Guidance? -> LMS v3.1 & CSM v3.2

Unanswered Question


Cross-posting here (it's in the security forum too) to get the LMS perspective. Plus this forum seems to be more heavily trafficked. ;-)

Any folks with both LMS & CSM... what's your experience been like with integration?

Do you prefer to have CSM slave its DCR to LMS? Use LMS's RME vs a separate one, or split it out into separate un-integrated DCRs?

e.g. one-DCR-to-rule-them-all, or just R/S in LMS, PIX/ASA/FWSM/IDSM/MARS in CSM. or not. or something else. or or or ...

Pros? Cons? What is gained/what is lost?

Consider the workload of maintaining two distinct inventories (not to mention two revs of the LMS backend (CS, RME) since CSM isn't up to par with the v3.1 LMS guts), the loss of integrated event repositories, duplication of RSAC, confused user experience with two GUIs, etc.

I'm trying to make a decision as to which way to go. If you've been-there-done-that, could you share your experience.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Joe Clarke Tue, 07/29/2008 - 06:45
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You can slave CSM to LMS, but not the other way around. The server with the highest version of Common Services MUST ALWAYS be the master. We do have a few customers doing this with CSM and CUOM, and it works well for them. If you're going to be managing the same sets of devices in both servers, it pays to keep one device and credentials list.

If it were me, I wouldn't put RME on the CSM server. Just use RME 4.2 from LMS 3.1. Integrate the two servers with DCR and Single Sign On, and register the CSM apps within LMS 3.1. Tell your users to use the LMS 3.1 server as their jumping-off point.

Mike Bailey Tue, 08/12/2008 - 05:15
User Badges:

Was redirected to this post from:

Today I have:

> Ensured CSM and LMS identity accounts and peer accounts setup correctly

> Imported Peer Certs from CMS to LMS and vise-versa

> Setup LMS as DCR and Single Sign-On Master

> Setup CSM as DCR/SSO Slave to LMS

> Registered CSM applications into homepage config of LMS

> Configured CSM Client to use LMS as its RME server

This all seems to work fine, but I still don't have a populated device list in CSM client.

User logs into CSM client and no devices are listed, they only have the option to Add devices from a file etc.

How do I get this nice and slick so that the CSM client automatically shows all the devices from my LMS DCR?



Mike Bailey Tue, 08/12/2008 - 09:45
User Badges:

The DCR Device Wizard says:

You can access the Device Information page from the Add Device from DCR wizard. Click the Add button in the Device selector, select Add Device from DCR, then click Next.

I don't get an "Add Device from DCR" option (see attachment).

THe only option I seem to have related to DCR is the "Add Device From File", which requires doing an export from DCR to a CSV file - not very secure for a security product as the DCR export contains all the device credentials!



Have I missed a step or doing something wrong not to get this option?

Joe Clarke Thu, 08/14/2008 - 07:44
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

I don't support CSM, so I'm not sure what triggers the ability to import from DCR. You might try this on the security Network Management forum.


This Discussion