Table 1 describes server requirements and restrictions.

Table 1 Installation Requirements and Restrictions 

Component	Minimum Requirement
System hardware	•IBM PC-compatible with a 2 GHz or faster processor. •Color monitor with at least 1024 x 768 resolution and a video card capable of 16-bit colors. •DVD-ROM drive. •100BaseT (100 Mbps) or faster network connection; single interface only. Note We do not support installations of Performance Monitor on servers with more than one network interface card (NIC). For related information, see IP Address. •Keyboard. •Mouse.
File system	NTFS.
Memory (RAM)	2 GB.
System software	One of the following:1 •Microsoft Windows 2003 Server: –Enterprise Edition with SP1. –Standard Edition with SP1. •Microsoft Windows 2000: –Advanced Server with SP4. –Server with SP4. –Professional with SP4. Tip In addition, client systems can use Microsoft Windows XP with SP1 or higher. Note Performance Monitor supports only the US-English and Japanese versions of Windows. Select Start > Settings > Control Panel > Regional Settings, then set the default locale. Microsoft ODBC Driver Manager 3.510 or later is also required, so that your server can work with Sybase database files. To confirm the installed ODBC version, find and right-click ODBC32.DLL, then select Properties from the shortcut menu. The file version is listed under the Version tab.2
Browser	One of the following: •Microsoft Internet Explorer 6.0 with SP1 (6.0.2800). •Mozilla 1.7.13.
Compression software	WinZip 9.0 or compatible.
Hard Drive Space	20 GB.
IP Address	One static IP address. If the server has more than one IP address, disable all but one address. The Performance Monitor installer displays a warning if it detects any dynamic IP addresses on the target server. Dynamic addresses are not supported.

1 To confirm the installed Windows version from the Start menu, select Run, then enter either ver or winver. 2 Alternatively, after you install Performance Monitor, select Server > Admin from the Common Services desktop, click Selftest, then click Create. When the table is refreshed, click the newest entry in the SelfTest Server Information column. When the "Server Info" window opens, scroll to the odbc.pl section to see the installed ODBC version.

---

Caution Do not install this product on a primary or backup domain controller. We do not support any use of Common Services 3.0.5 on a Windows domain controller.

Do not install this product in an encrypted directory. Common Services 3.0.5 does not support directory encryption.

Do not install this product if Terminal Services is enabled in Application mode. In such a case, you must disable Terminal Services, then restart the server before you install. Common Services 3.0.5 supports only the Remote Administration mode for Terminal Services. To learn more about this restriction on your use of Terminal Services, see http://www.cisco.com/en/US/products/sw/cscowork/ps3996/products_installation_guide_chapter09186a00806ab808.html#wp1033369.

---

Scalability

The following table describes Performance Monitor scalability.

Table 2 Cisco Performance Monitor Scalability 

Number of devices	Supports up to 500 devices, including security contexts.
Number of users	Supports up to 5 simultaneous users.
VPN restrictions	•We recommend that you monitor only the hubs, not the spokes, in any hub-and-spoke VPNs that you monitor. •We recommend that you monitor no more than 5,000 VPNs.

Installing Performance Monitor

---

Note United States law requires Cisco Systems to limit access to any software that uses advanced encryption technologies. Therefore, you must have and use a Cisco.com user account to download the Performance Monitor installation utility.

---

You can install Performance Monitor on:

•A standalone server, after you install a supported version of Common Services.

•The same server on which you installed Security Manager, AUS, RME, or all three.

For related information, see Installation Requirements.

The Performance Monitor installation utility does not include Common Services, which you must install before you install Performance Monitor. You must use the Security Manager installer included in your Security Manager installation DVD to install Common Services. The Security Manager installer supports the installation of only Common Services if you do not want to run any other application on the server besides Performance Monitor, such as Security Manager or Auto Update Server.

The Performance Monitor license is a separate file from the Security Manager license file and includes the license for RME 4.0.5 too. The Security Manager media kit contains the Software License Claim Certificate for the Performance Monitor and RME. You can install the license either before or after you install Performance Monitor. For instructions on how to obtain and install the license file, see the User Guide for CiscoWorks Common Services 3.0.5 at the following URL: http://www.cisco.com/en/US/partner/products/sw/cscowork/ps3996/products_user_guide_chapter09186a00806fee93.html#wp386416.

You can install Performance Monitor from either the Security Manager DVD or Cisco.com. The following sections describe how to install Performance Monitor.

•Installing from the DVD

•Installing from Cisco.com

Installing from the DVD

This procedure describes how to install Performance Monitor from the Security Manager installation DVD.

Procedure

---

Step 1 Insert the DVD into the DVD-ROM drive.

Step 2 From the mcp3_1 folder, double-click Setup.exe to start the installation utility.

Step 3 Click Yes to confirm that you are installing Performance Monitor.

Step 4 Follow the prompts in the installation wizard.

Step 5 When you are prompted to select the licensing information, select Evaluation Only. You can install the license file either before or after you install Performance Monitor, but not during the installation process. You can use Performance Monitor for up to 90 days in evaluation mode without a license.

---

Note If you specify the permanent license file instead of selecting evaluation mode, a message appears stating that the license is invalid. For more information (CSCsi51149), log in to the Cisco Software Bug Toolkit at http://www.cisco.com/cgi-bin/Support/Bugtool/home.pl.

---

---

Installing from Cisco.com

This procedure describes how to install Performance Monitor from Cisco.com

Procedure

---

Step 1 Log in to your Cisco.com account at http://www.cisco.com/cgi-bin/login.

Step 2 Go to http://www.cisco.com/go/csmanager, then click Download Software.

Step 3 Download the installation utility for Performance Monitor, fcs-mcp-v3.1-w2k-k9.exe.

Step 4 To start the installation, double-click your downloaded copy of the utility, then follow the prompts.

Step 5 When you are prompted to select the licensing information, select Evaluation Only. You can install the license file either before or after you install Performance Monitor, but not during the installation process. You can use Performance Monitor for up to 90 days in evaluation mode without a license.

---

Note If you specify the permanent license file instead of selecting evaluation mode, a message appears stating that the license is invalid. For more information (CSCsi51149), log in to the Cisco Software Bug Toolkit at http://www.cisco.com/cgi-bin/Support/Bugtool/home.pl.

---

---

Uninstalling and Reinstalling Performance Monitor

---

Note To learn which data files are essential to Common Services operation and understand how to archive that data, see the Common Services online help or read the documentation on Cisco.com. We recommend that you back up copies of all essential data files from your server before you uninstall or reinstall Performance Monitor.

---

To uninstall or reinstall applications on your server, see:

•Uninstalling Performance Monitor

•Reinstalling Performance Monitor

Uninstalling Performance Monitor

---

Caution A server that is infected with a virus might be unstable after you uninstall software from it and reboot. If your server is not stable after an uninstallation and reboot, we recommend that you scan it for viruses and other kinds of malware.

---

Before You Begin

If any version of Windows Defender (which was known in its public beta test versions as both Microsoft AntiSpyware and Giant AntiSpyware) is installed, disable it before you uninstall Performance Monitor. Otherwise, the uninstallation application cannot run.

---

Step 1 Select Start > Programs > Cisco Security Manager > Uninstall Cisco Security Manager.

Step 2 From the list of applications, select Cisco Performance Monitor.

Step 3 (Optional) Select any other components to uninstall.

Step 4 Click Next twice.

The uninstaller removes Performance Monitor and every other component that you selected.

---

Note If a Windows command line prompt window is open in \CSCOpx\bin when you uninstall Performance Monitor, the uninstaller cannot delete \CSCOpx\bin. In this case, you can choose whether and how to delete the directory.

---

Step 5 Only after you uninstall Performance Monitor, Common Services, and all related applications, assuming that you uninstall all server applications:

a. If a folder exists at C:\Program Files\CSCOpx, delete, move, or rename the folder.

b. If the C:\CMFLOCK.TXT file exists, delete it.

c. Use a Registry editor to delete these Registry entries before you reinstall Performance Monitor or any related applications:

•My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Cisco\Resource Manager

•My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Cisco\MDC

---

Tip Although no reboot is required, we recommend that you reboot the server after an uninstallation so that Registry entries and running processes on the server are in a suitable state for a future reinstallation.

---

---

Note If the uninstallation causes an error, see the "Troubleshooting the Installation" chapter in Installation and Setup Guide for CiscoWorks Common Services 3.0.5 (Includes CiscoView) on Windows: http://www.cisco.com/en/US/products/sw/cscowork/ps3996/products_installation_guide_chapter09186a00806ba144_4container_ccmigration_09186a00806ab62a.html.

---

Step 6 (Optional) If you disabled Windows Defender before uninstalling Performance Monitor, reenable it now.

---

Reinstalling Performance Monitor

---

Caution Although the Security Manager installation utility performs a full, mandatory backup automatically if you use it to reinstall Security Manager, AUS, or Common Services, no such backup occurs when you use the Performance Monitor installation utility to reinstall Performance Monitor. We recommend that you follow the backup instructions in the Common Services online help before you reinstall Performance Monitor.

---

---

Note•If you install Common Services and Performance Monitor on a server, then reinstall Common Services later, you must also reinstall Performance Monitor.

•During reinstallation, you might see a warning message that says:

The application that you are installing requires new tasks to be registered with ACS. 
If you have already registered this application with ACS from another server, you do 
not need to register it again. However if you re-register the application, you will 
lose any custom roles that you had created earlier for this application in ACS.

In this case, log in to your Cisco.com account and see "CiscoWorks-ACS Task Registration During Upgrade and Re-installation" in Installation and Setup Guide for CiscoWorks Common Services 3.0.5 (Includes CiscoView) on Windows, at http://www.cisco.com/en/US/products/sw/cscowork/ps3996/products_installation_guide_chapter09186a00806ab7ee.html#wp1192068.

---

To reinstall Performance Monitor or related applications, see Installing Performance Monitor.

Known Problems

This section describes problems known to exist in this release of Performance Monitor.

---

Note•The problems and other issues in the following tables are known to affect Performance Monitor 3.1. However, some of the problems were found in releases of Monitoring Center for Performance 2.x, so their descriptions or headlines might contain obsolete terms and references. Any such terms and references apply to Performance Monitor as well.

•To obtain more information about known problems, click the ID number or use the Cisco Software Bug Toolkit at http://www.cisco.com/cgi-bin/Support/Bugtool/home.pl. (You will be prompted to log into Cisco.com.)

---

Table 3 Performance Monitor 3.1 Known Problems 

CSCeb57907 — Cannot import an SSL service module from a CSV file Description: If you try to import a CSV file that contains the IP address of an SSL service module, the SSL service module is not validated.

CSCec17725 — SNMP version 2 traps are required for interface-down events Description: If you use SNMP version 1 traps for linkUp and linkDown, Performance Monitor cannot generate events in response to changes to the state of an interface.

CSCec28656 — 32 KB-rows in a User Session report take 5 minutes or more to load Description: If the search result is more than 10,000 entries, the User Session report takes 5 minutes or more to load.

CSCec28918 — User logged in once but two sessions are displayed in the report Description: The User Session report displays two sessions for the same user even though the user logged in only once within the time selected for the report.

CSCec49471 — User session state marked Active instead of Completed Description: If a completed user session remains in an active state, the User Session report shows two or more sessions with the same username, IP address, and VPN device name.

CSCed36700 — STS: no CPU/mem usage for 831/803 with 12.3(2)T and 12.3(5b)f Description: CPU usage values are not available for a Cisco 800 Series router. A known problem in Cisco IOS prevents Performance Monitor from displaying these statistics.

CSCed57697 — Page Not Found error appears when you start Performance Monitor Description: You see a Page Not Found error when you try to start Performance Monitor from a supported browser.

CSCed68244 — Performance Monitor cannot clear Interface State event in PIX failover Description: If a PIX device is configured as part of a failover pair, Performance Monitor misinterprets some of the syslog information it receives.

CSCee59388 — Cannot see load-balancing Interface Down event Description: The load-balancing Interface Down event is not displayed in the event browser.

CSCeh54686 — A multi-homed Performance Monitor server cannot monitor imported devices Description: If your Performance Monitor server has more than one NIC, you cannot monitor devices that you import.

CSCsa48691 — Import operation does not seem to finish Description: After you import a device, the GUI describes the status as Running and the import does not seem to finish.

CSCsc43213 — Performance Monitor doesn't discover all security contexts Description: Some security contexts (virtual firewalls) do not appear if you select Monitor > Firewall.

CSCsc95585 — Different CPU usage shown for PIX in STS and Firewall monitoring pages Description: The reported CPU usage levels for a PIX appliance show different values under Monitor > Site-to-Site and Monitor > Firewall because we use two polling methods instead of one.

CSCsd28035 — Tunnel table is empty for Easy VPN server Description: If you select Monitor > Site-to-Site VPN, then click Tunnels in the TOC, the displayed information does not include Easy VPN tunnels that are configured on IOS routers.

CSCse11165 — No memory usage data available for VPN 3000 concentrators Description: VPN 3000 Series concentrators do not provide any way to poll memory usage statistics. Therefore, if you select Monitor > Site-to-Site VPN, the displayed Memory Usage % value for these concentrators is always zero.

CSCse17747 — SNMP access outage on VPN SPA doesn't generate event Description: Performance Monitor does not display any Critical Problems or events to show that it has stopped polling a VPN Shared Port Adapter (VPN SPA) on which SNMP community string values have changed.

CSCse61189 — An error message misrepresents how you obtain a valid license file Description: An error message tells you to obtain a Performance Monitor license from Cisco.com, but your license file is on your Security Manager installation DVD.

CSCsc95489 — Unable to monitor Easy VPN tunnels on PIX 6.3 Description: If you select Monitor > Remote Access VPN, the displayed information does not include Easy VPN tunnels that are configured on PIX 6.3 devices.

CSCsh71213—Software Updates page shows incorrect version number of Perf. Monitor Description: After you install Performance Monitor 3.1 on a server that runs Security Manager 3.1, the version of Performance Monitor is incorrectly displayed as 3.0 in the Products Installed dialog box on the Software Updates page of the Common Services GUI.

CSCsi29103—License error with Perf. Monitor after restoring 3.1 Security Manager DB Description: When you restore a Security Manager 3.1 database from one server to another server and start Performance Monitor from the Cisco Security Management Suite page, an invalid license error is displayed because the Security Manager database does not contain information pertaining to the Performance Monitor database.

CSCsi51149—Specifying Performance Monitor license file during installation fails Description: Although the Performance Monitor installer includes a panel to specify the Performance Monitor license file, a message is displayed that the license is invalid when you specify the file.

Related Documentation

Table 4 describes product documentation that is available for Cisco Security Manager and related applications. For information on ordering printed documents, see Obtaining Documentation, Obtaining Support, and Security Guidelines.

---

Note In cases where a published document has not changed since the release of Performance Monitor 3.0 version, its title might specify the release number for that version even though the document applies equally to the 3.1 release.

---

Table 4 Product Documentation 

Document Title	Available Formats
Cisco Security Manager 3.1; Cisco Auto Update Server 3.1
Installation Guide for Cisco Security Manager 3.1	•PDF on the product DVD-ROM. •On Cisco.com at this URL: http://www.cisco.com/en/US/products/ps6498/prod_installation_guides_list.html
User Guide for Cisco Security Manager 3.1	•PDF on the product DVD-ROM. •On Cisco.com at this URL: http://www.cisco.com/en/US/products/ps6498/products_user_guide_list.html
Supported Devices and Software Versions for Cisco Security Manager 3.1	On Cisco.com at this URL: http://www.cisco.com/en/US/products/ps6498/products_device_support_tables_list.html
FAQs and Troubleshooting Guide for Cisco Security Manager 3.x	On Cisco.com at this URL: http://www.cisco.com/en/US/products/ps6498/prod_troubleshooting_guides_list.html
User Guide for Auto Update Server 3.1	On Cisco.com at this URL: http://www.cisco.com/en/US/products/ps6498/products_user_guide_list.html
Supported Devices and Software Versions for Auto Update Server 3.0	On Cisco.com at this URL: http://www.cisco.com/en/US/products/ps6498/products_device_support_tables_list.html
Context-sensitive online help	Click the Help button in a window or dialog box.
Cisco Performance Monitor 3.0 and 3.1
Installation and Release Notes for Cisco Performance Monitor 3.1 (this document)	On Cisco.com at this URL: http://www.cisco.com/en/US/products/ps6498/products_release_and_installation_notes09186a00807ebd19.html
User Guide for Cisco Performance Monitor 3.0	On Cisco.com at this URL: http://www.cisco.com/en/US/products/ps6498/products_user_guide_book09186a00806b7a60.html
Supported Devices and Software Versions for Cisco Performance Monitor 3.1	On Cisco.com at this URL: http://www.cisco.com/en/US/products/ps6498/products_device_support_table09186a00807ebd3e.html
Context-sensitive online help	Click the Help button in a window or dialog box.

Obtaining Documentation, Obtaining Support, and Security Guidelines

For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

This document is to be used in conjunction with other documentation for Cisco Performance Monitor 3.1 listed in Related Documentation. See http://www.cisco.com/go/csmanager.

CCVP, the Cisco Logo, and the Cisco Square Bridge logo are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networking Academy, Network Registrar, Packet, PIX, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0704R)

© 2002-2007 Cisco Systems, Inc. All rights reserved.