Cisco Systems CL-28826-01

10-7

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter10 Managing the Security Manager Server

Managing a Cluster of Security Manager Servers

–

The VPN topologies in which the devices participate. However, a VPN topology is exported

only if all devices that participate in the topology are included in the export. Extranet VPNs are

always exported.

Thus, the export file includes the complete policy configuration for the selected devices. The file

created has the extension .dev and can be read only by another Security Manager server (the file

contents are compressed and uninterpretable, which preserves the security of your policy

information).

For information on importing a .dev file into another Security Manager server, see Importing

Policies or Devices, page 10-13.

Export Size Limitations

If your Security Manager database contains a large number of devices or a large number of policies or

policy objects, you should limit the number of devices you export at one time to prevent errors. The

following guidelines can be used to help estimate the number of devices you can successfully export at

one time:

Example 1: 1000+ devices in the database with approximately 1500+ polices per device and

approximately 25,000 objects in the database:

•Maximum number of devices (devices only) to be exported at one time = 250

•Maximum number of devices (along with polices and objects) to be exported at one time = 100 to

150

Example 2: Fewer than 1000 devices in the database with approximately 1500+ polices per device and

approximately 10,000-15,000 objects in the database:

•Maximum number of devices (devices only) to be exported at one time = 250 to 300

•Maximum number of devices (along with polices and objects) to be exported at one time = 200

Tips

•When you select the Export Devices, Policies, and Objects option, you can export to the Security

Manager server or to the local Security Manager client. When exporting a CSV file, you can only

export to the Security Manager server. You can control the ability to export to or import from the

local Security Manager client from Tools > Security Manager Administration > Customize

Desktop. For more information, see Customize Desktop Page, page 11-6.

•Exported devices are not deleted from the inventory. If you intend to manage the devices from a

different Security Manager server, delete the devices after successfully importing them into the

other server.

•If you select a device that uses an AUS or Configuration Engine to manage its configuration, you

should also select the server in the list of devices to export. You cannot export AUS or Configuration

Engine information in CS-MARS format.

•You can export unmanaged devices.

•When exporting devices with their policies, only policies and policy objects that have been

submitted and approved are included in the export file. Make sure that all desired submissions and

approvals have occurred before exporting devices with policies and policy objects.

•No type of export file includes event and report data (that is, data that is available through Event

Viewer or Report Manager). Thus, if you are exporting devices with the intention of moving them

to another Security Manager server, the event and report data that was already collected for the

device will not be available on the new server.

•No type of export file includes device group information. You will have to manually recreate device

groups and assign devices to them after importing devices.