Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 Advanced Security Management with PRSM & CSM 4.3.

Published byCecil McDonald Modified over 9 years ago

Similar presentations

Presentation on theme: "Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 Advanced Security Management with PRSM & CSM 4.3."— Presentation transcript:

1 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 Advanced Security Management with PRSM & CSM 4.3

2 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 2

3 Cisco Confidential 3 At the end of the session, the participants should be able to: Present Prime Security Manager Architecture & Components Learn about PRSM “under the hood” Details on components, roles and benefits Sell PRSM Multi Device Manager Explain the value of PRSM Demonstrate PRSM by highlighting core strengths Deploy Next Generation Security Management Assist customers with deploying PRSM Multi Device Manager Provide guidance on events, reports and storage requirements

4 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 4

5 Cisco Confidential 5 Two deployment Options Virtual Machine (VM) CCO UCS Bundle November 14th Virtual Machine Delivered as single file with.ova extension Open Virtual Appliance (OVA) format VMware vSphere Hypervisor 4.1 (Update 2) UCS Bundle UCS C220 M3 Server + ESXi 4.1 U2 + VM

6 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 Deployment Planning Guide Available November ‘12

7 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 CX Managed by PRSM, event store and reporting engine are disabled on CX therefore, no events/reports are logged locally Raw events are sent to PRSM where events are stored and reports are processed Events are in google protobuf binary format CX PRSM SSL Event Forwarder Event Server Reliable Binary Logging

8 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Event Server Use up to 75% of the total available HDD space (events), greater than 75%, begin immediately overwriting old events in the event store. No API to pull data out of the event store Event Forwarding to 3 rd Party SIEM not supported PRSM SSL Event Forwarder Event Store CX

9 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 Event Server No batch query required for Reports (IE: MARS) Report Engine displays reports from Shared Buffer & Report Store Report data instantly available via browser refresh PRSM SSL Event Forwarder Event Store Report Engine Report Store CX

10 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 10

11 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 Small Deployment of 250 Users : 25 EPS A Single Binary Event consumes 300 Bytes Formula: (300x3600x12x25)/1,000,000 Disclaimer: Customer results may vary depending on application and usage. 10:1 Ratio of User to Events Per Second

12 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 Medium Deployment of 1,000 Users : 100 EPS A Single Binary Event consumes 300 Bytes Formula: (300x3600x12x100)/1,000,000,000 Disclaimer: Customer results may vary depending on application and usage. 10:1 Ratio of User to Events Per Second

13 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Medium to Large Deployment of 10,000 Users : 1,000 EPS A Single Binary Event consumes 300 Bytes Formula: (300x3600x12x1000)/1,000,000,000 Disclaimer: Customer results may vary depending on application and usage. 10:1 Ratio of User to Events Per Second

14 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Very Large Deployment of 50,000 Users : 5000 EPS A Single Binary Event consumes 300 Bytes Formula: (300x3600x12x5000)/1,000,000,000 Disclaimer: Customer results may vary depending on application and usage. 10:1 Ratio of User to Events Per Second

15 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 Latest policy objects management tools Enhanced Policy Objects Manager Global Search/Find Usage ASA Image Management Advanced policy deployments Policy Bundle Deployment Latest optimization/troubleshooting tools Auto Conflicts Detection (ACD) Health & Performance Manager (HPM) Native RBAC configuration CSM 4.4 new features References

16 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 What it does Manages all policy objects Dockedable mode, Favorites & Recent lists Supports drag-and-drop (to policy) Better Find-usage, Search and Query tools How it works All objects are globally defined Most contents of objects are overridable with specific contents using Overrides feature (see notes) Find-usage tool includes results per device, policy & other objects Benefits Enhances policy troubleshooting and editing Simplifies policy management workflow Recommendations All objects can be queried only if changes are committed

17 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 What it does Quick and simple way to query/search for any objects: Polices, Objects, Devices, Tickets …etc Search by name or intelligent content search (e.g. tcp/22 for SSH or 10.10.1.1 in 10.10.1.0/24) How it works Based on text or numeric inputs Supports wildcard (e.g 10.10.* or datacenter*) Search results can be looked up with Find-usage tool, edited directly or exported to CSV Find-usage tool can be used to look up policies Benefits Quickly locates and finds specific objects Fully integrated with Objects Editor and Find-Usage Simplifies policy troubleshooting and editing processes Recommendations Large object database utilizes more system resources Run Search/Query in specific category

18 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 What it does Identical global set of rules that can be applied (shared or assigned) on multiple devices How it works A device’s policy can be shared as a shared policy Device(s) can be assigned with a shared policy, destination device’s local rule will be erased Device(s) can inherit a shared policy, destination device can inherit new policy and retain local rules “Un-share Policy” will convert policy to local rules. “Un- assign Policy” will remove all rules on device Benefits Simplifies deployment of global policy to device(s) in Branch Offices or Cookie-cutter Keeps single policy consistent among devices Recommendations Large shared policy assigned to too many devices can create performance issues Use Policy Clone feature to edit existing shared policy Share should be done in Device View

19 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 What it does Supports more complex policy requirements Creates policy hierarchy with multiple shared policies Mandatory/Default sections provide flexibility How it works A shared policy can inherit other shared policies (as parent) Device(s) can be assigned with inherited policy in hierarchy Device can retain local rules after inheritance Un-assigning inherited policy will remove all rules on device Benefits Multiple shared policies (hierarchy) deployment Useful for firewalls/policies consolidation & merging Recommendations Minimize number of layers in hierarchy Use Interface rules in Mandatory section Use Global rules in Default section Should be managed via Policy View

20 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 What it does Creates logical grouping of different shared policy (e.g. FW rules + Inspection + BTF …) Efficiently assigns different shared policies to applicable device(s) How it works Shared policies can be group in a bundle from new Policy Bundle View Policy bundle can be assigned to device(s) in single operation. Device can also inherit policy in bundle Benefits Useful for Branches or Cookie-cutters with complete policy deployment (FW/IPS/VPN …etc) Most efficient way to deploy and manage complete policy deployment Recommendations Bundle should have same type of platform’s policies. For example ASA policy bundle have ASA policies only When un-assigning bundle, device policy will be emptied

21 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 What it does Automatically locates and finds conflicts between rules Generates Conflicts Report and recommendation for resolutions How it works Analyzes overlaps in contents based on Users, Src, Dst, Svc Determines type of conflicts based on matches between rules: Redundant/Shadowed Rules (Full or Partial), Redundant Objects Benefits Minimizes duplicates when adding/modifying rules Maintains Cleaner/simpler policy with fewer rules Improves firewall performance Recommendations On by default, turn off when not need or when working on a large rule table Use Filter tool to locate specific conflict type Rules Combiner can be used to minimize conflicts

22 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 What it does Monitors device (ASA/IPS) operational status: CPU/Mem/Interface/License/Certificate/Traffic …etc. Monitors policy usages (FW/NAT connections, VPN …etc) Alerts Admin when problems detected (email) How it works Priority monitored device: Polls device every 5 mins Normal monitored device: every 10 mins Alerts are raised when configured Thresholds are reached Stores collected data for 30 days Benefits Centrally monitors and proactively detects problems Provides device’s live and historical data for troubleshooting Alerts Admins in real-time Recommendations Tune polling interval for larger number of devices Tune thresholds to work properly with specific environments or device types C:\Program Files (x86)\CSCOpx\MDC\hpm\config

23 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 23

24 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 Overview Simplified RBAC integration and implementation Native RBAC provides similar RBAC functionalities without using ACS Users, their roles and privileges are defined locally in CSM/Common Services Uses CSM’s native device group and inventory External user authentication can be done with external AAA or AD server Co-exist with ACS 4.x support for legacy ACS RBAC Mode

25 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 Full customization for specific roles with specific tasks (Modify, Approve, Assign …etc) Roles Import/Export functions Application Tasks specifics (CSM, AUS & CS) privileges Factory roles (non-editable) 5 roles are common for CS and CSM 1 role is specific to CS 2 roles are specific to CSM

26 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 Defines and authenticates local users & passwords Authorization Types: Full Authorization: No restrictions (admin users) Enable Task Authorization: No device restrictions Supports multiple roles Enable Device Authorization: Supports multiple roles Restricts device access based on device groups

27 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 Same remote AAA users (External) should be created locally in CSM Recommended external authentication servers: ACS 5.x as TACACS+ server, Microsoft AD, Local Windows ACS 4.x in ACS RBAC mode is still supported as-is (ACS mode). Re- registration required because additional Privilege Strings added to CSM for new features

28 Thank you.

Download ppt "Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 Advanced Security Management with PRSM & CSM 4.3."

Similar presentations

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.
CACORE TOOLS FEATURES. caCORE SDK Features caCORE Workbench Plugin EA/ArgoUML Plug-in development Integrated support of semantic integration in the plugin.

CACORE TOOLS FEATURES. caCORE SDK Features caCORE Workbench Plugin EA/ArgoUML Plug-in development Integrated support of semantic integration in the plugin.
Unveiling ProjectWise V8 XM Edition. ProjectWise V8 XM Edition An integrated system of collaboration servers that enable your AEC project teams, your.

Unveiling ProjectWise V8 XM Edition. ProjectWise V8 XM Edition An integrated system of collaboration servers that enable your AEC project teams, your.
Privileged Account Management Jason Fehrenbach, Product Manager.

Privileged Account Management Jason Fehrenbach, Product Manager.
Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 1 Unity Connection Qualification for Prime Collaboration Development Release.

Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 1 Unity Connection Qualification for Prime Collaboration Development Release.
SOFTWARE PRESENTATION ODMS (OPEN SOURCE DOCUMENT MANAGEMENT SYSTEM)

SOFTWARE PRESENTATION ODMS (OPEN SOURCE DOCUMENT MANAGEMENT SYSTEM)
VMware Virtualization Last Update 2014.02.06 2.0.0 1Copyright 2011-2014 Kenneth M. Chipps Ph.D. www.chipps.com.

VMware Virtualization Last Update Copyright Kenneth M. Chipps Ph.D.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Access 2007 Product Review. With its improved interface and interactive design capabilities that do not require deep database knowledge, Microsoft Office.

Access 2007 Product Review. With its improved interface and interactive design capabilities that do not require deep database knowledge, Microsoft Office.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
© 2009 VMware Inc. All rights reserved VMware Updates Orlando VMware User Group – April 2011 Ryan Johnson VMware, Inc. Technical Account Manager Professional.

© 2009 VMware Inc. All rights reserved VMware Updates Orlando VMware User Group – April 2011 Ryan Johnson VMware, Inc. Technical Account Manager Professional.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Introducing VMware vSphere 5.0

Introducing VMware vSphere 5.0
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
Understanding Active Directory

Understanding Active Directory

Similar presentations

Ads by Google