Filter
Top Products
8-9
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 8 Managing Deployment
Understanding Deployment
The method you choose to use depends on the processes and procedures of your organization and the
transport protocols supported by a particular type of device. If you are using Configuration Engine
(CNS) or Auto Update Server (AUS), use those deployment methods. You must use one of these for
devices that use dynamic IP addresses. Otherwise, for devices with static IP addresses, use SSL (HTTPS)
for IOS, PIX, ASA, IPS, and standalone FWSM devices, and SSH for FWSM through the Catalyst
chassis. If you are using a Token Management Server (TMS) for some devices, you can also use that
method with Security Manager.
The following topics describe the deployment methods in more detail:
• Deploying Directly to a Device, page 8-9
• Deploying to a Device through an Intermediate Server, page 8-10
• Deploying to a File, page 8-11
• Understanding How Out-of-Band Changes are Handled, page 8-12
Deploying Directly to a Device
If you choose to deploy directly to a device, Security Manager uses the transport protocol defined in the
device properties for the device (right click the device, select Device Properties, and click General).
The protocol is typically the default protocol defined in the Device Communication page in the Security
Manager Administration settings (see Device Communication Page, page 11-16). Table 8-4 lists some
of the default transport protocol settings.
When you select Device as the deployment method, deployment is affected if you configure a transport
server for the device, such as an AUS or Configuration Engine. When using an intermediate transport
server, configuration deployment goes through the server. For more information on using an intermediate
server, see Deploying to a Device through an Intermediate Server, page 8-10.
Deployment can also be affected if you made out-of-band changes to the device since the last
deployment. For more information, see Understanding How Out-of-Band Changes are Handled,
page 8-12.
During deployment, Security Manager sends only the changes made since the last deployment to the
device.
Caution You must configure at least one policy on a device before deploying to that device. If you deploy to a
device without assigning at least one policy, the device’s current configuration is overwritten with a
blank configuration.