User Guide for Resource Manager Essentials

Transcription

1 User Guide for Resource Manager Essentials Software Release 3.4 CiscoWorks2000 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA USA Tel: NETS (6387) Fax: Customer Order Number: DOC = Text Part Number:

2 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB s public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iphone, IP/TV, iq Expertise, the iq logo, iq Net Readiness Scorecard, iquick Study, LightStream, Linksys, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0711R) Copyright 2002, Cisco Systems, Inc. All rights reserved.

3 CONTENTS Preface xi Audience xi Conventions xi Related Documentation xii Obtaining Documentation xiii World Wide Web xiii Ordering Documentation xiv Documentation Feedback xiv Obtaining Technical Assistance xv Cisco.com xv Technical Assistance Center xv Cisco TAC Web Site xvi Cisco TAC Escalation Center xvii PART 1 About Resource Manager Essentials CHAPTER 1 Overview 1-1 Features 1-2 Functional Architecture 1-7 CiscoWorks2000 Server 1-8 Essentials Database and Functions 1-9 Web Clients 1-9 Cisco.com 1-10 Getting Started 1-10 iii

4 Contents RME Functions 1-11 User Tasks 1-11 Administrative Tasks 1-12 Essentials Task Usage Workflow 1-12 General System Configuration 1-13 Supported Devices 1-14 Adding Functionality and Incremental Device Support 1-14 Time Zone Implementation 1-15 CHAPTER 2 Resource Manager Essentials Applications 2-1 Device Views 2-2 Types of Views 2-2 Setting Device Credentials 2-4 System Configuration 2-5 Availability 2-6 Benefits of Availability 2-6 Availability Functional Flow 2-7 Availability Workflow 2-8 Change Audit 2-10 Change Audit Functional Flow 2-11 Configuration Management 2-14 Benefits of Configuration Management 2-14 Configuration Management Functional Flow 2-15 Configuration Archive 2-18 NetConfig, Config Editor, and Network Show Commands 2-20 NetConfig Option 2-23 Benefits of Netconfig 2-24 Network Show Commands Option 2-27 Benefits of Network Show Commands 2-27 iv

5 Contents Config Editor Option 2-31 Benefits of Config Editor 2-31 Contract Connection 2-34 Contract Connection Workflow 2-35 Case Management 2-36 Inventory 2-37 Benefits of Inventory Management 2-37 Inventory Management Functional Flow 2-38 Job Approval 2-46 Job Approval Process 2-47 Software Management 2-49 Benefits of Software Management 2-49 Software Management Functional Flow 2-49 Syslog Analysis 2-55 Syslog Analysis Functional Flow 2-55 Syslog Analysis on Windows 2-57 Syslog Analysis Workflow 2-57 Syslog Vs Change Audit 2-58 CHAPTER 3 VPN Security Management Solution 3-1 Configuration Management Reports 3-2 Inventory Reports 3-2 VPN Syslog Analysis Reports 3-3 CHAPTER 4 Network Address Translation Support 4-1 Introducing NAT Support 4-2 Managing devices outside the NAT 4-3 v

6 Contents PART 2 Managing Your Network Scenarios CHAPTER 5 Monitoring Your Devices 5-1 What You Need Prerequisites 5-2 How To Do It Procedures 5-2 Determine Current Network Availability 5-2 View the Latest Syslog Messages 5-3 View a Custom Report 5-4 Where You Should End Up Verification 5-4 CHAPTER 6 Upgrading Your Device Software 6-1 What You Need Prerequisites 6-2 How To Do It Procedures 6-2 Perform the CCO Upgrade Analysis 6-3 Retrieve Software Images from CCO 6-4 Schedule the Software Image Upgrade 6-5 Track the Upgrade 6-7 Where You Should End Up Verification 6-8 CHAPTER 7 Performing Maintenance on Your Essentials Server 7-1 What You Need Prerequisites 7-2 How To Do It Procedures 7-2 Remove Records From the Change Audit Log 7-3 Remove Images From the Software Library 7-5 Remove Old Data From the Job Control Report 7-6 Add Unmanaged Devices to Inventory 7-6 Remove Configurations From the Archive 7-7 vi

7 Contents Where You Should End Up Verification 7-8 Verify Change Audit Log Records Are Removed 7-8 Verify Software Images Are Removed from the Library 7-8 Verify Old Data Is Removed from the Job Control Report 7-9 Verify Unmanaged Devices Are Added to Inventory 7-9 Verify Configurations Are Removed from the Archive 7-9 CHAPTER 8 Making a Device Configuration Change Using a Template 8-1 What You Need Prerequisites 8-2 How To Do It Procedures 8-2 Where You Should End Up Verification 8-4 CHAPTER 9 Configuring Multiple Devices 9-1 What You Need Prerequisites 9-2 How To Do It Procedures 9-2 Create a Template 9-2 Define a NetConfig Job 9-3 Where You Should End Up Verification 9-5 CHAPTER 10 Importing Device Data to Inventory 10-1 What You Need Prerequisites 10-2 How To Do It Procedures 10-3 Where You Should End Up Verification 10-4 CHAPTER 11 Managing PIX Devices through Proxy Server (Auto Update Server) 11-1 Importing Information from Proxy Server 11-2 What You Need Prerequisites 11-4 How To Do It Procedures 11-4 vii

8 Contents Importing Proxy Server 11-4 Distributing Images 11-5 Where You Should End Up Verification 11-5 CHAPTER 12 Checking Device Configuration Changes and Who Made Them 12-1 What You Need Prerequisites 12-2 How To Do It Procedures 12-2 Where You Should End Up Verification 12-3 CHAPTER 13 Creating a Syslog Custom Report 13-1 What You Need Prerequisites 13-2 How To Do It Procedures 13-2 Where You Should End Up Verification 13-3 CHAPTER 14 Maintaining Your Inventory Information 14-1 What You Need Prerequisites 14-2 How To Do It Procedures 14-2 Check the Contract Status on Network Devices 14-2 Update Device Serial Numbers 14-3 Where You Should End Up Verification 14-4 Verify the Contract Status on Network Devices 14-4 Verify Device Serial Numbers Are Updated 14-4 viii

9 Contents PART 3 Appendixes APPENDIX A Troubleshooting Essentials A-1 Change Audit FAQs A-2 Configuration Management A-2 Configuration Management FAQs A-2 Troubleshooting Configuration Management A-4 Contract Connection A-6 Contract Connection FAQs A-6 Inventory A-7 Inventory FAQs A-7 Troubleshooting Inventory A-9 Software Management A-13 Software Management FAQs A-13 Troubleshooting Software Management A-21 Syslog Analysis A-25 Syslog Analysis FAQs A-25 Troubleshooting Syslog Analysis A-27 CiscoWorks2000 Server A-34 CiscoWorks 2000 Server FAQs A-34 APPENDIX B File Import Format B-1 Comma-Separated Values (CSV) File B-2 Data Integration File (DIF) B-4 APPENDIX C Essentials Command Reference C-1 I NDEX ix

10 Contents x

11 Preface This manual describes Resource Manager Essentials, gives an overview of the applications that make up Resource Manager Essentials, provides conceptual information about network management, and describes common tasks you can accomplish with Resource Manager Essentials. It also contains troubleshooting information and realistic scenarios that demonstrate how you can use Resource Manager Essentials to manage and troubleshoot your network. Audience This guide provides descriptions and scenarios for system administrators, network managers, and other users who might or might not be familiar with Essentials. Many of the tools described are accessible to system administrators only. Conventions This document uses the following conventions: Item Commands and keywords Variables for which you supply values Displayed session and system information Convention boldface font italic font screen font xi

12 Related Documentation Preface Item Information you enter Variables you enter Menu items and button names Selecting a menu item Convention boldface screen font italic screen font boldface font Option > Network Preferences Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the publication. Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data. Related Documentation Note Although every effort has been made to validate the accuracy of the information in the printed and electronic documentation, you should also review the Resource Manager Essentials documentation on Cisco.com for any updates. The following additional documentation is available: Paper Documentation User Guide for CiscoWorks2000 Server Installation and Setup Guide for CD One on Solaris Installation and Setup Guide for CD One on Windows 2000 Installation and Setup Guide for Resource Manager Essentials on Solaris Installation and Setup Guide for Resource Manager Essentials on Windows 2000 xii

13 Preface Obtaining Documentation Release Notes for CD One, 5th Edition on Solaris Release Notes for CD One, 5th Edition on Windows 2000 Release Notes for Resource Manager Essentials 3.4 on Solaris Release Notes for Resource Manager Essentials 3.4 on Windows 2000 Online Documentation Context-sensitive online help You can access the help in two ways: Select an option from the navigation tree, then click Help. Click the Help button in the dialog box. PDF for: Installation and Setup Guide for Resource Manager Essentials on Solaris Installation and Setup Guide for Resource Manager Essentials on Windows 2000 Note Adobe Acrobat Reader 4.0 or later is required. Obtaining Documentation The following sections explain how to obtain documentation from Cisco Systems. World Wide Web You can access the most current Cisco documentation on the World Wide Web at the following URL: Translated documentation is available at the following URL: xiii

14 Obtaining Documentation Preface Ordering Documentation Cisco documentation is available in the following ways: Registered Cisco Direct Customers can order Cisco product documentation from the Networking Products MarketPlace: Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store: Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco corporate headquarters (California, USA) at or, elsewhere in North America, by calling NETS (6387). Documentation Feedback If you are reading Cisco product documentation on Cisco.com, you can submit technical comments electronically. Click Feedback at the top of the Cisco Documentation home page. After you complete the form, print it out and fax it to Cisco at You can your comments to bug-doc@cisco.com. To submit your comments by mail, use the response card behind the front cover of your document, or write to the following address: Cisco Systems Attn: Document Resource Connection 170 West Tasman Drive San Jose, CA We appreciate your comments. xiv

15 Preface Obtaining Technical Assistance Obtaining Technical Assistance Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools by using the Cisco Technical Assistance Center (TAC) Web Site. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC Web Site. Cisco.com Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information, networking solutions, services, programs, and resources at any time, from anywhere in the world. Cisco.com is a highly integrated Internet application and a powerful, easy-to-use tool that provides a broad range of features and services to help you to Streamline business processes and improve productivity Resolve technical issues with online support Download and test software packages Order Cisco learning materials and merchandise Register for online skill assessment, training, and certification programs You can self-register on Cisco.com to obtain customized information and service. To access Cisco.com, go to the following URL: Technical Assistance Center The Cisco TAC is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two types of support are available through the Cisco TAC: the Cisco TAC Web Site and the Cisco TAC Escalation Center. xv

16 Obtaining Technical Assistance Preface Cisco TAC Web Site Inquiries to Cisco TAC are categorized according to the urgency of the issue: Priority level 4 (P4) You need information or assistance concerning Cisco product capabilities, product installation, or basic product configuration. Priority level 3 (P3) Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue. Priority level 2 (P2) Your production network is severely degraded, affecting significant aspects of business operations. No workaround is available. Priority level 1 (P1) Your production network is down, and a critical impact to business operations will occur if service is not restored quickly. No workaround is available. Which Cisco TAC resource you choose is based on the priority of the problem and the conditions of service contracts, when applicable. The Cisco TAC Web Site allows you to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC Web Site, go to the following URL: All customers, partners, and resellers who have a valid Cisco services contract have complete access to the technical support resources on the Cisco TAC Web Site. The Cisco TAC Web Site requires a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to the following URL to register: If you cannot resolve your technical issues by using the Cisco TAC Web Site, and you are a Cisco.com registered user, you can open a case online by using the TAC Case Open tool at the following URL: If you have Internet access, it is recommended that you open P3 and P4 cases through the Cisco TAC Web Site. xvi

17 Preface Obtaining Technical Assistance Cisco TAC Escalation Center The Cisco TAC Escalation Center addresses issues that are classified as priority level 1 or priority level 2; these classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer will automatically open a case. To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to the following URL: Before calling, please check with your network operations center to determine the level of Cisco support services to which your company is entitled; for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). In addition, please have available your service agreement number and your product serial number. The Cisco TAC Escalation Center addresses issues that are classified as priority level 1 or priority level 2; these classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer will automatically open a case. To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to the following URL: Before calling, please check with your network operations center to determine the level of Cisco support services to which your company is entitled; for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). In addition, please have available your service agreement number and your product serial number. xvii

18 Obtaining Technical Assistance Preface xviii

19 P ART 1 About Resource Manager Essentials

20

21 CHAPTER 1 Overview The Resource Manager Essentials (Essentials) suite is part of the CiscoWorks2000 family of products. It is an enterprise solution to network management. This suite of web-based network management tools enables administrators to collect the monitoring, fault, and availability information needed to track devices critical to the network. Essentials is based on a client/server architecture that connects multiple web-based clients to a server on the network. As the number of network devices increases, additional servers or collection points can be added to manage network growth with little impact on the client browser application. By taking advantage of the scalability inherent in the intranet architecture, Essentials supports multiple users anywhere on the network. The web-based infrastructure gives network operators, administrators, technicians, Help Desk staff, IS managers, and end users access to network management tools, applications, and services. Essentials allows the network administrators to view and update the status and configuration of all Cisco devices from anywhere on the network through a standard Web browser as the Essentials client. Access can be limited by user account so that each user has access only to the specific functions and data he or she needs, thus increasing overall security and providing change-management control. 1-1

22 Features Chapter 1 Overview Essentials maintains a database of current network information. It can generate a variety of reports that can be used for troubleshooting and capacity planning. When devices are initially added to the Essentials inventory, the network administrator can schedule Essentials to periodically retrieve and update device information, such as hardware, software, and configuration files, to ensure that the most current network information is stored. In addition, Essentials automatically records any changes made to network devices, making it easy to identify when changes are made and by whom. Essentials applications provide the network monitoring and fault information you need for tracking devices that are critical to network uptime and application availability. They also provide tools that you can use to rapidly and reliably deploy Cisco software images and view configurations of Cisco routers and switches. Essentials applications, together with links to Cisco.com service and support, automate software maintenance to help you maintain and control your Enterprise network. Features Essentials works in conjunction with the CiscoWorks2000 Server, which contains a set of management services shared by multiple management applications. These management services are enabled when a suite is installed and an application that relies on one of these services is opened. If a particular suite of applications does not use a service or does not use a service to the fullest extent to which it is available, the service might not appear on the CiscoWorks2000 desktop. Essentials uses these CiscoWorks2000 services: Database engine and utilities Login and application-launching desktop Event Management Online help system Job Management Cisco Management Connection (CMC) 1-2

23 Chapter 1 Overview Features Process Management Security Web server For detailed information, see User Guide for CiscoWorks2000 Server. Table 1-1 lists Essentials applications in alphabetical order, not the order in which they appear in the navigation tree: Note Availability, Change Audit, Configuration Management, Software Management, Syslog Analysis, and VPN Management Solution applications are available, if Essentials is installed. Table 1-1 Essentials Applications Application Name Purpose Notes Availability Monitor the reachability and response time of user-selected devices on the network. Collect fault and performance information for routers and switches. Change Audit View and search a central repository of all network changes (for example, inventory, software management, and so on). Set up periods of time to monitor network changes. Maintain the repository. Convert changes into SNMP traps and forward them to your network management system. To use Availability options, select Resource Manager Essentials > Availability. To administer Availability options, select Resource Manager Essentials > Administration > Availability. To use Change Audit options, select Resource Manager Essentials > Change Audit. To administer Change Audit options, select Resource Manager Essentials > Administration > Change Audit. 1-3

24 Features Chapter 1 Overview Table 1-1 Essentials Applications (continued) Application Name Purpose Notes Configuration Management Contract Connection Maintain an active archive of device configuration files. Search the archive for configuration files based on criteria you specify. Create custom reports for repetitive tasks. Group configuration files and label them as a set. Make configuration changes to your managed network devices using NetConfig, Config Editor, and CWConfig. Create configuration templates using NetConfig. Edit configuration files stored in configuration archive and download files to devices using Config Editor, and CWConfig. Create network show command sets using NetShow. Assign users to network show command sets. Define and schedule batch reports using NetShow that can be executed at any time you specify. Verify which of your Cisco IOS devices are covered by a service contract To use Configuration Management options, select Resource Manager Essentials > Configuration Management. To administer Configuration Management options, select Resource Manager Essentials > Administration > Configuration Management. To use the cwconfig, cwconfig netconfig, cwconfig netshow and cwconfig netshowbatch commands, use the command line. To use Contract Connection, select Resource Manager Essentials > Contract Connection. Device Views Create device views for reports. To administer Device Views options, select Resource Manager Essentials > Administration > Device Views. 1-4

25 Chapter 1 Overview Features Table 1-1 Essentials Applications (continued) Application Name Purpose Notes Inventory Import devices from databases or files. Job Approval Export device information to files. Add, delete, change, and list devices in your network inventory. Schedule polling and collection to update your network inventory. Display reports and graphs of your hardware and software inventory, and create Inventory custom reports. Check and change device attributes. Display a Year 2000 compliance report. Allow other network management systems to manipulate Essentials devices. Install support for new devices and enhanced support for existing devices. Used by some applications to: Create and manage approver lists. Enable and disable Job Approval. Approve and reject jobs. To use Inventory options, select Resource Manager Essentials > Inventory. To administer Inventory options, select Resource Manager Essentials > Administration > Inventory. To administer Job Approval options, select Resource Manager Essentials > Administration > Job Approval. 1-5

26 Features Chapter 1 Overview Table 1-1 Essentials Applications (continued) Application Name Purpose Notes Software Management Analyze upgrade needs and perform upgrades for Cisco devices on your network. Schedule and download images from Cisco.com and maintain a local library of images. Validate images with devices before initiating downloads, define and monitor the progress of scheduled jobs. Compare images running on the devices in your network with the images on cisco.com. Syslog Analysis Troubleshoot and track device problems. System Configuration View summaries of real-time reports on events that are being logged to syslog on behalf of a router or switch. Process these messages to generate reports. Configure automatic actions that occur when certain message types are received. Change system-wide configuration for SNMP, SMTP, proxy, and rcp settings. To use Software Management options, select Resource Manager Essentials > Software Management. To administer Software Management options, select Resource Manager Essentials > Administration > Software Management. To use Syslog options, select Resource Manager Essentials > Syslog Analysis. To administer Syslog options, select Resource Manager Essentials > Administration > Syslog Analysis. To administer System Configuration options, select Resource Manager Essentials > Administration > System Configuration. 1-6

27 Chapter 1 Overview Functional Architecture Functional Architecture Essentials is based on a client-server architecture that allows multiple web-based clients to access a management server on the network. As the number of network devices increases, additional servers or collection points can easily be added with little impact on the client browser application, making it very scalable. The Essentials web-based infrastructure consists of the following main components: CiscoWorks2000 Server Essentials Database and Functions Web Clients Cisco.com 1-7

28 Functional Architecture Chapter 1 Overview See Figure 1-1 for a general view of the Essentials Functional Architecture: Figure 1-1 Essentials Functional Architecture Inventory database Contract connection Cisco.com Reports/output Configuration management Software management Inventory management Availability Case management Change audit services Syslog analysis Device navigator Data collector (Updates/changes) CiscoWorks2000 Server Essentials relies on the CiscoWorks2000 Server for common functions such as the database engine, online help, security, login, application launching, job and process management, and the Web server. This provides a common framework and interface for all CiscoWorks2000 products. For detailed information, see User Guide for CiscoWorks2000 Server. 1-8

29 Chapter 1 Overview Functional Architecture Note The CiscoWorks2000 Server (CD One) must be installed prior to installing Essentials. Essentials cannot run as a standalone application. In addition, the CiscoWorks2000 Server should remain on line at all times in order to poll devices, monitor events, and perform scheduled data collection. If the server goes down, there will be an interruption in the network management information gathered and stored in Essentials. Essentials Database and Functions Essentials stores all critical network management information in a central database, including device inventory, software images, configuration files, syslog messages, and change records. Essentials functions interact with the database and with network devices to collect information, display reports, and automate many repetitive network management tasks. Many Essentials functions can also be configured to periodically poll network devices and update the database automatically. Essentials uses common protocols such as Simple Network Management Protocol (SNMP), Telnet, Trivial File Transfer Protocol (TFTP), and remote copy protocol (rcp) to access devices and retrieve configuration files and software images from devices. Web Clients The server can be accessed from any client with appropriate system requirements. Essentials clients are platform independent, allowing a UNIX client to access an Windows server or a Windows client to access a UNIX server. The only client software required is a supported web browser, such as Netscape Navigator or Microsoft Internet Explorer. 1-9

30 Getting Started Chapter 1 Overview Cisco.com Essentials also connects to the Cisco.com system to obtain up-to-date product updates and technical assistance information. Access to Cisco.com is not required to use Essentials but will greatly enhance its capabilities. The following Essentials functions require access to Cisco.com, or provide enhanced features with access: Inventory management to produce Y2K compliance reports Software management to include software images from Cisco when planning and performing upgrades Availability to produce stack decode of abnormal device reloads Contract connection to check status of service contracts Case management to submit trouble tickets to Cisco Getting Started After you configure the devices, CiscoWorks2000 Server, and client, you must first invoke the CiscoWorks2000 desktop through a web browser and log in to access Essentials. After you have successfully logged into the server, the Login Manager dialog window changes to illustrate the major applications or functions installed. These applications or functions are organized in drawers. You can open a drawer and then view the various functions or open additional folders that hold more functions. When the Essentials software is installed on the CiscoWorks2000 Server, a new Resource Manager Essentials drawer is added to the CiscoWorks2000 desktop. The Resource Manager Essentials drawer contains folders and related tasks for each of the Essentials functions. In addition, the Device Navigator and Case Management functions are added to the Management Connection drawer and a VPN Management Solutions drawer is added to support reports directly related to active virtual private network (VPN) devices. 1-10

31 Chapter 1 Overview RME Functions RME Functions All CiscoWorks2000 and Essentials applications and services are provided and organized in drawers. When you open an application drawer, you will find functional group folders, and individual tasks. Open a folder, and you will find more functional group folders or individual tasks. RME functionality can be found in one of three drawers: Resource Manager Essentials (main drawer) VPN Management Solutions (reports specific to VPN enabled devices), and Management Connection (Case Management and Device Navigator) Each of the RME applications provides a set of features that can be used to simplify and automate many network management tasks. Within the Resource Manager Essentials drawer, tasks are divided into two categories: administrative tasks and user tasks. Locating a particular function within RME is often the most difficult part of using it. Note The tasks displayed in the Resource Manager Essentials drawer will vary, depending on the permissions assigned to your user ID. If you do not have permission to perform a particular task, the task will not show up in the navigation tree. Also, the order of tasks and folders may vary, depending on what other components of CiscoWorks2000 are loaded. User Tasks User tasks (reports) are grouped into appropriate functional folders seen when the Essentials drawer is first opened (main level). For example, to run the user task of creating or viewing a detailed device report for a set of devices, select Resource Manager Essentials > Inventory > Detailed Device Report. User tasks are often performed by multiple people on a daily basis to view network information and manage and monitor Cisco devices. 1-11

32 RME Functions Chapter 1 Overview Administrative Tasks Administrative tasks are also grouped by major functions, but are located in similar folders under the Administration folder. For example, to see the devices within the Essentials inventory, select Resource Manager Essentials > Administration > Inventory > List Devices. Administrative tasks should be performed by a central person and should need to be performed only once when the application is first set up, or infrequently when major changes are made to the network. Tip It is a good idea to open and close all Essentials folders to see where various tasks are located. Try closing folders after running a particular task to help navigation for the next task. Essentials Task Usage Workflow All Essentials tasks follow a simple task oriented workflow: Figure 1-2 Essentials Task Usage Workflow Open essentials drawer Select function Select task Select Devices (if applicable) Specify options/ parameters (task specific) View results Select a function (e.g., syslog analysis, configuration management) 2. Select a task (e.g., standard report, compare configurations) 3. Select the devices to be included in the operation (if applicable) 1-12

33 Chapter 1 Overview RME Functions 4. Specify the desired options or parameters (depending on the task) 5. View the results (e.g., display report, check job output). General System Configuration You must define several system parameters on the server to use some Essentials features. For example, if access to outside networks requires a proxy server, then you must define the proxy server address in Essentials in order to access Cisco.com from various Essentials functions. If you want to use to automatically notify network administrators when certain tasks and jobs are completed, then you must define your Simple Mail Transfer Protocol (SMTP) server in Essentials (Windows 2000 systems only). If you wish to use rcp (instead of TFTP) to retrieve configuration files or software images, you must define the rco username defined on the devices within Essentials. You must also verify the default SNMP timeout and retry values that will be used to poll and collect information from all devices in the inventory. These values might need to be adjusted, depending on the size of your network and the number of devices that are being polled. You must ensure that SNMP timeout values are higher than the average response time to most devices. In general, these values should be conversely related. For example, if you have a high timeout value, you should have a low number of retries or you could end up with long delays on the server waiting for SNMP messages to be processed. 1-13

34 Supported Devices Chapter 1 Overview To set up all these parameters, which are shared by many of the Essentials functions, follow these steps: Note The user must have the role of system administrator to perform this task. Step 1 Step 2 Select Resource Manager Essentials > Administration > System Configuration. Click each tab to configure the proxy, SNMP, SMTP, and rcp parameters. The SMTP tab will be available only on Windows 2000 machines because on UNIX the platform is the SMTP server. Supported Devices Devices supported by this suite of applications can be found in the CiscoWorks2000 navigation tree (select Server Configuration > Applications and Versions) or on cisco.com. Adding Functionality and Incremental Device Support If you have cisco.com access, you can go to the Essentials web page to download software enhancements and incremental device support (IDS). Consult the package readme files for additional information on installing new features and enhancements. Before performing the scenarios in this document, be sure your administrator has set up the Essentials applications and performed the administrator tasks described in the installation guide. If, for example, the proxy URL is not set, you might be unable to complete Essentials tasks outside your network. 1-14

35 Chapter 1 Overview Time Zone Implementation Time Zone Implementation Many time zones are supported in Essentials. However, it is important to note that Essentials applications that have scheduling and reporting functions and that produce a time stamp will vary depending on: Server and client Time stamps can differ between server and client if they are located in different time zones. (The client time zone is also called the local time zone.) Platforms Windows 2000 and UNIX servers support different time zones. They are not synchronized. Managed devices These support a particular time zone set, which might be different than the time zone set supported by the client or server. Programming languages Essentials applications are written in Perl, Java, and C++. You might see differences in menus and reports because each language uses a different set of time zone conversion libraries. 1-15

36 Time Zone Implementation Chapter 1 Overview 1-16

37 CHAPTER 2 Resource Manager Essentials Applications This chapter lists all the Essentials applications and the tasks that can be accomplished with each of these applications. The applications are: Device Views Availability Change Audit Configuration Management Contract Connection Case Management Inventory Job Approval Software Management Syslog Analysis 2-1

38 Device Views Chapter 2 Resource Manager Essentials Applications Device Views Essentials provides device views logical groupings that are used to specify a device or group of devices. You can define views to logically group devices into locations, types, or areas of responsibility. Device views allow you to quickly view reports on all devices of a certain type, or with specific characteristics, such as all Catalyst switches or all devices a user is responsible for. As almost every Essentials task requires the set of devices to be executed against, views provide a convenient way to create groups of devices. For example, before you can display an Inventory report, you must select the devices to be included in the report. Views can speed up the selection (instead of running the report for one device at a time). Note Essentials graphical user interface (GUI) performance may be affected if the number of devices in the selected view is too large. You should avoid setting all devices views when the number of devices in the inventory is large. You can use system views or create custom views to keep the number of devices in a view from growing too large. Creating a view using the Device Views application enables you to run reports for specific devices based on common attributes or user-defined characteristics. Types of Views Three categories of device views are available: System Views Predefined and available immediately after you install Essentials. System views include most major classes of Cisco devices. For example all Catalyst switches, all Cisco 7000 Series routers, and all SwitchProbes. Custom Views Defined by users and, when created, are available for use by anyone with the appropriate access to the server. PrivateViews Defined by users, but are available only to the user. 2-2

39 Chapter 2 Resource Manager Essentials Applications Device Views Two different types of views can be created within custom or private views: Dynamic Views Static Views Dynamic views are logical groups based on device attributes, such as device class or software version. The devices in a dynamic view can change based on the attribute value of devices in the Inventory. An example of a dynamic view is all devices with Cisco IOS Version Any device that currently has this attribute would be included in the device view. All system views are dynamic. Static views are logical groups based on user-defined characteristics. Static views include any devices that you add to the view. The members of the group do not change unless you manually add or remove devices. Use static view when you do not want the membership to change automatically. Figure 2-1 Device Views Predefined User defined System Custom Private Dynamic View Static View All Cisco IOS 12.0 devices Devices <user> is responsible for

40 Device Views Chapter 2 Resource Manager Essentials Applications Table 2-1 shows the tasks that you can accomplish with the Device Views application. Table 2-1 Device Views Tasks Task Purpose Action Add static views. Add dynamic views. Change static views. Create views to monitor a specific group of devices in your network inventory. Create views to monitor devices with common attributes, such as device type. Note Any new, managed device added to inventory that fits the listed attributes is automatically incorporated into the dynamic view. Select Resource Manager Essentials > Administration > Device Views > Add Static Views. Select Resource Manager Essentials > Administration > Device Views > Add Dynamic Views. Modify static views. Select Resource Manager Essentials > Administration > Device Views > Change Static Views. Delete views. Delete any views you have created. Select Resource Manager Essentials > Administration > Device Views > Delete Views. Browse dynamic views. Browse device membership. Determine which devices belong to the dynamic views. Determine which views a device belongs to. Select Resource Manager Essentials > Administration > Device Views> Browse Dynamic Views. Select Resource Manager Essentials > Administration > Device Views > Browse Device Membership. Setting Device Credentials Several important items must be configured correctly on every Cisco device that is going to be managed and monitored using Essentials. Details about each application and the tasks involved in setting the credentials are available later in this document. 2-4

41 Chapter 2 Resource Manager Essentials Applications System Configuration Table 2-2 lists all the applications and the device credentials required for proper functioning of the applications. Table 2-2 Applications and the Device Credentials Application Telnet Password Enable Password SNMP Read Only SNMP Read / Write NetConfig Required Required Required Not required NetShow Required Required Required Not required Config Editor Required Required Required Not required ChangeAudit Not required Not required Required Not required Configuration Required Required Required Not required Management (Telnet) Configuration Not required Not required Required Required Management (TFTP) Device Views Not required Not required Required Not required Inventory Not required Not required Required Not required SWIM Required 1 Required 1 Required Required Syslog Not required Not required Required Not required Availability Required Required Required Not required 1. Required in case of few devices. System Configuration System Configuration lets you configure system-wide information on the CiscoWorks2000 server. In this way, you can centrally locate information that is used by more than one Essentials application. Note Network administrators should perform these tasks with care. If errors occur, users may not be able to log in. Table 2-3 shows the tasks that you can accomplish with System Configuration. 2-5

42 Availability Chapter 2 Resource Manager Essentials Applications Table 2-3 System Configuration Tasks Task Purpose Action Set up a proxy URL. Define SNMP timeouts and retries. Define the SMTP server name. Define RCP usernames. Enable applications to connect to Cisco.com. If the server access to the outside world is controlled through a proxy server, this must be configured. Specifies the timeout value and the number of retries while querying devices for inventory collection. Add and modify command-line instructions to be run automatically whenever Syslog Analysis receives a specific message type. Specify the username to authenticate RCP transfers between the devices and the server for remote operations. Select Resource Manager Essentials > Administration > System Configuration, then select the Proxy tab. Select Resource Manager Essentials > Administration > System Configuration, then select the SNMP tab. Select Resource Manager Essentials > Administration > System Configuration, then select the SMTP tab. Select Resource Manager Essentials > Administration > System Configuration, then select the RCP tab. Availability The Availability application lets you monitor the reachability and response time of your network devices. You can view the availability of a selected group of devices, a summary of interface status, reports of reloads (reboots) and unreachable devices, and protocol distribution graphs. Benefits of Availability If you experience connectivity problems trying to reach certain resources or services on the network, one of the first things you must check is the status of a device. If a device is unreachable, you will want to find out when it was last operational and whether any abnormal reloads have occurred. This can be the first step in troubleshooting the exact location of the fault. Availability helps you track the reachability of devices on your network. 2-6

43 Chapter 2 Resource Manager Essentials Applications Availability The Availability application periodically polls selected devices to determine device reachability, interface status, and response times. Availability reports display the status of devices, show devices that are offline for more than three hours, and summarize the percentage of Layer 3 protocol traffic forwarded on each Layer 3 device. A Reloads Report shows the cause of the past five reloads for a device and includes a link to the Cisco.com stack decoder to help troubleshoot any device failures. Availability provides reports to quickly assess the status of selected devices on the network. Information can be tracked for all devices on the network, or only critical devices to reduce the load on the network and the network management system. Availability Functional Flow Before device availability information will be stored in Essentials, you must select the specific device views that needs to be monitored for Availability. When devices are selected to be included in Availability polling, Essentials will poll the devices according to the schedule set by the network administrator (only one schedule for all views). Devices will be polled for reachability, response time, interface status, reload, and protocol information. This information will be updated in the Availability database after each scheduled poll, and can be viewed by displaying Availability Reports. Historical information on reachability and response times is also stored in the Essentials database and can be displayed in trend graphs under Availability Monitor. 2-7

44 Availability Chapter 2 Resource Manager Essentials Applications Figure 2-2 Availability Functional Flow Poll selected devices Reports/output Device status Availability database Reachability Dashboard Availability Monitor Reloads Report Offline Device Report Protocol Distribution Graph Availability Workflow The Figure 2-3 depicts the Availability workflow and associated tasks within Essentials: In order to retrieve Availability information from devices, each device must be in the Essentials Inventory with the proper SNMP read community string attribute. Polling options must be set, including selecting which device views are going to be polled for availability information. When devices are selected, availability information can be viewed in any of the Availability Reports within Essentials. Information is automatically purged according to the options you set, so no ongoing maintenance is required. Figure 2-3 Availability Workflow Verify Device Requirements SNMP read community string Setup Select devices Change polling options View reports Availability reports 24-hour reports Device center

45 Chapter 2 Resource Manager Essentials Applications Availability Table 2-4 shows the tasks you can accomplish with the Availability application. Table 2-4 Availability Manager Tasks Task Purpose Action Set polling views and options. Change polling options. View the Reachability Dashboard. Monitor device availability. View the Reloads report. Select views to be monitored. You must do this before you can monitor device availability. If your system performance is degraded by availability polling, you can add more system resources, poll fewer devices, or poll less frequently. Select default Availability polling option values or to select new values from the drop-down list boxes. The polling options you set, apply to all Availability views. View device status for all views set for availability monitoring. The dashboard continuously reports: All views being polled and the number of devices in each view. Device names of all devices in each view and the time they last responded. Continuously monitor selected devices and access interface availability details. Display the most recent reloads (up to 5) for selected devices. The report shows the reason for each reload and when it occurred. Select Resource Manager Essentials > Administration > Availability > Change Polling Options. Select Resource Manager Essentials > Administration > Availability > Change Polling Options. Select Resource Manager Essentials > Availability > Reachability Dashboard. Select Resource Manager Essentials > Availability > Availability Monitor. Select Resource Manager Essentials > Availability > Reloads Report. To view reloads that occurred only within the past 24 hours, select Resource Manager Essentials > 24-Hour Reports > Reloads Report. 2-9