10-4
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 10 Managing the Security Manager Server
Managing a Cluster of Security Manager Servers
Step 5 On each of the new Security Manager servers, select File > Import to import the exported information
to the new servers. For more detailed information, see Importing Policies or Devices, page10-13.
Tip Device groups are not preserved during import. All devices are placed in the All group. You need
to manually recreate the desired device group structure and add the devices to the appropriate
groups.
Step 6 Verify that each of the new Security Manager servers can manage the newly-imported devices. For
example, you could do a deployment, even for unchanged devices, to ensure that the new server can
successfully contact all devices and deploy configurations.
Tip As explained in Importing Policies or Devices, page 10-13, you must submit policies before the
changes are available for configuring devices. Submit policies before doing a deployment.
Step 7 If you were monitoring any of the moved devices using the original server (that is, with Event Viewer
and optionally Report Manager), ensure that you update the relevant policies to have syslog messages
sent to the new server and to allow contact from the new server. None of the event or report data from
the original server is transferred to the new server.
For information on configuring the devices to enable Security Manager monitoring, see the following
topics:
Configuring ASA and FWSM Devices for Event Management, page66-25
Configuring IPS Devices for Event Management, page66-26
Step 8 On the original Security Manager server, select File > Delete Devices to delete the moved devices from
the original server. For information on deleting devices, see Deleting Devices from the Security Manager
Inventory, page3-55.
Synchronizing Shared Policies Among Security Manager Servers
When you have more than one Security Manager server, you can manually synchronize the shared
policies among those servers. When you synchronize shared policies, the policy objects that are used by
those shared policies are also synchronized.
Tips
There is no programmatic way to identify a single Security Manager server as the “master” server,
the one that contains the official version of shared policies. You must decide which server to use as
the master and have the discipline to edit shared policies on that server only.
Use the same release of Security Manager software on all servers.
You can also synchronize certain types of policy object among servers even if those objects are not
used in shared policies. If you have network/host, service, or port list objects that you want to
synchronize, you can use the command described in Importing and Exporting Policy Objects,
page 6-21.