8-43
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter8 Managing Deployment
Working with Deployment and the Configuration Archive
Adding, Editing, or Deleting Auto Update Servers or Configuration Engines, page3-35
Tip After you add a device to the Security Manager inventory, you can change the assigned server
in the device properties. Right-click the device and select Device Properties. Configure the
server using the device properties if you could not identify it while adding the device.
Step 4 For devices that are using AUS, configure the AUS policy for the device in Security Manager. Do one of
the following:
Configure the policy for a single device. In Device view, select the device, and then select Platform
> Device Admin > Server Access > AUS from the Device Policy selector.
Configure a shared policy that you can assign to many devices that share the same AUS. In Policy
view, select PIX/ASA/FWSM Platform > Device Admin > Server Access > AUS from the Policy
Types selector. Right-click AUS and select New AUS Policy to create a policy, or select an existing
policy from the Policies selector to change the policy. Select the Assignments tab to assign the
policy to specific devices.
The server you identify in this policy must also be the server you identify in the device properties. The
device properties identify the server to which Security Manager will send the configuration, whereas the
AUS policy defines the server the device will contact.
Tip If you change AUS servers, keep in mind that the device will continue to use the AUS server
defined in its current configuration until it receives a new configuration. Thus, you should
change the AUS policy but deploy the configuration using the previous AUS server. After
deployment is successful, change the device properties to point to the new server.
Step 5 In Security Manager, deploy your configurations using the Deploy to Device deployment method.
Security Manager sends the configuration to the AUS or Configuration Engine, where the network
device retrieves it.
Depending on the Workflow mode you are using, follow these procedures:
Deploying Configurations in Non-Workflow Mode, page 8-29
Deploying Configurations in Workflow Mode, page 8-35
Deploying Configurations to a Token Management Server
If your organization requires the use of a Token Management Server (TMS) for applying configuration
updates to routers, you can use Security Manager in conjunction with your TMS processes. To perform
this type of deployment, you need to set up the device, TMS, and Security Manager properly. This
procedure explains the tasks that you need to perform.
Related Topics
Overview of the Deployment Process, page 8-1
Chapter 2, “Preparing Devices for Management”
Including Devices in Deployment Jobs or Schedules, page8-8
Understanding Deployment Methods, page 8-8