Installation Guide for Cisco Security Manager 3.0
Requirements and Dependencies
Download this chapter
Requirements and DependenciesRequirements and Dependencies
Download the complete book
Installation Guide for Cisco Security Manager 3.0Installation Guide for Cisco Security Manager 3.0 (PDF - 2 MB)
give_us_feedback

Table Of Contents

Requirements and Dependencies

Required Services and Ports

Server Requirements

Client Requirements


Requirements and Dependencies

You can choose to install and use Security Manager as a standalone product or in combination with several other Cisco security management applications — 
including optional applications that you can select in the Security Manager installer or download from Cisco.com. Requirements for installation and operation vary in relation to the presence of other software on the server and according to the way you use Security Manager.

CiscoWorks Common Services 3.0.3 is required for Security Manager to work. You install Common Services, and apply a special patch to it, automatically when you install Security Manager server software. Security Manager cannot coexist on a server with any patched or unpatched version of Common Services earlier than the patched version from the Security Manager installation DVD. For more information, see Common Services, and see either the Common Services online help or the Common Services documentation on Cisco.com at http://www.cisco.com/en/US/products/sw/cscowork/ps3996/.

Tip We recommend that you synchronize the date and time settings on all your management servers and all managed devices in your network. One method is to use an NTP server. Synchronization is important if you want to correlate and analyze log file information from your network.

The sections in this chapter describe requirements and dependencies for installing Security Manager server and client software:

Required Services and Ports

Server Requirements

Client Requirements

Required Services and Ports

You must ensure that required TCP and UDP ports and their associated services are enabled for use by Security Manager and Common Services on the target server and are not used for any other purpose.

Tip To understand which server processes are associated with the applications that you install from the Security Manager installation DVD, see Verifying That Required Processes Are Running.

Table 2-1 sorts the required ports and services numerically, by port.

Table 2-1 Required Ports and Services 

Port Number
Protocol
Service Name
Traffic Direction

22

TCP

Secure Shell (SSH)

Outgoing

23

TCP

Telnet

Outgoing

69

UDP

Trivial File Transfer Protocol (TFTP)

Incoming and Outgoing

80

TCP

Hyper Text Transfer Protocol (HTTP)

Outgoing

161

UDP

Standard port for SNMP polling

Outgoing

162

UDP

Standard port for SNMP traps

Outgoing

4431

TCP

CiscoWorks HTTP server in SSL mode

Incoming

514

UDP

Syslog

Incoming

514

TCP

Remote Copy Protocol

Incoming and Outgoing

1683 (default)
1684 (alternate)

TCP

VisiBroker Internet Inter-ORB Protocol (IIOP) port for gatekeeper

Incoming and Outgoing

1741

TCP

CiscoWorks HTTP

Incoming

8088

TCP

HIPO port for CiscoWorks gatekeeper

Incoming and Outgoing

9007

TCP

Tomcat shutdown

Incoming

9009

TCP

Ajp13 connector used by Tomcat

Incoming

10033

TCP

Security Manager database

Incoming

40401

TCP

License Server

Incoming

42340

TCP

CiscoWorks Daemon Manager

Incoming and Outgoing

42342

UDP

Osagent

Incoming and Outgoing

43441

TCP

Database

Incoming

43457

TCP

IPS Database Engine

Incoming and Outgoing

40050 to 40070

TCP

Ports used by DCR and OGS

Incoming

42350 (default),
44350 (alternate)

UDP

Event Services Software Service

Incoming and Outgoing

42351 (default),
44351 (alternate)

TCP

Event Services Software Listening

Incoming and Outgoing

42352 (default),
44352 (alternate)

TCP

Event Services Software HTTP

Incoming and Outgoing

42353 (default),
44353 (alternate)

TCP

Event Services Software Routing

Incoming and Outgoing

50000 to 50020.

TCP

Common Services Transport Mechanism (CSTM)

Incoming

1 To share and exchange information with a Cisco Security Monitoring, Analysis, and Response System (Cisco Security MARS) appliance, Security Manager uses HTTPS over port 443 by default. You can choose whether to use a different port for this purpose.


Server Requirements

Note See Required Services and Ports, for a complete list of the service ports that you must enable in order to use your Security Manager server.

Tip We recommend that you install Security Manager on a dedicated server in a controlled environment. For additional best practices and related guidance, see "Preparing a Server for Installation."

You can install Security Manager on a Windows-based server that uses one CPU or multiple CPUs. Table 2-2 describes server requirements and restrictions.

Table 2-2 Server Requirements and Restrictions 

Component
Minimum Requirement

System hardware

IBM PC-compatible with a 2 GHz or faster processor.

Color monitor with at least 1024 x 768 resolution and a video card capable of 16-bit colors.

DVD-ROM drive.

100BaseT (100 Mbps) or faster network connection; single interface only.

Keyboard.

Mouse.

File system

NTFS.

Memory (RAM)

2 GB.

System software

One of the following:1

Microsoft Windows 2003 Server:

Enterprise Edition with SP1.

Standard Edition with SP1.

Microsoft Windows 2000:

Advanced Server with SP4.

Server with SP4.

Professional with SP4.

Note Security Manager supports only the US-English and Japanese versions of Windows. Select Start > Settings > Control Panel > Regional Settings, then set the default locale.

Microsoft ODBC Driver Manager 3.510 or later is also required, so your server can work with Sybase database files. To confirm the installed ODBC version, find and right-click ODBC32.DLL, then select Properties from the shortcut menu. The file version is listed under the Version tab.2

Browser

One of the following:

Microsoft Internet Explorer 6.0 (6.0.2600).

Microsoft Internet Explorer 6.0 with SP1 (6.0.2800).

Mozilla 1.7 or 1.7.5.

Compression software

WinZip 9.0 or compatible.

Hard Drive Space

20 GB.

IP Address

One static IP address.

If the server has more than one IP address, disable all but one address. The Security Manager installer displays a warning if it detects any dynamic IP addresses on the target server. Dynamic addresses are not supported.

1 To confirm the installed Windows version from the Start menu, select Run, then enter either ver or winver.

2 Alternatively after you install Security Manager, select Server > Admin from the Common Services desktop, click Selftest, then click Create. When the table is refreshed, click the newest entry in the SelfTest Server Information column. When the "Server Info" window opens, scroll to the odbc.pl section to see the installed ODBC version.


Caution Do not install this product on a primary or backup domain controller. We do not support any use of Common Services 3.0.3 on a Windows domain controller.

Do not install this product in an encrypted directory. Common Services 3.0.3 does not support directory encryption.

Do not install this product if Terminal Services is enabled in Application mode. In such a case, you must disable Terminal Services, then restart the server before you install. Common Services 3.0.3 supports only the Remote Administration mode for Terminal Services.

Client Requirements

Table 2-3 describes Security Manager Client requirements and restrictions.

Table 2-3 Client Requirements and Restrictions 

Component
Minimum Requirement

System hardware

IBM PC-compatible with a 1 Ghz or faster processor.

Color monitor with video card set to 24-bit color depth.

Tip An older video (graphics) card might fail to display the Security Manager GUI correctly until you upgrade its driver software. To test whether this problem might affect your client system, right-click My Computer, select Properties, select Hardware, click Device Manager, then expand the Display adapters entry. Double-click the entry for your adapter to learn what driver version it uses. When you know which card and driver are in use, go to the card manufacturer web site and check for any incompatibilities with the display of modern Java2 graphics libraries. In most cases where a known incompatibility exists, the manufacturer provides a method for obtaining and installing a compatible driver.

Keyboard.

Mouse.

Memory (RAM)

1 GB.

Virtual Memory/
Swap Space

512 MB.

Hard Drive Space

10 GB.

Operating System

One of the following:

Microsoft Windows XP Professional with SP1 or higher.

Microsoft Windows 2003:

Server Edition with SP1.

Enterprise Edition with SP1.

Microsoft Windows 2000:

Advanced Server with SP4.

Professional with SP4.

Note Security Manager Client supports only the US-English and Japanese versions of Windows. It does not support any other language version. Select Start > Settings > Control Panel > Regional Settings, then set the default locale to either US-English or Japanese.

Browser

One of the following:

Microsoft Internet Explorer 6.0 (6.0.2600).

Microsoft Internet Explorer 6.0 with SP1 (6.0.2800).

Mozilla 1.7 or 1.7.5.

Java

Security Manager Client includes an embedded and completely isolated version of Java. This Java version does not interfere with your browser settings or with other Java-based applications.

If you try to open IPS Manager but do not have the required version of Java, your Security Manager server will display a message that tells you how to download and install the required Java version.

Note To verify the installed versions of JVM and the Java plug-in, do one of the following:
 ·  (Internet Explorer) Select Tools > Sun Java Console.
 ·  (Mozilla)  Select Tools > Web Development > Java Console.
 ·  (From a prompt) Enter java -version.