|
|
When you have decided on the type of system to install and prepared the target computer(s) for installation, you are then ready to start the Cisco Security Manager setup program. Once again, we encourage you not to proceed unless you are familiar with the hardware and software requirements and have prepared your target computer(s) accordingly.
Once you begin, you can exit the setup program at any time by clicking Cancel in any panel. After you confirm that you want to abort the installation, the setup program removes all temporary files so that the target computer is in the same state as it was before the aborted installation began.
Depending on what you are installing, you may or may not perform every procedure listed in the following sections. In the procedures that follow, you may be instructed to skip one or more steps. Please read each step carefully before continuing with the next numerical step.
We also recommend that you use a special Windows NT account with administrative privileges to log on to the target computer. In the case of a distributed system, you should use this same account to log on to each target computer.
The setup program guides you through the installation process step-by-step, prompting you to select what system to install, to submit necessary configuration information, and to specify where to copy files. We strongly recommend that you exit all other applications before continuing with this setup program. Press Alt+Tab to switch to any running applications, and then close them.
To install Cisco Security Manager:
Step 1 To initiate the Autostart sequence, insert the CD-ROM disc into the drive on the target computer.
Result: The Autostart panel appears.
Step 2 To begin setup, select Install Product in the Options box, and then click Next.
Result: The License Agreement panel appears.
If you have not installed all requisite software, you cannot begin the setup program. For these procedures, please refer to "Planning Your Cisco Security Manager Installation."
Step 3 To review all conditions of the license agreement, use the scroll bar on the right side of the window. If you accept the license agreement and wish to continue with the installation process, select I accept the agreement. To proceed to the next panel, click Next.
Result: The License Disk panel appears.
Because this is a legally binding agreement, please read each condition carefully before continuing with the setup program. If you do not accept the conditions of the license agreement, you must click Cancel and exit the setup program.
Step 4 To specify the location of the Cisco Security Manager license disk, type the directory path in the Location box, or click Browse to find the correct path. Then, type the corresponding password in the Password box. To proceed to the next panel, click Next.
Result: The Installation Options panel appears.
By default, the setup program accesses the floppy drive (A:) when searching for the license disk. For the single firewall license disk, locate the license.dsk file in the root directory on the Cisco Security Manager CD-ROM disc (the password for this license is quarter horse). Also, when typing the password, be aware of case sensitivity. If you receive a warning message, check the CAPS LOCK on your keyboard, and then retype the password.
Step 5 To select the type of system to install, select either Standalone
Cisco Security Manager if you want the entire system to operate on one computer or Distributed Cisco Security Manager if you want to distribute the various feature sets among multiple computers. If you choose to install a distributed system, you must also select a feature set in the Feature Set list.
Result: A brief text description of the option that you chose appears in the Installation Option box.
 | Tips You must install the product on an NTFS file partition. If you have not created an NTFS file partition on the target computer, you will not be able to complete the next step. For information on converting a FAT file partition to NTFS, see the "Converting Your File Partition from FAT to NTFS" section. |
Step 6 To specify where to install Cisco Security Manager, type the directory path to the installation folder in the Installation Folder box, or click Browse to find the correct path. To proceed to the next panel, click Next.
Review the Space Required and Space Available fields to ensure that the drive specified in the directory path has enough free space for the installation that you selected. If it does not, you must select another hard drive on which to install, or you must exit the setup program and free up enough hard drive space.
If the folder that you specified in the directory path does not exist, the setup program offers to create it for you. Clicking Yes enables you to proceed with the setup program, while clicking No takes you back to the Installation Options panel.
Step 7 To specify the location of the Primary Policy Database key (for all feature sets except the Primary Policy Database), type the directory path to the key in the Primary Policy Database Key box, or click Browse to locate the path. Also, you need to override the IP address contained by the database key if the primary server on which you installed the Primary Policy Database is on a private network behind a PIX Firewall performing address hiding (NAT). To override this information, click Use these parameters, and then type the registered IP address to which you mapped the primary server (as specified by the bi-directional mapping rule) in the Server IP Address box. If you need to override the port number, type the new value in the Port box. To proceed to the next panel, click Next.
Result: The Account Information panel appears.
Step 8 To submit the corresponding password for the Windows NT username detected by the setup program, type the password in the Password box. Also, to confirm the password, retype it in the Confirm Password box. To proceed to the next panel, click Next.
Result: A warning box appears if DHCP service is detected on the target computer. We do not recommend dynamically assigned IP addresses for any computer on which Cisco Security Manager is installed. You should either disable DHCP or statically assign a permanently leased IP address. After you click OK, the Settings panel appears.
The setup program detects the Windows NT username that you used to log on to the target computer and enforces security by making you submit the corresponding password. You cannot complete the installation process without successful authentication. The setup program then creates a default account that you use to log on to Policy Manager the first time. We recommend that you disable this default Policy Manager account after creating a new one from within Policy Manager and logging on with it. The account that is created is not the Windows NT account; it is a Policy Manager account that is based on the same username and password as the Windows NT account, but it is a separate account stored within the Policy Database.
Step 9 You must select one of the IP addresses configured on the target computer for all inbound and outbound Cisco Security Manager communications. The setup program automatically detects all IP addresses on the target computer. To designate an IP address, select one by clicking it in the Local IP Address list.
Result: For communications among other computers running Cisco Security Manager components, all communications destined to and originating from this Cisco Security Manager computer use this IP address. In the case that this target installation is the primary server, this IP address is exported with the Policy Database key to ensure that secondary server installations communicate to the correct IP address for the primary server.
Step 10 You must ensure that the primary database listens on the proper port for communication requests. The IANA-assigned port number for database communications is 2567. To change the port number, double-click the existing one in the Primary Policy Database box, and then type the desired unused port number.
Result: When the system is installed and operational, the Policy Database service listens on the specified port for communications from other product components.
Step 11 If you are installing the standalone Cisco Security Manager or Primary Policy Database feature set, you have an opportunity to export the database key to use when installing other feature sets. To export the database key, click Export this key, and then type the directory path in the File Destination box to the location where you want to store the key. To proceed to the next panel, click Next.
Result: The database key is written to the location that you specified before the Verify Install Settings panel appears.
Step 12 To verify the settings that you chose before copying files, use the scroll bar on the right side of the window. Review all settings carefully before clicking Copy Files.
Result: The setup program copies all files to the specified installation folder and creates the necessary registry keys. Then, the Setup is complete panel appears.
Step 13 To close the setup program, click Finish.
Result: The setup program terminates.
To log on to Cisco Security Manager, you must access the Cisco Connect dialog box and submit the appropriate information. When you log on, you are in essence connecting to the Primary Policy Database of the system. On a standalone system, this connection is a local one (unless you installed the Policy Manager feature set separately to manage the standalone system), but on a distributed system, this connection is local only if you are logging on using the primary server (the computer on which you installed the Primary Policy Database).
To log on to Cisco Security Manager:
Step 1 To access the Cisco Connect dialog box, click Start, point to Programs, then to Cisco Systems, then to Cisco Security Manager, and click Cisco Policy Manager.
Step 2 To submit the proper administrative account information, type the username and password in the respective boxes under Policy Manager Authorization in the Cisco Connect dialog box.
Result: This information is used to authenticate to the Primary Policy Database.
Step 3 To connect to the Primary Policy Database on the local server, click Local under Policy Database Server. To connect to the Primary Policy Database on another server, click Remote Server, and then type the IP address or DNS name in the box below (you do not have to specify the port number unless it is different from the default value of 2567). Then, click Connect.
Result: A connection is made with the Primary Policy Database that you specified, and Policy Manager opens.
The Cisco Security Manager demo installs the files necessary to explore the Policy Manager user interface without installing a fully functional system. The procedures in this section describe the installation process for the demo.
To install the Cisco Security Manager demo:
Step 1 To initiate the Autostart sequence, insert the CD-ROM disc into the drive on the target computer.
Result: The Autostart panel appears.
Step 2 To begin setup of the demo, select Install Demo in the Options box, and then click Next.
Result: The Welcome panel appears.
Step 3 To continue with the demo setup, click Next on the Welcome panel after reading the displayed information.
Result: The Choose Destination Location panel appears.
Step 4 To specify an installation folder other than the default, click Browse. Otherwise, click Next.
Result: The Start Copying Files panel appears.
Step 5 To accept the settings for demo installation and copy the files to the target computer, click Next, or click Back to go to a previous panel.
Result: The demo files are copied to the target computer, after which the Setup Complete panel appears.
Step 6 To complete the demo installation process, click Finish.
Result: The installation process is complete. You can now open the demo from the program group shortcut menu by accessing the CSM Demo shortcut found in the Start\Programs\Cisco Systems\Cisco Security Manager Demo\ folder.
Posted: Fri Feb 25 12:51:41 PST 2000
Copyright 1989 - 2000©Cisco Systems Inc.
