SSM On-Prem 8 Installation Guide - Cisco
SSM On-Prem 8 Installation Guide Version 8 Release 202206 First Published: 02/16/2015 Last Modified: 8/18/2022 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 1
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) The Java logo is a trademark or registered trademark of Sun Microsystems, Inc. in the U.S. or other countries 2
CONTENTS PREFACE .5 Objectives.5 Related Documentation .5 Document Conventions .5 Obtaining Documentation and Submitting a Service Request .7 INTRODUCTION TO SMART SOFTWARE MANAGER ON-PREM .7 Downloading the Software .7 System Limits and Scalability .7 Supported Web Browsers .7 System Requirements .8 Cisco Smart Account Access . 8 Hardware-Based Deployment Requirements . 8 Virtual Machine Based Deployment Requirements . 8 Supported VMware Features and Operations . 9 INSTALLING AND DEPLOYING CISCO SMART SOFTWARE MANAGER ON-PREM .10 Overview of Deployment Sequence .10 Before You Start . 10 Installation Steps . 10 Media Installation .12 Manually Installing on Physical Hardware Using the .iso File (USB) . 12 Manually Installing on a VM Using the .iso File (VMware ESXi) . 13 Deploying Cisco Software Manager On-Prem .14 Configuring Secondary Authentication systems .15 Configuring the On-Prem Server for LDAP Authentication . 15 Configuring the On-Prem Server for TACACS from CLI . 16 Selecting a System Profile .17 POST-INSTALLATION CONFIGURATION.18 Initial Login Procedure .18 Configuring the NTP Server .19 Registering a Local Account in SSM On-Prem .20 APPROVING A NEW LOCAL ACCOUNT .21 Local Account Request Approval (Network Mode) .21 Local Account Approval (Manual Mode).23 SYNCHRONIZING SMART SOFTWARE MANAGER ON-PREM .24 REGISTERING PRODUCT INSTANCES .25 TROUBLESHOOTING .25 Account Registration Issues .25 Product Registration Issues .27 Manual Synchronization Issues .27 Network Synchronization Issues .27 APPENDIX 1. PREPARING TO UPGRADE AN SSM ON-PREM SYSTEM .28 3
APPENDIX 2. UPGRADING A SYSTEM THAT IS PRIOR TO VERSION 7 .29 APPENDIX 3. UPGRADING A VERSION 7 OR LATER SYSTEM .30 APPENDIX 4. MANAGING A HIGH AVAILABILITY (HA) CLUSTER IN YOUR SYSTEM.31 Prerequisites Needed for Deploying a High Availability (HA) Cluster .31 Deploying the HA Cluster .32 Using Private IP in Your HA Cluster . 33 Sequence for Deploying a HA Cluster . 33 First Step: Generating User and Its SSH Keys . 33 Second Step: Provisioning the Standby Server (Secondary Node) . 35 Third Step: Deploying the Active Server (Primary Node) . 38 Forced Failover of a High Availability Cluster . 43 Downgrading a High Availability Cluster . 44 APPENDIX 5. UPGRADING A HIGH AVAILABILITY (HA) CLUSTER .44 Replacing Browser Certificates after HA Teardown .45 APPENDIX 6. RESOLVING NETWORK CONFLICTS USING THE DOCKER NETWORK CONFIG COMMAND.45 How It Works.45 APPENDIX 7. PROVISIONING IPV4 .45 4
Preface This section describes the objectives and organization of this document and explains how to find additional information on related products and services. This preface contains these sections. Objectives This document provides an overview of software functionality that is specific to SSM On-Prem. It is not intended as a comprehensive guide to all the software features that can be run, but only the software aspects that are specific to this application. Related Documentation This section refers you to other documentation that also might be useful as you configure your SSM On-Prem. This document covers important information for the SSM On-Prem and is available online. Listed below are other guides, references, and release notes associated with Cisco Smart Software On-Prem. Cisco Smart Software On-Prem Quick Start Guide Cisco Smart Software On-Prem User Guide Cisco Smart Software On-Prem Console Guide Cisco Smart Software On-Prem Migration Guide Cisco Smart Software On-Prem Release Notes Document Conventions This documentation uses the following conventions: Convention bold Italic [x] [x y] {x y} Description Bold text indicates the commands and keywords used in one or more step(s). Italic text indicates arguments for which the user supplies the values or a citation from another document Square brackets enclose an optional element (keyword or argument). Square brackets enclosing keywords or arguments separated by a vertical bar indicate an optional choice. Braces enclosing keywords or arguments separated by a vertical bar indicate a required choice. 5
Convention Description [x {y z}] Nested set of square brackets or braces indicate optional or required choices within optional or required elements. Braces and a vertical bar within square brackets indicate a required choice within an optional element. variable Indicates a variable for which you supply a value, in context where italics cannot be used. string A non-quoted set of characters. Do not use quotation marks around the string or the string will include the quotation marks. Examples for the following conventions: Convention Description screen font Terminal sessions and information the switch displays are in screen font. boldface screen font Information you must enter is in boldface screen font. italic screen font Arguments for which you supply values are in italic screen font. Nonprinting characters, such as passwords, are in angle brackets. [] Default responses to system prompts are in square brackets. !, # An exclamation point (!) or a pound sign (#) at the beginning of a line of code indicates a comment line. This document uses the following call out conventions: NOTE CAUTION Means reader take note. Notes contain helpful suggestions or references to material not covered in the manual. Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data 6
Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What's New in Cisco Product Documentation. To receive new and revised Cisco technical content directly to your desktop, you can subscribe to the What's New in Cisco Product Documentation RSS feed. NOTE: RSS feeds are a free service. Introduction to Smart Software Manager On-Prem Cisco Smart Software Manager On-Prem (SSM On-Prem) is a Smart Licensing solution that enables customers to administer products and licenses on their premises, instead of having to directly connect Smart Licensed enabled product instances to Cisco Smart Software Manager hosted on cisco.com. Downloading the Software Cisco SSM On-Prem is available as a free download from Cisco and is provided as a New Installation package or an upgrade package for in-place upgrades from previous versions. System Limits and Scalability Product and User Scalability: Up to 500 Local Accounts Up to 1,000 Local Virtual Accounts Scales up to a total 300,000 product instances with a maximum capacity of 25,000 Products per account using one license each. To reach 300,000 products, the products must be spread over 12 or more accounts. NOTE: Upload time for 25,000 product instances is just under 2 hrs. Supported Web Browsers The following web browsers are supported: Chrome 36.0 and later versions Firefox 30.0 and later versions Internet Explorer 11.0 and later versions NOTE: JavaScript must be enabled in your browser. 7
System Requirements Cisco Smart Account Access Ensure that you have access to a Cisco Smart Account, and have the role of either Smart Account Admin, or Virtual Account Admin, before you proceed with the tasks mentioned in this section. Hardware-Based Deployment Requirements The SSM On-Prem can be deployed on physical servers, such as the Cisco UCS C220 M3 Rack Server, or on a hardware-based server which meet the following requirements: Small Medium Large Maximum Products 4000 50,000 100,000 300,000 Hard Disk 200 Gigabyte 200 Gigabyte 200 Gigabyte 200 Gigabyte Memory 8 Gigabyte 8 Gigabyte 16 Gigabyte 16 Gigabyte vCPU 2 vCPU 4 vCPU 6 vCPU 8 vCPU Virtual Machine Based Deployment Requirements The SSM On-Prem supports the following versions of VMware vSphere Web Client: VMware vSphere Web Client 5.5 thru 7.0 U2 When creating the Virtual Machine for deployment, ensure the OS type is set to “Linux” and the Guest-OS is set to either “CentOS 7 64 bit” or “Linux Other 64 bit”. The configuration of the virtual machine must meet the following configuration requirements as listed in the table below. Small Medium Large Maximum Products 4000 50,000 100,000 300,000 Hard Disk 200 Gigabyte 200 Gigabyte 200 Gigabyte 200 Gigabyte Memory 8 Gigabyte 8 Gigabyte 16 Gigabyte 16 Gigabyte vCPU 2 vCPU 4 vCPU 6 vCPU 8 vCPU 8
Supported VMware Features and Operations NOTE: There are two firmware options in VMWare to install an application: UEFI BIOS SSM On-Prem only supports the legacy BIOS mode for installation. If you have to use EFI for security reasons to install applications using EFI, then it is not possible to install the SSM. The following VMware features and operations are not supported in all versions of SSM On-Prem, but can still be used or performed on non-supported versions at the risk of encountering dropped packets, dropped connections, and other error statistics: Cloning Migration 9
Installing and Deploying Cisco Smart Software Manager OnPrem NOTE: Concise directions for deploying and installing SSM On-Prem are outlined in the Cisco Smart Software On-Prem Quick Start Guide. SSM On-Prem (Enhanced Edition 6.x and later) has a new architecture and completely new user interface from previous versions (Classic Edition up to 5.x). It provides: Access to the Licensing workspace via https:// ip-address :8443/ Access to the Administration workspace viaError! Hyperlink reference not valid./admin It has new registration and synchronization procedures, new system roles and Role Based Access Control (RBAC) for license management, external authentication, syslog, proxy, and other functions. Cisco recommends that you review the Cisco Smart Software Manager On-Prem User Guide to understand how the new system architecture, user interface, accounts, setup, and operations have changed. Overview of Deployment Sequence Before You Start Before you begin the installation and deployment of SSM On-Prem, make sure you have the following resources available: 1. Downloaded the ISO image from software.cisco.com. 2. A dedicated IP address (or addresses if you are deploying an High Availability cluster). 3. An established Netmask. 4. A DNS (Domain Name Server) Address. 5. A password that is a minimum of 15 characters using mixture of: upper case, lower case, number, and special character (for example CiscoAdmin!2345). 6. A Network Time Protocol (NTP) Server Address. Also, if you are deploying on physical hardware make sure you have: 7. A USB image from the ISO. 8. Configure the BIOS to boot from USB first, Hard Disk second. 9. Configure the BIOS to boot using Master Boot Record (MBR) in Legacy BIOS Mode. The following five steps must be completed (in the order listed) to ensure a successful installation. Installation Steps 1. Media Installation: Follow the see the Media Installation section for steps on how to deploy the On-Prem via the installation procedure. 2. SSM On-Prem Configuration: In this phase, perform the following: a. Configure the Common Name on SSM On-Prem (Security Widget Certificates) 10
b. Synchronize the NTP server (Settings Widget Time Settings) 3. Register a new Local Account: Once a Local Account has been setup, you will need to create at least one Local Account for On-Prem to connect and synchronize with your Smart Account and register it with Cisco. This is accomplished by navigating to the On-Prem Administration workspace Account widget Account New Account (see the Smart Software Manager On-Prem User Guide). An alternative method is to request a new Local Account after logging into the Licensing workspace. 4. Approve a new Local Account: Once a new Local Account has been requested, it will be listed in the On-Prem Administration workspace Account widget under the Account Request tab. Next, you will need to select the appropriate method to complete the registration of your Local Account with your Cisco Smart Software Manager Virtual Account which is with your Smart Account (see the Smart Software Manager On-Prem User Guide). 5. Synchronize Accounts (Synchronization Widget) When this process is finished, you can begin using Smart Licensing features such as registering products, creating Local Virtual Accounts or users, viewing/transferring product, and license status, etc. 11
Media Installation Complete these steps to download the SSM On-Prem software. Step Action Step 1 Navigate to: https://software.cosco.com/download/home Step 2 In the Select a Product filed, search for Smart Software Manager. Step 3 On the left-hand column under Latest Release, select 8-202206, and select the appropriate version: Step 4 SSM On-Prem-8-202206.iso Used to perform a new install of the SSM On-Prem license server. SSM On-Prem-8-202206 Upgrade.zip Used to upgrade an existing SSM On-Prem license server to this version. SSM On-Prem-8-202206 Full.zip Contains the install file, the upgrade file, and all documentation relevant to this version of the SSM On-Prem license server. When the download is complete, navigate to the directory where the zip file was saved and then right-click the file and select unzip image. Manually Installing on Physical Hardware Using the .iso File (USB) NOTE: Rufus (https://rufus.ie/) is not supported with On-Prem. Cisco recommends balenaEtcher (https://www.balena.io/etcher/) which has been tested and is known to work Complete these steps to manually deploy the ISO file using a USB drive. Step Action Step 1 Make a bootable USB-drive by transferring the downloaded iso file to USB (example using the Linux dd command). Step 2 Insert the installation USB into the server to begin installing the system using the appropriate configuration: Step 3 Hardware BIOS set to boot from USB first, Hard Disk second. Hardware BIOS set to boot using MBR (Legacy BIOS Mode). Wait for the media to complete loading and then refer to the Installation section of the SSM OnPrem Quick Start Guide to continue with the SSM On-Prem installation. NOTE: Make sure that you document the NIC you will be using in the installation procedure. 12
Manually Installing on a VM Using the .iso File (VMware ESXi) While the following procedure provides general guidance for deploying SSM On-Prem, the exact steps that you need to perform can vary depending on the characteristics of your VMware environment and setup. The steps and screens in this procedure are based on VMware ESXi 6.0 or later (Not later than 7.0 U2). Please refer to your VMWare user guide for specific installation steps needed for your VMware deployment. Complete these steps to create a VM using the VMware ESXi 6.0 or later (Not later than 7.0 U2). Step Action Step 1 Copy the software package onto the VMware Datastore. Step 2 Log into V-sphere and click VMs and Templates. Step 3 Next, create a new folder by right-clicking and selecting New Folder from the drop-down menu and then name the folder. Step 4 Right-click on the folder and select New Virtual Machine and then click Next. Step 5 Enter a Name for the Virtual Machine (VM) and then click Next. Step 6 Select Storage, and then click Next. Step 7 Under Virtual Machine Version, select Virtual Machine Version 8 and then click Next. Step 8 Select a compute resource and then click Next. Step 9 Select Storage and then click Next. Step 10 Select Compatibility and click Next. Step 11 Select either ESXi 6.0 or later (not later than 7.0 U2) or ESXi 6.5 or later (not later than 7.0 U2). Step 12 Select a Guest OS and then click Next. Step 13 When Guest OS is selected, select Linux for the family and for Guest OS version, select a 64-bit version: either CentOS 7 (64 bit), Other 2.6x Linux (64 bit) or Other 3x Linux (64 bit) Step 14 Under CPUs, select the following settings: 4 Cores. The actual vCPU setting will vary depending on your scale requirements. NOTE: The number of cores per socket should always be set to 1 regardless of the number of virtual sockets selected. For example, a 4 vCPU configuration should be configured as 4 sockets and 1 core per socket. Step 15 Select the following configuration options: a. CPUs: 4 b. Number of cores per socket: 1 13
Step Action c. Memory: 8 GB d. New Hard Disk: 200GB and verify provisioning are set to Thin Provision. e. New Network: Select E1000 adapter type (or VMXNET 3) and select Connect at Power On. f. Click Add New Device (for adding an extra network device) and add another Network Adapter (ensure that you use the same configuration for the new device described in step 15e). g. New CD/DVD Drive: Select DataStore ISO from the list, then select uploaded iso and connect at power on. Step 16 Click Next. Step 17 Review the configuration and click Finish. Deploying Cisco Software Manager On-Prem NOTE: Refer to the Before You Start section for information required for deploying SSM On-Prem. After you boot the media, you will be presented with the KickStart Screen that requires you to enter your initial configuration (such as what disk to assign before installation, enabling support for USB devices, and deciding whether to enable drives with LUKS encryption) before being able to install the SSM On-Prem To complete this part of the deployment, you will need have the following information: The server hostname you plan to use The security profile (DISA STIG Profile is recommended) Your IP Address information Netmask or Prefix that matches your network subnet Gateway IP Address DNS Server IP Address Your choice of a SSH Shell password (minimum of 15 characters using mixture of: upper case, lower case, number, and special character for example CiscoAdmin!2345). Complete the following steps for installing an ISO image. Step Action Step 1 Enter the following information requested on the Cisco SSM On-Prem Quick Start Installation UI: Setup Hostname System Classification: The options are default Unclassified, Confidential, Secret, Top Secret. If you choose the option, this classification shows up on the console Message of the Day banner FIPS 140-2 Mode: Not changeable 14
Step Action Step 2 Select System Profile to either: (See Selecting a System Profile for details.) Step 3 Standard Profile DISA STIG Profile which enables the OS (CentOS 7.5.1804) to go into STIG Mode Enter IPv4 and/or IPv6 network values per your network environment. Required values are: Address Netmask / Prefix Gateway Step 4 Configure the DNS. Step 5 Click OK. Once the network settings are entered, you are now ready to complete the installation of SSM On-Prem. Proceed to step 8. Step 6 The Popup for Configure System Password displays. Enter a secure Linux SSH password for SHELL access. NOTE: This is different than the UI admin password. Please keep this password in a safe location as there is no password recovery option. Step 7 Re-enter the Password. Step 8 Click OK. The initial setup is now complete, wait for the installation to complete (approximately 10-15 mins) before opening the application. NOTE: It is recommended that you dismount the ISO image from the system after installation and reboot the server. SSM On-Prem will automatically boot up on restart, and you can proceed to login to the web interface. Configuring Secondary Authentication systems Configuring the On-Prem Server for LDAP Authentication ATTENTION: LDAP has undergone a major change in version 8-202102 to allow for simpler and more complete integration into an organisation’s Access Management controls. On-Prem now only supports the addition of LDAP Groups being added to On-Prem, and not users. If you previously used On-Prem with LDAP Users being added directly to Accounts, before upgrading to v8-202102 you must create LDAP Groups and assign any existing users to groups to provide them access to On-Prem. 15
Configuring the On-Prem Server for TACACS from CLI ATTENTION: TACACS uses MD5 hashing algorithm which is not FIPS compliant. If FIPS compliance is a requirement of your organization, please use an alternative secondary authentication method. Complete these ste
The SSM On-Prem can be deployed on physical servers, such as the Cisco UCS C220 M3 Rack Server, or on a hardware-based server which meet the following requirements: Small Medium Large Maximum Products 4000 50,000 100,000 300,000 Hard Disk 200 Gigabyte 200 Gigabyte 200 Gigabyte 200 Gigabyte Memory 8 Gigabyte 8 Gigabyte 16 Gigabyte 16 Gigabyte .
SSM-30 refers to Bit 30 of the ARINC 429 word SSM- Dont care means ignore SSM-31 and SSM-30 settings. Don [t care means that there will not be any filtering of the respective SDI and/or SSM fields. 2.4 ARINC 429 Label and data word format A typical ARINC 429 data word (Label 164 - Rad. Alt.) is shown below. Starting at Bit-32 is PARITY
Introduction to Smart Software Manager On-Prem Cisco Smart Software Manager On-Prem (SSM On-Prem) is a Smart Licensing solution that enables customers to administer products and licenses on their premises, instead of having to directly connect Smart Licensed enabled product instances to Cisco Smart Software Manager hosted on cisco.com.
Introduction to Smart Software Manager On-Prem Cisco Smart Software Manager On-Prem (SSM On-Prem) is a Smart Licensing solution that enables customers to administer products and licenses on their premises, instead of having to directly connect Smart Licensed enabled product instances to Cisco Smart Software Manager hosted on cisco.com.
5 Whitepaper Smart Encryption Key Management www.pkware.com SMARTCRYPT ENCRYPTED DATA ON-PREM SMARTCRYPT MANAGER DLP / DISCOVERY IT/ AUDIT AUTHORIZED USERS SMARTCRYPT APPLICATION PARTNERS / CUSTOMERS SMARTCRYPT CLOUD (ON-PREM OR OFF-PREM)
Runs On-Prem Off the shelf software Secure authentication in the cloud Windows accounts authenticate against on-Prem PI Server(s) Secure Configure and Manage connections, data transfers, and security from OCS Portal Central Configuration Moves time series data from On-Prem PI Server to OCS Best of Breed OCS Native Ingress: PI to OCS
Migrating On-Prem VM to Microsoft Azure Cloud HIGH LEVEL STEP INVOLVED Access Design Migrate Go-Live Decommission. Migrating On-Prem VM to Microsoft Azure . EA customers can use existing License Network: Only outgoing (not incoming) -charges Storage: Only used (Does not charge allocated)
3. Poorvanangam (Kuchipudi) Prem Jyoti Dance Academy 4. Ganga Tarang (Odissi) Nrityanjali Theatre 5. Pushpunjali (Bharat Natyam) Prem Jyoti Dance Academy 6. Basanta Pallavi (Orissi) Nrityanjali Theatre 7. Tarana (Kathak) Susan Mohip Dance Company 8. Tarangam Karen Dass Prem Jyoti Dance Academy NARRATION IN DANCE 1 Rachel Lee FOLK 9.
American Gear Manufacturers Association 500 Montgomery Street, Suite 350 Alexandria, VA 22314--1560 Phone: (703) 684--0211 FAX: (703) 684--0242 E--Mail: tech@agma.org website: www.agma.org Leading the Gear Industry Since 1916. May 2004 iii Publications Catalog How to Purchase Documents Unless otherwise indicated, all current AGMA Standards, Information Sheets and papers presented at Fall .
