06-11-2010 01:16 PM - edited 03-10-2019 05:01 AM
Hello Friends,
What the difference between the IME and IDM, I think the IME is the replacement of IDM and IDM was compatible with previous version of IPS IOS.??? please correct me if i m wrong. I m very much new to IPS.
Thanks,
Solved! Go to Solution.
06-12-2010 12:29 AM
IDM is just a single device manager.
While IME can manage multiple devices, collects logs, browses through them has SDEE etc etc
06-14-2010 03:58 AM
As Marcin indicated, IDM is for single device management and IME supports up to 10 IPS sensors.
To expand:
IPS Device Manager (IDM) is built-in to all current sensor software releases. It supports device configuration and manual event monitoring.
IPS Manager Express (IME) is a stand-alone Windows application that can manage up to 10 IPS devices in the current release (7.0.3). IME can provide real-time event monitoring for most IPS releases (5.1, 6.0, 6.1, 6.2 and 7.0). It is not necessary to run the IME GUI full time as the event collection process runs as a Windows service which collects the events via SDEE from the managed sensors and stores them in a local MySQL database. As the events are stored in the local MySQL database, historical reporting and auditing may be performed against that data. IME will cross-link to supporting signature event details from the Cisco IntelliShield site. IME can also handle IPS configuration for IPS recent IPS releases (6.1, 6.2, 7.0).
IME is not replacing IDM, it provides the ability to manage multiple IPS sensors through one application.
Scott
06-12-2010 12:29 AM
IDM is just a single device manager.
While IME can manage multiple devices, collects logs, browses through them has SDEE etc etc
06-14-2010 03:58 AM
As Marcin indicated, IDM is for single device management and IME supports up to 10 IPS sensors.
To expand:
IPS Device Manager (IDM) is built-in to all current sensor software releases. It supports device configuration and manual event monitoring.
IPS Manager Express (IME) is a stand-alone Windows application that can manage up to 10 IPS devices in the current release (7.0.3). IME can provide real-time event monitoring for most IPS releases (5.1, 6.0, 6.1, 6.2 and 7.0). It is not necessary to run the IME GUI full time as the event collection process runs as a Windows service which collects the events via SDEE from the managed sensors and stores them in a local MySQL database. As the events are stored in the local MySQL database, historical reporting and auditing may be performed against that data. IME will cross-link to supporting signature event details from the Cisco IntelliShield site. IME can also handle IPS configuration for IPS recent IPS releases (6.1, 6.2, 7.0).
IME is not replacing IDM, it provides the ability to manage multiple IPS sensors through one application.
Scott
03-13-2011 12:38 PM
Thanks Dears,
03-13-2011 11:11 PM
scfringe wrote:
(for IME Client) ... the event collection process runs as a Windows service which collects the events via SDEE from the managed sensors and stores them in a local MySQL database ...
I think this is an important point that needs to be pointed out more directly and more visibly in the documentation for IME. This feature has an impact beyond just your local workstation. This is especially important if you are running IME, and you enable AAA on your sensors.
After you enable AAA/RADIUS, your IME client (via the IPS sensor) is going to start HAMMERING your AAA server. I'm talking a minimum of one log entry per second, per monitored device. And that's for one client. I considered disabling just on that alone.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: