Cisco Prime Infrastructure

Cisco Prime Infrastructure is included in the section of Cisco Prime for IT, which in turn included in Cisco Prime suite.

Cisco Prime suite is pretty extensive and besides Cisco Prime for IT also includes separate portfolios Cisco Prime for Service Providers and Cisco Prime for Cloud, and those, in turn, their own topics and products. So, for example, only Cisco Prime for IT includes the following products:

  • Cisco Prime Infrastructure
  • Cisco Prime Service Catalog
  • Cisco Prime Network Analysis Module (NAM)
  • Cisco Prime IP Express
  • Cisco Prime Collaboration
  • Cisco Prime Data Center Network Manager


Cisco Prime Infrastructure («PI» abbreviation is also using) is the most commonly used Network Management solution by Cisco Systems customers and it used for control of company’s IT infrastructure of the Enterprise sector.  The major benefits of Cisco Prime Infrastructure are:

  • useful interface and intuitive configuration
  • visualization of different information (for example, Device 360 View)
  • the possibility of customization of the interface profile (dashboards)
  • simple and comfortable use
  • support for a huge park of the Cisco Systems devices


Unfortunately, there are disadvantages, the system initially focused on Cisco Systems equipment and not a multi-vendor. Third party hardware support is available, but only if you have required MIB.


Cisco Prime Infrastructure has a modular structure, and depending on the set of modules can have varying functionality. Cisco Prime Infrastructure consists of the following software components (modules):


Lifecycle –the main module, helps network managers with daily tasks solution:

  • infrastructure monitoring, also includes an opportunity of monitoring and diagnostic wireless infrastructure problems
  • flexible configuration of filters and incidents
  • in creating backups (software of network devices, configuration)
  • software images administration
  • statistics on work activities of the devices (uptime, state, incidents etc.)
  • inventory of devices
  • hardware configuration, include using of templates
  • basic network audit



For today the most relevant version of Cisco Prime Infrastructure is 3.X version. The management interface is formed by dashboards necessary for administrator and immediately shows all the most important information for the administrator (available devices, alarms and incidents, loading etc.)



Assurance –the optional module:

  • Service status dashboard provides an overview of the state of important applications;
  • Support Cisco AVC 2.0 technologies, NetFlow, Flexible NetFlow, NBAR2, Performance Agent, Medianet
  • Control and diagnosis of apps
  • Configuration and monitoring of QoS on interfaces
  • Support of NAM: traffic analysis, metrics about apps response, analysis of protocols



Plug and Play – the optional module, responsible for automatic configuration of equipment possibility without using of console access (using mechanism of Automated Deployment Gateway). Improvements in Cisco Prime Infrastructure 3.x



Cisco Prime Infrastructure is available as hardware solution (appliance), or as virtual  appliance (can be deployed as a virtual machine). The following are the resource requirements for Express, Express Plus, Standard and Pro (virtual machine) and for appliance (in table. EXP, EXP-Plus, STD, PRO и Gen2)


* ESXi 4.x not-support anymore


And finally a little background, until 2011 year there was quite a well-known portfolio of solutions called “Cisco Works”, there were a large number of installations and at many customers it still up and running not looking that it is announced End of Life и End of Support long long time ago. Cisco Works was completely rebuilt and transformed into the Cisco Prime. Time by time Cisco Systems starts «trade in» program for old and outdated products, which allows customer to save good amount of money when purchasing new or upgraded SW and products. We do recommend all the customers who has such an old and outdated products, including “Cisco Works” to contact our sales representative regarding help in upgrade possibility, because “Cisco Works” products not only outdated, but it also got a lot of changes regarding functionality, supported products, user-friendly interface and so on when we talk about Cisco Prime.


Cisco Email Security Appliance (ESA)  –  is solution that allows you to provide full control of email and protect corporate users from attacks distributed through electronic communications.


Standard connection scheme for Cisco ESA in the local network are as follows:

This image has an empty alt attribute; its file name is bezymyannyj-2.png

ESA acts as an email security gateway that provides the following functions:

  • Checks the reputation of the sender-lets you check real-time sender reputation using SBRS (Sender Base Reputation Score). Letters from potentially harmful senders can be blocked or subjected to additional scrutiny. Using this function over 80% of unwanted letters are eliminated. Only title of the message is checked, it helps to reduce the load on the Internet access channel.
  • Antispam-produces a context analysis, which examines content of a message, build order, availability and check Web links in a message (using the SBRS). Verified spam letter is blocked or delivered to the user with the appropriate prefix.
  • Outbreak filters – help to protect from zero-day attacks, due possibility of Cisco Talos analysis of more than 25% of the world’s Internet traffic. This analysis allows you to scan email traffic anomalies (e.g., mass mailing of messages with suspicious content or attachments) and automatically create and send to ESA rules that redirect abnormal messages to quarantine.
  • Classic antivirus protects – massage content signature scanning. Antivirus signature databases provided by partners Sophos and McAfee.
  • Malware protection (AMP) – conducts constant static or dynamic analysis, passed through ESA. Allows you to track the path of spreading malicious files online with integration with other Cisco products support AMP (WSA, NG Firewall, AMP for Endpoints).
  • Data leakage prevention (DLP) – checks for the presence in  outgoing content confidential personal (passport number, credit card number, etc..) and/or corporate information (internal documents).
  • Encryption –  provides  encrypt message transfer using SSL/TLS, between e-mail security gateways, that makes impossible to read the message, even if it was intercepted on the way to the recipient.

Cisco Email Security Appliance presented as a hardware or software solutions. Licensing is done according to the number of users required functionality and the duration of the subscription.

License types:

  • Cisco Email Security Inbound (ESI) – protects inbound messages by using the functions of anti-virus, antispam and Outbreak filters.
  • Cisco Email Security Outbound (ESO) – protect outgoing mail using functional data leakage prevention, and encryption.
  • Cisco Email Security Premium (ESP) – combines the license of ESI and ESO.
  • Cisco Email Security AMP – provides the functionality of the AMP and is in addition to ESI, ESO licenses or ESP.
Cisco Identity Service Engine (ISE)

Cisco Identity Service Engine (ISE) – is a high-performance and flexible solution for access control with context, which brings together authentication, authorization, and accounting (AAA) services, assessing the status of endpoint, profiling and access control within a single platform.


ISE has such functions like:

  • Holding corporate user’s  and endpoint devices authentication -provides the ability to determine what enterprise users and/or devices are allowed access to the network.
  • Providing authorization to enterprise users and endpoints – determines which network resources successfully authenticated user and/or device is permitted to get Guest access– creating a temporary guest account for customers, visitors and definition of corporate network resources available to them.
  • Use of personal devices by corporate users – allows users to register personal devices from which limited access to company resources will be allowed.
  • Device profiling – support for built-in device profiles, as well as their creation for more flexible configuration of access policies.State Assessment of the connected devices – allows to check devices that are connected to the network to meet the requirements (for example, to the installed OS, antivirus, antivirus updates, anti-spyware, etc.) and in case of non-compliance, notify the user about it and propose necessary actions to fulfill these requirements.
  • Providing AAA for network  devices– providing a single place for authentication, authorization and accounting for administrators access to network equipment, without creating many local accounts and access rules on these devices.
  •  Platform Exchange Grid(pxGrid) –  using to exchange contextual information between Cisco platforms and partners, to increase the speed of response to threats.


Cisco ISE can be represent as a hardware (as Secure Network Server ) or virtual solution. Licensing is carried out by the number of devices and functionality.


Types of licenses:

  • Base – permanent license that allows authentication and authorization functionality of corporate users and devices, guest access and use of corporate users their personal devices.
  • Plus – is a subscription and addition to the Base license, adds the functionality of device profiling and platform Exchange Grid (pxGrid).
  • Appex – is a subscription and addition to the Base license, adds a state  assessment functionality of the connected devices.
  • Device Administration – a permanent license includes the ability to provide AAA for network equipment ( you need Base license for a minimum of 100 devices).