The Cisco SDM platform allows you to easily configure routes.®A Web-based intuitive device management tool for software routers. Cisco SDM uses smart Wizard to help customers quickly and easily deploy, configure, and monitor Cisco®Vro, without having to know the CLI), which simplifies the configuration of vro and security. Cisco 830 series, Cisco 1700 series, Cisco 1800 series, Cisco 2600XM, Cisco 2800 series, Cisco 3600 series, Cisco 3700 series and Cisco 3800 series routers, and some Cisco 7200 series and Cisco 7301 Routers all support Cisco SDM.
Ease of use and Application Intelligence
Cisco SDM allows you to easily configure routing, switching, security, and quality of service QoS on a Cisco router. It also helps achieve proactive management through performance monitoring. Whether deploying a new router or installing Cisco SDM on an existing router, you can now remotely configure and monitor these routers without using the Cisco IOS software CLI. The Cisco sdm gui can help non-expert users of Cisco IOS software to perform routine work smoothly, provide easy-to-use smart wizard, automated router security management functions, and help users access comprehensive online help and guidance. see Figure 1 ).
The Cisco SDM smart wizard guides you through configuring LAN and WAN interfaces, firewalls, intrusion prevention systems IPS, and IP Security IPSec through the system. The Cisco SDM smart wizard can intelligently check incorrect configurations and provide repair suggestions. For example, when the WAN interface is a DHCP address, it allows dynamic hosts to configure protocol DHCP) traffic to pass through the firewall.
Online help embedded in Cisco SDM contains appropriate background information and step-by-step guidance to help users access the appropriate data in Cisco SDM. The online vocabulary summarizes the terms and definitions of networking and security that users may encounter.
For network experts familiar with Cisco IOS software and its security features, Cisco SDM provides advanced configuration tools for fast configuration and fine-tuning of router security features, allows network experts to check the commands generated by Cisco SDM before changing the vro configurations.
Cisco SDM can help administrators use Secure Sockets Layer SSL) and Secure Shell SSHv2) protocol connection from remote location configuration and monitoring router Diagram 2 ). This technology enables secure Internet connections between users' browsers and routers. When deployed in a branch, Cisco SDM-based routers can be configured and monitored from the corporate headquarters, eliminating the need for senior network administrators in the branch.
Integrated Security Configuration
When deploying a new router, Cisco SDM can be used to quickly configure the Cisco IOS Firewall using the best solution recommended by the ICSA and the Cisco technical support center TAC. Cisco SDM users can configure the most powerful VPN default and automatically perform security audit figure 3 ). In addition, Cisco SDM users can also perform step-by-step router locking for Firewalls) and step-by-step VPN locking for Fast deployment of Secure inter-site connections ). The recommended IPS signature list for Cisco bundled with Cisco SDM allows quick deployment of defense tools for worms, viruses, and misuse protocols.
When installed on an existing vro, Cisco SDM allows you to perform one-step security audit to evaluate the advantages and disadvantages of your vro configurations based on common security vulnerabilities. Administrators can fine-tune existing router security configurations to better meet their business needs. Cisco SDM can also be used for routine operations such as monitoring, fault management, and troubleshooting.
In addition to security configuration, Cisco SDM also helps you quickly and easily configure router services, such as LAN and WAN interface configurations, routes, DHCP servers, and QoS policies. Using the LAN Configuration Wizard, you can assign IP addresses and subnet masks for Ethernet interfaces, and enable or disable DHCP servers. Using the WAN Configuration Wizard, you can configure xDSL, T1/E1, Ethernet, and ISDN interfaces for WAN and Internet access.
In addition, for serial connections, users can implement frame relay, Point-to-Point Protocol (PPP), and advanced Data Link Control (HDLC) encapsulation. Cisco SDM also allows you to configure static routes and common dynamic routing protocols, such as Open Shortest Path First (OSPF), route information protocol (RIP) 2nd, and enhanced Internal Gateway Routing Protocol (VPN.
With Cisco SDM, QoS policies can now be easily applied to any WAN or VPN tunnel interface. The QoS policy Wizard automates the 'qos policy Cisco architecture Guide' for real-time application of voice or video) and Enterprise key application structured query language [SQL], Oracle, Citrix, and routing protocol) traffic and other network traffic such as Web and email) are effectively assigned priority. The network-based application identification (NBAR) function in Cisco SDM allows users to check Application Layer traffic in real time and determine the impact of QoS policies on application traffic of different levels.
Monitoring and Troubleshooting
In monitor mode, Cisco SDM provides quick graphical Status display for primary router resources and performance evaluation, such as interface status normal or failure, and CPU and memory usage. Cisco SDM uses the integrated routing and security features provided by routers to conduct in-depth diagnosis and troubleshooting of WAN and VPN connections. For example, when a faulty VPN line is processed, Cisco SDM verifies the router configuration and connection from the WAN interface layer to the IPSec Encryption layer. When you test configuration and remote peering connections at each layer, Cisco SDM provides normal or fault status reports, possible causes of faults, and Cisco TAC-recommended recovery measures.
The Cisco SDM monitor mode also allows users to view the number of times the network is denied by the Cisco IOS Firewall, and allows users to easily access firewall logs. You can also monitor the specific VPN status, such as the number of groups encrypted or decrypted by the IPSec tunnel and the session details of the Easy VPN Client.
Cisco SDM is most suitable for large enterprise branches and small and medium enterprises that are sensitive to device deployment and network management costs and have a limited number of senior technicians. Cisco SDM allows enterprises and Cisco channel partners to easily implement vro security and network configurations with confidence. Cisco IOS software configurations generated by Cisco SDM are all approved by Cisco TAC. Cisco SDM improves the efficiency of network and security administrators through built-in configuration check, expert-oriented configuration editing programs, and useful default settings. Cisco SDM can also improve network availability by reducing configuration error instances.
For enterprises that have deployed large networks, Cisco SDM can be integrated with the Cisco CNS configuration engine for highly scalable and easy router deployment. Users can input Cisco IOS software configurations generated by Cisco SDM to the Cisco CNS configuration engine and deploy them on thousands of Cisco routers at a time in cookie-cutter mode.
Cisco SDM and other Cisco management applications
Cisco also provides other device and network management applications that can be used with Cisco SDM. CiscoView is a Web-based management application that can be installed on a dedicated CiscoWorks Server to display and monitor the physical view of Cisco devices. The client interfaces of Cisco SDM and CiscoView can coexist on one workstation: Cisco SDM is mainly used for router and security configuration, and CiscoView is mainly used to display the physical router status in real time, and monitors devices based on Simple Network Management Protocol (SNMP.
Initial deployment of a Cisco Router
Cisco SDM helps Cisco partners and customers quickly and securely deploy Cisco routers using the launch wizard and Multiple Task-Based Smart wizards. The step-by-step router locking feature ensures that all unnecessary services on the Cisco IOS software are disabled before the Cisco router is connected to the public internet or WAN.
Extensive deployment of Cisco Routers
Cisco SDM is integrated with the smart engine of the Cisco central 2100 series to quickly and economically implement the use of factory default configurations for the numerous deployments of Cisco routers ). In each phase of deployment, service providers and large enterprises have the flexibility to use the Cisco SDM and Cisco CNS 2100 series products in combination, and allow untrained field administrators to download the final Cisco IOS software configuration, cisco ios cli is not required.
Cisco Router Security Management
Cisco SDM helps Cisco partners and customers easily deploy security features of Cisco IOS software-Network Address Translation NAT), ACL, firewall, and IPSec VPN-and integrate these security features into existing router configurations and network infrastructure. The smart wizard in Cisco SDM understands the interaction between routing and security features, and provides guidance to users on the final configuration approved by Cisco TAC after comprehensive tests. The CLI Preview mode in Cisco SDM allows expert users to manually verify the final configuration and then apply it to the vro.
Cisco router Operation Management
Cisco SDM can help Cisco partners and customers use SSL and SSH for Comprehensive Remote Security Management of router operations: hardware and software inventory status, interface status, firewall and ACL logs, VPN tunnel status, and latest system log information.
Cisco SDM is a valuable Productivity Enhancement Tool for network and security administrators. Cisco partners can use Cisco SDM to deploy Cisco routers more quickly and easily for WAN Access and network security features. Cisco customers can use Cisco SDM to use the configurations generated by Cisco SDM to perform end-to-end tests by Cisco engineers and Cisco TAC) to reduce the total cost of ownership of Cisco routers. The configuration check inherent in Cisco SDM helps reduce configuration error instances.