Hi, Is it required any license to use or its free of cost.

Here is mine 2c about Cisco CSM.

I used to work for a Managed Security Service

Provider, MSSP, and we managed a lot of

Checkpoint firewalls running on Nokia

appliances

and SecurePlatform, over 1000 firewalls.

We approached Cisco about two years for a

centralized management tools that will be able

to manage hundreds of Cisco Pix/ASA and FWSM

firewalls. The requirement is that it is

easy to use, fast and flexible. In other

words, we want the tool to be as good, if not

better than Checkpoint Provider-1.

Cisco recommended CSM 3.0 beta so I went

ahead and tested the product. It was

absolutely and very slugglish. It did not

come close to Checkpoint Provider-1

centralized management. Cisco then introduced

me to Solsoft, which is a cisco partner.

Solsoft, on the other hand, is a much better

product than Cisco. It can run on both

Linux or Windows whereas Cisco CSM can only

run on Windows platform. Solsoft also has

a lot of limitations as well but if you have

to pick between Solsoft and Cisco CSM, I

definitely pick solsoft over CSM any days.

Even Cisco SEs will admit that to you, off-the

record ofcourse.

CSM requires a license.

CSM 3.2 (the latest version that came out this month) is far improved from the CSM 3.0 beta. CSM 3.0 was the first version of CSM and it was built off the remnants of VMS 2.3.

The latest CSM 3.2 is better and faster than the 3.0 and worth another try. I haven't experimented with Solsoft yet.

When you say faster and better, does it mean

that the CSM can have 100+ users logging into

the CSM at the same time, and making constant

changes at the same time? I wondered what

the response time will be.

How good is the CSM Java applet works across

the VPN?

Those are the questions that I asked Cisco SEs

about 2 years ago and could not get a

straight answer from them.

I can't say for sure on the 100+ users. We're typically at about 10 users here. But considering the robust workflow mode it has, I wouldn't be surprised if it could handle that. It would probably depend on the servers hardware specifications. I have seen deployments of CSM that contain more than 1500 devices. But yeah, can't say for sure on the number of concurrent users.

The CSM Java Applet should have no problem across a VPN tunnel. To be more accurate, it is a java based application that installs on the client side. That CSM client application uses https (or http) protocol to communicate with the CSM server, so it is encrypted and lightweight.

The CSM runs for 90 days without a license, you can grab the software here if you have a CCO account:

http://www.cisco.com/cgi-bin/Software/Tablebuild/doftp.pl?ftpfile=cisco/crypto/3DES/ciscosecure/csm-app/fcs-csm-320-w2k-k9.exe&app=Tablebuild&status=showC2A

The minimum system requirements are 2 GB of ram. You can run it on less also, but for 100+ users concurrently you'd probably need more then 2GB ram.

If you do end up trial running it with 100+ users, let me know what your results are.

-Brian

I tested CSM on a 4x "quad-core" Processors with 32GB RAM Dell Server.

This is a very fast box.

I tested version 3.1 last year and it was still slow, especially over

VPN. Others also experienced the same thing.

The problem I see with CSM is scalability. I don't know how familiar

you are with Checkpoint Provider-1 or Juniper NetScreen Security Manager,

NSM, is that these things are very scalable. You can install multiple

Managers & Containers across multiple physical servers and link them

together which allow large environment the ability scale. Therefore,

as you add more devices to manage and more users, you just add more

hardware to scale the infrastructure. For both Checkpoint P-1 and

Netscreen NSM, you need a dedicate server just to handle 100+ users,

in case all of them decide to log into the system at the same time,

and that the server has at least 8GB of RAM for this.

Can CSM do this? Is it possible with CSM? From what I can tell,

CSM is more suited for enterprise environment. CSM does not scale

well in service provider environment.