Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Guidance? -> LMS v3.1 & CSM v3.2


Cross-posting here (it's in the security forum too) to get the LMS perspective. Plus this forum seems to be more heavily trafficked. ;-)

Any folks with both LMS & CSM... what's your experience been like with integration?

Do you prefer to have CSM slave its DCR to LMS? Use LMS's RME vs a separate one, or split it out into separate un-integrated DCRs?

e.g. one-DCR-to-rule-them-all, or just R/S in LMS, PIX/ASA/FWSM/IDSM/MARS in CSM. or not. or something else. or or or ...

Pros? Cons? What is gained/what is lost?

Consider the workload of maintaining two distinct inventories (not to mention two revs of the LMS backend (CS, RME) since CSM isn't up to par with the v3.1 LMS guts), the loss of integrated event repositories, duplication of RSAC, confused user experience with two GUIs, etc.

I'm trying to make a decision as to which way to go. If you've been-there-done-that, could you share your experience.



Cisco Employee

Re: Guidance? -> LMS v3.1 & CSM v3.2

You can slave CSM to LMS, but not the other way around. The server with the highest version of Common Services MUST ALWAYS be the master. We do have a few customers doing this with CSM and CUOM, and it works well for them. If you're going to be managing the same sets of devices in both servers, it pays to keep one device and credentials list.

If it were me, I wouldn't put RME on the CSM server. Just use RME 4.2 from LMS 3.1. Integrate the two servers with DCR and Single Sign On, and register the CSM apps within LMS 3.1. Tell your users to use the LMS 3.1 server as their jumping-off point.

New Member

Re: Guidance? -> LMS v3.1 & CSM v3.2

well, there's one vote in favor for what I had planned to do anyway.

thanks, Joe.

anybody else want to chime in?

best two-out-of-three wins.



New Member

Re: Guidance? -> LMS v3.1 & CSM v3.2

Was redirected to this post from:

Today I have:

> Ensured CSM and LMS identity accounts and peer accounts setup correctly

> Imported Peer Certs from CMS to LMS and vise-versa

> Setup LMS as DCR and Single Sign-On Master

> Setup CSM as DCR/SSO Slave to LMS

> Registered CSM applications into homepage config of LMS

> Configured CSM Client to use LMS as its RME server

This all seems to work fine, but I still don't have a populated device list in CSM client.

User logs into CSM client and no devices are listed, they only have the option to Add devices from a file etc.

How do I get this nice and slick so that the CSM client automatically shows all the devices from my LMS DCR?



New Member

Re: Guidance? -> LMS v3.1 & CSM v3.2

New Member

Re: Guidance? -> LMS v3.1 & CSM v3.2

The DCR Device Wizard says:

You can access the Device Information page from the Add Device from DCR wizard. Click the Add button in the Device selector, select Add Device from DCR, then click Next.

I don't get an "Add Device from DCR" option (see attachment).

THe only option I seem to have related to DCR is the "Add Device From File", which requires doing an export from DCR to a CSV file - not very secure for a security product as the DCR export contains all the device credentials!



Have I missed a step or doing something wrong not to get this option?

New Member

Re: Guidance? -> LMS v3.1 & CSM v3.2

Any ideas anyone?

Cisco Employee

Re: Guidance? -> LMS v3.1 & CSM v3.2

I don't support CSM, so I'm not sure what triggers the ability to import from DCR. You might try this on the security Network Management forum.

CreatePlease to create content