CiscoWorks
Architecture Overview
The IDS MC architecture is shown in Figure 10.3. The MC itself
relies upon the services provided by the CiscoWorks Common Services software.
The Common Services component provides a comparable environment for all of the
MCs. Some of these services include data storage and management, session
management, a web interface, and user authentication and permission management.
Before installing the Cisco IDS Management Center, it is important to understand
related software that may be prerequisites for successful installation.
The IDS MC provides a Web-based interface for managing and
configuring Cisco IDS sensor appliances and the IDS module for the Catalyst
chassis. The MC is built on top of the CiscoWorks framework, allowing it to
leverage the ability to define user roles. These roles provide for the
definition of user management privileges, including the ability to generate as
well as deploy IDS configurations. The IDS MC requires the CiscoWorks Common
Services component to provide the necessary base components, software libraries
and other software packages. The CiscoWorks Common Services is comprised of the
following components:
-
Data Storage and Management The Common Services data store is provided by a Sybase SQL
Anytime database. Data backup, and repair and restoration capabilities of the
database, are also provided by the Common Services package.
-
Session Management Allows multiple users
to connect to the MC and perform configuration and management tasks without data
corruption or loss.
-
User Management Provides for
authentication and authorization.
-
Web Interface Provided by an Apache Web
server allowing for connections to the MC system through a Web browser. Access
to the CiscoWorks2000 server is done on a secure encrypted channel over TCP port
1741. Once the user has authenticated to the CiscoWorks2000 server,
communication with the IDS MC is conducted over TCP port 443.
IDS MC Installation
The IDS MC software installs its components into the same
directory as the CiscoWorks Common Services software components. This is
typically in the directory: Program Files\CSCOPx. The directory structure is
shown in Figure 10.4.
Cisco chose to use an open source program called Apache for
the built-in Web server for CiscoWorks. The subdirectory \Apache is where the
Apache Web Server is installed and from where Apache serves the Web pages that
are displayed when using the IDS MC. The Sybase subdirectory is where the Sybase
SQL Anytime database is installed as well as where all data from the IDS
appliances and the IDSM sensors is stored. The Tomcat subdirectory is where the
Tomcat application server is installed. This server provides servlets to the IDS
MC from the Common Services. The Etc\ids directory is where the IDS MC is
actually stored. The updates subdirectory is where the signature update packs
are stored for the MC to push out to the sensors or to the MC itself.
IDS MC Processes
The IDS MC is composed of the following system
processes:
-
IDS_Analyzer
-
IDS_Backup
-
IDS_DbAdminAnalyzer
-
IDS_DeployDaemon
-
IDS_Notifier
-
IDS_Receiver
-
IDS_ReportScheduler
The IDS_Analyzer defines event rules and requests
user-specified notifications when appropriate. The IDS_Backup process provides
for database backup and restore capabilities to the MC. The DbAdminAnalyzer
applies various active database rules to the current state of the server. The
IDS_DeployDemon provides for the deployment of configurations to IDS sensors.
IDS_Notifier retrieves and performs MC subsystem notification requests. The
IDS_Receiver receives alarms and syslog events from IDS appliance sensors and
IDS modules for the Catalyst chassis and stores them in the Sybase database. As
its name implies, the IDS_ReportScheduler handles the generation of reports in
the MC.
Sections
Comments (0 posted)
Syndication
