Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

CiscoWorks CiscoView

CiscoView Device Manager for the Cisco Catalyst 6500 Series SSL Services Module

Downloads

DATA SHEET

The CiscoView Device Manager for the Cisco® Catalyst® 6500 Series SSL Services Module (SSLSM) is a device-management software application that helps users to easily configure Secure Sockets Layer (SSL) services on their SSLSM. A task-based tool that allows users to take advantage of the versatility of their SSLSM, it offers configuration wizards based on best practices in tasks such as setting up certificate Trustpoints and proxy services. CiscoView Device Manager is a free embedded manager that resides on the SSLSM Flash memory.

The CiscoView Device Manager Version 1.1 for the SSLSM includes the following new features:

• Upgraded certificate import, export, and Trustpoint wizards

• Visualization of Certification Hierarchy

• Proxy services statistics

KEY FEATURES AND BENEFITS

The Next Generation of Device-Embedded Solutions

The Cisco Catalyst 6500 Series SSL Services Module is a feature-rich, secure content-networking solution from Cisco Systems®. Managing a trustpoint on the SSLSM requires a high level of awareness of the public key infrastructure (PKI) as well as the command-line interface (CLI) for users to take advantage of its versatility. Typical challenges faced by users include importing certificate authority (CA) certificates, importing or generating key pairs, registering certificates with CAs, and checking the status of registered certificates.
The CiscoView Device Manager for the SSLSM manages several SSLSM features and helps users accomplish these tasks with ease. CiscoView Device Manager offers the following features:

• Customizable initial setup wizards

• Comprehensive configuration of SSL services using a single tool

CiscoView Device Manager (Figure 1) supports several features in the SSLSM, such as:

• Configuring certificate Trustpoints, proxy services, CA pools, and certificate access control lists (ACLs)

• Configuring SSL, TCP, header insertion, and URL rewrite policies

• Showing TCP and SSL statistics

• Visual indication of certificate status

• Grouping of Trustpoints by CA, enrollment status, and expiration date

Figure 1. CiscoView Device Manager for SSLSM Home Page

Wizards for Configuring Complex Tasks

CiscoView Device Manager for the SSLSM has enhanced its ability to provide end-to-end configurations completely through GUI tools by enhancing its wizards, which guide users through options that are available for configuring certificate Trustpoints and proxy services (Figure 2). This includes importing certificate and key pairs, configuring CA parameters, registering certificates with a CA, and checking certificate status.

Figure 2. Wizard-Based Configuration

Configuring PKI Management

The SSL protocol relies on certificates and public-private key pairs to provide authentication, privacy, and data integrity for data transactions. Setting up the PKI on the SSLSM is a primary requirement for enabling SSL services. CiscoView Device Manager simplifies the management of PKI by assisting with trustpoint management and key-pair management (Figure 3).

Figure 3. Trustpoint Configuration

Certificate management features allow users to import certificates and private keys, set up certificate Trustpoints, generate Certificate Signing Requests (CSRs), and enroll them with a CA. For N-tier certificates, CiscoView Device Manager supports import of the CA certificate chain and provides visualization of the certification hierarchy for the installed certificate chains. CiscoView Device Manager also allows users to delete certificates and export certificates from the SSLSM.
Key-pair management features allow users to generate new RSA (RSA Security---http://www.rsasecurity.com) key pairs, export key pairs from SSLSM, import RSA key pairs to SSLSM, and delete key pairs.

Configuring VLAN Management

CiscoView Device Manager allows users to view and modify VLAN configurations on the SSLSM.

Configuring Proxy Services

CiscoView Device Manager supports configuration of SSL proxy services. This includes viewing the configured proxy service status, creating new proxy services, and assigning certificates and policies to these services.

Configuring Policy Management

CiscoView Device Manager supports defining policies for proxy services. Policy templates help administrators refine the attributes associated with the SSL and TCP stack to suit their needs. The policies supported by CiscoView Device Manager include:

• TCP policy-Refines the TCP connection parameters

• SSL policy-Refines the SSL session parameters

• URL rewrite

• HTTP header insertion

Configuring Network Address Translation

CiscoView Device Manager supports the configuration of client Network Address Translation (NAT) pools and supports the configuration of server NAT.

Dynamic Grouping of Trustpoints

Dynamic grouping (Figure 4) is useful when several certificate Trustpoints are configured on an SSLSM. It allows users to group Trustpoints by CA, certificate expiration date, or the current status of certificates. This helps users, for example, to quickly locate certificates that expire in a particular month or all certificates issued by a specific CA.

Figure 4. Dynamic Grouping of Trustpoints

Table 1 lists the SSL features that CiscoView Device Manager supports.

Table 1. SSL Features Supported

Feature Category

Cisco 6500 Series SSLSM Features

Comments
PKI

Set up certificate Trustpoints and generate Certificate Signing Request (CSR)

• Simple Certificate Enrollment Protocol (SCEP) enrollment
• Manual enrollment
  

Install CA certificate chain

Certificate formats:

• X.509 PEM
• PKCS#7
  

Import certificates and private key to SSLSM

Certificate formats:

• X.509 PEM
• PKCS#12
• X.509 DER
• PKCS#7

Private key formats:

• PEM
• DER
• NET
  

Export certificates and private keys in bulk from SSLSM

  

View certification hierarchy

  

Set up CA pools for client and server certificate authentication

  

Set up certificate security attribute-based access control

  

Generate RSA key pairs

  

Zeroize (delete) RSA key pairs

  
Proxy Service

Import and export RSA key pairs

  

Setup server proxy

  
Policy

Set up client proxy and back-end encryption service

  

Setup TCP policy

  

Setup SSL policy

  

Setup URL rewrite policy

  
NAT

Setup HTTP header insertion policy

  

Setup NAT pools

  
Statistics

Setup VLANs on SSLSM

VLAN setup on the switch has to be performed using CiscoView Device Manager for the Cisco Catalyst 6500 Series

TCP

Basic statistics

SSL

Basic statistics

Table 2 lists the system specifications for the CiscoView Device Manager for SSLSM, and Table 3 lists the supported Cisco IOS® Software releases.

Table 2. System Specifications

Parameter

Specifications
Chassis Supported

Cisco Catalyst 6503, Catalyst 6503-E, Catalyst 6506, Catalyst 6506-E, Catalyst 6509, Catalyst 6509-E, Catalyst 6509 NEB, Catalyst 6509-NEB-A, Catalyst 6513
Supervisor Cards Supported

Catalyst 6500 Series supervisor engines, 2, and 720
Modules Supported

SSL Services Module, Content Switching Module with SSL
Client Operating System

Windows 2000 Professional with Service Pack 2, 3, and 4, Windows XP Service Pack 1, Solaris 2.8 and 2.9
Browsers

Internet Explorer 6.0 Service Pack 1 on Windows, Netscape Navigator 7.0 on Solaris, Netscape Navigator 7.1 on Windows, Mozilla Firefox 1.0 on Windows
Java Plug-In

Java Plug-in 1.4.2_06
Memory Requirements

Minimum 3 MB of free Flash memory on the SSLSM
Recommended Connection Speed

56 Kbps or higher

Table 3. Cisco IOS Software Release Support

Module

Cisco IOS Software Release

Software Release for Services Module
Cisco Catalyst 6500 Series Supervisor Engine IA or 2 with Multilayer Switch Feature Card I or 2

12.1(13)E, 12.1(19)E, 12.1(20)E, 12.1(22)E, 12.1(23)E, 12.1(26)E, 12.2(14)SY, 12.2(17d)SXB, 12.2(18)SXD

-
Catalyst 6500 Series Supervisor Engine 720

12.2(14)SX, 12.2(17a)SX, 12.2(17d)SXB, 12.2(18)SXD

-
CSM-S

12.2(18)SXD

1.1
SSL Service Module (SSLSM)

12.1(13)E, 12.1(19)E, 12.1(20)E, 12.1(22)E, 12.1(23)E, 12.1(26)E, 12.2(14)SX1, 12.2(17a)SX, 12.2(17d)SXB, 12.2(18)SXD

2.1 and later

ORDERING INFORMATION

CiscoView Device Manager for the Cisco Catalyst 6500 Series SSL Services Module is part of the CiscoView Device Manager suite of device-embedded management applications. These management solutions are available as downloadable files from Cisco.com or as part of the purchase of a Cisco Catalyst 6500 Series Switch through regular Cisco sales and distribution channels worldwide.
To place an order, visit the Cisco Ordering Home Page.

SERVICE AND SUPPORT

Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you to protect your network investment, optimize network operations, and prepare the network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, see Cisco Technical Support Services or Cisco Advanced Services.

FOR MORE INFORMATION

For more information about the CiscoView Device Manager applications, visit http://www.cisco.com/go/cvdm or contact your local Cisco account representative or send an e-mail to the Product Marketing group at ciscoworks@cisco.com.
Text Box: Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel: 408 526-4000 800 553-NETS (6387)Fax: 408 526-4100 European HeadquartersCisco Systems International BVHaarlerbergparkHaarlerbergweg 13-191101 CH AmsterdamThe Netherlandswww-europe.cisco.comTel: 31 0 20 357 1000Fax: 31 0 20 357 1100 Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel: 408 526-7660Fax: 408 527-0883 Asia Pacific HeadquartersCisco Systems, Inc.168 Robinson Road#28-01 Capital TowerSingapore 068912www.cisco.comTel: +65 6317 7777Fax: +65 6317 7799Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed onthe Cisco Website at www.cisco.com/go/offices.Argentina · Australia · Austria · Belgium · Brazil · Bulgaria · Canada · Chile · China PRC · Colombia · Costa Rica · Croatia · Cyprus Czech Republic · Denmark · Dubai, UAE · Finland · France · Germany · Greece · Hong Kong SAR · Hungary · India · Indonesia · Ireland · Israel Italy · Japan · Korea · Luxembourg · Malaysia · Mexico · The Netherlands · New Zealand · Norway · Peru · Philippines · Poland · Portugal Puerto Rico · Romania · Russia · Saudi Arabia · Scotland · Singapore · Slovakia · Slovenia · South Africa · Spain · Sweden · Switzerland · Taiwan Thailand · Turkey · Ukraine · United Kingdom · United States · Venezuela · Vietnam · ZimbabweCopyright 2005 Cisco Systems, Inc. All rights reserved. CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0502R) 205224.br_ETMG_LF_4.05Printed in the USA Text Box: Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel: 408 526-4000 800 553-NETS (6387)Fax: 408 526-4100 European HeadquartersCisco Systems International BVHaarlerbergparkHaarlerbergweg 13-191101 CH AmsterdamThe Netherlandswww-europe.cisco.comTel: 31 0 20 357 1000Fax: 31 0 20 357 1100 Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel: 408 526-7660Fax: 408 527-0883 Asia Pacific HeadquartersCisco Systems, Inc.168 Robinson Road#28-01 Capital TowerSingapore 068912www.cisco.comTel: +65 6317 7777Fax: +65 6317 7799Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed onthe Cisco Website at www.cisco.com/go/offices.Argentina · Australia · Austria · Belgium · Brazil · Bulgaria · Canada · Chile · China PRC · Colombia · Costa Rica · Croatia · Cyprus Czech Republic · Denmark · Dubai, UAE · Finland · France · Germany · Greece · Hong Kong SAR · Hungary · India · Indonesia · Ireland · Israel Italy · Japan · Korea · Luxembourg · Malaysia · Mexico · The Netherlands · New Zealand · Norway · Peru · Philippines · Poland · Portugal Puerto Rico · Romania · Russia · Saudi Arabia · Scotland · Singapore · Slovakia · Slovenia · South Africa · Spain · Sweden · Switzerland · Taiwan Thailand · Turkey · Ukraine · United Kingdom · United States · Venezuela · Vietnam · ZimbabweCopyright 2005 Cisco Systems, Inc. All rights reserved. CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0502R) 205224.br_ETMG_LF_4.05Printed in the USA