Thanks for the reply Scott. Been waiting for this since November.

Is there a work around for running VMS and CTR, or either of those + ACS on the same box?

All these windows management boxes are proliferating, and they're the only windows servers at our company - it's embarassing.

There's always VMware I suppose.

That's an interesting question. My first thoughts were that VMS would replace CTR in functionality. That CTR was just a temporary stopgap. Don't know for sure.

My perception of VMS was of a UNIX platform (Solaris) ported for NT so I expected an application to run on my Solaris or Linux systems.

I'm not familiar with the history of these applications nor the technical/marketing reasons but it does seem short sighted to release only on NT. Of course if these are beta applications then it may be premature to voice concerns. Our local Cisco contacts are not aware of dates or platforms for these applications but I would expect Cisco to pony up and give us some options.

The purchase copy of VMS is available on both Solaris and Windows.

It is just the no additional cost VMS Basic that is only for Windows (at least that is what I've heard, I have not seen the formal documentation, so it may actually also be available for Solaris).

So if you want the Unix support then purchase the license to run VMS on Solaris.

As for VMS replacing CTR functionality. I can't really comment on that at the moment.

VMS Basic is still the same version as what has been for sale for the past few months with just a new no additional cost license.

CTR is still the same CTR available at no extra cost for the initial offering period as a trial version on Windows only.

As for the future of VMS and CTR this information can not be discussed on an open public forum before official product announcements. You would need to contact your Cisco Sales Representative and have a confidential conversation on the product roadmaps.

Considering that VMS was available years BEFORE CTR, it is not possible for VMS to replace CTR. If anything, individuals should be wondering if CTR will replace VMS. There seems to be alot of confusion between VMS and CTR.

CTR's only use is for alert viewing and management from IDS sensors. Period.

VMS is a security management suite for most Cisco security products. It also has an alert management utility (Security Monitor) that handles IDS alarms, Pix IDS messages, IOS IDS messages, CSA, etc. It doesn't have the "intelligence" that CTR does for investigating and correlating alarms.

Additionally, VMS also provides for management of devices such as firewalls, IDSs, VPN IOS. It also handles software and signature updates.

VMS Basic is not entirely the same as the full version. VMS Basic is a "free", Windows only version with restricted licensing and functionality. Functionality is restricted in that it does not include RME or Security Performance Monitor.

In the future, the functionality of CTR will probably be rolled into the VMS suite as they overlap.

As for running VMS, CTR, and ACS together on the same box using VMWare, VirtualPC, etc. I don't recommend it. VMS and CTR are Java based apps. As you probably know, Java is fat and slow. Unless you've got an incredibly beefy server, VMS and CTR would crawl very slowly in a virtual machine. However, if your ACS authentication needs are pretty light, you could probably get away with running it in a virtual machine. This still leaves you with two machines though to run CTR and VMS. Better than 3..... ;)

This is exactly what I've ended up doing; 1 dual Xeon box running VMS + ACS & RSA ACE server in a VMware instance, 1 dual PIII box running CTR.

My limitation though is RAM rather than CPU or I/O, if I were prepared to drop the $$$ for VMware server edition (Workstation is $300 but limited to 1GB RAM, Server is $3000 unlimited RAM) I think I could get CTR running fine.

Boxes are getting very powerful now, for $7K I can get a box with dual 1MB cache Xeons (cache size make Java run much faster), 6GB RAM, RAID etc, in a 1U form factor, each U of space costs me $2K PA, so this is more cost effective than running 3 boxes.

In the long run Cisco's software teams need to get their act together on Java and Tomcat versions, and get this stuff co-habiting, and while they're at it I wish CiscoWorks didn't force you to run an old version of Java on the client, I'm having to use VMware for that too, as I have other apps that need the latest version.

This reply does help. VMS was presented to me by Cisco as a replacement for CTR so they may still be doing homework as to how to package services for IDS. That discussion was last November so things could have evolved quite a bit since then.

Thanks for the explanation.