Cisco Router and Security Device Manager
This data sheet provides an overview of features, benefits, and product availability of the Cisco® Router and Security Device Manager (SDM).
Cisco SDM is an intuitive, Web-based device-management tool for Cisco IOS® Software-based routers. The Cisco SDM simplifies router and security configuration through smart wizards, which help customers and Cisco partners quickly and easily deploy, configure, and monitor a Cisco router without requiring knowledge of the command-line interface (CLI). The Cisco SDM is supported on a wide range of Cisco routers and Cisco IOS Software releases. Refer to Table 3 for specific model numbers supported by the Cisco SDM.
Ease of Use and Built-In Application Intelligence
The Cisco SDM allows users to easily configure routing, switching, security, and quality-of-service (QoS) services on Cisco routers while enabling proactive management through performance monitoring (see Figure 1). Cisco SDM users can remotely configure and monitor their Cisco routers without using the Cisco IOS Software CLI. The Cisco SDM GUI aids non-expert users of Cisco IOS Software in their day-to-day operations, provides easy-to-use smart wizards, automates router security management, and assists users through comprehensive online help and tutorials.
Figure 1. Cisco SDM Homepage
Cisco SDM smart wizards guide users step by step through router and security configuration workflow by systematically configuring LAN, WLAN, and WAN interfaces; firewalls; intrusion prevention systems (IPS); and IP Security (IPsec) VPNs. Cisco SDM smart wizards can intelligently detect incorrect configurations and propose fixes, such as allowing Dynamic Host Configuration Protocol (DHCP) traffic through a firewall if the WAN interface is DHCP-addressed. Online help embedded within the Cisco SDM contains appropriate background information, in addition to step-by-step procedures to help users enter correct data in the Cisco SDM. Networking and security terms and definitions that users might encounter are included in an online glossary.
For network professionals familiar with Cisco IOS Software and its security features, the Cisco SDM offers advanced configuration tools to quickly configure and fine-tune router security features, allowing network professionals to review the commands generated by the Cisco SDM before delivering the configuration changes to the router.
The Cisco SDM helps administrators configure and monitor routers in remote locations using Secure Sockets Layer (SSL) and Secure Shell (SSHv2) Protocol connections (see Figure 2). This technology enables a secure connection over the Internet between SDM on the user's laptop and the router. When deployed at a branch office, a Cisco SDM-enabled router can be configured and monitored from corporate headquarters, reducing the need for experienced network administrators at the branch office.
Figure 2. Connecting to a Cisco SDM-Enabled Router Using SSL for Secure Remote Connectivity
Integrated Security Configuration
When deploying a new router, Cisco SDM users can configure a Cisco IOS Software firewall quickly and using the best practices recommended by the International Computer Security Association (ICSA) and the Cisco Technical Assistance Center (TAC). An advanced firewall wizard allows a single-step deployment of high, medium, or low application firewall policy settings. Cisco SDM users can configure the strongest VPN defaults and automatically perform security audits (see Figure 3). In addition, Cisco SDM users can perform one-step router lockdown for firewalls and one-step VPN for quick deployment of secure site-to-site connections. A recommended list of IPS signatures bundled with Cisco SDM allows quick deployment of worm, virus, and protocol exploit mitigation. The Cisco SDM Network Admission Control (NAC) wizard enables simple and fast integration of NAC and client security posture management into an existing network infrastructure.
Figure 3. Router Security Audit
When invoked on an already configured router, Cisco SDM allows users to perform one-step security audits to evaluate the strengths and weaknesses of their router configurations against common security vulnerabilities. Administrators can fine-tune their existing router security configurations to better suit their business needs. The Cisco SDM also can be used for day-to-day operations such as monitoring, fault management, and troubleshooting.
In addition to security configuration, Cisco SDM helps users quickly and easily configure router services such as LAN, WLAN, and WAN interface configuration; dynamic routing; DHCP server; QoS policy; and so on.
Using the LAN configuration wizard, users can assign IP addresses and subnet masks to Ethernet interfaces and can enable or disable the DHCP server. Using the WAN configuration wizard, users can configure xDSL, T1/E1, Ethernet, and ISDN interfaces for WAN and Internet access. Additionally, for serial connections, users can implement Frame Relay, Point-to-Point Protocol (PPP), and High-Level Data Link Control (HDLC) encapsulation. Cisco SDM also allows configuration of static routing and common dynamic routing protocols such as Open Shortest Path First (OSPF), Routing Information Protocol (RIP) Version 2, and Enhanced Interior Gateway Routing Protocol (EIGRP).
QoS policies can easily be applied to any WAN or VPN tunnel interface using Cisco SDM. The QoS policy wizard automates the Cisco architecture guidelines for QoS policies to effectively prioritize the traffic between real-time applications (voice or video), business-critical applications (Structured Query Language [SQL], Oracle, Citrix, routing protocols, and so on), and the rest of network traffic (for instance, Web and e-mail traffic). Monitoring based on network based application recognition (NBAR) in the Cisco SDM allows users to visually inspect the application layer traffic in real time and confirms the effect of QoS policies on different classes of application traffic.
Monitoring and Troubleshooting
In monitor mode, Cisco SDM provides a quick, graphical status of important router resources and performance measurements such as the interface status (up or down), CPU, and memory usage (see Figure 4). For wireless models, Cisco SDM provides comprehensive support for real-time 802.11 a/b/g interface statistics. Cisco SDM takes advantage of integrated routing and security features on routers to provide in-depth diagnostics and troubleshooting of WAN and VPN connections. For example, while troubleshooting a failed VPN connection, the Cisco SDM verifies the router configurations and connectivity from the WAN interface layer to the IPsec Crypto Map layer. While testing configuration and remote-peer connectivity at each layer, Cisco SDM provides pass or fail status, possible reasons of failure, and Cisco TAC-recommended actions for recovery.
Figure 4. VPN Troubleshooting and Recovery