CiscoWorks 2000 Update

Peter J. Welcher

Introduction

Recently I've been working with the new releases (as of March & July 2000?!) of the CiscoWorks 2000 software. This month's article will summarize the components and capabilities of this software. We'll also look at some of the lessons I learned in working with the software. And we'll finish with a picture gallery of screen captures from new components of the software. But first I'd like to explain what's happening with courseware in this area, since we're going through some changes...

There are two new courses coming on basic CiscoWorks 2000 and the RWAN and LAN bundles (see below for what all this means). These may be followed by a course on Troubleshooting and the Traffic Director product (or any follow-on product based on NetScout's new nGenius Web-based product, see http://www.netscout.com ). The existing CEMS course covers the older version of CiscoWorks 2000 and we anticipate retiring it when the new materials become available.

Mentor Technologies may be offering the CiscoWorks 2000 Fundamentals (CWFUN) course, starting around mid-February 2001. The follow-on course will perhaps be available in mid-year. Check our web page for the latest information and schedules. A diagram later in this article shows what each of the courses will cover (based on best current information).

Those interested in the current Traffic Director product and needing in-depth training on it should consider taking the current NetScout class, and doing so soon. (The software and SwitchProbe hardware Cisco sells are re-labelled NetScout, with perhaps some minor software changes.) We anticipate the NetScout class changing to reflect the nGenius software, and it may no longer reflect the software that Cisco is shipping with the CiscoWorks 2000 product. Let me note that you don't need RMON probes for Traffic Director and NetScout to be relevant to you: the CiscoWorks 2000 product does manage the mini-RMON in all Cisco switches quite nicely, and produces very interesting and useful Layer 2 statistics and reports for switched networks. Traffic Director can also be useful in a routed environment, but there you pretty much need to have probes before you can use Traffic Director.

CiscoWorks 2000 Components

CiscoWorks 2000 is available as 3 bundles and some add-on components. The three main bundles are:

CiscoWorks 2000 Routed WAN (RWAN) Bundle
CiscoWorks 2000 LAN Bundle
CiscoWorks 2000 Service Management Solution (SMS) Bundle

The previous article covered the capabilities of the SMS bundle. See also http://www.netcraftsmen.net/welcher/papers/saa.html .

Depending on which bundles you purchase, you will own some or all of the following components:

CiscoWorks 2000 Management Server
CiscoView 5.0 (Web)
Resource Manager Essentials (RME)
Traffic Director (TD)
Access Control List Manager (ACLM)
Campus Manager (CM)
Content Flow Monitor (CFM)
Service Level Manager (SLM)
ME 1110 Hardware Collector
CiscoWorks 2000 Voice Manager (CVM)
User Registration Tool (URT)
Device Fault Manager (DFM)

Cisco is pursuing a strategy where they and third-party partners provide add-on components that integrate (to varying degrees) with the CW2000 Server component. I wouldn't be all that surprised to see the CW2000 Server component bundled with some of the partner products in the future, providing them with database and web widget services.

In an attempt to clarify how the various components listed above fit together, I came up with the following diagram. It tries to show that the RWAN and LAN bundles consist of TD, RME, CV, and CW2000 Server, in common. The difference between the two bundles is that the RWAN bundle includes IPM and ACLM, whereas the LAN bundle includes CFM and CM. The SMS bundle is CW2000 Server plus CV plus SLM software and one ME 1110 hardware box. CVM and URT and DFM are currently add-on products.

Device Fault Manager (DFM) is a fairly new component, and is currently available either as an add-on or bundled with the RWAN or LAN bundles.

In terms of this diagram, here's what the new courses are (currently) intended to cover:

What Do All Those Products Do?

In general, for information on CW2000 or components, you should go to http://cisco.com/warp/customer/44/jump/ciscoworks.shtml . Due to space limitations, all I can do in what follows is give you a very brief description of each component.

CiscoWorks 2000 Management Server

The server component (aka "CD One") is the basic database, web server, and web tools the other components use.

CiscoView 5.0 (Web)

CiscoView is now Web-based, providing one-at-a-time device management for your Cisco equipment. It can be particularly useful for configuring switches. It also provides text and graphical ways to view the current status and performance of the device being monitored.

Resource Manager Essentials (RME)

The Resource Manager Essentials Web-based management tool has been available for 2-3 years now. It is now fairly stable and has been gaining valuable new functionality in each release (see also the Picture Gallery, below). It provides Inventory, Change Control and Monitoring, Configuration Archive and Deployment, Software Image Management (IOS and switch upgrades, automated, in batches!), as well as Syslog Reporting. It also provides near-real-time PING and SNMP monitoring of device availability and response times.

Traffic Director (TD)

Traffic Director is the Cisco-labelled NetScout software for interacting with RMON probes (Cisco SwitchProbes), NAM blades in Catalyst switches, and Cisco switches themselves. It provides graphical utilization, error, and protocol mix analysis as well as automated reporting.

Access Control List Manager (ACLM)

The ACLM tool allows you to build a traffic filtering (security) policy or other access list via classes. A class is a group of networks, other classes, or applications. You build up your policy with entries (ACE's) such as "Permit Engineers to run Eng-Apps to Eng-Servers", where Engineers and Eng-Servers are classes of networks or addresses, and Eng-Apps is a class of applications. The tool can then expand the high-level policy into a real access list (with all combinations of sources, destinations, and applications plugged in), and you can schedule distribution of the access list to one or many routers. The tool can also track or configure where (which interfaces and directions) the access list(s) are used.

Campus Manager (CM)

Campus Manager is the Web-based replacement for the former CWSI product. It allows automatic discovery and viewing of your Layer 2 and 3 topology (if you have all Cisco devices and they're running CDP). It tracks which user MAC and IP addresses are on which ports of which switches, and provides graphical Layer 3 and sometimes Layer 2 route tracing. Recent patches extend this capability to IP telephones! See below for some screen captures showing CM. Campus Manager also allows graphical configuration of VLANs in VTP domains, as wells as placing switch ports into VLANs. And it manages ATM as well as Ethernet, Token Ring, and FDDI campus networks.

Content Flow Monitor (CFM)

The CFM is a first release of a tool for managing the Cisco Content Flow architecture devices.

Service Level Manager (SLM)

SLM is software for configuring routers running SAA to collect response time data (via ME 1110's). The ME 1110's collect this data and SLM reports on it.

ME 1110 Hardware Collector

The ME 1110 equipment provides for large scale configuration of and data collection from routers acting as SAA probes.

CiscoWorks 2000 Voice Manager (CVM)

The CVM tool allows you to configure and provision dial ports and dial plans on voice-capable Cisco routers. It also provides traffic analysis reporting.

User Registration Tool (URT)

The URT tool allows you to administer dynamic VLANs on Cisco switches from a central server. With it, you can implement policy as to which users or groups of users (obtained from Microsoft Active Directory) belong to which VLANs, as wells as the IP subnets and DHCP services for those VLANs. The dynamic VLAN assignment in Cisco switches originally was based on MAC address. URT extends this to determine dynamic VLAN assignment based on user login.

Device Fault Manager (DFM)

This is brand new, and I haven't seen it yet. From the product literature: "DFM provides real-time, detailed fault analysis, designed specifically for Cisco devices. This focus on Cisco devices enables DFM to monitor Cisco technology-based networks for variety of fault conditions, analyze these conditions, and only notify the user via intelligent Cisco traps when a problem has occurred requiring their attention." At the very least, that sounds like pre-configured knowledge of how to deal with traps from Cisco devices, saving you the work of incrementally tuning your NMS platform (HP OpenView?) as to how it handles incoming SNMP traps.

QoS Policy Manager (QPM)

This is yet another product, intended to help you centrally build and distribute a QoS policy to your Cisco equipment. QoS Policy Manager (QPM), works with CW2000 in that you can import devices from CW2000 to QPM. In the future I expect QPM to become more tightly integrated with CW2000. The newest version comes with a COPS server for those using the COPS IETF standard to implement QoS policy.

Practicalities

The idea is for you to run CW2000 on a central server and then have network staff web into it. The central server needs to be a fairly powerful machine. The current version requires NT or Solaris. Here are the official requirements for RME on NT:

System hardware: IBM PC-compatible with 450 MHz Pentium III.
Memory (RAM): 256 MB minimum.
Available drive space: 4 GB.
The Campus Manager requirements are similar.

I'd suggest more hardware than this. The software runs reasonable well (mildly slow) for us on Pentium II's at 300 Mhz with 256 MB of RAM -- but that's in a small test lab. The software consumes about 512 MB or more of swap but doesn't seem to be thrashing -- but we're not leaving many windows open, and we're running directly on the server (laptop). For a real network I'd want to be thinking about 1 GHz Pentium III with 1 GB RAM and 10-20 GB disk, since all that is available and fairly affordable right now.

Concerning NT installation, some tips:

To successfully install and run the software, FOLLOW THE INSTRUCTIONS!
If you have the LAN bundle, be sure to install the CD-One and RME versions that come with it, they're newer than the ones with the RWAN bundle and are required.
Be sure that on NT you're at Service Pack 5. SP's 4 or 6 will not work.
Use Internet Explorer 5.5. I'm a Netscape fan but version 4.75's Java Virtual Machine is noticeably slower.
Even with IE 5.5, be sure to upgrade the Java Virtual Machine.
When you initially run parts of CW2000, CAM will ask if you want it to install itself and manage the application. Just say no -- we've seen a number of issues that cleared up when we disabled CAM.
Usual NT practices apply: dedicate the server to this. Start with a new NT install and new Service Pack install. As I learned the hard way, re-installing NT is not the same as a new install, you have to delete the winnt directory to get NT to install the original DLL's etc. there.
There is a maintenance release due out any day now (November 2000). Get it and use it!
When you're starting out, be sure to go into CW2000 Server Admin, and turn on synchronization from ANI to RME. And turn on and configure ANI. ANI does the automatic network discovery. Without synch, RME doesn't see the results.

Slide Gallery

This is intended as a quick tour of new features, compared to the prior version of CiscoWorks 2000 (RME 2.2 and CWSI 2.4).

First of all, CiscoView is now Web-based. See the figure.

CWSI has been replaced by Campus Manager. In the figure, you can see the Topology Services. I've selected Layer 2 View and the right subwindow shows the layer 2 devices that have been discoverd. You can sort on columns by clicking on the column header.

When you select one of the many views in Campus Manager Topology Services, you can bring up a map of it, as shown in the next figure. Clicking on the filter items on the right allows you to rapidly find devices or links of a certain type or types.

When you select a VTP domain, you can see all the VLANs in the domain. In the right subwindow, you can also see all ports in the domain. Under the Tools menu, you can find all ports matching various patterns and move them to another VLAN, if you so desire. (The lightning bolts indicate a network port, one connected to another Cisco device, as known via CDP).

For space reasons, I'm not showing User Tracking. This is a similar display, showing user PC MAC and IP addresses and which switches and ports they're connected to. Valuable troubleshooting tool!

Below we see a Layer 3 and Layer 2 trace between two devices (a router and a switch, going via another switch). Positioning the cursor over a curving arrow provides additional information (the table tab can also be used for this).

New in RME is the ability to not only collect and visually compare configuration file versions, but now you can edit and push configurations out to devices as well. Shown below is the NetConfig tool, which allows you to build a configuration using a template and push the resulting configlet(s) out to a group of devices. I've used the Adhoc template, which allows you to build up a list of arbitrary commands (no syntax checking) and send them out. Note that you can also schedule to send out enable commands and view the results.

The Network Show Commands tool lets you choose up to 10 devices. You can click on a button and have a pre-coded list of show commands executed on those devices. And you can then view or print or email the results. You can also build up your own lists of show commands. This gives you a quick way to collect show command output from up to 10 devices for troubleshooting! (See the figure).

You can also use the Config Editor to extract a configuration from the archive, edit it, and send the changes out to the affected device. You can pull up and edit multiple devices' configurations at one time and schedule them to all be send out in a batch, say during a change window at night. Note that the editor understands some router syntax (like the configuration diff tool) and pre-parses the configuration to simplify finding the part you need to work on.

Summary

There are many other improvements and new functions in the CW2000 product, but that's the quick tour. I hope you're as impressed as I am. For more information, check out the CW2000 link above, or use the links below (if you have the bandwidth).

Links to downloadable tutorials (30 MB or so each!) on CiscoWorks 2000 components:

Campus Manager: http://www.cisco.com/warp/public/cc/pd/wr2k/cpmn/prodlit/index.shtml
Internetwork Performance Monitor: http://www.cisco.com/warp/public/cc/pd/wr2k/nemo/prodlit/index.shtml
Cisco Resource Manager Essentials: http://www.cisco.com/warp/public/cc/pd/wr2k/rsmn/prodlit/index.shtml
Cisco QoS Policy Manager: http://www.cisco.com/warp/public/cc/pd/wr2k/qoppmn/prodlit/index.shtml
ACL Manager: http://www.cisco.com/warp/public/cc/pd/wr2k/caclm/prodlit/index.shtml
CD-One: http://www.cisco.com/warp/public/cc/pd/wr2k/view/prodlit/index.shtml
Service Management Solution: http://www.cisco.com/warp/public/cc/pd/wr2k/svmnso/prodlit/index.shtml

Your comments, preferences and ideas and suggestions for topics are always more than welcome! I enjoy hearing from you!

Dr. Peter J. Welcher (CCIE #1773, CCSI #94014) is a Senior Consultant with Chesapeake NetCraftsmen. NetCraftsmen is a high-end consulting firm and Cisco Premier Partner dedicated to quality consulting and knowledge transfer. NetCraftsmen has nine CCIE's, with expertise including large network high-availability routing/switching and design, VoIP, QoS, MPLS, network management, security, IP multicast, and other areas. See http://www.netcraftsmen.net for more information about NetCraftsmen. Pete's links start at http://www.netcraftsmen.net/welcher . New articles will be posted under the Articles link. Questions, suggestions for articles, etc. can be sent to pjw@netcraftsmen.net .