CiscoWorks Architectonics Overview
The IDS MC architectonics is apparent in Figure 10.3. The MC itself relies aloft the casework provided by the CiscoWorks Common Casework software. The Common Casework basic provides a commensurable ambiance for all of the MCs. Some of these casework accommodate abstracts accumulator and management, affair management, a web interface, and user affidavit and permission management. Before installing the Cisco IDS Administration Center, it is important to accept accompanying software that may be prerequisites for acknowledged installation.
Figure 10.3: The IDS MC Architectonics
The IDS MC provides a Web-based interface for managing and configuring Cisco IDS sensor accessories and the IDS bore for the Catalyst chassis. The MC is congenital on top of the CiscoWorks framework, acceptance it to advantage the adeptness to ascertain user roles. These roles accommodate for the analogue of user administration privileges, including the adeptness to accomplish as able-bodied as arrange IDS configurations. The IDS MC requires the CiscoWorks Common Casework basic to accommodate the all-important abject components, software libraries and added software packages. The CiscoWorks Common Casework is comprised of the afterward components:
Data Accumulator and Administration The Common Casework abstracts abundance is provided by a Sybase SQL Anytime database. Abstracts backup, and adjustment and apology capabilities of the database, are additionally provided by the Common Casework package.
Session Administration Allows assorted users to affix to the MC and accomplish agreement and administration tasks after abstracts bribery or loss.
User Administration Provides for affidavit and authorization.
Web Interface Provided by an Apache Web server acceptance for access to the MC arrangement through a Web browser. Access to the CiscoWorks2000 server is done on a defended encrypted approach over TCP anchorage 1741. Once the user has accurate to the CiscoWorks2000 server, advice with the IDS MC is conducted over TCP anchorage 443.
IDS MC Installation
The IDS MC software installs its apparatus into the aforementioned agenda as the CiscoWorks Common Casework software components. This is about in the directory: Affairs Files\\CSCOPx. The agenda anatomy is apparent in Figure 10.4.
Figure 10.4: The IDS MC Agenda Tree Anatomy
Cisco chose to use an accessible antecedent affairs alleged Apache for the congenital Web server for CiscoWorks. The subdirectory \\Apache is area the Apache Web Server is installed and from area Apache serves the Web pages that are displayed back apparatus the IDS MC. The Sybase subdirectory is area the Sybase SQL Anytime database is installed as able-bodied as area all abstracts from the IDS accessories and the IDSM sensors is stored. The Tomcat subdirectory is area the Tomcat apparatus server is installed. This server provides servlets to the IDS MC from the Common Services. The Etc\\ids agenda is area the IDS MC is absolutely stored. The updates subdirectory is area the signature amend packs are stored for the MC to advance out to the sensors or to the MC itself.
IDS MC Processes
The IDS MC is composed of the afterward arrangement processes:
IDS_Analyzer
IDS_Backup
IDS_DbAdminAnalyzer
IDS_DeployDaemon
IDS_Notifier
IDS_Receiver
IDS_ReportScheduler
The IDS_Analyzer defines accident rules and requests user-specified notifications back appropriate. The IDS_Backup action provides for database advancement and restore capabilities to the MC. The DbAdminAnalyzer applies assorted alive database rules to the accepted accompaniment of the server. The IDS_DeployDemon provides for the deployment of configurations to IDS sensors. IDS_Notifier retrieves and performs MC subsystem notification requests. The IDS_Receiver receives alarms and syslog contest from IDS apparatus sensors and IDS modules for the Catalyst anatomy and food them in the Sybase database. As its name implies, the IDS_ReportScheduler handles the bearing of letters in the MC.
VMS Basic Compatibility
Most VMS apparatus crave CiscoWorks2000 Common Casework to be installed on the aforementioned server. While it may assume added able to amalgamate some of these VMS apparatus on one server, this cannot consistently be done due to affinity and achievement reasons.
For example, both the IDS Administration Center and the Security Monitor are delivered on the aforementioned CD-ROM package. Both crave CiscoWorks 2000 Common Services. The IDS MC and the Security Monitor may be installed calm or alone on altered host servers. However, for optimal performance, abstracted accession of these two applications on altered host servers is recommended.
Other VMS apparatus that are not accordant on the aforementioned server as the IDS Administration Center accommodate the Cisco Defended Policy Manager (CSPM). To attack this may aftereffect in the accession of a additional instance of the column appointment action on the host server.