cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4016
Views
5
Helpful
4
Replies

IME & IDM

adamgibs7
Level 6
Level 6

Hello Friends,

What the difference between the IME and IDM, I think the IME is the replacement of IDM and IDM was compatible with previous version of IPS IOS.??? please correct me if i m wrong. I m very much new to IPS.

Thanks,

2 Accepted Solutions

Accepted Solutions

Marcin Latosiewicz
Cisco Employee
Cisco Employee

IDM is just a single device manager.

While IME can manage multiple devices, collects logs, browses through them has SDEE etc etc

View solution in original post

Scott Fringer
Cisco Employee
Cisco Employee

As Marcin indicated, IDM is for single device management and IME supports up to 10 IPS sensors.

To expand:

IPS Device Manager (IDM) is built-in to all current sensor software releases.  It supports device configuration and manual event monitoring.

IPS Manager Express (IME) is a stand-alone Windows application that can manage up to 10 IPS devices in the current release (7.0.3).  IME can provide real-time event monitoring for most IPS releases (5.1, 6.0, 6.1, 6.2 and 7.0).  It is not necessary to run the IME GUI full time as the event collection process runs as a Windows service which collects the events via SDEE from the managed sensors and stores them in a local MySQL database.  As the events are stored in the local MySQL database, historical reporting and auditing may be performed against that data.  IME will cross-link to supporting signature event details from the Cisco IntelliShield site.  IME can also handle IPS configuration for IPS recent IPS releases (6.1, 6.2, 7.0).

IME is not replacing IDM, it provides the ability to manage multiple IPS sensors through one application.

Scott

View solution in original post

4 Replies 4

Marcin Latosiewicz
Cisco Employee
Cisco Employee

IDM is just a single device manager.

While IME can manage multiple devices, collects logs, browses through them has SDEE etc etc

Scott Fringer
Cisco Employee
Cisco Employee

As Marcin indicated, IDM is for single device management and IME supports up to 10 IPS sensors.

To expand:

IPS Device Manager (IDM) is built-in to all current sensor software releases.  It supports device configuration and manual event monitoring.

IPS Manager Express (IME) is a stand-alone Windows application that can manage up to 10 IPS devices in the current release (7.0.3).  IME can provide real-time event monitoring for most IPS releases (5.1, 6.0, 6.1, 6.2 and 7.0).  It is not necessary to run the IME GUI full time as the event collection process runs as a Windows service which collects the events via SDEE from the managed sensors and stores them in a local MySQL database.  As the events are stored in the local MySQL database, historical reporting and auditing may be performed against that data.  IME will cross-link to supporting signature event details from the Cisco IntelliShield site.  IME can also handle IPS configuration for IPS recent IPS releases (6.1, 6.2, 7.0).

IME is not replacing IDM, it provides the ability to manage multiple IPS sensors through one application.

Scott

Thanks Dears,

scfringe wrote:

(for IME Client) ... the event collection process runs as a Windows service which collects the events via SDEE from the managed sensors and stores them in a local MySQL database ...

I think this is an important point that needs to be pointed out more directly and more visibly in the documentation for IME.  This feature has an impact beyond just your local workstation.  This is especially important if you are running IME, and you enable AAA on your sensors.

After you enable AAA/RADIUS, your IME client (via the IPS sensor) is going to start HAMMERING your AAA server.  I'm talking a minimum of one log entry per second, per monitored device.  And that's for one client.  I considered disabling just on that alone.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: