D-2
User Guide for Cisco Unified Service Monitor
OL-9351-01
AppendixD Configuring Service Monitor with Cisco Secure ACS
Before You Begin: Integration Notes
For example: You have configured threeService Monitor servers with a Cisco Secure ACS, and you
have created a role in Cisco Secure ACS for Service Monitor (say, SMSU). This role is shared by
licensed versions of Service Monitor running on all three servers.
•A user can have different access privileges for different Cisco Unified Communications
Management Suite applications.
For example: A user, SMSU, can have the following privileges:
–
System Administrator for Service Monitor
–
Network Operator for Operations Manager
–
Network Administrator for Service Monitor
–
Help Desk for Operations Manager
•Using Common Services, you must do the following:
–
Set AAA Mode to ACS—You will need to supply the following information obtained from
Cisco Secure ACS to complete this task: IP address or hostname, port, admin username and
password, and shared secret key.
Note When you set Common Services AAA mode to ACS, all Cisco Unified Communications
Management Suite applications running on the same server register with
Cisco Secure ACS and use it for authentication and authorization. If Service Monitor
and Operations Manager are installed on a server in ACS mode, all of the following use
Cisco Secure ACS: Service Monitor, Operations Manager, and Common Services.
–
Set up System Identity Setup username. This user was configured during Service Monitor
installation. For more information, click the CiscoWorks link on the Service Monitor home page
and select Common Services > Server > Security > Multi-Server Trust Management>
System Identity Setup.
•On Cisco Secure ACS, you must configure a user with the same username as the System Identity
Setup user. For Service Monitor, that user must have Network Administrator privileges on Cisco
Secure ACS.
•In ACS mode, fallback is provided for authentication only. (Fallback options allow you to access
Service Monitor if the login module fails, or you accidentally lock yourself or others out.) If
authentication with ACS fails, Service Monitor does the following:
1. Tries authentication using non-ACS mode (CiscoWorks local mode).
2. If non-ACS authentication is successful, presents you with a dialog box with instructions to
change the login mode to CiscoWorks local. (You can do so only if you have permission to
perform that operation in non-ACS mode.)
Note You will not be allowed to log in if authentication fails in non-ACS mode.
For details on configuring ACS mode, click the CiscoWorks link on the Service Monitor home page and
select Common Services > Server > Security > AAA Mode and click Help.