Learn the benefits of Cisco's Security Device Manager (SDM)

SDM is a free Web-based utility that helps manage your routers, and it comes preinstalled on new Cisco routers. As you can tell by its name, one of SDM's primary offerings is security management, but this helpful utility does a lot more than just security. David Davis introduces you to SDM and discusses some of its additional benefits.

In April 2004, I wrote a TechProGuild article that introduced Cisco's Java-based Security Device Manager ("Use the free Cisco Security Device Manager to work with routers"—membership is required to access this article). I discussed how to install the Security Device Manager (SDM), detailed what you can expect from SDM, and examined its features.

When I wrote the article, the current edition of SDM was version 1.0. Today, the current version is SDM 2.2, and Cisco has made significant features changes to the product. Let's take a look at the latest incarnation of Cisco's SDM and discuss what it can do for your organization.

SDM is a free Web-based utility that helps manage your routers, and it comes preinstalled on new Cisco routers. As you can tell by its name, one of SDM's primary offerings is security management.

However, this helpful utility does a lot more than just security. In fact, you can use the SDM graphical interface to pretty much accomplish anything you would with a few commands in the CLI interface.

If you aren't necessarily adept at the command line, this utility could be a lifesaver. But those of you out there who are command-line junkies might be saying "so what?" Actually, SDM has something to offer you as well—graphical utilization charts. Figure A offers an example.

Figure A

Because SDM is a graphical management tool for routers, there is little it can't do. Therefore, the comprehensive list of what it can do is quite long. Instead of going through a long laundry list of features, let's look at what SDM can do that makes it unique.

SDM acts as a graphical access control list (ACL) editor
This functionality allows you to view your ACL, as well as edit, remove, and insert lines without ever removing the ACL.

It offers context-sensitive help
When you're creating and configuring interfaces, SDM features a How Do I? section that offers a list of help topics. Figure B offers an example.

Figure B

SDM sports a Security Audit feature and offers one-step lockdown
The Security Audit feature looks at your router and its interfaces, and it audits security settings using a predefined checklist. Using the one-step lockdown essentially enables the list of predefined security settings. (I recommend testing this feature before using it.) Figure C offers an example.

Figure C

It includes a Quality of Service (QoS) Wizard
Based on your answers to specific questions, the QoS Wizard can configure your QoS settings. It also includes a visual QoS policy editor. Figure D offers an example.

Figure D

SDM features visual representation of CPU and memory utilization
The monitoring overview of the router shows a graphical representation of current CPU and memory utilization, as well as the status of interfaces. Figure E offers an example.

Figure E

I've listed the features of Cisco's Security Device Manager that I feel are the most valuable, but this utility offers many other benefits. For information, including what IOS version SDM requires, which routers can run SDM, which modules it supports, and how much RAM/Flash is necessary, I recommend reading Cisco's Release Notes for Cisco Router and Security Device Manager Version 2.2.

Are you familiar with SDM? Share how you use this utility in this article's discussion.

Miss a column?

Check out the Cisco Routers and Switches Archive, and catch up on David Davis' most recent columns.

Want to learn more about router and switch management? Automatically sign up for our free Cisco Routers and Switches newsletter, delivered each Friday!

David Davis has worked in the IT industry for 12 years and holds several certifications, including CCIE, MCSE+I, CISSP, CCNA, CCDA, and CCNP. He currently manages a group of systems/network administrators for a privately owned retail company and performs networking/systems consulting on a part-time basis.