Running CW2000 LAN and VPN/SEC Bundles on Multiple Servers

George.Dean · ‎10-30-2003

My organization is currently deploying the LAN Management Solution 2.2 and VPN/Security Solution Bundles for a Wireless LAN for the DoD USAF.

Should I run these bundles on separate servers (i.e., one for LMS and one for VMS or should I setup one for monitoring and one for configuration? We also have a dedicated syslog server that we were planning on running Remote Syslog Analyzer collector. Currently, we run Kiwi Syslog service on it.

Initially, we will have approximately 200 devices to manage but growth could double over the next three years. Our devices include Cisco 3000 Series VPN concentrator, ACS 3.0 (RADIUS) servers, Wireless Solution Engine 1105, Cisco Aironet 350 and 1200 Access Points, Catalyst 3550 access layer switches, and Cisco 6506(s) core layer switching. Our backbone consist of single-mode fiber. All switches are connected through GBIC(s). Everything will be configured using VLAN(s).

We have two high powered servers available, both with dual 2.2 GHz processors, 2 GB RAM, and 36 GB hard drives.

ywadhavk · ‎10-31-2003

Though, the LMS and VMS can co-exists (VMS without CSA), its is best and highly recommended to keep them on separate servers. It seems that you have many devices reporting events to the monitoring server, in such a case, a 3rd server just to handle these events is the best solution.

Thanks,

yatin

CHRISTOPHER YUEN · ‎01-09-2004

If LMS are VMS are installed on separate servers, how would you integrate the two CiscoWorks servers? If you have RME installed on both, wouldn't that be two separate inventories/databases?

If so, then you wouldn't have one common place to access CiscoWorks, right? You'd have to http to the IP of the VMS box separately to view/manage VPN/firewall devices, whereas you'd http to the LMS box for all other devices. Or am I wrong about this? Would you be able to access the VMS modules from the web console of the LMS box?

minielsen · ‎01-09-2004

The White Paper "CiscoWorks in Large-Scale Network Environments" explains how to architect a solution with more CiscoWorks servers running e.g. RME. Have a look at http://www.cisco.com/warp/public/cc/pd/wr2k/prodlit/ckspp_wp.htm.

badamson · ‎01-11-2004

Just as a reference, there are a number of different ways to do this. It is highly dependent on the number and types of devices you are managing as well as personal preference. We recently implemented the same two packages, LMS and VMS, and put RME with the VMS package (minus the host based IDS console) on one server with the rest of the LMS package (less DFM and RTM) on a second server. DFM is currently on a third dedicated server. If you run two different instances of RME, you will have two different databases which is why we run only a single one.

CHRISTOPHER YUEN · ‎01-13-2004

So now how do you point one box to the other's RME database? I had thought that that's how you could do it (one RME shared by multiple packages), but I don't see any documentation on how to set that up.

Thx!