Filter
Top Products
10-3
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 10 Managing the Security Manager Server
Managing a Cluster of Security Manager Servers
There is no automatic process for maintaining the same set of shared policies among a cluster of
servers. Instead, you must manually export them from your main server and import them into the
remaining servers. For more information, see Synchronizing Shared Policies Among Security
Manager Servers, page 10-4.
Splitting a Security Manager Server
If you decide that you need to convert a single Security Manager server into two or more servers, you
can split the server by moving subsets of the devices managed by the original server to the new servers.
Keep in mind that you should manage a specific network device from a single Security Manager server,
so delete the moved devices from the original server.
Tip Use the same release of Security Manager software on all servers.
Related Topics
• Overview of Security Manager Server Cluster Management, page 10-2
• Synchronizing Shared Policies Among Security Manager Servers, page 10-4
• Exporting Shared Policies, page 10-11
Step 1 Install the new Security Manager servers as described in the Installation Guide for Cisco Security
Manager.
Ensure that the server is functioning correctly, and also ensure that you install licenses with a device
count that will be sufficient for the devices you will move to the server. Ensure that you use a
professional license if you manage device types that require it. For information on installing licenses,
see Installing Security Manager License Files, page 10-16.
Step 2 On the original server, verify that the policies of the devices that you will move will allow access from
the IP address of the new server. For example, consider access rules on ASAs and routers, and the
Allowed Hosts policy on IPS devices.
Step 3 On the original server, ensure that all configuration changes for the devices you are moving have been
submitted and deployed. You will need to ask the staff to submit and deploy their changes, there is no
simple way to determine this status within Security Manager.
This step ensures that there are no pending uncommited changes. For information on deploying
configurations, see the following topics based on workflow mode:
• Deploying Configurations in Non-Workflow Mode, page 8-29
• Deploying Configurations in Workflow Mode, page 8-35
Step 4 Select File > Export > Devices to export the devices with their assigned policies and policy objects from
the original Security Manager server. Be sure to select Export Devices, Policies, and Objects during
the device export so that policy information is included. The file type must be dev. For more detailed
information, see Exporting the Device Inventory from the Security Manager Client, page 10-6.
Create separate export files containing unique devices for each new Security Manager server.
Tip At this point, do not make policy changes to the exported devices in the original server, and do
not deploy configurations to those devices. If you find that you need to make changes to the
devices from the original server before you complete the split, create a new export file.