User Guide for Resource Manager Essentials

Corporate Headquarters

Cisco Systems, Inc.

User Guide for Resource Manager

Essentials

Software Release 3.4 CiscoWorks2000

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

User Guide for Resource Manager Essentials Copyright © 2002, Cisco Systems, Inc. All rights reserved.

CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0711R)

C O N T E N T S

Preface

xi

Audience

xi

Conventions

xi

Related Documentation

xii

Obtaining Documentation

xiii

World Wide Web

xiii

Ordering Documentation

xiv

Documentation Feedback

xiv

Obtaining Technical Assistance

xv

Cisco.com

xv

Technical Assistance Center

xv

Cisco TAC Web Site

xvi

Cisco TAC Escalation Center

xvii

P A R T 1

About Resource Manager Essentials

C H A P T E R 1

Overview

1-1

Features

1-2

Functional Architecture

1-7

CiscoWorks2000 Server

1-8

RME Functions

1-11

User Tasks

1-11

Administrative Tasks

1-12

Essentials Task Usage Workflow

1-12

General System Configuration

1-13

Supported Devices

1-14

Adding Functionality and Incremental Device Support

1-14

Time Zone Implementation

1-15

C H A P T E R 2

Resource Manager Essentials Applications

2-1

Device Views

2-2

Types of Views

2-2

Setting Device Credentials

2-4

System Configuration

2-5

Availability

2-6

Benefits of Availability

2-6

Availability Functional Flow

2-7

Availability Workflow

2-8

Change Audit

2-10

Change Audit Functional Flow

2-11

Configuration Management

2-14

Benefits of Configuration Management

2-14

Configuration Management Functional Flow

2-15

Configuration Archive

2-18

NetConfig, Config Editor, and Network Show Commands

2-20

NetConfig Option

2-23

Config Editor Option

2-31

Benefits of Config Editor

2-31

Contract Connection

2-34

Contract Connection Workflow

2-35

Case Management

2-36

Inventory

2-37

Benefits of Inventory Management

2-37

Inventory Management Functional Flow

2-38

Job Approval

2-46

Job Approval Process

2-47

Software Management

2-49

Benefits of Software Management

2-49

Software Management Functional Flow

2-49

Syslog Analysis

2-55

Syslog Analysis Functional Flow

2-55

Syslog Analysis on Windows

2-57

Syslog Analysis Workflow

2-57

Syslog Vs Change Audit

2-58

C H A P T E R 3

VPN Security Management Solution

3-1

Configuration Management Reports

3-2

Inventory Reports

3-2

VPN Syslog Analysis Reports

3-3

P A R T 2

Managing Your Network—Scenarios

C H A P T E R 5

Monitoring Your Devices

5-1

What You Need—Prerequisites

5-2

How To Do It—Procedures

5-2

Determine Current Network Availability

5-2

View the Latest Syslog Messages

5-3

View a Custom Report

5-4

Where You Should End Up—Verification

5-4

C H A P T E R 6

Upgrading Your Device Software

6-1

What You Need—Prerequisites

6-2

How To Do It—Procedures

6-2

Perform the CCO Upgrade Analysis

6-3

Retrieve Software Images from CCO

6-4

Schedule the Software Image Upgrade

6-5

Track the Upgrade

6-7

Where You Should End Up—Verification

6-8

C H A P T E R 7

Performing Maintenance on Your Essentials Server

7-1

What You Need—Prerequisites

7-2

How To Do It—Procedures

7-2

Remove Records From the Change Audit Log

7-3

Remove Images From the Software Library

7-5

Remove Old Data From the Job Control Report

7-6

Add Unmanaged Devices to Inventory

7-6

Where You Should End Up—Verification

7-8

Verify Change Audit Log Records Are Removed

7-8

Verify Software Images Are Removed from the Library

7-8

Verify Old Data Is Removed from the Job Control Report

7-9

Verify Unmanaged Devices Are Added to Inventory

7-9

Verify Configurations Are Removed from the Archive

7-9

C H A P T E R 8

Making a Device Configuration Change Using a Template

8-1

What You Need—Prerequisites

8-2

How To Do It—Procedures

8-2

Where You Should End Up—Verification

8-4

C H A P T E R 9

Configuring Multiple Devices

9-1

What You Need—Prerequisites

9-2

How To Do It—Procedures

9-2

Create a Template

9-2

Define a NetConfig Job

9-3

Where You Should End Up—Verification

9-5

C H A P T E R 10

Importing Device Data to Inventory

10-1

What You Need—Prerequisites

10-2

How To Do It—Procedures

10-3

Where You Should End Up—Verification

10-4

Importing Proxy Server

11-4

Distributing Images

11-5

Where You Should End Up—Verification

11-5

C H A P T E R 12

Checking Device Configuration Changes and Who Made Them

12-1

What You Need—Prerequisites

12-2

How To Do It—Procedures

12-2

Where You Should End Up—Verification

12-3

C H A P T E R 13

Creating a Syslog Custom Report

13-1

What You Need—Prerequisites

13-2

How To Do It—Procedures

13-2

Where You Should End Up—Verification

13-3

C H A P T E R 14

Maintaining Your Inventory Information

14-1

What You Need—Prerequisites

14-2

How To Do It—Procedures

14-2

Check the Contract Status on Network Devices

14-2

Update Device Serial Numbers

14-3

Where You Should End Up—Verification

14-4

Verify the Contract Status on Network Devices

14-4

P A R T 3

Appendixes

A P P E N D I X A

Troubleshooting Essentials

A-1

Change Audit FAQs

A-2

Configuration Management

A-2

Configuration Management FAQs

A-2

Troubleshooting Configuration Management

A-4

Contract Connection

A-6

Contract Connection FAQs

A-6

Inventory

A-7

Inventory FAQs

A-7

Troubleshooting Inventory

A-9

Software Management

A-13

Software Management FAQs

A-13

Troubleshooting Software Management

A-21

Syslog Analysis

A-25

Syslog Analysis FAQs

A-25

Troubleshooting Syslog Analysis

A-27

CiscoWorks2000 Server

A-34

CiscoWorks 2000 Server FAQs

A-34

A P P E N D I X B

File Import Format

B-1

Comma-Separated Values (CSV) File

B-2

Preface

This manual describes Resource Manager Essentials, gives an overview of the applications that make up Resource Manager Essentials, provides conceptual information about network management, and describes common tasks you can accomplish with Resource Manager Essentials. It also contains troubleshooting information and realistic scenarios that demonstrate how you can use Resource Manager Essentials to manage and troubleshoot your network.

Audience

This guide provides descriptions and scenarios for system administrators, network managers, and other users who might or might not be familiar with Essentials. Many of the tools described are accessible to system administrators only.

Conventions

This document uses the following conventions:

Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the publication.

Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.

Related Documentation

Note Although every effort has been made to validate the accuracy of the information in the printed and electronic documentation, you should also review the Resource Manager Essentials documentation on Cisco.com for any updates.

The following additional documentation is available:

Paper Documentation

• User Guide for CiscoWorks2000 Server

• Installation and Setup Guide for CD One on Solaris

• Installation and Setup Guide for CD One on Windows 2000

• Installation and Setup Guide for Resource Manager Essentials on Solaris

• Installation and Setup Guide for Resource Manager Essentials on Windows 2000

Information you enter boldface screen font

Variables you enter italic screen font

Menu items and button names boldface font

Selecting a menu item Option > Network Preferences

• Release Notes for CD One, 5th Edition on Solaris

• Release Notes for CD One, 5th Edition on Windows 2000

• Release Notes for Resource Manager Essentials 3.4 on Solaris

• Release Notes for Resource Manager Essentials 3.4 on Windows 2000

Online Documentation

• Context-sensitive online help You can access the help in two ways:

– Select an option from the navigation tree, then click Help.

– Click the Help button in the dialog box.

• PDF for:

– User Guide for Resource Manager Essentials

– Installation and Setup Guide for Resource Manager Essentials on Solaris

– Installation and Setup Guide for Resource Manager Essentials on Windows 2000

Note Adobe Acrobat Reader 4.0 or later is required.

Obtaining Documentation

The following sections explain how to obtain documentation from Cisco Systems.

World Wide Web

You can access the most current Cisco documentation on the World Wide Web at the following URL:

Ordering Documentation

Cisco documentation is available in the following ways:

• Registered Cisco Direct Customers can order Cisco product documentation from the Networking Products MarketPlace:

http://www.cisco.com/cgi-bin/order/order_root.pl

• Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store:

http://www.cisco.com/go/subscription

• Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco corporate headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling

800 553-NETS (6387).

Documentation Feedback

If you are reading Cisco product documentation on Cisco.com, you can submit technical comments electronically. Click Feedback at the top of the Cisco Documentation home page. After you complete the form, print it out and fax it to Cisco at 408 527-0730.

You can e-mail your comments to [email protected].

To submit your comments by mail, use the response card behind the front cover of your document, or write to the following address:

Cisco Systems

Attn: Document Resource Connection 170 West Tasman Drive

San Jose, CA 95134-9883 We appreciate your comments.

Obtaining Technical Assistance

Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools by usingthe Cisco Technical Assistance Center (TAC) Web Site. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC Web Site.

Cisco.com

Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information,networking solutions, services, programs, and resources at any time, from anywhere in the world. Cisco.com is a highly integrated Internet application and a powerful, easy-to-use tool that provides a broad range of features and services to help you to

• Streamline business processes and improve productivity

• Resolve technical issues with online support

• Download and test software packages

• Order Cisco learning materials and merchandise

• Register for online skill assessment, training, and certification programs You can self-register on Cisco.com to obtain customized information and service. To access Cisco.com, go to the following URL:

http://www.cisco.com

Technical Assistance Center

The Cisco TAC is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two types of support are available through the Cisco TAC: the Cisco TAC Web Site and the Cisco TAC Escalation Center.

Inquiries to Cisco TAC are categorized according to the urgency of the issue:

• Priority level 4 (P4)—You need information or assistance concerning Cisco product capabilities, product installation, or basic product configuration.

• Priority level 3 (P3)—Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue.

• Priority level 2 (P2)—Your production network is severely degraded, affecting significant aspects of business operations. No workaround is available.

• Priority level 1 (P1)—Your production network is down, and a critical impact to business operations will occur if service is not restored quickly. No workaround is available.

Which Cisco TAC resource you choose is based on the priority of the problem and the conditions of service contracts, when applicable.

Cisco TAC Web Site

The Cisco TAC Web Site allows you to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC Web Site, go to the following URL:

http://www.cisco.com/tac

All customers, partners, and resellers who have a valid Cisco services contract have complete access to the technical support resources on the Cisco TAC Web Site. The Cisco TAC Web Siterequires a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to the following URL to register:

http://www.cisco.com/register/

If you cannot resolve your technical issues by using the Cisco TAC Web Site, and you are a Cisco.com registered user, you can open a case online by using the TAC Case Open tool at the following URL:

http://www.cisco.com/tac/caseopen

If you have Internet access, it is recommended that you open P3 and P4 cases through the Cisco TAC Web Site.

Cisco TAC Escalation Center

The Cisco TAC Escalation Center addresses issues that are classified as priority level 1 or priority level 2; these classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer will

automatically open a case.

To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to the following URL:

http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml

Before calling, please check with your network operationscenter to determine the level of Cisco support services to which your company is entitled; for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). In addition, please have available your service agreement number and your product serial number.

The Cisco TAC Escalation Center addresses issues that are classified as priority level 1 or priority level 2; these classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer will

automatically open a case.

To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to the following URL:

http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml

Before calling, please check with your network operationscenter to determine the level of Cisco support services to which your company is entitled; for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). In addition, please have available your service agreement number and your product serial number.

P

1

C H A P T E R

1

Overview

The Resource Manager Essentials (Essentials) suite is part of the

CiscoWorks2000 family of products. It is an enterprise solution to network management. This suite of web-based network management tools enables administrators to collect the monitoring, fault, and availability information needed to track devices critical to the network. Essentials is based on a

client/server architecture that connects multiple web-based clients to a server on the network. As the number of network devices increases, additional servers or collection points can be added to manage network growth with little impact on the client browser application.

By taking advantage of the scalability inherent in the intranet architecture, Essentials supports multiple users anywhere on the network. The web-based infrastructure gives network operators, administrators, technicians, Help Desk staff, IS managers, and end users access to network management tools, applications, and services.

Essentials allows the network administrators to view and update the status and configuration of all Cisco devices from anywhere on the network through a standard Web browser as the Essentials client. Access can be limited by user account so that each user has access only to the specific functions and data he or she needs, thus increasing overall security and providing change-management control.

Essentials maintains a database of current network information. It can generate a variety of reports that can be used for troubleshooting and capacity planning. When devices are initially added to the Essentials inventory, the network administrator can schedule Essentials to periodically retrieve and update device information, such as hardware, software, and configuration files, to ensure that the most current network information is stored. In addition, Essentials automatically records any changes made to network devices, making it easy to identify when changes are made and by whom.

Essentials applications provide the network monitoring and fault information you need for tracking devices that are critical to network uptime and application availability. They also provide tools that you can use to rapidly and reliably deploy Cisco software images and view configurations of Cisco routers and switches. Essentials applications, together with links to Cisco.com service and support, automate software maintenance to help you maintain and control your Enterprise network.

Features

Essentials works in conjunction with the CiscoWorks2000 Server, which contains a set of management services shared by multiple management applications. These management services are enabled when a suite is installed and an application that relies on one of these services is opened.

If a particular suite of applications does not use a service or does not use a service to the fullest extent to which it is available, the service might not appear on the CiscoWorks2000 desktop.

Essentials uses these CiscoWorks2000 services:

• Database engine and utilities

• Login and application-launching desktop

• Event Management

• Online help system

• Job Management

• Process Management

• Security

• Web server

For detailed information, see User Guide for CiscoWorks2000 Server.

Table 1-1 lists Essentials applications in alphabetical order, not the order in which they appear in the navigation tree:

Note Availability, Change Audit, Configuration Management, Software Management, Syslog Analysis, and VPN Management Solution applications are available, if Essentials is installed.

Table 1-1 Essentials Applications

Application Name Purpose Notes

Availability • Monitor the reachability and response time of user-selected devices on the network.

• Collect fault and performance information for routers and switches.

To use Availability options, select Resource Manager Essentials > Availability.

To administer Availability options, select Resource Manager

Essentials > Administration > Availability.

Change Audit • View and search a central repository of all network changes (for example, inventory, software management, and so on).

• Set up periods of time to monitor network changes.

• Maintain the repository.

• Convert changes into SNMP traps and forward them to your network

To use Change Audit options, select Resource Manager Essentials > Change Audit. To administer Change Audit options, select Resource Manager Essentials > Administration > Change Audit.

Configuration Management

• Maintain an active archive of device configuration files.

• Search the archive for configuration files based on criteria you specify.

• Create custom reports for repetitive tasks.

• Group configuration files and label them as a set.

• Make configuration changes to your managed network devices using NetConfig, Config Editor, and CWConfig.

• Create configuration templates using NetConfig.

• Edit configuration files stored in configuration archive and download files to devices using Config Editor, and CWConfig.

• Create network show command sets using NetShow.

• Assign users to network show command sets.

• Define and schedule batch reports using NetShow that can be executed at any time you specify.

To use Configuration Management options, select Resource Manager Essentials > Configuration Management.

To administer Configuration Management options, select Resource Manager Essentials > Administration > Configuration Management.

To use the cwconfig, cwconfig netconfig, cwconfig netshow and

cwconfig netshowbatch

commands, use the command line.

Contract Connection

Verify which of your Cisco IOS devices are covered by a service contract

To use Contract Connection, select Resource Manager Essentials > Contract Connection.

Device Views Create device views for reports. To administer Device Views options, select Resource Manager

Table 1-1 Essentials Applications (continued)

Inventory • Import devices from databases or files.

• Export device information to files.

• Add, delete, change, and list devices in your network inventory.

• Schedule polling and collection to update your network inventory.

• Display reports and graphs of your hardware and software inventory, and create Inventory custom reports.

• Check and change device attributes.

• Display a Year 2000 compliance report.

• Allow other network management systems to manipulate Essentials devices.

• Install support for new devices and enhanced support for existing devices.

To use Inventory options, select Resource Manager Essentials > Inventory.

To administer Inventory options, select Resource Manager Essentials > Administration > Inventory.

Job Approval Used by some applications to:

• Create and manage approver lists.

• Enable and disable Job Approval.

• Approve and reject jobs.

To administer Job Approval options, select Resource Manager Essentials > Administration > Job Approval.

Table 1-1 Essentials Applications (continued)

Software Management

• Analyze upgrade needs and perform upgrades for Cisco devices on your network.

• Schedule and download images from Cisco.com and maintain a local library of images.

• Validate images with devices before initiating downloads, define and monitor the progress of scheduled jobs.

• Compare images running on the devices in your network with the images on cisco.com.

To use Software Management options, select Resource Manager Essentials > Software

Management.

To administer Software Management options, select Resource Manager Essentials > Administration > Software Management.

Syslog Analysis • Troubleshoot and track device problems.

• View summaries of real-time reports on events that are being logged to syslog on behalf of a router or switch.

• Process these messages to generate reports.

• Configure automatic actions that occur when certain message types are received.

To use Syslog options, select Resource Manager Essentials > Syslog Analysis.

To administer Syslog options, select Resource Manager Essentials > Administration > Syslog Analysis.

System Configuration

Change system-wide configuration for SNMP, SMTP, proxy, and rcp settings.

To administer System Configuration options, select Resource Manager Essentials > Administration > System Configuration.

Table 1-1 Essentials Applications (continued)

Functional Architecture

Essentials is based on a client-server architecture that allows multiple web-based clients to access a management server on the network. As the number of network devices increases, additional servers or collection points can easily be added with little impact on the client browser application, making it very scalable.

The Essentials web-based infrastructure consists of the following main components:

• CiscoWorks2000 Server

• Essentials Database and Functions

• Web Clients

See Figure 1-1 for a general view of the Essentials Functional Architecture:

Figure 1-1 Essentials Functional Architecture

CiscoWorks2000 Server

Essentials relies on the CiscoWorks2000 Server for common functions such as the database engine, online help, security, login, application launching, job and process management, and the Web server. This provides a common framework and interface for all CiscoWorks2000 products. For detailed information, see

User Guide for CiscoWorks2000 Server.

77108

Reports/output

Configuration management Contract

connection Cisco.com

Availability Case management

Syslog analysis Change audit services

Data collector (Updates/changes)

Device navigator Software

management

Inventory management Inventory database

Note The CiscoWorks2000 Server (CD One) must be installed prior to installing Essentials. Essentials cannot run as a standalone application.

In addition, the CiscoWorks2000 Server should remain on line at all times in order to poll devices, monitor events, and perform scheduled data collection. If the server goes down, there will be an interruption in the network management information gathered and stored in Essentials.

Essentials Database and Functions

Essentials stores all critical network management information in a central database, including device inventory, software images, configuration files, syslog messages, and change records. Essentials functions interact with the database and with network devices to collect information, display reports, and automate many repetitive network management tasks.

Many Essentials functions can also be configured to periodically poll network devices and update the database automatically.

Essentials uses common protocols such as Simple Network Management Protocol (SNMP), Telnet, Trivial File Transfer Protocol (TFTP), and remote copy protocol (rcp) to access devices and retrieve configuration files and software images from devices.

Web Clients

The server can be accessed from any client with appropriate system requirements. Essentials clients are platform independent, allowing a UNIX client to access an Windows server or a Windows client to access a UNIX server. The only client software required is a supported web browser, such as Netscape Navigator or Microsoft Internet Explorer.

Cisco.com

Essentials also connects to the Cisco.com system to obtain up-to-date product updates and technical assistance information. Access to Cisco.com is not required to use Essentials but will greatly enhance its capabilities. The following Essentials functions require access to Cisco.com, or provide enhanced features with access:

• Inventory management—to produce Y2K compliance reports

• Software management—to include software images from Cisco when planning and performing upgrades

• Availability—to produce stack decode of abnormal device reloads

• Contract connection—to check status of service contracts

• Case management—to submit trouble tickets to Cisco

Getting Started

After you configure the devices, CiscoWorks2000 Server, and client, you must first invoke the CiscoWorks2000 desktop through a web browser and log in to access Essentials.

After you have successfully logged into the server, the Login Manager dialog window changes to illustrate the major applications or functions installed. These applications or functions are organized in drawers. You can open a drawer and then view the various functions or open additional folders that hold more functions.

When the Essentials software is installed on the CiscoWorks2000 Server, a new Resource Manager Essentials drawer is added to the CiscoWorks2000 desktop. The Resource Manager Essentials drawer contains folders and related tasks for each of the Essentials functions. In addition, the Device Navigator and Case Management functions are added to the Management Connection drawer and a VPN Management Solutions drawer is added to support reports directly related to active virtual private network (VPN) devices.

RME Functions

All CiscoWorks2000 and Essentials applications and services are provided and organized in drawers. When you open an application drawer, you will find functional group folders, and individual tasks. Open a folder, and you will find more functional group folders or individual tasks.

RME functionality can be found in one of three drawers:

• Resource Manager Essentials (main drawer)

• VPN Management Solutions (reports specific to VPN enabled devices), and

• Management Connection (Case Management and Device Navigator) Each of the RME applications provides a set of features that can be used to simplify and automate many network management tasks.

Within the Resource Manager Essentials drawer, tasks are divided into two categories: administrative tasks and user tasks. Locating a particular function within RME is often the most difficult part of using it.

Note The tasks displayed in the Resource Manager Essentials drawer will vary, depending on the permissions assigned to your user ID. If you do not have permission to perform a particular task, the task will not show up in the navigation tree. Also, the order of tasks and folders may vary, depending on what other components of CiscoWorks2000 are loaded.

User Tasks

User tasks (reports) are grouped into appropriate functional folders seen when the Essentials drawer is first opened (main level). For example, to run the user task of creating or viewing a detailed device report for a set of devices, select Resource Manager Essentials > Inventory > Detailed Device Report. User tasks are often performed by multiple people on a daily basis to view network information and manage and monitor Cisco devices.

Administrative Tasks

Administrative tasks are also grouped by major functions, but are located in similar folders under the Administration folder. For example, to see the devices within the Essentials inventory, select Resource Manager Essentials > Administration > Inventory > List Devices. Administrative tasks should be performed by a central person and should need to be performed only once when the application is first set up, or infrequently when major changes are made to the network.

Tip It is a good idea to open and close all Essentials folders to see where various tasks are located. Try closing folders after running a particular task to help navigation for the next task.

Essentials Task Usage Workflow

All Essentials tasks follow a simple task oriented workflow:

Figure 1-2 Essentials Task Usage Workflow

1. Select a function (e.g., syslog analysis, configuration management)

Open essentials

drawer

Select task

Select Devices (if applicable) Select

function

Specify options/ parameters (task specific)

View results

4. Specify the desired options or parameters (depending on the task)

5. View the results (e.g., display report, check job output).

General System Configuration

You must define several system parameters on the server to use some Essentials features.

For example, if access to outside networks requires a proxy server, then you must define the proxy server address in Essentials in order to access Cisco.com from various Essentials functions.

If you want to use e-mail to automatically notify network administrators when certain tasks and jobs are completed, then you must define your Simple Mail Transfer Protocol (SMTP) server in Essentials (Windows 2000 systems only). If you wish to use rcp (instead of TFTP) to retrieve configuration files or software images, you must define the rco username defined on the devices within Essentials.

You must also verify the default SNMP timeout and retry values that will be used to poll and collect information from all devices in the inventory. These values might need to be adjusted, depending on the size of your network and the number of devices that are being polled.

You must ensure that SNMP timeout values are higher than the average response time to most devices. In general, these values should be conversely related. For example, if you have a high timeout value, you should have a low number of retries or you could end up with long delays on the server waiting for SNMP messages to be processed.

To set up all these parameters, which are shared by many of the Essentials functions, follow these steps:

Note The user must have the role of system administrator to perform this task.

Step 1 Select Resource Manager Essentials > Administration > System Configuration.

Step 2 Click each tab to configure the proxy, SNMP, SMTP, and rcp parameters. The SMTP tab will be available only on Windows 2000 machines because on UNIX the platform is the SMTP server.

Supported Devices

Devices supported by this suite of applications can be found in the

CiscoWorks2000 navigation tree (select Server Configuration > Applications and Versions) or on cisco.com.

Adding Functionality and Incremental Device

Support

If you have cisco.com access, you can go to the Essentials web page to download software enhancements and incremental device support (IDS).

Consult the package readme files for additional information on installing new features and enhancements.

Before performing the scenarios in this document, be sure your administrator has set up the Essentials applications and performed the administrator tasks described in the installation guide. If, for example, the proxy URL is not set, you might be unable to complete Essentials tasks outside your network.

Time Zone Implementation

Many time zones are supported in Essentials. However, it is important to note that Essentials applications that have scheduling and reporting functions and that produce a time stamp will vary depending on:

• Server and client—Time stamps can differ between server and client if they are located in different time zones. (The client time zone is also called the local time zone.)

• Platforms—Windows 2000 and UNIX servers support different time zones. They are not synchronized.

• Managed devices—These support a particular time zone set, which might be different than the time zone set supported by the client or server.

• Programming languages—Essentials applications are written in Perl, Java, and C++. You might see differences in menus and reports because each language uses a different set of time zone conversion libraries.

C H A P T E R

2

Resource Manager Essentials

Applications

This chapter lists all the Essentials applications and the tasks that can be accomplished with each of these applications. The applications are:

• Device Views

• Availability

• Change Audit

• Configuration Management

• Contract Connection

• Case Management

• Inventory

• Job Approval

• Software Management

Device Views

Essentials provides device views—logical groupings that are used to specify a device or group of devices. You can define views to logically group devices into locations, types, or areas of responsibility. Device views allow you to quickly view reports on all devices of a certain type, or with specific characteristics, such as all Catalyst switches or all devices a user is responsible for.

As almost every Essentials task requires the set of devices to be executed against, views provide a convenient way to create groups of devices. For example, before you can display an Inventory report, you must select the devices to be included in the report. Views can speed up the selection (instead of running the report for one device at a time).

Note Essentials graphical user interface (GUI) performance may be affected if the number of devices in the selected view is too large. You should avoid setting

all devices views when the number of devices in the inventory is large. You can use system views or create custom views to keep the number of devices in a view from growing too large.

Creating a view using the Device Views application enables you to run reports for specific devices based on common attributes or user-defined characteristics.

Types of Views

Three categories of device views are available:

• System Views—Predefined and available immediately after you install Essentials. System views include most major classes of Cisco devices. For example all Catalyst switches, all Cisco 7000 Series routers, and all SwitchProbes.

• Custom Views—Defined by users and, when created, are available for use by anyone with the appropriate access to the server.

Two different types of views can be created within custom or private views:

• Dynamic Views

• Static Views

Dynamic views are logical groups based on device attributes, such as device class or software version. The devices in a dynamic view can change based on the attribute value of devices in the Inventory. An example of a dynamic view is all devices with Cisco IOS Version 12.0. Any device that currently has this attribute would be included in the device view. All system views are dynamic.

Static views are logical groups based on user-defined characteristics. Static views include any devices that you add to the view. The members of the group do not change unless you manually add or remove devices. Use static view when you do not want the membership to change automatically.

Figure 2-1 Device Views

Dynamic View Static View

System Custom Private

Table 2-1 shows the tasks that you can accomplish with the Device Views application.

Setting Device Credentials

Several important items must be configured correctly on every Cisco device that is going to be managed and monitored using Essentials.

Details about each application and the tasks involved in setting the credentials are

Table 2-1 Device Views Tasks

Task Purpose Action

Add static views.

Create views to monitor a specific group of devices in your network inventory.

Select Resource Manager Essentials > Administration > Device Views > Add Static Views.

Add dynamic views.

Create views to monitor devices with common attributes, such as device type.

Note Any new, managed device added to inventory that fits the listed attributes is automatically incorporated into the dynamic view.

Select Resource Manager Essentials > Administration > Device Views > Add Dynamic Views.

Change static views.

Modify static views. Select Resource Manager Essentials > Administration > Device Views > Change Static Views.

Delete views. Delete any views you have created. Select Resource Manager Essentials > Administration > Device Views > Delete Views.

Browse dynamic views.

Determine which devices belong to the dynamic views.

Select Resource Manager Essentials > Administration > Device Views> Browse Dynamic Views.

Browse device membership.

Determine which views a device belongs to.

Select Resource Manager Essentials > Administration > Device Views > Browse Device Membership.

Table 2-2 lists all the applications and the device credentials required for proper functioning of the applications.

System Configuration

System Configuration lets you configure system-wide information on the CiscoWorks2000 server. In this way, you can centrally locate information that is used by more than one Essentials application.

Table 2-2 Applications and the Device Credentials

Application Telnet Password Enable Password SNMP Read Only SNMP Read / Write

NetConfig Required Required Required Not required NetShow Required Required Required Not required Config Editor Required Required Required Not required ChangeAudit Not required Not required Required Not required Configuration

Management (Telnet)

Required Required Required Not required

Configuration Management (TFTP)

Not required Not required Required Required

Device Views Not required Not required Required Not required Inventory Not required Not required Required Not required SWIM Required1

1. Required in case of few devices.

Required1 Required Required Syslog Not required Not required Required Not required Availability Required Required Required Not required

Availability

The Availability application lets you monitor the reachability and response time of your network devices. You can view the availability of a selected group of devices, a summary of interface status, reports of reloads (reboots) and unreachable devices, and protocol distribution graphs.

Benefits of Availability

If you experience connectivity problems trying to reach certain resources or services on the network, one of the first things you must check is the status of a device. If a device is unreachable, you will want to find out when it was last operational and whether any abnormal reloads have occurred. This can be the first step in troubleshooting the exact location of the fault. Availability helps you track

Table 2-3 System Configuration Tasks

Task Purpose Action

Set up a proxy URL.

Enable applications to connect to Cisco.com.

If the server access to the outside world is controlled through a proxy server, this must be configured.

Select Resource Manager Essentials > Administration > System Configuration,

then selectthe Proxy tab.

Define SNMP timeouts and retries.

Specifies the timeout value and the number of retries while querying devices for inventory collection.

Select Resource Manager Essentials > Administration > System Configuration, then select the SNMP tab.

Define the SMTP server name.

Add and modify command-line instructions to be run automatically whenever Syslog Analysis receives a specific message type.

Select Resource Manager Essentials > Administration > System Configuration, then select the SMTP tab.

Define RCP usernames.

Specify the username to authenticate RCP transfers between the devices and the server for remote operations.

Select Resource Manager Essentials > Administration > System Configuration, then select the RCP tab.

The Availability application periodically polls selected devices to determine device reachability, interface status, and response times. Availability reports display the status of devices, show devices that are offline for more than three hours, and summarize the percentage of Layer 3 protocol traffic forwarded on each Layer 3 device.

A Reloads Report shows the cause of the past five reloads for a device and includes a link to the Cisco.com stack decoder to help troubleshoot any device failures. Availability provides reports to quickly assess the status of selected devices on the network. Information can be tracked for all devices on the network, or only critical devices to reduce the load on the network and the network management system.

Availability Functional Flow

Before device availability information will be stored in Essentials, you must select the specific device views that needs to be monitored for Availability. When devices are selected to be included in Availability polling, Essentials will poll the devices according to the schedule set by the network administrator (only one schedule for all views). Devices will be polled for reachability, response time, interface status, reload, and protocol information.

This information will be updated in the Availability database after each scheduled poll, and can be viewed by displaying Availability Reports. Historical information on reachability and response times is also stored in the Essentials database and can be displayed in trend graphs under Availability Monitor.

Figure 2-2 Availability Functional Flow

Availability Workflow

The Figure 2-3 depicts the Availability workflow and associated tasks within Essentials:

• In order to retrieve Availability information from devices, each device must be in the Essentials Inventory with the proper SNMP read community string attribute.

• Polling options must be set, including selecting which device views are going to be polled for availability information. When devices are selected, availability information can be viewed in any of the Availability Reports within Essentials. Information is automatically purged according to the options you set, so no ongoing maintenance is required.

Figure 2-3 Availability Workflow

Reports/output

Reachability Dashboard Availability Monitor Reloads Report Offline Device Report Protocol Distribution Graph Poll selected

devices

Device

status Availability database

77093

Verify Device Requirements SNMP read community

Setup Select devices

View reports Availability reports

Table 2-4 shows the tasks you can accomplish with the Availability application.

Table 2-4 Availability Manager Tasks

Task Purpose Action

Set polling views and options.

Select views to be monitored. You must do this before you can monitor device availability.

If your system performance is degraded by availability polling, you can add more system resources, poll fewer devices, or poll less frequently.

Select Resource Manager Essentials > Administration > Availability > Change Polling Options.

Change polling options.

Select default Availability polling option values or to select new values from the drop-down list boxes.

The polling options you set, apply to all Availability views.

Select Resource Manager Essentials > Administration > Availability > Change Polling Options.

View the Reachability Dashboard.

View device status for all views set for availability monitoring. The dashboard continuously reports:

• All views being polled and the number of devices in each view.

• Device names of all devices in each view and the time they last

responded.

Select Resource Manager Essentials > Availability > Reachability Dashboard.

Monitor device availability.

Continuously monitor selected devices and access interface availability details.

Select Resource Manager Essentials > Availability > Availability Monitor. View the

Reloads report.

Display the most recent reloads (up to 5) for selected devices. The report shows the reason for each reload and when it occurred.

Select Resource Manager Essentials > Availability > Reloads Report.

To view reloads that occurred only within the past 24 hours, select

Change Audit

The Change Audit application lets you track and report network changes. It provides the capability for other Essentials applications to log change information to a central repository called the Change Audit log.

View the Stack Decoder Analysis.

Decode and analyze a device’s stack dump to enable troubleshooting of devices that reload unexpectedly.

An unexpected reload is any reload that is neither initiated by you nor a result of a power-on.

The Reloads report applies only to routers running Cisco IOS Release 10.2 or later and is available only for the most recent reload.

Select Resource Manager Essentials > Availability > Reloads Report.

In the generated report, click on the unexpected reload.

View the Offline Device report.

Generate a report of managed devices that have not responded to polling for more than a specified period of time (3, 6, 12, 24, 48, or 72 hours).

Select Resource Manager Essentials > Availability > Offline Device Report. To view only devices that have been off line for the past 24 hours, select Resource Manager Essentials > 24-Hour Reports > Offline Device Report.

View the Protocol Distribution graph.

View the distribution of IP, AppleTalk, IPX, DECnet, VINES, and XNS packets for selected devices in a bar or pie chart. This report shows the Layer 3 protocol packet types that are forwarded by the devices.

Select Resource Manager Essentials > Availability > Protocol Distribution Graph.

Table 2-4 Availability Manager Tasks (continued)

Change Audit Functional Flow

Change Audit tracks all changes discovered by the Inventory Manager, Software Manager, and Configuration Manager. Every time one of these applications detects a change, it sends a change record to the Change Audit Service, with details of who, when, and what type of change occurred. See Figure 2-4. Inventory changes include any changes to device information stored in the Inventory database, such as chassis, interfaces, and system information. Software Management changes include upgrades to new software image versions.

Configuration management changes include all changes made to configuration files on devices. This includes changes made outside of Essentials tasks, detected by the configuration archive process, as well as changes made using Essentials functionality—NetConfig or Config Editor.

Inventory changes can be filtered to limit the types of changes that are stored in the Change Audit database. For example, you might not want to track every time the port status on a switch changes because users have shut down their computers connected to the switch. Software and configuration management changes cannot be filtered.

You can view change records or search for specific change records to determine who made a change or when a change was made. Change reports can also be time based to quickly report on changes that have, or have not, occurred during specified time periods—possibly detecting unauthorized change activity.

The Change Audit Service application can also be configured to forward change records, in the form of SNMP traps to remote servers, allowing you to monitor and view changes from a remote network-management station that has

Figure 2-4 Change Audit Functional Flow

Figure 2-5 Change Audit Work Flow

Reports/output Remote server

By user By application By time period By device

Exceptions summary Change audit

database

Summary detail records Inventory

manager Inventory database

Software upgrades

Configuration archive NetConfig

Config editor Software manager

Configuration manager

Filters

77095

Define inventory filters Administer trap Generators

Define exception periods Setup

All changes

Search change audit Exceptions summary

View change records

Ongoing maintenance

Figure 2-5 depicts the Change Audit workflow and associated tasks within Essentials. Change Audit automatically stores any change records sent from the Inventory Manager, Software Manager, and Configuration Manager applications. After these applications are set up, you can view change records at any time. You are required to perform Change Audit setup tasks only if you want to filter out specific Inventory changes, forward change records to a remote server, or report on changes during specific time periods every week. Change records are stored in the Essentials database until they are removed. Therefore, ongoing maintenance is required to delete old records from the database.

Table 2-5 shows the tasks that you can accomplish with the Change Audit application.

Table 2-5 Change Audit Tasks

Task Purpose Action

View Change Audit logs.

View the two log tables: Change Audit summary and Change Audit details.

Select Resource Manager Essentials > 24-Hour Reports > Change Audit Report. Or

Select any report from Resource Manager Essentials > Change Audit.

Delete records from the log.

Delete or schedule deletion of change records from the Change Audit log.

Select Resource Manager Essentials > Administration > Change Audit > Delete Change History.

Convert change records to SNMP traps.

Convert some or all change

notifications into SNMP V1 traps and send them to a destination you configure.

Select Resource Manager Essentials > Administration > Change Audit > Administer Trap Generator.

Define an exceptions period.

Specify a period of time when no network changes should occur.

Select Resource Manager Essentials > Administration > Change Audit > Define Exceptions Summary.

Set up filtering options.

Define one or more filter fields to filter report data.

Select Resource Manager Essentials > Change Audit > Search Change Audit.

Configuration Management

The Configuration Management application stores the current, and a user-specified number of previous versions, of the configuration files for all supported Cisco devices maintained in the Inventory. It automatically tracks changes to configuration files and updates the database if a change is made.

Benefits of Configuration Management

One of the most difficult but important things to manage on a is device configuration. Often a change to the device configuration leads to network performance issues and faults. The device configuration is the key to how a device operates on the network and traffic is passed.

As the network administrator, you need to be able to control and track changes to device configurations to minimize errors and assist in troubleshooting problems. This can be very difficult if several different users are making changes to the device configurations. It can also become very repetitive and time-consuming. Configuration management can help simplify and automate these tasks.

Configuration Management gives you easy access to the configuration files for all file-based or Cisco IOS-based Catalyst switches, FastSwitches, and Cisco routers in the Essentials Inventory.

View all change records.

Generate a report that enables you to view changed data in the Change Audit log.

Select Resource Manager Essentials > Change Audit > All Changes.

View a summary of changes made in the last 24-hours.

Generate a summary of changes made in the past 24 hours from Change Audit log data.

Select Resource Manager Essentials > 24-Hour Reports > Change Audit Report.

Table 2-5 Change Audit Tasks (continued)

After you import devices into the Inventory and they become managed,

configuration files are collected and stored in the Configuration Archive. When you change the configuration, an alert is sent to the Archive which automatically collects the latest configuration information.

Before you can use the Configuration Archive, you must make sure you have completed all the necessary setup tasks. For information on these tasks, see

Installation and Setup Guide for Resource Manager Essentials.

Configuration Management Functional Flow

After you add or import devices into your inventory, the configuration files for each supported device are collected and stored in the configuration archive. When you change the configuration, an alert is sent to the Archive which automatically collects the latest configuration information. In addition, a change record is sent to the Change Audit application, which collects and organizes all changes to network devices. This allows you to view all configuration changes made over any period of time or by any specific user.

Figure 2-6 Configuration Management Functional Flow

Config editor Syslog database

Change audit

Network show comands

Show command

output

v.3 v.V2 v.1

Reports/Output

Network devices

NetConfig

Figure 2-7 Configuration Management Workflow

Figure 2-7 depicts Configuration Management workflow and associated tasks:

• Verify device requirements to ensure that Essentials is able to communicate with the devices.

• Create approver lists, if specific users are going to be required to approve configuration updates before they are executed and set configuration archive preferences (update schedule, number of copies to retain, and so on), and After the configuration archive is set up, it can be used to view device configurations and identify and plan necessary changes. Then, the NetConfig or Config Editor applications can be used to actually execute and confirm the changes.

As ongoing maintenance, the Configuration Sync report should be checked daily to ensure that all running and startup configurations on devices match. In addition, the network administrator can use Network Show Commands and Custom reports to troubleshoot problems and gather information as needed.

Verify device requirements General setup Create approver lists Setup Search archive Compare configurations Community strings Telent/Enable mode access

Identify changes needed Update archive Plan changes

Check configuration sync report Network show commands Custom reports

Ongoing maintenance and troubleshooting NetConfig NetConfig editor Execute changes Browse job Verify changes 77101

Configuration Archive

The configuration archive maintains a history of configuration files for all managed devices on the network. The network administrator can specify how long files should be kept in the archive, how many versions should be maintained in the archive, and how often devices on the network should be polled for changes. In addition, there are multiple ways to detect changes on devices and trigger an update to the configuration archive.

For example, specific syslog messages sent from the device can indicate that a change has occurred and can trigger the configuration archive to retrieve the new configuration. The configuration archive can also be scheduled to poll all devices at a specific time each week.

Figure 2-8 Configuration Archive Functional Flow

12

3

6 9 Change?

Update

Poll configur ation MIB

(Cisco ICS softw

are only)

Syslog messages

Scheduled updates

Man

ual updates

Scheduled updates

Several methods can be used to trigger the configuration archive to retrieve a new device configuration:

• Scheduled updates—Essentials will retrieve configuration files for all devices at a scheduled time each day or week. If the configuration file on the device has a date later than the file in the archive, Essentials will update the archive with the most current configuration from the device and create a change record. If there is no change, the archive will not be updated.

• SNMP polling—Essentials will periodically poll the configuration MIB variable on devices, according to the schedule set by the administrator, to determine if the configuration file has changed. If it has, Essentials will retrieve the most recent configuration from the device and create a change record for Change Audit. Polling uses fewer resources than full scheduled collection because configuration files are retrieved only if the configuration MIB variable is set. This method is available only for supported Cisco IOS versions.

• Listen to syslog messages—If devices are configured to forward syslog messages to the Essentials server, whenever a syslog message is sent from a device to indicate that a configuration file has changed, Essentials will retrieve a new copy of the configuration file from that device.

Note The syslog message from a Cisco IOS device is severity level 5, and the similar message from a Catalyst OS device is severity level 6.

• Manual updates—You can force the configuration archive to check devices for configuration changes at any time; select Resource Manager

Essentials > Configuration Management > Update Archive. This allows you to update the archive for specific devices.

You can use any combination of these methods to keep the archive up-to-date, by selecting the appropriate preferences in Configuration Management. You want to keep the archive as up-to-date as possible to track changes, but remember that each configuration archive update places additional load on the network and the NMS.