Release Notes

Cisco Energy Management - Version 5.2.3

Date: 11/07/2018

System and Installation Requirements

Cisco Energy Management can be used for single instance installations as well as for distributed deployments using the Cisco Energy Management Server and multiple Cisco Energy Management Controllers.

Single Server Deployment

	Minimum	Recommended 5,000 Devices	10,000 - 25,000 Devices
CPU	Dual Core, 2GHz	Dual Core, 2GHz	2 Quad CPUs
RAM	4 GB	8 GB	16 GB
Hard Disk ¹⁾	40 GB	250 GB	500 GB
Operating System	Windows 7 (64-Bit)	Win Server 2012 R2 (64-Bit)	Win Server 2012 R2 (64-Bit)

Large Scale Multi Server Deployment

For deployments with more than 25,000 devices we recommend the use of a dedicated central server with requirements as follows:

50,000 - 100,000 Devices 100,000 - 200,000 Devices

Deployment component Cisco Energy Management Server Cisco Energy Management Server

CPU 2 Quad Core CPUs 2 Quad Core CPUs

RAM >24 GB >32 GB

Hard Disk ¹⁾ 1 TB 2 TB

Operating System Windows Server 2012 R2 (64-Bit) Windows Server 2012 R2 (64-Bit)

	50,000 - 100,000 Devices	100,000 - 200,000 Devices
Deployment component	Cisco Energy Management Server	Cisco Energy Management Server
CPU	2 Quad Core CPUs	2 Quad Core CPUs
RAM	>24 GB	>32 GB
Hard Disk ¹⁾	1 TB	2 TB
Operating System	Windows Server 2012 R2 (64-Bit)	Windows Server 2012 R2 (64-Bit)

In addition to the central server, several controllers can be required – with a maximum of 25,000 devices per controller with specifications as follows:

	up to 25,000 Devices
Deployment component	Cisco Energy Management Controller
CPU	Quad Core, 2GHz
RAM	4 GB
Hard Disk ¹⁾	50 GB
Operating System	Windows 7 or Server (64-Bit) CentOS 6.5 (x86/x64)

1) Hard disk performance plays a critical role in the deployment. Cisco Energy Management ships with its own database to store device data, power measurements and other data at a high rate. A local physical storage or high-performance SAN is recommended, especially when deploying on a VM.

Note: A single Cisco Energy Management Controller is designed to handle up to 25,000 devices.

Cisco Energy Management has a browser-based management console for configuration, operation, and reporting. For the best user experience, it is recommended that you use an up-to-date browser, such as the latest version of Google Chrome (preferred), Mozilla Firefox or Internet Explorer 8 or higher. Older browsers, especially IE 6, are not fully supported. Regardless of which browser is used, JavaScript will have to be enabled.

The Controller uses Microsoft .NET 4.0 framework. If this framework is not present on the server prior to installation, it will be automatically downloaded and installed as part of the Controller installation. If the internet connection on the installation server is slow or unavailable, we recommend that you manually download and install the Microsoft .NET 4.0 framework prior to beginning the Controller installation (download it from here: http://msdn.microsoft.com/en-us/netframework/).

List of supported operating systems for Cisco Energy Management Server

Microsoft Windows 7 (64-bit)
Microsoft Windows Server 2012 R2

Note: Always apply the latest Windows updates.

List of supported operating systems for Cisco Energy Management Controller for Windows

Microsoft Windows 7 (32-bit/64-bit)
Microsoft Windows Server 2012 R2

Note: Always apply the latest Windows updates.

List of supported operating systems for Cisco Energy Management Controller for Linux

CentOS 6.5 (x86/x64)

Updating / patching existing installations

Get the latest CEM Update
- Choose the correct patch installer for your operating system architecture. Files are available at Cisco Energy Management Download Page.
Preparation
- Do a full database backup before installing the patch. For details look at the 'Central Server Backup and Restore' chapter in the documentation.
- Stop any software which could interfere with the update process like Antivirus Scanners.
Updating Order
- When executing the update file, the setup wizard will guide you through the update process.
- Important: Make sure to first apply the update to the CEM server installation and then to the controller(s).
Verify that the update process succeeded
- The update process was successful if all services are up and running and the CEM User Interface is working properly.

Additional update related information

While patching, all Script Proxies that are a part of Cisco Energy Management will be overwritten. All other Script proxies that are not part of the installation bundle will remain untouched. If you made modifications to one or more Script Proxies that were provided by Cisco, please create a backup of the respective files before you apply the update.

Changes from Cisco Energy Management Version 5.2.2 to 5.2.3

Security Fixes

Fixed a vulnerability due to an insecure default password in PostgreSQL database (CSCvm09173)
During the installation a secure random password is generated. For existing installation please see the "Reset PostgreSQL database password" section below.
Fixed an XML External Entity (XXE) vulnerability (CSCvm38505)
Loading of external XML entities has been disabled by default. To return to the previous behavior again please see "XXE Configuration Option" section below.
Fixed a Cross Site Request Forgery (CSRF) vulnerability (CSCvm29341)
Fixed CVE-2018-10915, CVE-2018-10925, CVE-2018-1058 vulnerabilities by updating PostgreSQL database (CSCvm00991, CSCvm99794, CSCvm99797)
Fixed CVE-2018-10936 vulnerability by PostgreSQL JDBC driver update (CSCvm99793)
Fixed CVE-2017-15095, CSCvn01489 vulnerabilities by jackson-databind update (CSCvn01492, CSCvn01489)

Known issues

Due to the addition of CSRF tokens to HTTP requests in the CEM UI, an inactive tab that has the CEM UI open might close the user session before the session idle timeout has been reached. This behavior is different on each browser. Active tabs are not affected by this issue.
In older versions of CEM it was possible to use the REST API by using the authentication API, logging in with an existing user and using the returned "auth" token in subsequent requests. This is not possible anymore due to the addition of CSRF tokens. The authentication API should not be used anymore.
Please only use API tokens to access the REST API of CEM. An API token can be generated from the CEM UI by clicking on the username at the right top and selecting "My Settings" from the drop down. Click on "Create API Token" in the "API" section and copy the generated API token.
There can be an issue when logging in to Cloud Manager with Safari, IE11 and Edge. For Safari, opening a new tab and logging in again prevents the issue.
With Internet Explorer 11 and Microsoft Edge, using Ctrl + C to copy contents from the script editor does not work.
As a workaround, you can mark the text and drag and drop it into a text editor.
Custom metrics that are created after a device with static values that are used in the metric will not be updated for such a "static device".
Sometimes, values from the last hour in a report can be missing from a report.
The license can be shown as invalid after the upgrade for up to 1 day. As a workaround, a license check can be triggered manually in the Web UI.
The labels for bar charts are only displayed when hovering over the bar and not visible in the web UI and in exported reports.

Reset PostgreSQL database password

This guide is intended to help resetting the password of the "postgres" user and all other database users that CEM uses to connect to the database, either because the password has been forgotten or must be changed. Follow these steps to reset the password:

Open the services management console (on windows open "start" -> "run" -> "services.msc" or open a command line terminal and execute "services.msc")
Stop the services: "Cisco Energy Management System Watcher", "Cisco Energy Management Server" and "Cisco Energy Management Processor"
Open the installation folder of CEM and go to the pgsql/data directory (i.e. c:\Program Files\Cisco Energy Management\pgsql\data)
Make a backup of the file pg_hba.conf
Open pg_hba.conf and enter the following 2 lines at the top of the file right after the first comments:

host	all	postgres	127.0.0.1/32	trust
host	all	postgres	::1/128		trust

Restart the service "Cisco Energy Management Database" from the services management console
Open a command line terminal and go to the pgsql/bin directory in the CEM installation folder
Enter the following commands to change the user password:

psql.exe cloud postgres
SELECT * FROM pg_roles;

rolname                              | rolsuper | rolinherit | ...
-------------------------------------+----------+------------+---
SYSTEM                               | t        | t          | t
t_47d2d53da3e74ad8a27fc0865a84fbb7   | f        | t          | f
postgres                             | t        | t          | t
(3 rows)

Now execute the following command for the "postgres" and all users starting with "t_" in this case "t_47d2d53da3e74ad8a27fc0865a84fbb7":
ALTER USER <username> WITH PASSWORD '<password>';

Open the file jemprocessor.conf in the CEM installation folder WebApp/conf and change the following value (replace <password> with the new password set for the users in step 7.4):

jdbc.password=<password>

Remove the 2 lines added in step 3 from the pg_hba.conf file and save the file
Restart the "Cisco Energy Management Database" service
Start the services: "Cisco Energy Management System Watcher", "Cisco Energy Management Server" and "Cisco Energy Management Processor"
Open the server and processor log files in the CEM installation directory logs/ folder and make sure there are no database related issues, specifically there should be no error like

FATAL: password authentication failed for user "t_47d2d53da3e74ad8a27fc0865a84fbb7"

XXE Configuration Option

Configuration File	Configuration Property Name	Description	Mandatory	Default
jemprocessor.conf	xml.secure_processing	Enables or disables XML secure processing. If enabled it does not allow loading of external entities to protect against XML External Entity (XXE) Processing.	No	true
settings.json	xml.secure_processing	Enables or disables XML secure processing. If enabled it does not allow loading of external entities to protect against XML External Entity (XXE) Processing.	No	true

Release Note Enclosures

ID	Symptom	Conditions	Workaround
CSCvd10243	Wrong PoE mappings on a switch stack	Software Version 5.0.x, 5.1.x, 5.2.0	-
CSCvb43570	CSV export generates "414 Request-URI Too Long"	Software Version 5.0.x, 5.1.x, 5.2.0	-
CSCuy11712	Export of Map Widget in a Subfolder does not show all markers	Software Version 5.0.x, 5.1.x, 5.2.0	-
CSCve98493	Network Discovery Script - dset Does Not Work on IP Range	Software Version 5.0.x, 5.1.x, 5.2.0	A valid workaround for this is to change thread count on the asset connector to 1.
CSCvc49742	Date selection for reporting not consistent and missing information	Software Version 5.0.x, 5.1.x, 5.2.0	Adjust the custom date range to include the correct dates as desired.
CSCva31914	Server LDAP Settings - not able to save Logon name attribute setting	Software Version 5.0.x, 5.1.x, 5.2.0	When refreshing the contents with F5 in the web browser, the saved value will be shown.