1-20
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 1 Getting Started with Security Manager
Using Configuration Manager - Overview
For information about enabling or disabling Workflow mode or enabling or disabling Ticket
Management, see Changing Workflow Modes, page 1-26.
In Workflow mode:
A user must create an activity before defining or changing policy configurations in Configuration
Manager. The activity is essentially a proposal to make configuration changes. The changes made
within the activity are applied only after the activity is approved by a user with the appropriate
permissions. An activity can either be submitted to another user for review and approval (Workflow
mode with an activity approver), or it can be approved by the current user (Workflow mode without
an activity approver). For detailed information about the process of creating, submitting, and
approving activities, see Chapter 4, “Managing Activities”.
After the activity is approved, the configuration changes need to be deployed to the relevant devices.
To do this, a user must create a deployment job. A deployment job defines the devices to which
configurations will be deployed, and the deployment method to be used. A deployment job can either
be submitted to another user for review and approval (Workflow mode with a deployment job
approver), or it can be approved by the current user (Workflow mode without a job approver).
Deployment preferences can be configured with or without job approval. For more information, see
Chapter 8, “Managing Deployment”
Working in Non-Workflow Mode
Some organizations have no division of responsibility between users when defining and administering
their VPN and firewall policies. These organizations can work in non-Workflow mode. When using
non-Workflow mode, you do not explicitly create activities. When you log in, Configuration Manager
creates an activity for you, also called a configuration session, or opens the activity you were using when
previously logged in (the configuration session is automatically closed when you log out of Security
Manager). This activity is transparent to the user and does not need to be managed in any way. When
you submit your configuration changes to the database, this is equivalent to submitting and approving
the activity in Workflow mode. In addition, when you submit and deploy configuration changes, Security
Manager creates a deployment job for you as well. Like activities, deployment jobs are transparent and
do not need to be managed.
When using non-Workflow mode, multiple users with the same username and password cannot be logged
into Security Manager at the same time. If another user logs in with the same username and password
while you are working, your session will be terminated and you will have to log in again.
Ticket Management in Non-Workflow Mode
If your organization uses a change management system, Security Manager can associate the changes
made to configurations with a ticket ID. Before making any configuration changes, you must open a
ticket and the ticket must be submitted before the changes associated with that ticket are available to be
deployed. Tickets can be opened and closed as needed, and you can discard a ticket if the changes
associated with that ticket are no longer desired. Entering a ticket ID is not required, but if one is used,
the Ticket field can be configured to link to an external change management system. For more
information, see Ticket Management.
Non-Workflow mode with Ticket Management enabled is the default mode for Security Manager. For
information about enabling or disabling Workflow mode or enabling or disabling Ticket Management,
see Changing Workflow Modes, page 1-26.
Comparing Workflow Modes
The following table highlights the differences between the workflow modes.