Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

CiscoWorks CiscoView

CVDM for the SSL Service Module Version 1.0

Downloads

Table Of Contents

CVDM for the Cisco® Catalyst® 6500 Series SSL Services Module Version 1.0

The Next-Generation of Device-Embedded Solutions

Wizards for Configuring Complex Tasks

Configuring PKI Management

Configuring VLAN Management

Configuring Proxy Services

Configuring Policy Management

Configuring Network Address Translation

Dynamic Sorting and Grouping of Trustpoints

Data Sheet

CVDM for the Cisco® Catalyst® 6500 Series SSL Services Module Version 1.0

The CiscoView Device Manager for the Cisco® Catalyst® 6500 Series SSL Services Module (SSL Services Module) enables users easily to configure Secure Sockets Layer (SSL) services on their Catalyst SSL Services Module. A task-based tool that allows users to take advantage of the versatility of their Catalyst 6500 Series SSL Services Module, it offers configuration wizards based on best practices in tasks such as setting up trustpoints and proxy services. CiscoView Device Manager is a free embedded manager that resides in the Catalyst SSL Services Module Flash memory.

The Next-Generation of Device-Embedded Solutions

The Cisco Catalyst 6500 Series SSL Services Module is a feature-rich content load-balancing solution from Cisco Systems®. Managing a trustpoint on the Catalyst SSL Services Module requires a high level of awareness of the public key infrastructure (PKI) as well as the command-line interface (CLI) for users to take advantage of its versatility. Typical challenges faced by users include importing certificate authority (CA) certificates, importing or generating key pairs, registering certificates with CAs, and checking the status of registered certificates.

The CiscoView Device Manager for the Cisco Catalyst 6500 Series SSL Services Module manages several SSL Services Module features and helps users accomplish these tasks with ease. CiscoView Device Manager offers the following features:

Customizable initial setup wizards

Comprehensive configuration of SSL services using a single tool

CiscoView Device Manager for the SSL Services Module supports several features in SSL Services Module Versions 1.2 and 2.1, such as:

Configuring trustpoint, proxy services, CA pools, and certificate access control lists

Configuring SSL, TCP, header insertion, and URL rewrite policies

Showing TCP and SSL statistics

Visual indication of expiring and missing configured certificates

Grouping and sorting of the trustpoints by CA, enrollment status, and expiration date

Figure 1

CiscoView Device Manager for Catalyst SSL Services Module Home Page

Wizards for Configuring Complex Tasks

CiscoView Device Manager for the SSL Services Module provides end-to-end configurations completely through GUI tools such as wizards, which guide users through options that are available for configuring trustpoints and proxy services. This includes importing certificate and key pairs, configuring CA parameters, registering certificates with a CA, and checking certificate status.

Figure 2

CiscoView Device Manager for the SSL Services Module Allows Users to Follow a Wizard-Based Configuration

Configuring PKI Management

The SSL protocol relies on certificates and public-private key pairs to provide authentication, privacy, and data integrity for data transactions. Setting up the PKI on the SSL Services Module is a primary requirement for enabling SSL services. CiscoView Device Manager simplifies the management of PKI by assisting with trustpoint management and key-pair management.

Figure 3

Trustpoint Configuration

Trustpoint management allows users to view trustpoints and their certificates, configure trustpoints either by importing certificates in both Privacy-Enhanced Mail (PEM) and Public-Key Cryptography Standard (PKCS)12 formats or by defining a certificate and enrolling it with a CA. CA enrollment either can be manual or automated. For N-tier certificates, CiscoView Device Manager provides visualization of the certification chain. CiscoView Device Manager allows users to delete trustpoints and export certificates from them.

Key-pair management generates new RSA key pairs, exports key pairs from PKI, imports key pairs from external PKI systems, and deletes key pairs.

Configuring VLAN Management

CiscoView Device Manager allows users to view and modify VLAN configurations, including the IP configuration.

Configuring Proxy Services

CiscoView Device Manager supports configuration of proxy services. This includes viewing the configured proxy service status, creating new proxy services, and assigning trustpoints and policies to these services.

Configuring Policy Management

CiscoView Device Manager supports defining policies for proxy services. Policy templates help administrators refine the attributes associated with the SSL and TCP stack to suit their needs. The policies supported by CiscoView Device Manager include:

TCP policy—Refines the TCP connection parameters

SSL policy—Refines the SSL session parameters

URL rewrite

HTTP header insertion

Configuring Network Address Translation

CiscoView Device Manager supports the configuration of client Network Address Translation (NAT) pools and supports the configuration of server NAT.

Dynamic Sorting and Grouping of Trustpoints

Dynamic sorting and grouping is useful when several trustpoints are configured on an SSL Services Module. It allows users to group trustpoints by CA, certificate expiration date, or the current status of certificates. This helps users quickly to locate certificates that expire in a particular month, for example, or all trustpoints that use a particular CA.

Figure 4

Dynamic Sorting or Grouping of Trustpoints

Table 1  SSL Features Supported 

Feature Category
SSL Services Module Features
Comments
Basic Setup

Administrative VLAN setup

Remote access configuration

Must be done from the console

PKI

Declare trustpoints

Simple Certificate Enrollment Protocol enrollment

Manual enrollment

Configuration

Import certificates to trustpoint

PEM

PKCS12

Export certificates from trustpoint

View certificates associated with trustpoints

Client and server certificate authentication

Configuration

Certificate security attribute-based access control

Configuration only (no statistics support)

Generate key pairs

Configuration

Zeroize key pairs

Import and export key pairs

Proxy Service

Setup server proxy

Setup client proxy and back-end encryption service

Policy

Setup TCP policy

Setup SSL policy

Setup URL rewrite policy

Setup HTTP header insertion policy

NAT

NAT pool

Configuration

VLAN modification

Statistics

TCP

Basic statistics

SSL

Basic statistics

PKI

Basic statistics


Table 2  System Specifications

Parameter
Specifications
Chassis

Catalyst 6503, Catalyst 6506, Catalyst 6509, Catalyst 6509 NEBS, 6509-NEBS-A, Catalyst 6513

Supervisor Engine Cards

Supervisor Engine IA, Supervisor Engine II, Supervisor Engine 720

Client Operating System

Windows 2000 (Professional, Server) Service Pack 2 and Service Pack 3, Windows XP Service Pack 1; Solaris 2.8 and 2.9

Browsers

Internet Explorer 6.0 Service Pack 1 on Windows platforms. Netscape Navigator 7.0 on Solaris and 7.1 on Windows platforms

Java Plug-in

Java Plug-in 1.4.1_05

Memory Requirements

Requires minimum 2.5 MB of free Flash memory on the SSL Services Module

Recommended Connection Speed

56 Kbps or higher


Table 3  Cisco IOS® Software Release Support

Service
Cisco IOS Software Release
Software Release for Services Module
SSL Service Module (SSLSM)

12.1(13)E, 12.1(19)E, 12.2(14)SX1, 12.2(17A)SX1, 12.1(17B)SXA, 12.1(20)E

1.1(1), 1.2(1) and higher