CiscoWorks VPN/Security Management Solution (VMS)


 

 

 

 

 

 

Introduction

This web page is about the CiscoWorks VPN/Security Management Solution, or VMS, which is a sub-set of applications in the CiscoWorks extended family, and which function as a set of management tools which focus on various aspects of network security.

I don`t have access to VMS, so again, this page is an overview of VMS, the information having been gleaned from various websites.

 

The various applications

There are nine applications in this subset, and they are :-

 

  • Management Center for Firewalls - for the large-scale deployment of Cisco firewalls - includes Smart Rules, which applies rules to multiple devices

  • Auto Update Server Software - additional functionality for managing firewalls

  • Management Center for IDS Sensors - includes a powerful signature management feature

  • Management Center for Cisco Security Agents - for implementation of corporate security policies on hosts - can manage thousands of hosts

  • Management Center for VPN Routers - for managing large numbers of VPN connections

  • Monitoring Center for Security - for integrated monitoring to allow a comprehensive view of network security

  • Monitoring Center for Performance - monitoring and troubleshooting the health and performance of security and VPN devices

  • Resource Manager Essentials - enables a comprehensive network inventory, reports on changes, and management of software updates to multiple devices

  • Common Services Software - used for user accounts, logins, access levels, roles - as described in my previous web page about CiscoWorks

 

No longer available

At the time of writing, CiscoWorks VMS is no longer a current product, and is now in maintenance mode. It has been replaced mainly by a new product, Cisco Security Manager.

 

Server based

All these applications are server based, and Cisco have versions of all the applications to run on Wndows server, or on Solaris - all the applications that is except one - for some reason Cisco never produced a version of the Management Center for Cisco Security Agents application to run on Solaris.

CiscoWorks VMS runs web servers on the hosting server, and there can be conflicts between CiscoWorks VMS and Microsoft IIS - it is recommended to not run IIS on the server on which CiscoWorks is installed.

In addition, there is a conflict between CiscoWorks VMS and Terminal Services, so Terminal Services should not be run on the server either. It looks like CiscoWorks VMS is best run on a dedicated server.

In fact, according to a Cisco pdf file dated 2005, CiscoWorks VMS doesn`t need an MS Windows Server platform running on the server hardware - VMS will run on MS Windows 2000 Professional, as well as on the Windows Server platforms.

VMS is quite greedy with memory however, whereas Windows 2000 would run with 32 MB of memory, VMS need 1 GB, and 2 GB of virtual memory - Windows 2000 uses 32 bit memory addressing, so can handle up to 4 GB of memory.

 

Port numbers

The default port numbers used include :-

 

  • 443 - Common Services web server - SSL

  • 1751 - Common Services web server

  • 1741 - Common Management Foundation (CMF) web server

  • 1742 - CMF web server (only used if the desktop itself is in SSL mode)

 

Some port numbers can be reset during the installation, but I am not sure if these ones above are included in this.

 

Passwords

There seem to be an issue with passwords, when using Windows servers, in that the password for the user account on Windows that was used to install VMS has to be the same as the password for starting various services associated with the Common Services application - the services are

 

  • CW2000 Device Agent Framework

  • CW2000 KRS Database

  • CW2000 Lock Manager

  • CW2000 Tomcat Servlet Engine

 

Password synchronisation is automatic during the installation, however if the user password on Windows is changed, then the service passwords have to be manually changed as well.

 

Administration access rights

The above services may not start if the person installing the Common Services application had domain administration access rights, but not local administration access rights. The installation has to be done by somebody with local administration rights.

 

Supported Cisco devices

CiscoWorks VMS supports the configurationn and management of the following Cisco network devices :-

 

  • Cisco PIX firewalls

  • Cisco IOS routers

  • Cisco Catalyst 6500 series security modules

  • Cisco security agents

  • Cisco IDS devices

 

The client side

I think that again, user access is via a web browser - and the version of Java installed on the client host is important. Login may not be possible if the wrong version of Java Runtime Environment ( JRE ) is installed.

I haven`t seen reference to this, but I assume that since VMS uses the Common Services application, users can be allocated a "role", just as with other CiscoWorks application bundles.

 


© 2009 Ron Turner


Return to the Cisco index page