Cisco Evolved Programmable Network Manager Installation guide

Brand: Cisco

Model: Evolved Programmable Network Manager

Category: Software

Type: Installation guide

Installation Guide for Cisco Evolved Programmable Network Manager

4.0

First Published: 2020-03-19

Americas Headquarters

Cisco Systems, Inc.

170 West Tasman Drive

San Jose, CA 95134-1706

USA

http://www.cisco.com

Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 527-0883

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,

INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,

EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH

THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,

CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.

CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF

MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT

LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS

HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network

topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional

and coincidental.

All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.

Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com

go trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any

other company. (1721R)

CONTENTS

Full Cisco Trademarks with Software License ?

Cisco EPN Manager 4.0 Installation 1

CHAPTER 1

Installation Overview 1

Installation Options 2

Dual NIC Installation 2

Prerequisites 3

Configure the Second NIC on Primary 3

Add Static Route for Device Subnets in Primary 3

Operation of a Dual-NIC Server 3

Remove IP Configuration 3

Upgrade Options 3

Users Created During Installation 4

System Requirements 5

Hardware and Software Requirements 5

OVA/VM Requirements 5

Bare Metal Requirements 6

KVM VM Requirements 8

Web Client Requirements 8

Scale Requirements (Professional) 9

Ports Used by Cisco EPN Manager 10

Installation Prerequisites 14

Licensing 15

Prerequisites for OVA/VM Installations 15

Prerequisites for KVM VM Installations 16

Prerequisites for ISO/Bare Metal Installations 16

Installation Guide for Cisco Evolved Programmable Network Manager 4.0

iii

Verify the ISO Image or OVA Package 16

Install Cisco EPN Manager 4.0 (No HA) 18

Install Cisco EPN Manager Using an OVA/VM 18

Deploy the OVA from the VMware vSphere Client 18

Set the System Time of the Deployed OVA 19

Deploy the ISO from KVM virt-manager (Virtual Machine Manager) 20

Install Cisco EPN Manager on the Server 20

Install Cisco EPN Manager Using ISO on KVM VM 22

Install Cisco EPN Manager Using an ISO on Bare Metal Image 22

Configure the Cisco IMC Server 22

Configure the Bare Metal Cisco UCS Server 24

Install Cisco EPN Manager from an ISO Image 25

Uninstall Cisco EPN Manager 26

Uninstall Cisco EPN Manager (OVA/VM) 26

Uninstall Cisco EPN Manager (KVM VM) 26

Uninstall Cisco EPN Manager (ISO/Bare Metal) 26

Cisco EPN Manager 4.0 High Availability Installation 29

CHAPTER 2

High Availability Overview 29

High Availability Deployment Considerations 30

High Availability Deployment Models 30

Understand High Availability Limitations 31

Consider Whether You Can Use Virtual Addresses 32

Prerequisites for High Availability Installations 32

Install Cisco EPN Manager 4.0 in a High Availability Deployment 33

Check Readiness for HA Configuration 34

Upgrade to Cisco EPN Manager 4.0 37

CHAPTER 3

Valid Upgrade Paths 37

Prerequisites for Upgrading to Cisco EPN Manager 4.0 38

Create a Copy of Your Data 38

Take a Base Snapshot of the VM (no HA) 38

Take a Base Snapshot of the VM (HA) 39

Upgrade to Cisco EPN Manager 4.0 (No HA) 39

Installation Guide for Cisco Evolved Programmable Network Manager 4.0

Contents

In-Place Upgrade 40

Backup-Restore Upgrade (No HA) 41

Post-Upgrade Tasks 41

Upgrade to Cisco EPN Manager 4.0 (High Availability) 42

In-Place Upgrade (High Availability) 42

Backup-Restore Upgrade (High Availability) 45

Post-Upgrade Tasks 46

Revert to the Previous Version of Cisco EPN Manager 46

Revert to the Previous Version using Data Restore 47

Revert to the Previous Version Using the VM Snapshot 47

Install Geo Map Resource Files for Offline Use 49

CHAPTER 4

Install Geo Map Resource Files (Standard Deployment) 49

Place the Geo Map Resource Files on the Cisco EPN Manager Server 49

Install the Geo Map Resource Files on the Cisco EPN Manager Server 50

Configure the Cisco EPN Manager Server to Use the Installed Map Resources 51

Verify that the Geo Maps Files Were Installed Successfully 51

Install Geo Map Resource Files (High Availability Deployment) 51

Update Geo Map Resource Files After Upgrading to Cisco EPN Manager 52

Supplementary Installation-Related Information and Procedures 53

CHAPTER 5

Booting Into a Rescue Mode 53

Log Into the Cisco EPN Manager Web GUI 53

Time Zones Supported by 54

Installation Guide for Cisco Evolved Programmable Network Manager 4.0

Contents

Installation Guide for Cisco Evolved Programmable Network Manager 4.0

Contents

CHAPTER 1

Cisco EPN Manager 4.0 Installation

This chapter provides the information required for planning your installation of Cisco EPN Manager 4.0 and

ensuring that you meet all the prerequisites required for the installation. It also provides procedures for installing

Cisco EPN Manager 4.0 in a standard, non-high availability environment. For high availability, see Cisco

EPN Manager 4.0 High Availability Installation, on page 29.

•Installation Overview, on page 1

•System Requirements, on page 5

•Installation Prerequisites, on page 14

•Install Cisco EPN Manager 4.0 (No HA), on page 18

•Uninstall Cisco EPN Manager, on page 26

Installation Overview

Cisco EPN Manager 4.0 can be installed as a fresh installation either on a virtual machine or a bare metal

server. If you are already using a previous version of Cisco EPN Manager, you can upgrade to Cisco EPN

Manager 4.0 and thereby retain your data. See Upgrade to Cisco EPN Manager 4.0, on page 37.

The following topics provide an overview of the Cisco EPN Manager 4.0 installation and upgrade options

and provide additional useful installation-related information.

•Installation Options

•Upgrade Options

•High Availability Overview

•Users Created During Installation

EPNM installation over KVM and OpenStack are marked “BETA” in release 4.0, providing limited

functionality. The intention is to fully support these features in the next release.

Note

After installing any release or maintenance pack, it is recommended to check the Software Download site on

Cisco.com for point patches and to install the latest available point patch for that release or maintenance pack.

Information about the point patch and installation instructions can be found in the readme file supplied with

the patch file on the Software Download site on Cisco.com.

Note

Installation Guide for Cisco Evolved Programmable Network Manager 4.0

Installation Options

You can install Cisco EPN Manager 4.0 either on a virtual machine (VM) or a bare metal server:

• OVA/VMWare VM installation—For a VM installation, install the Open Virtual Appliance (OVA) file

on a dedicated server that complies with the requirements listed in OVA/VM Requirements. We

recommend that you run only one Cisco EPN Manager VM instance per server hardware.

• ISO/bare metal installation—For a bare metal server installation, install the ISO image, which acts as a

virtual boot that supports the Cisco Unified Computing System (UCS) server installation. The requirements

are listed in Bare Metal Requirements. You can also use the ISO image to install Cisco EPN Manager

on a VM. A built-in terminal or console server application called Cisco Integrated Management Controller

(Cisco IMC) is used to install Cisco EPN Manager on the bare metal Cisco UCS server hardware.

• KVM VM—For a VM installation, install the ISO on a dedicated server that runs KVM. see KVM VM

Requirements.

ISO/Bare metal installation is not supported on non-Cisco hardware. To install Cisco EPN Manager on

non-Cisco hardware, use VMware or KVM and install the OVA/ISO file. Using VMware or KVM will

minimize hardware non-compliance issues, however, you must make sure that your hardware has the resources

required to allow provisioning of the VM.

Note

Both OVA and ISO installations include the following:

• Red-Hat Enterprise Linux 7.7 operating system

• Oracle Database 12c Enterprise Edition Release 12.1.0.2 (64-bit production)

• EPN Manager

Cisco EPN Manager does not support independent user-installed Linux/Oracle patches. Any necessary patches

are included in Cisco EPN Manager releases or point patches.

Note

Firmware Upgrade

Cisco EPN manager does not support Firmware or any product upgrades. If you need any support on the

upgrades, please contact your Cisco Advanced Services representative.

Dual NIC Installation

These topics describe how to perform Dual NIC installation:

•Prerequisites, on page 3

•Configure the Second NIC on Primary, on page 3

•Add Static Route for Device Subnets in Primary, on page 3

•Operation of a Dual-NIC Server, on page 3

Installation Guide for Cisco Evolved Programmable Network Manager 4.0

Cisco EPN Manager 4.0 Installation

Installation Options

•Remove IP Configuration, on page 3

Prerequisites

In an HA environment:

• Remove High Availability

• Add the configuration needed for the second NIC

• Perform High Availability registration between Primary and Secondary Servers

Configure the Second NIC on Primary

Enter these commands in the admin CLI.

storm-ha-194/admin# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

storm-ha-194/admin(config)# interface GigabitEthernet 1

storm-ha-194/admin(config-GigabitEthernet)# ip address 172.23.222.32 255.255.255.0

Changing the hostname or IP may result in undesired side effects,

such as installed application(s) being restarted.

Are you sure you want to proceed? [y/n] y

storm-ha-194/admin(config-GigabitEthernet)# end

Add Static Route for Device Subnets in Primary

storm-ha-194/admin# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

storm-ha-194/admin(config)# ip route 172.0.0.0 255.0.0.0 gateway 172.23.222.32

storm-ha-194/admin(config)# end

storm-ha-194/admin# write memory

Operation of a Dual-NIC Server

Static routes are not migrated as part of Backup restore process. We need to configure it manually after a

restore. However, this setting can be retained in the upgraded [Backup Restore Upgrade] server.

In a HA environment:

• Failure of the first interfaces (used for heartbeat (the first interface)) will trigger a HA failover.

• Failure of the 2nd interface (SBI interface) will also trigger a failover.

Remove IP Configuration

storm-ha-194/admin# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

storm-ha-194/admin(config)# interface gigabitEthernet 1

storm-ha-194/admin(config-GigabitEthernet)# no ip 172.23.222.32 255.255.255.0

Upgrade Options

You can upgrade to Cisco EPN Manager 4.0 by following the valid upgrade path relevant for your existing

deployment. See Valid Upgrade Paths, on page 37.

The following methods are available for upgrading to Cisco EPN Manager 4.0:

Installation Guide for Cisco Evolved Programmable Network Manager 4.0

Cisco EPN Manager 4.0 Installation

Prerequisites

• In-Place Upgrade—This option is usually chosen when you are not using new hardware; in other words,

you are performing the upgrade on the machine that is running the earlier version of Cisco EPN Manager.

There is some downtime with this type of upgrade but after the upgrade, you do not have to restore your

data from a backup. For more information, see In-Place Upgrade.

• Backup-Restore Upgrade—This upgrade option generally requires new hardware (although it is possible

to use existing hardware). There is less downtime when performing this type of upgrade as the current

version of Cisco EPN Manager remains operational while you install the new version on the new hardware.

However, after the installation, you must restore your data from a backup. After starting the restore

process, there will be a period during which some data will not be available on the new server until all

the data has been copied over. For more information, see Backup-Restore Upgrade (No HA).

Cisco EPN Manager does not support automatic rollback to the previous version after an upgrade but you can

manually revert to the previous version. See Revert to the Previous Version of Cisco EPN Manager for more

information.

Note

Users Created During Installation

The following types of users are created during the installation process:

•Cisco EPN Manager CLI admin user—Used for advanced administrative operations such as stopping

and restarting the application and creating remote backup repositories. Provides access to the CEPNM

Admin CLI, a Cisco proprietary shell which provides secure and restricted access to the system (as

compared with the Linux shell).

The password for the CLI admin user is user-defined during installation but can be changed at a later

stage by entering the following command:

admin# change-password

•Linux CLI admin user—Used for Linux-level administration purposes. Provides access to the Linux

CLI, a Linux shell which provides all Linux commands. The Linux shell should only be used by Cisco

technical support representatives. Regular system administrators should not use the Linux shell. The

Linux shell can only be reached through the Cisco EPN Manager admin shell and CLI. The Linux CLI

admin user can get Linux root-level privileges, primarily for debugging product-related operational

issues.

•Cisco EPN Manager web GUI root user—Required for first-time login to the web GUI, and for creating

other user accounts. The root user password is user-defined at the time of installation.

•ftp-user—Used for internal operations like image distribution to device or other operations that access

external servers using FTP. The password is randomly generated and is changed periodically. Users with

Admin privileges can change the ftp user password but this user-defined password will expire after a

few months. Use this command to change the ftp user password:

admin# ncs password ftpuser username password password

•scpuser—Used for internal operations like image distribution to device or other operations that access

external servers using SCP. The password is randomly generated and is changed periodically.

•prime—The system-generated account under which all the application processes run. No changes can

be made.

•oracle—The system-generated account used by the Oracle process. No changes can be made.

Installation Guide for Cisco Evolved Programmable Network Manager 4.0

Cisco EPN Manager 4.0 Installation

Users Created During Installation

The first four user accounts are associated with actual network users. Cisco EPN Manager uses the scpuser,

prime, and oracle user accounts to perform internal operations and they cannot be changed in any way.

Note

For more information about user types and managing users, see the Cisco Evolved Programmable Network

Manager User and Administrator Guide.

System Requirements

The following sections list the requirements that must be met before installing Cisco EPN Manager 4.0:

•Hardware and Software Requirements

•Web Client Requirements

•Scale Requirements (Professional)

•Ports Used by Cisco EPN Manager

Hardware and Software Requirements

•OVA/VM Requirements

•Bare Metal Requirements

•KVM VM Requirements, on page 8

OVA/VM Requirements

The following table summarizes the OVA/VM system requirements:

•Standard: To be used in a pre-production environment for lab tests, demos, and so on. Not recommended

for use in a production environment.

•Professional: Recommended for production environments that meet the minimum requirements.

•Extended:Recommended for production environments that meet the minimum requirements.

•Very-Large:Recommended for production environments that meet the minimum requirements.

It is not recommended to use the Express and Express Plus system size options. Furthermore, the Compliance

functionality is not supported on Express and Express Plus system size options.

External storage is supported for OVA/VM installations.

Note

Installation Guide for Cisco Evolved Programmable Network Manager 4.0

Cisco EPN Manager 4.0 Installation

System Requirements

Very-LargeExtendedProfessionalStandardItemServer Type

6.0.x, 6.56.0.x, 6.56.0.x, 6.56.0.x, 6.5VMWare ESXi version

Installations using

an OVA image are

supported on

VMWare ESXi or

ESX, on your own

hardware. In all

cases your server

must meet or

exceed the

requirements listed

in this table.

Note

Virtual

Machine

OVAOVAOVAOVAAppliance image format

241616Virtual CPU (vCPU)Hardware

128 GB128 GB64 GB48 GBMemory (DRAM)

2400 GB2400 GB1200 GB900 GBDisk Capacity

Minumum:

350 MBps

Full scale:

450 MBps

Minumum:

350 MBps

Full scale:

450 MBps

Minumum:

350 MBps

Full scale:

450 MBps

350 MBpsDisk I/O speed

Bare Metal Requirements

For bare metal installations, Cisco EPN Manager can only be installed on the Cisco UCS server (UCS C220

M4 or M5) as a rack-mounted server with the requirements listed in the following sections.

External storage is not supported for bare metal installations.

As opposed to OVA/VM installations, bare metal installations will use the full server resources.

Note

Bare Metal Requirements for Standard Deployments (No High Availability)

These are the minimum requirements for a standard deployment (no high availability).

RequirementItem

ISO

Appliance image formatBare-Metal

Physical ServerEquivalent 1.x Option

Installation Guide for Cisco Evolved Programmable Network Manager 4.0

Cisco EPN Manager 4.0 Installation

Bare Metal Requirements

Cisco UCS C220 M4, M4S, M5, M5SX

and M5L

Cisco UCS server typeHardware

1 x CPU (10 C/20 T)CPU (cores/threads)

64 GBMemory

4x900 GBDisk capacity

450 MBpsDisk I/O speed

RAID 10RAID Level

Bare Metal Requirements for Remote High Availability Deployments

These requirements are for a remote high availability deployment. A remote deployment is one in which both

servers are located on different subnets connected by a WAN. This is typical for deployments when the servers

are geographically dispersed. For more information on high availability deployments, see Cisco EPN Manager

4.0 High Availability Installation, on page 29.

RequirementHardware

Cisco UCS C220 M4, M4S, M5, M5SX and M5LCisco UCS server type

Intel(R) Xeon(R) CPU E5-2650 v3 @ 2.30GHz or aboveCPU speed

10 C/20 TCores/threads

Cisco 12G SAS Modular Raid ControllerStorage adapter

Product ID: Cisco 12G SAS Modular Raid ControllerHard Disk

SATA (Serial Advanced Technology Attachment)Interface

512 Native, 4K sector diskHardware Sector Size

64 GBMemory

RAID 10RAID level

1Number of NICs

4x900 GBDisk capacity

1 TB (minimum requirement)Virtual hard disk size in RAID controller

Slot 1Hard disk controller location

450 MBpsHard disk I/O speed

Minimum 15k RPM SAS (flash recommended)Hard disk RPM

Ideal: 977 Mbps

Minimum: 255 Mbps or more

Network bandwidth

Installation Guide for Cisco Evolved Programmable Network Manager 4.0

Cisco EPN Manager 4.0 Installation

Bare Metal Requirements for Remote High Availability Deployments

RequirementHardware

Less than 100 msecsLatency

KVM VM Requirements

The following table summarizes the KVM VM system requirements:

•Standard: To be used in a pre-production environment for lab tests, demos, and so on. Not recommended

for use in a production environment.

•Professional: Recommended for production environments that meet the minimum requirements.

•Extended:Recommended for production environments that meet the minimum requirements.

•Very-Large:Recommended for production environments that meet the minimum requirements.

Very-LargeExtendedProfessionalStandardItemServer Type

6.0.x, 6.56.0.x, 6.56.0.x, 6.56.0.x, 6.5VMWare ESXi version

Installations using

an OVA image are

supported on

VMWare ESXi or

ESX, on your own

hardware. In all

cases your server

must meet or

exceed the

requirements listed

in this table.

Note

Virtual

Machine

OVAOVAOVAOVAAppliance image format

241616Virtual CPU (vCPU)Hardware

128 GB128 GB64 GB48 GBMemory (DRAM)

2400 GB2400 GB1200 GB900 GBDisk Capacity

Minumum:

350 MBps

Full scale:

450 MBps

Minumum:

350 MBps

Full scale:

450 MBps

Minumum:

350 MBps

Full scale:

450 MBps

350 MBpsDisk I/O speed

Web Client Requirements

The following are the client and browser requirements for the Cisco EPN Manager Web GUI:

•Hardware—Mac or Windows laptop or desktop compatible with one of the tested and supported browsers

listed below.

Installation Guide for Cisco Evolved Programmable Network Manager 4.0

Cisco EPN Manager 4.0 Installation

KVM VM Requirements

• Browsers:

• Google Chrome versions 44 to 80

• Mozilla Firefox ESR 60

• Mozilla Firefox versions 39 to 68

• Microsoft Internet Explorer (IE) 11.0

Internet Explorer users have reported slower performance compared to other

browsers, meaning that some GUI pages take longer to load in IE.

Note

• Recommended display resolution—1600x900 pixels or higher (minimum: 1366x768)

A maximum of three Cisco EPN Manager tabs can be open simultaneously in a single browser session.

Note

Scale Requirements (Professional)

The following table summarizes the maximum level of support for a professional system size deployment in

OVA/VM, KVM VM and, ISO/bare metal installations (based on test results from this example set of devices).

These scale numbers are for a Cisco EPN Manager Professional deployment that uses the default system

settings. The numbers represent an example combination of different devices for each device type. Keep in

mind that scale considerations depend on a number of factors including interface count, polling frequency,

and so on.

You are highly recommended to contact your Cisco representative for assistance in determining the number

of instances of Cisco EPN Manager you require before purchasing licenses and starting the implementation.

Note

MaximumDescriptionItem

100Cisco Aggregation Services Routers (ASR) 9000 SeriesPacket devices

1,100Cisco Aggregation Services Routers (ASR) 920 Series

500Cisco Aggregation Services Routers (ASR) 903 Series

1,100Cisco Aggregation Services Routers (ASR) 901 Series

1,100Cisco ME 3800X Series Carrier Ethernet Switch Routers

1,100Cisco ME 3600X Series Carrier Ethernet Switch Routers

5,000Maximum total packet devices

Installation Guide for Cisco Evolved Programmable Network Manager 4.0

Cisco EPN Manager 4.0 Installation

Scale Requirements (Professional)

MaximumDescriptionItem

3,000

Cisco Optical Networking Services (ONS) and Cisco Network Convergence

System (NCS) 2000 Series devices

Optical devices

1,000Cisco Network Convergence System (NCS) 4000 Series

4,000Maximum total optical devices

5000

Maximum total optical and packet devices (hybrid)Optical and packet

devices (hybrid)

200Maximum total cBR-8 devicesCable devices

5,000Maximum total Remote Physical Devices (RPDs)

For information about optimizing Cisco EPN Manager

performance, please contact your Cisco representative.

Note

100

Sustained rate of events (events/sec)Monitoring

350000Maximum interfaces in the system

4000Maximum interfaces per device

Limited to 10 devices with the maximum number of interfaces

per system.

Note

Concurrent web GUI usersSystem users

5Concurrent API users

Ports Used by Cisco EPN Manager

The installation process uses the server's eth0 and eth1 Ethernet ports. If you use a different port, the system

might not work properly.

Note

The following table lists the ports that Cisco EPN Manager uses to listen for connection requests from devices.

For security hardening, this table also specifies whether it is safe to disable the port without any adverse effects

to the product.

As a general policy, any ports that are not needed and are not secure should be disabled. You need to first

know which ports are enabled, and then decide which of these ports can be safely disabled without disrupting

the normal functioning of Cisco EPN Manager. You can do this by listing the ports that are open and comparing

it with a list of ports that are safe to disable. The built-in firewall in Cisco EPN Manager does not expose

some of the listening ports. To view a list of the ports used in your deployment, log in as a Cisco EPN Manager

CLI admin user and run the show security-status command.

In addition to the built-in firewall, you can also deploy additional network firewalls to block other unused

ports and their traffic.

Installation Guide for Cisco Evolved Programmable Network Manager 4.0

Cisco EPN Manager 4.0 Installation

Ports Used by Cisco EPN Manager

Table 1: Listening Ports That Are Open Through Built-in Firewall

NotesSafe to

Disable?

UsageProtocolPort

Disable FTP from the web GUI

under Administration > Settings >

System Settings, then choose

General > Server. After disabling

FTP, as the CLI admin user, stop and

restart the server.

YesTo transfer files to and from devices

using FTP.

TCP21

This might be still needed by older

managed devices that only support

TFTP and not SFTP or SCP.

DependsTo initiate SSH connections with the

Cisco EPN Manager server, and to

copy files to the Cisco EPN

Manager server using SCP or SFTP.

TCP22

Only if alternative protocols like

SCP or SFTP or HTTPS are used for

image distribution, and if supported

by the managed devices.

DependsTo distribute images to devices

using TFTP.

UDP69

—NoTo receive SNMP traps from

network devices.

UDP162

—NoFor browser access to the Cisco EPN

Manager server via HTTPS.

TCP443

—NoTo receive syslog messages from

network devices.

UDP514

If at least one Cisco EPN Manager

server is not configured for HA, this

port is automatically disabled.

YesFor High Availability (HA)

communication between active and

standby Cisco EPN Manager

servers.

Used to allow Oracle JDBC traffic

for Oracle database synchronization.

TCP1522

—NoTo distribute images to devices

using FTP.

TCP2021

—No (If HA

configured)

For the HA Health Monitor web

interface (via HTTP).

Used by primary and secondary

servers to monitor their health status

via HTTP.

TCP8082

—NoTo update software on the HA

secondary backup server (uses

HTTPS as transport).

TCP8087

Installation Guide for Cisco Evolved Programmable Network Manager 4.0

Cisco EPN Manager 4.0 Installation

Ports Used by Cisco EPN Manager

NotesSafe to

Disable?

UsageProtocolPort

Cisco EPN Manager does not

support Netflow. You should disable

this traffic in the network firewall.

YesTo receive Netflow data packets.UDP9991

Cisco EPN Manager does not

support M-Lync. You should disable

this traffic in the network firewall.

YesTo manage M-Lync using HTTP or

HTTPS.

TCP9992

Cisco EPN Manager does not

support PnP. You should disable this

traffic in the network firewall by

entering the following commands in

this sequence (as the Cisco EPN

Manager CLI admin user):

ncs pnp-gateway disable

ncs stop

ncs start

YesFor PnP operations for proprietary

Cisco Network Service (CNS)

protocol traffic.

TCP11011 to

11014

Cisco EPN Manager does not

support MTOSI over JMS or PnP.

You should disable this traffic in the

network firewall.

YesFor MTOSI NBI notification over

Java Message Service (JMS)

connections.

Also used for PnP operations.

TCP61617

The following table lists the destination ports on external devices that may be protected by a firewall. These

ports are used by Cisco EPN Manager to connect to network devices. You must open the required ports to

allow Cisco EPN Manager to connect to these devices.

Table 2: Destination Ports Used by Cisco EPN Manager

Used to:ProtocolPort

Discover endpoints using ICMP.TCP/UDP7

Initiate SSH connections with managed devices.TCP22

Communicate with managed devices using Telnet.TCP23

Send email using an SMTP server.TCP25

Authenticate Cisco EPN Manager users using TACACS.TCP/UDP49

Connect to DNS service.TCP/UDP53

Poll using SNMP.UDP161

Upload or download images and perform configuration backup-restore

for Cisco NCS 2000 devices using HTTPS.

TCP443

Installation Guide for Cisco Evolved Programmable Network Manager 4.0

Cisco EPN Manager 4.0 Installation

Ports Used by Cisco EPN Manager

Used to:ProtocolPort

Communicate between primary and secondary HA servers (allows

Oracle JDBC traffic for Oracle database synchronization between

primary and secondary servers).

TCP1522

Communicate with Cisco Optical Networking System (ONS) and Cisco

NCS 2000 series devices using Socket Secure (SOCKS) protocol.

TCP1080

Authenticate Cisco EPN Manager users using RADIUS.UDP1645, 1646, and 1812,

1813

Communicate with Cisco ONS and Cisco NCS 2000 devices using TL1

protocol.

TCP3082

Communicate with Cisco ONS and Cisco NCS 2000 series devices

using secure TL1 protocol.

TCP4083

Communicate between primary and secondary HA servers to monitor

each other's health using HTTPS.

TCP8082

Passive FTP file transfers (for example, device configurations and report

retrievals).

TCP10022 to

10041

Listen at NBI client connected to the Cisco EPN Manager server (after

this port is configured by NBI client system, a registration notification

message containing the port number is sent to Cisco EPN Manager

server); refer to the MTOSI or RESTCONF API guide for more

information.

TCPMTOSI/RESTCONF

TCP port number

The following figure illustrates the ports information listed in the previous tables. Use this illustration to

decide on the appropriate firewall configuration (allowing correct incoming traffic) for your network

infrastructure. To identify the class of traffic, refer to the Usage column in Table Listening Ports That Are

Open Through Built-in Firewall . We recommend that you disable the ports that are used by services that are

not supported in Cisco EPN Manager.

Installation Guide for Cisco Evolved Programmable Network Manager 4.0

Cisco EPN Manager 4.0 Installation

Ports Used by Cisco EPN Manager

Installation Prerequisites

•Licensing

•Prerequisites for OVA/VM Installations

•Prerequisites for KVM VM Installations, on page 16

•Prerequisites for ISO/Bare Metal Installations

•Verify the ISO Image or OVA Package

•

Installation Guide for Cisco Evolved Programmable Network Manager 4.0

Cisco EPN Manager 4.0 Installation

Installation Prerequisites

Page is loading ...

Cisco Evolved Programmable Network Manager Installation guide

Brand: Cisco

Model: Evolved Programmable Network Manager

Category: Software

Type: Installation guide

Download PDF

report

Cisco Evolved Programmable Network Manager Installation guide

Cisco Evolved Programmable Network Manager Installation guide

Related papers

Other documents