The Cisco® Proactive Automation of Change Execution (PACE) solution combines products and services that accelerate operational success by helping IT organizations to securely automate and control changes and configurations in their networks. The solution allows medium-sized and large enterprises to meet compliance requirements, accelerate growth, ensure business continuity, and increase user productivity.
In addition, the Cisco PACE solution and Cisco Network Application Performance Analysis Solution (NAPAS) together provide a lifecycle approach to network management. The Cisco NAPAS helps meet the complex requirements of today's technologies and business demands by allowing customers to proactively plan for future requirements and quickly respond to current application-performance issues. The Cisco PACE solution addresses the need to comply with external and internal market standards, and the constant need for securely controlled configuration change management. Combined, the Cisco PACE and Cisco NAPA Solutions meet the operational and business needs of Cisco customers and allow them to grow, adapt, and deploy new services efficiently and effectively to the end client.
BENEFITS
The Cisco PACE solution includes the following benefits:
• Provides centralized security management with policy enforcement and provisioning capabilities to control access to network components and data
• Allows maintaining continuous compliance in an easier, faster, less expensive way, which lessens operational overhead
• Provides detailed reports of compliance violations for faster resolution of compliance violations
• Facilitates auditing, responding, and reporting of network configuration and compliance issues for faster issue response time and resolution
• Improves the availability of services by controlling changes made to the network infrastructure
• Can automate network changes to decrease configuration errors made in the network, which decreases time spent by IT staff on configuration changes
• Cisco services provide easier integration and comprehensive support
SOLUTION OFFERING
The Cisco PACE solution offers several features to help enterprises adhere to compliance policies while providing highly secure control over network and information changes such as:
• Secure control of devices: Device control is provided by the security features built into each of the Cisco PACE components. Cisco Secure Access Control Server (ACS) provides centralized network authentication, authorization, accounting, and administration command authorization controls. CiscoWorks Network Compliance Manager (NCM) provides administrator roles and security compliance checks with automated remediation. CiscoWorks LAN Management Solution (LMS) provides Cisco Secure ACS integrated roles. Cisco Configuration Assurance Solution (CAS) provides comprehensive network-level analysis and reporting using a high-fidelity model of the network built by extracting data from multiple Cisco and third-party sources.
• Detailed compliance reporting: Cisco PACE customers can easily check their network configurations for compliance with Sarbanes Oxley (SOX) Act, Control Objectives for Information and related Technology (COBIT), IT Infrastructure Library [ITIL], Gramm-Leach-Bliley Financial Modernization Act (GLBA), Visa Card Holder Information Security Program (Visa CISP), Payment Card Industry (PCI) Data Security Standards, Health Insurance Portability and Accountability Act (HIPAA), Committee of Sponsoring Organizations (COSO) of the Treadway Commission, and custom regulations. Complete audit reporting and rollback capability of all changes in the network provides detailed tracking for corporate auditors.
• Comprehensive analysis and validation reporting: Network analysis reports include security vulnerability, network resiliency, configuration trends, routing analytics, network design, and many more. By continuously monitoring the network, Cisco PACE prevents unwanted or conflicting changes, protects against misconfigurations, and proactively automates remediation.
• Consulting services: Cisco Advanced Services provide large and small enterprises alike with the specialized expertise they need to ensure a successful implementation of the Cisco PACE solution. Cisco Advanced Services includes the following:
– Operations consulting services: Assess, define, and optimize your network configuration and change-management processes
– Deployment services: Helping you to plan, design, implement, and operate the Cisco PACE solution
Table 1 lists the product options in the Cisco PACE solution.
Table 1.Cisco PACE Solution Products
Product
Description
Cisco Secure Access Control Server (ACS) for Windows and Cisco Secure ACS Solution Engine
Cisco Secure ACS provides a centralized identity networking solution and simplified user management experience across all Cisco devices and security management applications. Cisco Secure ACS helps to ensure enforcement of assigned policies by allowing network administrators to control user access into the network, the level of user privilege in the network, audit and account billing access, and access and command controls that are enabled for each configuration's administrator. It acts as a policy decision point in NAC deployments, evaluating credentials, determining the state of the host, and sending out per-user authorization to the network access devices.
CiscoWorks Network Compliance Manager (NCM)
CiscoWorks NCM tracks and regulates configuration and software changes throughout a multi-vendor network infrastructure. It provides unparalleled visibility into network changes and can track compliance with a broad variety of regulatory, IT, corporate governance, and technology best practices.
CiscoWorks LAN Management Solution (LMS) with CiscoWorks Resource Manager Essentials (RME) and CiscoWorks Campus Manager
• CiscoWorks LMS provides network management tools for simplifying the configuration, performance monitoring, and troubleshooting of Cisco devices in today's enterprises.
• CiscoWorks RME is a collection of device management applications used to manage the configurations, software updates, syslog activities, connectivity, and inventory information of Cisco switches, access servers, and routers.
• CiscoWorks Campus Manager provides powerful tools for discovering, configuring, managing, understanding, and visualizing the complex physical and logical Layer 2 infrastructures.
Cisco Configuration Assurance Solution (CAS)
Automatically performs regular, systematic audits of the production network. Analyzes and validates network-level consistency by executing rules that audit the entire network, checking security vulnerabilities, IP addressing, route maps and attributes (such as QoS), regulatory compliance, and a wide variety of switching and routing protocols. Cisco CAS allows for scheduled, automated data import from CiscoWorks NCM and other sources to automatically generate a model of the network for high-performance analysis. Cisco CAS helps you improve network availability, security, and compliance with regulatory and IT governance requirements.
ORDERING INFORMATION
Table 2 lists the part numbers and descriptions for Cisco PACE solution components.
Table 2. Ordering Information for Cisco PACE Solution
Part Number
Description
CCAS-1.1-K9
Cisco Configuration Assurance Solution 1.1
CCAS-SPM-1.1-K9=
Cisco Configuration Assurance Solution 1.1 Service Provider Module. Requires purchase of Cisco Configuration Assurance Solution.
CWLMS-2.5-UR-K9
CiscoWorks LMS 2.5.1 Large Enterprise for Windows and Solaris; unrestricted device-usage license and one server-installation license.
CWLMS-2.5-URUP-K9
Upgrade kit for CiscoWorks LMS 1.x and Routed WAN Management Solution (RWAN) 1.x customers to CiscoWorks LMS 2.5.1 Large Enterprise for Windows and Solaris with unrestricted device-usage and one server-installation license.
CWLMS-DEC05URMR-K9
CiscoWorks LMS 2.5.1 Large Enterprise minor update kit for existing CiscoWorks LMS 2.x unrestricted device-usage customers with updates for Windows and Solaris to existing components and one server-installation license.
CWLMS-2.5-R-K9
CiscoWorks LMS 2.5.1 Large Enterprise for Windows and Solaris; unrestricted device-usage and one server-installation license.
CWLMS-2.5-RUP-K9
Upgrade from CiscoWorks LMS 1.x, RWAN 1.x, and Small Network Management Solution (SNMS) 1.x to CiscoWorks LMS 2.5 Enterprise for Windows and Solaris with 300-device restricted usage license and one server-installation license.
CWLMS-2.5-RCONV-K9
Upgrade for CiscoWorks LMS 2.5 Enterprise customers wanting to convert to LMS 2.5 Large Enterprise for Windows and Solaris with unrestricted device-usage license and one server-installation license.
CWLMS-DEC05RMR-K9
CiscoWorks LMS 2.5.1 Enterprise minor update kit for existing CiscoWorks LMS 2.5 restricted 300-device-usage customers and includes updates for Windows and Solaris to existing components and one server-installation license.
CWNCM-1.0-100-K9
CiscoWorks NCM 1.0 for up to 100 managed nodes
CWNCM-1.0-500-K9
CiscoWorks NCM 1.0 for up to 500 managed nodes
CWNCM-1.0-2.5K-K9
CiscoWorks NCM 1.0 for up to 2500 managed nodes
CWNCM-1.0-10K-K9
CiscoWorks NCM 1.0 for up to 10000 managed nodes
CWNCM-1.0-25K-K9
CiscoWorks NCM 1.0 for up to 25000 managed nodes
CWNCM-1.0HA1K-K9
CiscoWorks NCM 1.0 high-availability option for up to 1000 managed nodes
CWNCM-1.0HA5K-K9
CiscoWorks NCM 1.0 high-availability option for up to 5000 managed nodes
CWNCM-1.0HA25K-K9
CiscoWorks NCM 1.0 high-availability option for up to 25,000 managed nodes
CWNCM-1.0SAT-K9
CiscoWorks NCM satellite single-instance proxy for remote distribution
CSACS-4.0-WIN-K9
Cisco Secure ACS 4.0 for Windows
CSACS-4.0-WINUP-K9
Any Cisco Secure ACS version to ACS 4.0 for Windows
CSACSE-1113-K9
Cisco Secure ACS 4.0 Solution Engine
CSACSE-4.0-SWUP-K9
Any 111x appliance to Cisco Secure ACS Solution Engine 4.0 software
CSACSE-1113-UP-K9
Any Cisco Secure ACS version to ACS Solution Engine 4.0 1113 appliance
FOR MORE INFORMATION
For more information about the Cisco Proactive Automation of Change Execution solution, visit http://www.cisco.com/go/pace or contact your local account representative or send an e-mail to ask-cisco-pace@cisco.com.
