10-5
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter10 Managing the Security Manager Server
Managing a Cluster of Security Manager Servers
When importing shared policies and policy objects, the imported information always replaces any
existing shared policies or policy objects of the same name. Therefore, if you allow users to create
their own shared policies and objects on a server where you will import policies and objects, it is
critical that you develop a policy and object naming standard so that user policies and objects are
not accidentally overwritten by newly imported policies and objects.
Related Topics
Overview of Security Manager Server Cluster Management, page 10-2
Splitting a Security Manager Server, page 10-3
Exporting the Device Inventory from the Security Manager Client, page 10-6
Step 1 On the original server, ensure that all configuration changes for the shared policies and policy objects
have been submitted. You will need to ask the staff to submit their changes and have them approved,
there is no simple way to determine this status within Security Manager.
When exporting shared policies, there is no need to ensure that new changes have been deployed to
devices assigned to the policies. Device assignments and deployment status are not part of the exported
information.
Step 2 Select File > Export > Policies to export the shared policies and any policy objects used by the policies.
The export process creates a file with the extension pol.
Tip You cannot pick and choose which policies to export. You can select policy types only. All
shared policies of a selected type are exported.
For more detailed information, see Exporting Shared Policies, page 10-11.
Step 3 On each of the other Security Manager servers, select File > Import to import the exported shared policy
information to the servers. For more detailed information, see Importing Policies or Devices,
page 10-13.
Tip Any shared policies or objects that have the same name as imported ones are replaced. The
import of a policy or object will fail if a user already has a lock on the policy or object. As
explained in Importing Policies or Devices, page 10-13, you must submit policies before the
changes are available for configuring devices.
Step 4 If you do not want to import all of the shared policies, delete the ones you did not want to import on the
other servers. This is a manual process.
Exporting the Device Inventory
Exporting the device inventory allows you to import the inventory into other network management
applications or to manipulate the output for your own reporting purposes. There are two unrelated
methods to export the device inventory:
Use the File > Export > Devices command—Using this command, you can create either a simple
comma-separated values (CSV) file or a compressed .dev file that contains the devices along with
their complete configuration policies. The CSV file is in a format suitable for importing into the