Solution Overview

Catalyst Center on ESXi is a new form factor that supports the Catalyst Center application in a virtual environment. The virtual form factor helps customers rapidly deploy and operate Catalyst Center.

Catalyst Center on ESXi offers the same centralized and intuitive management as the Catalyst Center platform.

This guide provides technical guidance to design, deploy, and operate Catalyst Center on ESXi.

The implementation flow showcases four main steps: define, design, deploy, and operate.

This guide contains the following main sections:

  • Solution Overview presents a high-level overview of Catalyst Center on ESXi.

  • Design and Prerequisites discusses the VMware ESXi prerequisites to deploy Catalyst Center on ESXi; requirements for creating the virtual appliance (VA); supported scale, latency, and bandwidth; launcher tool requirements; and how to set up network interfaces, NTP, and DNS servers for deployment of Catalyst Center on ESXi. The launcher tool is an internal Cisco utility used to deploy and configure the VA.

  • Deploy Catalyst Center on ESXi discusses deployment of Catalyst Center on ESXi, different configuration methods, postdeployment configurations, configuration of authentication and policy servers, configuration of high availability (HA) using vSphere, backup and restore using local disk and NFS support, managing applications and software, and managing different user roles within Catalyst Center.

  • Operation: Monitoring and Troubleshooting discusses how to monitor and troubleshoot the Catalyst Center VA deployed on ESXi.

The audience for this guide includes network design engineers and network operations personnel who don't have a Catalyst Center appliance but want to manage their networks with Catalyst Center.

Design and Prerequisites

This section explains the design and prerequisites for Catalyst Center on ESXi:

  • Prerequisites for deployment

  • Supported scale

  • Certificate management for Catalyst Center on ESXi

  • Launcher requirements for configuring Catalyst Center on ESXi

  • Preparation of VMware vSphere; reservation of the enterprise interface; and preparation of DNS, NTP, and proxy servers

  • Limitations and restrictions

  • Feature support

Deployment Requirements

The following requirements must be met in order to successfully deploy a Catalyst Center on ESXi virtual appliance. For performance tips that cover the most performance-critical areas of VMware vSphere, see:

Virtual Machine Minimum Requirements

Table 1. Virtual Machine Minimum Requirements
Feature Description

Virtualization platform and hypervisor

VMware vSphere (which includes ESXi and vCenter Server) 7.0.x or later, including all patches

Processors

Intel 2.1-GHz and later CPU

32 vCPUs with 64-GHz reservation must be dedicated to the VM

Memory

256-GB DRAM with 256-GB reservation must be dedicated to the VM

Storage

3-TB solid-state drive (SSD)

If you plan to create backups of your virtual appliance, also reserve additional datastore space. For information, see "Backup Server Requirements" in the Cisco Catalyst Center on ESXi Administrator Guide.

I/O Bandwidth

180 MB/sec

Input/output operations per second (IOPS) rate

2000-2500, with less than 5 ms of I/O completion latency

Latency

Catalyst Center on ESXi to network device connectivity: 200 ms

Scale Numbers

The following tables list the number of devices and site elements that Catalyst Center on ESXi supports.

Table 2. Nonfabric Deployment Scale Numbers
Network Component Maximum Number Supported

Access Points

4000

Devices

1000

Endpoints

25,000

Site Elements

2500

Table 3. Fabric Deployment Scale Numbers
Network Component Maximum Number Supported

Endpoints

25,000

Devices

2000

Access Points

3000

Site Elements

2500

Per-Fabric Site Scale

Fabric Nodes

500

VNs

64

IP Pools

100

For both nonfabric and fabric deployments, up to 10 concurrent user connections are supported for network admins to log in to Catalyst Center on ESXi.

Catalyst Center VA Launcher Requirements

If you plan to use the CC VA Launcher to deploy and configure a virtual appliance, the following requirements must be met by the machine on which you'll run the app:

Feature Description

RAM

1 GB

Storage

  • 40 GB for the virtual appliance's OVA file

  • 50 MB for the launcher bundle

Supported operating systems

  • Linux: Ubuntu 20.04 and later

  • macOS (Intel and M1): macOS 14 and later

  • Microsoft Windows: Windows 10 and later

Sleep setting

Configure the machine to not go to sleep.

In addition to these requirements, do the following:

  • Ensure that the user who will run the CC VA Launcher has the privileges necessary to deploy the virtual appliance's OVA file and modify the appliance's virtual machine settings.

  • For the system you'll run the app on, configure its HTTP/network proxy settings (if applicable).

Supported Browsers

  • Mozilla Firefox, version 65 or later

  • Google Chrome, version 72 or later

Topology

Catalyst Center ESXi is located in the on-premises data center.

Catalyst Center on ESXi in the on-premises data center.

Prepare for Deployment

To prepare for the deployment of a Catalyst Center on ESXi virtual appliance, you'll need to complete the following tasks:

Install VMware vSphere

To run, Catalyst Center on ESXi requires VMware vSphere (which includes ESXi and vCenter Server) 7.0.x or later, including all patches. Click here to access an overview of the VMware vSphere installation and setup process. After you have installed VMware vSphere, confirm that it can be reached from the computer that you will use to deploy the virtual appliance's OVA file.

Reserve Enterprise Interface

Before you set up the virtual appliance, ensure that you reserve one 1-Gbps/10-Gbps Enterprise interface to connect to and communicate with your enterprise network. Write down the IP address for this interface, because you'll need to enter it during appliance configuration.

Optionally, you can also reserve one 1-Gbps/10-Gbps Management network interface to access the Catalyst Center on ESXi GUI. Write down this interface's IP address as well if you plan to configure it.

Note the following points:

  • The intracluster interface's IP address is predefined, so you won't need to enter it when you complete either the Maglev Configuration wizard with default mode selected or the browser-based Install Configuration wizard.

  • Catalyst Center on ESXi supports the configuration of one additional interface for use by the virtual appliance. If you do so, make sure that you choose VMXNET from the Adapter Type drop-down list. Otherwise, appliance configuration will not complete successfully. For more information, see the Add a Network Adapter to a Virtual Machine topic in vSphere Virtual Machine Administration.

Import the IdenTrust Certificate Chain

The Catalyst Center on ESXi OVA file is signed with an IdenTrust CA certificate, which is not included in VMware's default truststore. As a result, the Deploy OVF Template wizard's Review details page will indicate that you are using an invalid certificate while completing the wizard. You can prevent this by importing the IdenTrust certificate chain to the host or cluster on which you want to deploy the OVA file.

Procedure

Step 1

On the VMware ESXi host or cluster where your virtual appliance will reside, download trustidevcodesigning5.pem from the same location that Cisco specified to download the Catalyst Center on ESXi OVA file.

Step 2

Unzip this file.

Step 3

Log in to the vSphere Web Client.

Step 4

Choose Administration > Certificates > Certificate Management.

Step 5

In the Trusted Root Certificates field, click Add.

Step 6

In the Add Trusted Root dialog box, click Browse.

Step 7

Navigate to and select the certificate chain that you downloaded in Step 1 (trustidevcodesigning5.pem), then click Open.

Step 8

Check the Start Root certificate push to vCenter Hosts check box, then click Add.

A message indicates that the certificate chain was imported successfully.

When you complete the Deploy OVF Template wizard, the Review details page's Publisher field should indicate that you are using a trusted certificate.


Prepare the DNS, NTP, and Proxy Servers

You'll be prompted to specify three items:

  • The Domain Name System (DNS) server that Catalyst Center on ESXi will use to convert domain names to IP addresses.

  • The Network Time Protocol (NTP) server that Catalyst Center on ESXi will use for clock synchronization.

  • (Optional) The proxy server that Catalyst Center on ESXi will use to access internet-bound URLs.

Before you configure your virtual appliance, do the following:

  • Ensure that the servers you want to use are available and running.

  • For an NTP server, obtain its IP address or hostname. And for a proxy server, collect either its URL or hostname and its login credentials.

Prepare for the Quick Start Workflow

After you create a virtual machine on an ESXi host and configure a Catalyst Center on ESXi virtual appliance, you'll be prompted to complete the Quick Start workflow. By completing this workflow, you'll discover the devices that Catalyst Center on ESXi will manage and enable the collection of telemetry from those devices. To complete this workflow successfully, you'll need to perform the following tasks:

  • Decide on the username and password for the new admin user you're going to create. The default admin username and password (admin/maglev1@3) should only be used the very first time you log in to Catalyst Center on ESXi.


    Important


    Changing this password is critical to network security, especially when the people who set up a Catalyst Center on ESXi virtual appliance are not the same people who will serve as its administrators.


  • Obtain the credentials you use to log in to Cisco.com.

  • Identify the users who need access to your system. For these users, define their roles as well as unique passwords and privilege settings.

You have the option to use an IPAM server and Cisco Identity Services Engine (ISE) with your virtual appliance. If you choose to use one or both of them, you'll also need to obtain the relevant URL and login credentials.

Enable Storage Input/Output Control

For the datastore in which you are planning to deploy a virtual appliance, complete the following procedure so the appliance's virtual machine input/out (I/O) is prioritized over other virtual machines when the network is experiencing I/O congestion.

Procedure

Step 1

In the vSphere Client, navigate to and click the datastore in which you plan to deploy a virtual appliance.

Step 2

Click the Configure tab, then click General.

Step 3

In the Datastore Capabilities area, click Edit.

The Datastore Capabilities area within the vSphere Client.

Step 4

In the Configure Storage I/O Control window, do the following:

  1. Click the Enable Storage I/O Control and statistics collection radio button.

  2. In the Storage I/O congestion threshold area, configure the congestion threshold you want to use.

    You can either specify a peak throughput percentage or enter a value (in milliseconds).

  3. (Optional) In the Statistic Collection area, check the Include I/O statistics for SDRS check box.

The Configure Storage I/O Control area within the vSphere Client.

Step 5

Click OK.


Check HA Admission Control Setting

You cannot connect Catalyst Center on ESXi VMs to create three-node clusters. If you want to enable high availability (HA), you'll need to use VMware vSphere's HA functionality and enable strict admission control to ensure that:

  • A virtual machine cannot be powered on if it will result in the violation of availability constraints.

  • Configured failover capacity limits are enforced.

  • HA operates as expected during a failover.

For more information, in the Cisco Catalyst Center on ESXi Administrator Guide, see the "High Availability" section in the "Configure System Settings" chapter.

Limitations and Restrictions

Catalyst Center on ESXi has the following limitations and restrictions:

  • Unlike the Catalyst Center platform, you cannot connect VMs to create three-node clusters. To achieve high availability, you need to use VMware vSphere. For more information, in the Cisco Catalyst Center on ESXi Administrator Guide, see the "High Availability" section in the "Configure System Settings" chapter.

  • Catalyst Center on ESXi does not support the following VMware vSphere features:

    • Fault tolerance

    • Suspending and resuming VMs

    • Cloning VMs

    • Snapshot (as backup)

    • NIC bonding

Features Support

Catalyst Center on ESXi supports all of the features that Catalyst Center supports, except for the following features:

  • Automation: Cisco Wide Area Bonjour application, Cisco vManage for SD-WAN, Cisco DNA Traffic Telemetry Appliance, Cisco Secure Network Analytics.

  • Wireless: Cisco User-Defined Network (UDN), Cisco Umbrella.

  • Assurance: Sensor.

  • System Workflows: Backup and Restore using VMware vSphere Client snapshot function, Backup and Restore from Catalyst Center hardware appliance to Catalyst Center on ESXi virtual appliance.

  • Diagnostics Center: Validation Tool under System > System Health > Tools.

  • Setting Page: Authentication API Encryption.

  • Security Policy Access (SPA): Security Sensor in Endpoint Analytics, Group-Based Policy Analytics (GBPA).

Deploy Catalyst Center on ESXi

The following sections explain how to deploy a VM on Catalyst Center on ESXi, power up the VM, configure the virtual appliance, and complete the Quick Start workflow.

The process to deploy Catalyst Center on ESXi and complete day-1 and day-n operations involves:

  • Create a VM

  • Configure the Catalyst Center on ESXi virtual appliance

  • Complete the Quick Start workflow

  • Postdeployment considerations

  • Configure authentication and policy servers

  • HA using vSphere

  • Backup and restore

  • Software management

  • Manage user access

Create a Virtual Machine

Complete the following procedure to create a virtual machine on the VMware ESXi host or cluster where your virtual appliance will reside.

Procedure


Step 1

Download the Catalyst Center on ESXi OVA file from the location specified by Cisco.

Step 2

Log in to the vSphere Web Client.

Step 3

In the navigation pane, right-click the IP address of host or cluster on which you want to deploy the OVA file and then click Deploy OVF Template.

The Deploy OVF Template option within the vSphere Client.

Step 4

Complete the Deploy OVF Template wizard:

  1. In the Select an OVF Template wizard page, specify the OVA file you want to use for deployment and then click Next. You can either:

    • Click the URL radio button and enter the appropriate path and OVA filename. If you choose this option, ensure that the OVA file is stored in and shared from a web-accessible location.

    • Click the Local file radio button, click Upload Files, and then navigate to and select the appropriate OVA file.

    The wizard's Select a name and folder page opens. By default, the OVA's filename is set as the name of the virtual machine you're about to create. Also, the location where the ESXi host or cluster you selected in Step 3 resides is set as the deployment location.

    The Select an OVF Template option within the vSphere Client.
  2. If you want to use the default values, click Next and proceed to Step 4c.

    If you want to use different values, do the following:

    1. Enter a name for the virtual machine you are creating.

    2. Specify where the virtual machine will reside.

    3. Click Next.

    The Select a name and folder option within the vSphere Client.

    The wizard's Select a compute resource page opens.

    The Select a compute resource option within the vSphere Client.
  3. Click the ESXi host or cluster on which you want to deploy the OVA file (the same one you right-clicked in Step 3), then click Next.

    A page that lists deployment template details is displayed.

    The Review details option within the vSphere Client.
  4. Review the template details and then do one of the following:

    • If you need to make any changes, click Back as needed to return to the appropriate wizard page.

    • If you want to proceed, click Next.

    Note

     

    Ignore the information provided in the Extra configuration field. This refers to additional configurations that Cisco provides in the Catalyst Center on ESXi OVA file.

    The wizard's Select storage page opens.

    The Select storage option within the vSphere Client.
  5. Do the following:

    1. Click the radio button for the storage device you want to use.

    2. In the Select virtual disk format field, choose either the Thick Provision or Thin Provision option.

    3. Click Next.

    The wizard's Select networks page opens.

    The Select networks option within the vSphere Client.
  6. Do the following:

    1. In the Enterprise Network's Destination Network drop-down list, choose the network that will connect to Catalyst Center on ESXi's Enterprise interface.

    2. Click Next.

    A summary of the deployment settings you've entered is displayed by the Ready to complete wizard page.

    The Ready to complete option within the vSphere Client.
  7. Review the settings, then do one of the following:

    • If you need to make any changes, click Back as needed to return to the appropriate wizard page.

    • If you want to proceed with deployment, click Finish.

      Important

       

      In general, deployment takes around 45 minutes to complete. You can monitor the progress in the vSphere Client's Recent Tasks tab.


Configure an Additional Network Adapter

Complete the following procedure in order to configure an additional network adapter for your virtual appliance, on which the Management interface will reside.

Procedure

Step 1

Log in to the vSphere Web Client.

Step 2

In the navigation pane, right-click the virtual machine you've created, then choose Power > Power Off.

Step 3

Right-click the virtual machine and then choose Actions > Edit Settings.

Step 4

With the Virtual Hardware tab selected, click Add New Device and then choose Network Adapter.

Step 5

In the New Network field's drop-down list, click Browse.

Step 6

In the Select Network dialog box, choose the network that will connect to the virtual appliance's Management interface and then click OK.

Step 7

In the Adapter Type field's drop-down list, choose VMXNET3 and then click OK.

Step 8

In the navigation pane, right-click the virtual machine, then choose Power > Power On.

Step 9

Do one of the following:

  • If you haven't done so already, configure the virtual appliance using one of the available configuration wizards or the CC VA Launcher.

  • If you've already configured the virtual appliance, proceed to Step 10.

Step 10

After Catalyst Center on ESXi comes up, run the Configuration wizard to configure the settings for the Management interface:

  1. Open an terminal window to the virtual machine and run the sudo maglev-config update command.

    The Configuration wizard opens, displaying the settings that have already been configured for the appliance's Enterprise interface.

  2. Click next>>.

    The settings that have already been configured for the appliance's Intracluster interface are now displayed.

  3. Click next>>.

  4. For the Management interface (NETWORK ADAPTER #3) you just created, enter the appropriate values for the following parameters and then click next>>:

    • Host IPv4/IPv6 Address field: Enter the IP address for the Management interface.

    • IPv4 Netmask/IPv6 Prefix Length field: Enter the netmask for the interface's IP address.

    • Default Gateway IPv4/IPv6 Address field: Enter the default gateway IP address to use for the interface.

    • IPv4/IPv6 Static Routes field: Enter one or more static routes in the following format, separated by spaces: <network>/<netmask>/<gateway>.


Configure the Management Network (Day 0)

By default, the Catalyst Center OVA comes with only one interface, the Enterprise interface. To add the management network to the appliance, you can add the interface after creating the virtual machine as part of the day-0 operations. Alternately, you can add the interface after the deployment as part of day-n operations, and configure it using the Maglev Configuration wizard.

To add the additional network interface as part of day-0 operations, complete the following procedure.

Procedure


Step 1

If the Catalyst Center VM is running, do a graceful shutdown.

Step 2

Click the deployed Catalyst Center VM and choose Actions > Edit Settings.

Step 3

Click ADD NEW DEVICE and choose Network Adapter.

After you click Network Adapter, new network adapter is added to the VM.

Step 4

Select the network to use for the management network for the newly added adapter.

Step 5

For the adapter type, choose VMXNET3 and click OK.

The new adapter is added and associated to the selected network.

Step 6

Power on the Catalyst Center VM.


Configure the Management Network (Day N)

By default, the Catalyst Center OVA comes with only one interface, the Enterprise interface. You can add the management interface after the deployment as part of day-n operations, and configure it using the Maglev Configuration wizard.

This procedure explains how to add the additional network interface as part of day-n operations.

After Catalyst Center is up, open the vSphere UI terminal of the VM and run the sudo maglev-config update command to start the network configuration wizard. The following steps apply to VMs that are already configured with a single NIC and a second NIC is added as part of day-n operations. If you add a second NIC for management before powering on the VM with the preceding method of Actions > Edit Settings, complete the following section to configure Catalyst Center using different configuration methods.

Procedure


Step 1

In the vSphere Client, click the deployed Catalyst Center VM and choose Launch Console.

The Maglev wizard opens, where you configure the newly added management interface.

Step 2

At the initial screen, the wizard prompts you to configure the enterprise interface. If it's configured already, click Next.

Step 3

At the cluster interface configuration screen, click Next.

Step 4

The wizard prompts you to configure the newly added management interface. Enter the appropriate parameters (IP address, subnet mask, and so on) and click Next.

Step 5

The wizard prompts you to configure network parameters such as proxy, DNS, and NTP servers. Enter the appropriate parameters and click Next.

Step 6

Access the Catalyst Center UI by using the configured management network IP.


Configure a Catalyst Center on ESXi Virtual Appliance

Configure a Virtual Appliance Using the Maglev Configuration Wizard: Default Mode

If you want to configure a virtual appliance as quickly as possible using the Maglev Configuration wizard and are okay with using preset appliance settings, complete the following procedure.


Note


The Intracluster interface is preconfigured when using this wizard. If you don't want to use the default settings for this interface, you'll need to complete the Maglev Configuration wizard with advanced mode selected.


Before you begin

Gather the following information for the virtual appliance before you start this procedure:

  • Static IP address

  • Subnet mask

  • Default gateway

  • DNS address

  • NTP server details

  • Proxy server details


Important


If you plan to configure the appliance's Management interface, also configure an additional network adapter for this interface to reside on before you start this wizard.


Procedure

Step 1

After deployment completes, power on the newly-created virtual machine:

  1. In the vSphere Client, right-click the virtual machine.

  2. Choose Power > Power On.

It takes around 45 minutes for the virtual machine to become operational. The actual time will depend on things like available bandwidth, RAM, hard disk space, and the number of vCPUs. You can monitor the progress in the VMware VM Console.

Step 2

Launch either the remote console or web console by clicking the appropriate link.

Step 3

Configure the virtual machine by completing the Maglev Configuration Wizard:

  1. You don't need to enter any settings in the wizard's STATIC IP CONFIGURATION page, so click skip>>.

    Static IP settings only need to entered when you configure a virtual appliance using a browser-based web UI mode of installation.

  2. Click Create MKS.

  3. Click the Start using MKS pre manufactured cluster option.

  4. Enter the configuration values for NETWORK ADAPTER #1, as shown in the following table, then click next>>.

    Catalyst Center on ESXi uses this interface to link the virtual appliance with your network.

    Host IPv4 Address field

    Enter the IP address for the Enterprise interface. This is required.

    IPv4 Netmask field

    Enter the netmask for the interface's IP address.

    Default Gateway IPv4 Address field

    Enter a default gateway IP address to use for the interface.

    Important

     

    Ensure that you enter a default gateway IP address for at least one of your appliance's interfaces. Otherwise, you will not be able to complete the configuration wizard.

    IPv4 Static Routes field

    Enter one or more static routes in the following format, separated by spaces: <network>/<netmask>/<gateway>. This is usually required on the Catalyst Center on ESXi Management interface only.

    LACP Mode field

    Leave this field blank, as it's not applicable to virtual appliances.

    The wizard validates the values you entered and issues an error message if any are incorrect. If you receive an error message, check that the value you entered is correct, then reenter it. If necessary, click <<back to reenter it.

  5. You don't need to enter configuration values for NETWORK ADAPTER #2, as the Host IPv4 Address and IPv4 Netmask fields are prepopulated for the Intracluster interface. Click next>> to proceed.

  6. Enter the configuration values for NETWORK ADAPTER #3, as shown in the following table, then click next>>.

    This interface allows you to access the Catalyst Center on ESXi GUI from the virtual appliance.

    Note

     

    You will see this wizard page only if you have already configured an additional network adapter for the Management interface.

    Host IPv4 address field

    Enter the IP address for the Management interface. This is required only if you are using this interface to access the Catalyst Center on ESXi GUI from your management network; otherwise, you can leave it blank.

    IPv4 Netmask field

    Enter the netmask for the interface's IP address.

    Default Gateway IPv4 Address field

    Enter a default gateway IP address to use for the interface.

    Important

     

    Ensure that you enter a default gateway IP address for at least one of your appliance's interfaces. Otherwise, you will not be able to complete the configuration wizard.

    IPv4 Static Routes field

    Enter one or more static routes in the following format, separated by spaces: <network>/<netmask>/<gateway>.

    Correct validation errors, if any, to proceed. The wizard validates and applies your network adapter configurations.

  7. In the DNS Configuration page, enter the IP address of the preferred DNS server and then click next>>. If you are entering multiple DNS servers, separate the IP addresses in the list with spaces.

    Important

     
    • For NTP, ensure port 123 (UDP) is open between Catalyst Center on ESXi and your NTP server.

    • Configure a maximum of three DNS servers. Problems can occur if you configure more than three DNS servers for a virtual appliance.

    The wizard updates, indicating that it needs to shut down the controller in order to validate the settings you've entered so far.

  8. Do one of the following:

    • If you need to change any settings, click <<back as needed, make the necessary changes, and then return to this wizard page.

    • If you're happy with the settings you've entered, click proceed>>.

  9. After validation successfully completes, do one of the following:

    • If your network does not use a proxy server to access the internet, click skip proxy>> to proceed.

    • If your network does use a proxy server, enter the configuration values in the NETWORK PROXY wizard page (as shown in the following table), then click next>>.

    HTTPS Proxy field

    Enter the URL or host name of an HTTPS network proxy used to access the Internet.

    Note

     

    Connection from Catalyst Center on ESXi to the HTTPS proxy is supported only through HTTP in this release.

    HTTPS Proxy Username field

    Enter the user name used to access the network proxy. If no proxy login is required, leave this field blank.

    HTTPS Proxy Password field

    Enter the password used to access the network proxy. If no proxy login is required, leave this field blank.

    After you provide the necessary information, correct any validation errors to proceed (if necessary).

  10. You are next prompted to enter the virtual appliance's virtual IP address in the MAGLEV CLUSTER DETAILS wizard page. Enter the virtual IP address configured for the Enterprise interface. If you configured a virtual IP address for the Management interface, enter this address as well (using a comma to separate the two IP addresses).

    You can also specify the fully qualified domain name (FQDN) for your virtual appliance. Catalyst Center on ESXi uses this domain name to do the following:

    • It uses this hostname to access your virtual appliance’s web interface and the Representational State Transfer (REST) APIs used by devices in the enterprise network that Catalyst Center on ESXi manages.

    • In the Subject Alternative Name (SAN) field of Catalyst Center on ESXi certificates, it uses the FQDN to the define the Plug and Play server that should be used for device provisioning.

    After you provide the necessary information, click next>> to proceed. Correct validation errors, if any, as you did in previous screens.

  11. Enter the configuration values for the settings provided in the wizard's USER ACCOUNT SETTINGS page (as described in the following table), then click next>>.

    Linux Password field

    Enter and confirm the password for the maglev user.

    Re-enter Linux Password field

    Confirm the Linux password by entering it a second time.

    Password Generation Seed field

    If you do not want to create the Linux password yourself, enter a seed phrase in this field and then press <Generate Password> to generate the password.

    Auto Generated Password field

    (Optional) The seed phrase appears as part of a random and secure password. If desired, you can either use this password "as is", or you can further edit this auto-generated password.

    Press <Use Generated Password> to save the password.

    After you provide the necessary information, correct any validation errors to proceed (if necessary).

  12. Enter the configuration values for the settings provided in the wizard's NTP SERVER SETTINGS page (as described in the following table), then click next>>.

    NTP Servers field

    Enter one or more NTP server addresses or hostnames, separated by spaces. At least one NTP address or hostname is required. For a production deployment, we recommend that you configure a minimum of three NTP servers.

    NTP Authentication check box

    To enable the authentication of your NTP server before it's synchronized with Catalyst Center on ESXi, check this check box and then enter the following information:

    • The NTP server's key ID. Valid values range between 1 and 4294967295 (2^32-1).

      This value corresponds to the key ID that's defined in the NTP server's key file.

    • The SHA-1 key value associated with the NTP server's key ID. This 40-character hex string resides in the NTP server's key file.

    Note

     

    Ensure that you enter a key ID and key value for each NTP server that you configured in the previous field.

    After you provide the necessary information, correct any validation errors to proceed (if necessary).

    A final message appears, stating that the wizard is ready to apply the configuration.

  13. To apply the settings you've entered to the virtual appliance, click proceed>>.

    After the configuration process completes, the virtual appliance powers on again and displays a CONFIGURATION SUCCEEDED! message. Then, it displays the Maglev login page.

    Note

     

    It can take from 15-30 minutes for services to be stabilized so that you can login to the Catalyst Center UI.

Step 4

Complete the Quick Start Workflow.


Configure a Virtual Appliance Using the Maglev Configuration Wizard: Advanced Mode for IPv4 Deployments

If you want to configure a virtual appliance using the Maglev Configuration wizard and need to specify settings that are different from the preset appliance settings, complete the following procedure.

Before you begin

Gather the following information for the virtual appliance before you start this procedure:

  • Static IP address

  • Subnet mask

  • Default gateway

  • DNS address

  • NTP server details

  • Proxy server details


Important


If you plan to configure the appliance's Management interface, also configure an additional network adapter for this interface to reside on before you start this wizard.


Procedure

Step 1

After deployment completes, power on the newly-created virtual machine:

  1. In the vSphere Client, right-click the virtual machine.

  2. Choose Power > Power On.

Step 2

Launch either the remote console or web console by clicking the appropriate link.

Step 3

Configure the virtual machine by completing the Maglev Configuration Wizard:

  1. You don't need to enter any settings in the wizard's STATIC IP CONFIGURATION page, so click skip>>.

    Static IP configuration is needed only when configuring a virtual appliance using a browser-based WEB UI mode of installation.

  2. Click Create MKS.

  3. Click the Start configuration of MKS in advanced mode option.

    The next wizard page opens, indicating that all preconfigured appliance settings (except for the container and cluster subnets) will be erased. You'll need to enter values for these settings.

    This page also indicates that if you choose this option, you won't be able to go back and use the default appliance setup workflow instead. Keep this in mind before you complete the next step.

  4. Click proceed>>.

    After all of the preconfigured appliance settings have been erased, the next wizard page opens.

  5. Do one or more of the following, then click next>>:

  6. You don't need to enter any settings in the Layer2 mode used for the services wizard page, so click next>>.

  7. Enter the configuration values for NETWORK ADAPTER #1, as shown in the following table, then click next>>.

    Catalyst Center on ESXi uses this interface to link the virtual appliance with your network.

    Host IPv4 Address field

    Enter the IP address for the Enterprise interface. This is required.

    IPv4 Netmask field

    Enter the netmask for the interface's IP address. This is required.

    Default Gateway IPv4 Address field

    Enter a default gateway IP address to use for the interface.

    Important

     

    Ensure that you enter a default gateway IP address for at least one of your appliance's interfaces. Otherwise, you will not be able to complete the configuration wizard.

    IPv4 Static Routes field

    Enter one or more static routes in the following format, separated by spaces: <network>/<netmask>/<gateway>. This is usually required on the Management interface only.

    Cluster Link field

    Leave this field blank. It is required on the Intracluster interface only.

    LACP Mode field

    Leave this field blank, as it's not applicable to virtual appliances.

    The wizard validates the values you entered and issues an error message if any are incorrect. If you receive an error message, check that the value you entered is correct, then reenter it. If necessary, click <<back to reenter it.

  8. Enter the configuration values for NETWORK ADAPTER #2, as shown in the following table, then click next>>.

    Host IPv4 Address field

    Enter the IP address for the Intracluster interface. This is required. Note that you cannot change the address of the Intracluster interface later.

    IPv4 Netmask field

    Enter the netmask for the interface's IP address. This is required.

    Default Gateway IPv4 Address field

    Leave this field blank.

    IPv4 Static Routes field

    Leave this field blank.

    Cluster Link field

    Check the check box to set this interface as the link to a Catalyst Center on ESXi cluster. This is required on the Intracluster interface only.

    LACP Mode field

    Leave this field blank, as it's not applicable to virtual appliances.

    Correct validation errors, if any, to proceed. The wizard validates and applies your network adapter configurations.

  9. Enter the configuration values for NETWORK ADAPTER #3, as shown in the following table, then click next>>.

    This interface allows you to access the Catalyst Center on ESXi GUI from the virtual appliance.

    Note

     

    You will see this wizard page only if you have already configured an additional network adapter for the Management interface.

    Host IPv4 Address field

    Enter the IP address for the Management interface. This is required only if you are using this interface to access the Catalyst Center on ESXi GUI from your management network; otherwise, you can leave it blank.

    IPv4 Netmask field

    Enter the netmask for the interface's IP address. This is required.

    Default Gateway IPv4 Address field

    Enter a default gateway IP address to use for the interface.

    Important

     

    Ensure that you enter a default gateway IP address for at least one of your appliance's interfaces. Otherwise, you will not be able to complete the configuration wizard.

    IPv4 Static Routes field

    Enter one or more static routes in the following format, separated by spaces: <network>/<netmask>/<gateway>.

    Cluster Link field

    Leave this field blank. It is required on the Intracluster interface only.

    Correct validation errors, if any, to proceed. The wizard validates and applies your network adapter configurations.

  10. In the DNS Configuration page, enter the IP address of the preferred DNS server and then click next>>. If you are entering multiple DNS servers, separate the IP addresses in the list with spaces.

    Important

     
    • For NTP, ensure port 123 (UDP) is open between Catalyst Center on ESXi and your NTP server.

    • Configure a maximum of three DNS servers. Problems can occur if you configure more than three DNS servers for a virtual appliance.

    The wizard updates, indicating that it needs to shut down the controller in order to validate the settings you've entered so far.

  11. Do one of the following:

    • If you need to change any settings, click <<back as needed, make the necessary changes, and then return to this wizard page.

    • If you're happy with the settings you've entered, click proceed>>.

  12. After validation successfully completes, the NETWORK PROXY wizard page opens. Click skip proxy>> to proceed.

  13. Confirm that you want to skip network proxy configuration by clicking skip proxy validation>>.

  14. Next, you are prompted to enter the virtual appliance's virtual IP addresses in the MAGLEV CLUSTER DETAILS wizard page. Since clusters are not supported by Catalyst Center on ESXi, you can leave the Cluster Virtual IP Address(s) field on this page blank.

    You can also specify the fully qualified domain name (FQDN) for your virtual appliance. Catalyst Center on ESXi uses this domain name to do the following:

    • It uses this hostname to access your virtual appliance’s web interface and the Representational State Transfer (REST) APIs used by devices in the enterprise network that Catalyst Center on ESXi manages.

    • In the Subject Alternative Name (SAN) field of Catalyst Center on ESXi certificates, it uses the FQDN to the define the Plug and Play server that should be used for device provisioning.

    After you provide the necessary information, click next>> to proceed. Correct validation errors, if any, as you did in previous screens.

  15. Enter the configuration values for the settings provided in the wizard's USER ACCOUNT SETTINGS page (as described in the following table), then click next>>.

    Linux Password field

    Enter and confirm the password for the maglev user.

    Re-enter Linux Password field

    Confirm the Linux password by entering it a second time.

    Password Generation Seed field

    If you do not want to create the Linux password yourself, enter a seed phrase in this field and then press <Generate Password> to generate the password.

    Auto Generated Password field

    (Optional) The seed phrase appears as part of a random and secure password. If desired, you can either use this password "as is", or you can further edit this auto-generated password.

    Press <Use Generated Password> to save the password.

    After you provide the necessary information, correct any validation errors to proceed (if necessary).

  16. Enter the configuration values for the settings provided in the wizard's NTP SERVER SETTINGS page (as described in the following table), then click next>>.

    NTP Servers field

    Enter one or more NTP server addresses or hostnames, separated by spaces. At least one NTP address or hostname is required. For a production deployment, we recommend that you configure a minimum of three NTP servers.

    NTP Authentication check box

    To enable the authentication of your NTP server before it's synchronized with Catalyst Center on ESXi, check this check box and then enter the following information:

    • The NTP server's key ID. Valid values range between 1 and 4294967295 (2^32-1).

      This value corresponds to the key ID that's defined in the NTP server's key file.

    • The SHA-1 key value associated with the NTP server's key ID. This 40-character hex string resides in the NTP server's key file.

    Note

     

    Ensure that you enter a key ID and key value for each NTP server that you configured in the previous field.

    After you provide the necessary information, correct any validation errors to proceed (if necessary).

    A final message appears, stating that the wizard is ready to apply the configuration.

  17. Enter the configuration values for the settings provided in the wizard's MAGLEV ADVANCED SETTINGS page, (as described in the following table), then click next>>.

    Container Subnet field

    A dedicated, non-routed IP subnet that Catalyst Center on ESXi uses to manage internal services. By default, this is already set to 169.254.32.0/20, and we recommend that you use this subnet. If you choose to enter another subnet, ensure that it does not conflict with or overlap any other subnet used by the Catalyst Center on ESXi internal network or an external network. For more information, see the Container Subnet description in the Catalyst Center Second-Generation Appliance Installation Guide's "Required IP Addresses and Subnets" topic.

    Cluster Subnet field

    A dedicated, non-routed IP subnet that Catalyst Center on ESXi uses to manage internal cluster services. By default, this is already set to 169.254.48.0/20, and we recommend that you use this subnet. If you choose to enter another subnet, ensure that it does not conflict with or overlap any other subnet used by the Catalyst Center on ESXi internal network or an external network. For more information, see the Cluster Subnet description in the Catalyst Center Second-Generation Appliance Installation Guide's "Required IP Addresses and Subnets" topic.

    After you provide the necessary information, correct any validation errors to proceed (if necessary).

    A final message appears, stating that the wizard is ready to apply the configuration.

  18. To apply the settings you've entered to the virtual appliance, click proceed>>.

    After the configuration process completes, the virtual appliance powers on again and displays a CONFIGURATION SUCCEEDED! message.

    It takes around 180 to 210 minutes for the virtual machine to become operational. The actual time will depend on things like available bandwidth, RAM, hard disk space, and the number of vCPUs. You can monitor the progress in the vSphere Client's Recent Tasks tab.

Step 4

Complete the Quick Start Workflow.


Configure a Virtual Appliance Using the Maglev Configuration Wizard: Advanced Mode for IPv6 Deployments

Gather the following information for the virtual appliance before you start this procedure:

  • Static IP address

  • Subnet mask

  • Default gateway

  • DNS address

  • NTP server details

  • Proxy server details


Important


If you plan to configure the appliance's Management interface, also configure an additional network adapter for this interface to reside on before you start this wizard.


If you want to configure a virtual appliance using the Maglev Configuration wizard and need to specify settings that are different from the preset appliance settings, complete the following procedure.

Procedure

Step 1

After deployment completes, power on the newly-created virtual machine:

  1. In the vSphere Client, right-click the virtual machine.

  2. Choose Power > Power On.

Step 2

Launch either the remote console or web console by clicking the appropriate link.

Step 3

Configure the virtual machine by completing the Maglev Configuration Wizard:

  1. You don't need to enter any settings in the wizard's STATIC IP CONFIGURATION page, so click skip>>.

    Static IP configuration is needed only when configuring a virtual appliance using a browser-based WEB UI mode of installatoin.

  2. Click Create MKS.

  3. Click the Start configuration of MKS in advanced mode option.

    The next wizard page opens, indicating that all preconfigured appliance settings (except for the container and cluster subnets) will be erased. You'll need to enter values for these settings.

    This page also indicates that if you choose this option, you won't be able to go back and use the default appliance setup workflow instead. Keep this in mind before you complete the next step.

  4. Click proceed>>.

    After all of the preconfigured appliance settings have been erased, the next wizard page opens.

  5. Deselect IPv4 mode and select IPv6 mode to configure IPv6 parameters.

  6. You don't need to enter any settings in the Layer2 mode used for the services wizard page, so click next>>.

  7. Enter the configuration values for NETWORK ADAPTER #1, as shown in the following table, then click next>>.

    Catalyst Center on ESXi uses this interface to link the virtual appliance with your network.

    Host IPv6 Address field

    Enter the IPv6 address for the Enterprise interface. This is required.

    IPv6 Prefix Length field

    Enter the prefix length (in bits) for the interface's IPv6 address.

    Default Gateway IPv4/IPv6 Address field

    Enter a default gateway IPv6 address to use for the interface.

    Important

     

    Ensure that you enter a default gateway IP address for at least one of your appliance's interfaces. Otherwise, you will not be able to complete the configuration wizard.

    IPv4/IPv6 Static Routes field

    Enter one or more static routes in the following format, separated by spaces: <network>/<netmask>/<gateway>. This is usually required on the Catalyst Center on ESXi Management interface only.

    Cluster Link field

    Leave this field blank. It is required on the Intracluster interface only.

    LACP Mode field

    Leave this field blank, as it's not applicable to virtual appliances.

    The wizard validates the values you entered and issues an error message if any are incorrect. If you receive an error message, check that the value you entered is correct, then reenter it. If necessary, click <<back to reenter it.

  8. Enter the configuration values for NETWORK ADAPTER #2, as shown in the following table, then click next>>.

    Host IPv6 Address field

    Enter the IP address for the Intracluster interface. This is required. Note that you cannot change the address of the Intracluster interface later.

    IPv6 Prefix Length field

    Enter the prefix length for the interface's IPv6 address. This is required.

    Default Gateway IPv6 Address field

    Leave this field blank.

    IPv6 Static Routes field

    Leave this field blank.

    Cluster Link field

    Check the check box to set this interface as the link to a Catalyst Center on ESXi cluster. This is required on the Intracluster interface only.

    LACP Mode field

    Leave this field blank, as it's not applicable to virtual appliances.

    Correct validation errors, if any, to proceed. The wizard validates and applies your network adapter configurations.

  9. Enter the configuration values for NETWORK ADAPTER #3, as shown in the following table, then click next>>.

    This interface allows you to access the Catalyst Center on ESXi GUI from the virtual appliance.

    Note

     

    You will see this wizard page only if you have already configured an additional network adapter for the Management interface.

    Host IPv6 Address field

    Enter the IPv6 address for the Management interface. This is required only if you are using this interface to access the Catalyst Center on ESXi GUI from your management network; otherwise, you can leave it blank.

    IPv6 Prefix Length field

    Enter the prefix length for the interface's IPv6 address. This is required.

    Default Gateway IPv6 Address field

    Enter a default gateway IP address to use for the interface.

    Important

     

    Ensure that you enter a default gateway IP address for at least one of your appliance's interfaces. Otherwise, you will not be able to complete the configuration wizard.

    IPv6 Static Routes field

    Enter one or more static routes in the following format, separated by spaces: <network>/<netmask>/<gateway>.

    Cluster Link field

    Leave this field blank. It is required on the Intracluster interface only.

    Correct validation errors, if any, to proceed. The wizard validates and applies your network adapter configurations.

  10. In the DNS Configuration page, enter the IPv6 address of the preferred DNS server and then click next>>. If you are entering multiple DNS servers, separate the IP addresses in the list with spaces.

    Important

     
    • For NTP, ensure port 123 (UDP) is open between Catalyst Center on ESXi and your NTP server.

    • Configure a maximum of three DNS servers. Problems can occur if you configure more than three DNS servers for a virtual appliance.

    The wizard updates, indicating that it needs to shut down the controller in order to validate the settings you've entered so far.

  11. Do one of the following:

    • If you need to change any settings, click <<back as needed, make the necessary changes, and then return to this wizard page.

    • If you're happy with the settings you've entered, click proceed>>.

  12. After validation successfully completes, do one of the following:

    • If your network does not use a proxy server to access the internet, click skip proxy>> to proceed.

    • If your network does use a proxy server, enter the configuration values in the NETWORK PROXY wizard page (as shown in the following table), then click next>>.

    HTTPS Proxy field

    Enter the URL or host name of an HTTPS network proxy used to access the Internet.

    Note

     

    Connection from Catalyst Center on ESXi to the HTTPS proxy is supported only through HTTP in this release.

    HTTPS Proxy Username field

    Enter the user name used to access the network proxy. If no proxy login is required, leave this field blank.

    HTTPS Proxy Password field

    Enter the password used to access the network proxy. If no proxy login is required, leave this field blank.

    After you provide the necessary information, correct any validation errors to proceed (if necessary).

  13. Next, you are prompted to enter the virtual appliance's virtual IP addresses in the MAGLEV CLUSTER DETAILS wizard page. Since clusters are not supported by Catalyst Center on ESXi, you can leave the Cluster Virtual IP Address(s) field on this page blank.

    You can also specify the fully qualified domain name (FQDN) for your virtual appliance. Catalyst Center on ESXi uses this domain name to do the following:

    • It uses this hostname to access your virtual appliance’s web interface and the Representational State Transfer (REST) APIs used by devices in the enterprise network that Catalyst Center on ESXi manages.

    • In the Subject Alternative Name (SAN) field of Catalyst Center on ESXi certificates, it uses the FQDN to the define the Plug and Play server that should be used for device provisioning.

    After you provide the necessary information, click next>> to proceed. Correct validation errors, if any, as you did in previous screens.

  14. Enter the configuration values for the settings provided in the wizard's USER ACCOUNT SETTINGS page (as described in the following table), then click next>>.

    Linux Password field

    Enter and confirm the password for the maglev user.

    Re-enter Linux Password field

    Confirm the Linux password by entering it a second time.

    Password Generation Seed field

    If you do not want to create the Linux password yourself, enter a seed phrase in this field and then press <Generate Password> to generate the password.

    Auto Generated Password field

    (Optional) The seed phrase appears as part of a random and secure password. If desired, you can either use this password "as is", or you can further edit this auto-generated password.

    Press <Use Generated Password> to save the password.

    After you provide the necessary information, correct any validation errors to proceed (if necessary).

  15. Enter the configuration values for the settings provided in the wizard's NTP SERVER SETTINGS page (as described in the following table), then click next>>.

    NTP Servers field

    Enter one or more NTP server addresses or hostnames, separated by spaces. At least one NTP address or hostname is required. For a production deployment, we recommend that you configure a minimum of three NTP servers to improve availability, time, and accuracy.

    NTP Authentication check box

    To enable the authentication of your NTP server before it's synchronized with Catalyst Center on ESXi, check this check box and then enter the following information:

    • The NTP server's key ID. Valid values range between 1 and 4294967295 (2^32-1).

      This value corresponds to the key ID that's defined in the NTP server's key file.

    • The SHA-1 key value associated with the NTP server's key ID. This 40-character hex string resides in the NTP server's key file.

    Note

     

    Ensure that you enter a key ID and key value for each NTP server that you configured in the previous field.

    After you provide the necessary information, correct any validation errors to proceed (if necessary).

    A final message appears, stating that the wizard is ready to apply the configuration.

  16. Enter the configuration values for the settings provided in the wizard's MAGLEV ADVANCED SETTINGS page, (as described in the following table), then click next>>.

    Container Subnet field

    A dedicated, non-routed IPv6 subnet that Catalyst Center on ESXi uses to manage internal services. If you choose to enter another subnet, ensure that it does not conflict with or overlap any other subnet used by the Catalyst Center on ESXi internal network or an external network.

    Cluster Subnet field

    A dedicated, non-routed IPv6 subnet that Catalyst Center on ESXi uses to manage internal cluster services. If you choose to enter another subnet, ensure that it does not conflict with or overlap any other subnet used by the Catalyst Center on ESXi internal network or an external network.

    After you provide the necessary information, correct any validation errors to proceed (if necessary).

    A final message appears, stating that the wizard is ready to apply the configuration.

  17. To apply the settings you've entered to the virtual appliance, click proceed>>.

    After the configuration process completes, the virtual appliance powers on again and displays a CONFIGURATION SUCCEEDED! message.

    It takes around 180 to 210 minutes for the virtual machine to become operational. The actual time will depend on things like available bandwidth, RAM, hard disk space, and the number of vCPUs. You can monitor the progress in the vSphere Client's Recent Tasks tab.

Step 4

Complete the Quick Start Workflow.


Configure a Virtual Appliance Using the Web UI Install Configuration Wizard

If you want to configure a virtual appliance as quickly as possible using the browser-based Install configuration wizard and are okay with using preset appliance settings, complete the following procedure.


Important


Ensure that all of the IP addresses you enter while completing this procedure are valid IPv4 addresses with valid IPv4 netmasks. Also make sure that the addresses and their corresponding subnets do not overlap. Service communication issues can result if they do.


Before you begin

Ensure that you collected the following information:

  • Static IP address

  • Subnet mask

  • Default gateway

  • DNS address

  • NTP server details

  • Proxy server details

Ensure that you are using a supported browser. See Deployment Requirements.

Ensure that you enabled ICMP on the firewall between Catalyst Center on ESXi and the DNS servers you will specify in the following procedure. This wizard uses Ping to verify the DNS server you specify. This ping can be blocked if there is a firewall between Catalyst Center on ESXi and the DNS server and ICMP is not enabled on that firewall. When this happens, you will not be able to complete the wizard.


Note


The Intracluster interface is preconfigured when using this wizard. If you don't want to use the default settings for this interface, you'll need to complete the browser-based Advanced Install configuration wizard.


Procedure

Step 1

After deployment completes, power on the newly-created virtual machine:

  1. In the vSphere Web Client, right-click the virtual machine.

  2. Choose Power > Power On.

It takes around 45 minutes for the virtual machine to become operational. The actual time will depend on things like available bandwidth, RAM, hard disk space, and the number of vCPUs. You can monitor the progress in the vSphere Client's Recent Tasks tab.

Step 2

Launch either the remote console or web console by clicking the appropriate link.

Step 3

Open the Install Configuration wizard:

  1. In the STATIC IP CONFIGURATION page, do one of the following:

    • If you want a DHCP server to assign an IP address, subnet mask, and default gateway to your virtual appliance's Enterprise interface, click skip>>.

    • If you want to assign your own IP address, subnet mask, and default gateway to your virtual appliance's Enterprise interface, enter the information described in the following table and then click configure>>.

    Note

     

    The IPv6 Mode check box is for enabling IPv6 addressing in advanced mode only. For IPv4 deployments, this check box needs to be unchecked.

    IPv6 Mode check box

    If you want to enable IPv6 addressing, you'll need to do so using the Advanced Install Configuration wizard. Leave this check box unchecked to use IPv4 addressing.

    IP Address field

    Enter the static IP address that you want to use.

    Netmask field

    Enter the netmask for the IP address you specified in the previous field. You can enter either a netmask or CIDR address.

    Default Gateway Address field

    Specify the default gateway that will be used to route traffic.

    Static Routes field

    You can't specify static routes when using this wizard, so leave this field blank.

    Note the URL listed in the Web Installation field. You'll need this for the next step.

  2. Open the URL that was displayed in the Static IP Configuration page.

  3. Click the Start a Catalyst Center Virtual Appliance radio button, then click Next.

  4. Click the Install radio button, then click Start.

    The Overview slider opens. Click > to view a summary of the tasks that the wizard will help you complete.

  5. Click Start Workflow to start the wizard.

    The Virtual Appliance Interfaces page opens.

Step 4

Configure your virtual appliance by completing the Install Configuration wizard:

  1. Click Next.

    The DNS Configuration page opens.

  2. In the DNS field, enter the IP address of the preferred DNS server. To enter additional DNS servers, click the Add (+) icon.

    Important

     

    You can configure a maximum of three DNS servers. Problems can occur if you configure more than three DNS servers for an appliance.

  3. Click Next.

    The Configure Proxy Server Information page opens.

  4. Do one of the following:

    • If your network does not use a proxy server to access the internet, click the No radio button and then click Next.

    • If your network does use a proxy server to access the internet, enter the values described in the following table and then click Next.

    Proxy Server field

    Enter the URL or host name of an HTTPS network proxy used to access the Internet.

    Note

     
    Connection from Catalyst Center on ESXi to the HTTPS proxy is supported only via HTTP in this release.

    Port field

    Enter the port that your appliance used to access the network proxy.

    Username field

    Enter the username used to access the network proxy. If no proxy login is required, leave this field blank.

    Password field

    Enter the password used to access the network proxy. If no proxy login is required, leave this field blank.

    The wizard's Advanced Appliance Settings page opens.

  5. Enter configuration values for your appliance, then click Next.

    Cluster Virtual IP Addresses

    To access from Enterprise Network and For Intracluster Access fields

    Enter the virtual IP address configured for the Enterprise interface. If you configured a virtual IP address for the Management interface, enter this address as well (using a comma to separate the two IP addresses).

    Fully Qualified Domain Name (FQDN) field

    You can also specify the fully qualified domain name (FQDN) for your virtual appliance. Catalyst Center on ESXi uses this domain name to do the following:

    • It uses this hostname to access your virtual appliance’s web interface and the Representational State Transfer (REST) APIs used by devices in the enterprise network that Catalyst Center on ESXi manages.

    • In the Subject Alternative Name (SAN) field of Catalyst Center on ESXi certificates, it uses the FQDN to the define the Plug and Play server that should be used for device provisioning.

    NTP Server Settings

    NTP Server field

    Enter at least one NTP server address or hostname. To enter additional NTP server addresses or hostnames, click the Add (+) icon.

    For a production deployment, Cisco recommends that you configure a minimum of three NTP servers.

    Turn on NTP Authentication check box

    To enable the authentication of your NTP server before it's synchronized with Catalyst Center on ESXi, check this check box and then enter the following information:

    • The NTP server's key ID. Valid values range between 1 and 4294967295 (2^32-1).

      This value corresponds to the key ID that's defined in the NTP server's key file.

    • The SHA-1 key value associated with the NTP server's key ID. This 40-character hex string resides in the NTP server's key file.

    Note

     

    Ensure that you enter a key ID and key value for each NTP server that you configured in the previous field.

    Subnet Settings

    Container Subnet field

    A dedicated, non-routed IP subnet that Catalyst Center on ESXi uses to manage internal services. By default, this is already set to 169.254.32.0/20, and you cannot enter another subnet.

    Cluster Subnet field

    A dedicated, non-routed IP subnet that Catalyst Center on ESXi uses to manage internal cluster services. By default, this is already set to 169.254.48.0/20, and you cannot enter another subnet.

    The Enter CLI Password page opens.

  6. Enter and confirm the password for the maglev user, then click Next.

    The wizard validates the information that you entered and notifies you of any settings that need to be changed before you can proceed with the wizard. If the settings you entered are valid, the wizard's Summary page opens.

    Note

     

    To download the appliance configuration as a JSON file, click the corresponding link.

  7. Scroll to the bottom of the screen and review all of the settings that you have entered while completing the wizard. If necessary, click the appropriate Edit link to open the wizard screen in which you want to make updates.

  8. To complete the configuration of your Catalyst Center on ESXi virtual appliance, click Start Configuration.

    The wizard screen continuously updates during the process, indicating the tasks that are currently being completed and their progress, as well as any errors that have occurred. To save a local copy of this information as a text file, click the Download link.

Step 5

After appliance configuration completes, click the copy icon to copy the default admin superuser password.

Important

 

Catalyst Center on ESXi automatically sets this password when you complete the Install configuration wizard. Ensure that you click the copy icon before you proceed. Otherwise, you will not be able to log in to Catalyst Center on ESXi for the first time.

Note

 

As a security measure, you'll be prompted to change this password after you log in. For more information, see Complete the Quick Start Workflow.


Configure a Virtual Appliance Using the Web UI Advanced Install Configuration Wizard for IPv4 Deployments

If you want to configure a virtual appliance using the browser-based Advanced Install configuration wizard and need to specify settings that are different from the preset appliance settings, complete the following procedure.


Important


Ensure that all of the IP addresses you enter while completing this procedure are valid IPv4 addresses with valid IPv4 netmasks. Also make sure that the addresses and their corresponding subnets do not overlap. Service communication issues can result if they do.


Before you begin

Ensure that you collected the following information:

  • Static IP address

  • Subnet mask

  • Default gateway

  • DNS address

  • NTP server details

  • Proxy server details

Ensure you are using a supported browser. See Deployment Requirements.

Ensure you enabled ICMP on the firewall between Catalyst Center on ESXi and both the default gateway and the DNS server you specify in the following procedure. The wizard uses ping to verify the gateway and DNS server you specify. This ping might get blocked if a firewall is in place and ICMP is not enabled on that firewall. When this happens, you will not be able to complete the wizard.

Procedure

Step 1

After deployment completes, power on the newly-created virtual machine:

  1. In the vSphere Web Client, right-click the virtual machine.

  2. Choose Power > Power On.

It takes around 90 to 120 minutes for the virtual machine to become operational. The actual time will depend on things like available bandwidth, RAM, hard disk space, and the number of vCPUs. You can monitor the progress in the vSphere Client's Recent Tasks tab.

Step 2

Launch either the remote console or web console by clicking the appropriate link.

Step 3

Open the Advanced Install Configuration wizard:

  1. In the STATIC IP CONFIGURATION page, do one of the following:

    • If you want a DHCP server to assign an IP address, subnet mask, and default gateway to your virtual appliance's Enterprise interface, click skip>>.

    • If you want to assign your own IP address, subnet mask, and default gateway to your virtual appliance's Enterprise interface, enter the information described in the following table and then click configure>>.

    IPv6 Mode check box

    IPv6 is supported. However, if you want to deploy IPv4, leave this check box unchecked.

    IP Address field

    Enter the static IP address that you want to use.

    Netmask field

    Enter either a netmask or CIDR address for the IP address you specified in the previous field.

    Default Gateway Address field

    Specify the default gateway that will be used to route traffic.

    Static Routes field

    You can't specify static routes when using this wizard, so leave this field blank.

    Note the URL listed in the Web Installation field. You'll need this for the next step.

  2. Open the URL that was displayed in the Static IP Configuration page.

  3. Click the Start a Catalyst Center Virtual Appliance radio button, then click Next.

  4. Click the Advanced Install radio button, then click Start.

    The Advanced Install Overview slider opens. Click > to view a summary of the tasks that the wizard will help you complete.

  5. Click Start Workflow to start the wizard.

    The Virtual Appliance Interface Overview page opens, providing a description of the four appliance interfaces that you can configure.

Step 4

Configure your virtual appliance by completing the Advanced Install Configuration wizard:

  1. Click Next.

    The How would you like to set up your appliance interfaces? page opens

    If your network resides behind a firewall, do the following:

    • Click the allow access to these URLs link to view a pop-up window that lists the URLs that Catalyst Center on ESXi must be able to access.

    • Click the open these ports link to view a pop-up window that lists the network service ports that must be available for Catalyst Center on ESXi to use.

    By default, the Enterprise Network Interface check box is already checked. It's also prepopulated with the values you entered in the STATIC IP CONFIGURATION page.

  2. Do the following for each appliance interface you want to use, then click Next:

    • Click its check box and enter the appropriate configuration values.

    • If necessary, click its Add/Edit Static Route link to configure static routes. Click + as needed to configure additional routes. When you're done, click Add.

    The DNS Configuration screen opens.

  3. Enter the IP address of the preferred DNS server, then click Next. To enter additional DNS servers, click the Add (+) icon.

    Important

     
    • For each node in your cluster, configure a maximum of three DNS servers. Problems can occur if you configure more than three DNS servers for an appliance.

    • For NTP, ensure port 123 (UDP) is open between Catalyst Center on ESXi and your NTP server.

    The Configure Proxy Server Information screen opens.

  4. Do one of the following and then click Next:

    • If your network does not use a proxy server to access the internet, click the No radio button.

    • If your network does use a proxy server to access the internet, enter the values described in the following table:

    Proxy Server field

    Enter the URL or host name of an HTTPS network proxy used to access the Internet.

    Note

     
    Connection from Catalyst Center on ESXi to the HTTPS proxy is supported only via HTTP in this release.

    Port field

    Enter the port your appliance used to access the network proxy.

    Username field

    Enter the user name used to access the network proxy. If no proxy login is required, leave this field blank.

    Password field

    Enter the password used to access the network proxy. If no proxy login is required, leave this field blank.

    The wizard validates the information you have entered and notifies you of any settings that need to be changed before you can proceed with the wizard. If the settings you have entered are valid and the port is up, the wizard's Advanced Appliance Settings screen opens.

  5. Enter configuration values for your appliance, then click Next.

    Cluster Virtual IP Addresses

    To access from Enterprise Network and For Intracluster Access fields

    Enter the virtual IP address configured for the Enterprise interface. If you configured a virtual IP address for the Management interface, enter this address as well (using a comma to separate the two IP addresses).

    Fully Qualified Domain Name (FQDN) field

    You can also specify the fully qualified domain name (FQDN) for your virtual appliance. Catalyst Center on ESXi uses this domain name to do the following:

    • It uses this hostname to access your virtual appliance’s web interface and the Representational State Transfer (REST) APIs used by devices in the enterprise network that Catalyst Center on ESXi manages.

    • In the Subject Alternative Name (SAN) field of Catalyst Center on ESXi certificates, it uses the FQDN to the define the Plug and Play server that should be used for device provisioning.

    NTP Server Settings

    NTP Server field

    Enter at least one NTP server address or hostname. To enter additional NTP server addresses or hostnames, click the Add (+) icon.

    For a production deployment, Cisco recommends that you configure a minimum of three NTP servers.

    Turn On NTP Authentication check box

    To enable the authentication of your NTP server before it's synchronized with Catalyst Center on ESXi, check this check box and then enter the following information:

    • The NTP server's key ID. Valid values range between 1 and 4294967295 (2^32-1).

      This value corresponds to the key ID that's defined in the NTP server's key file.

    • The SHA-1 key value associated with the NTP server's key ID. This 40-character hex string resides in the NTP server's key file.

    Note

     

    Ensure that you enter a key ID and key value for each NTP server that you configured in the previous field.

    Subnet Settings

    Container Subnet field

    A dedicated, non-routed IP subnet that Catalyst Center on ESXi uses to manage internal services. By default, this is already set to 169.254.32.0/20, and we recommend that you use this subnet.

    Cluster Subnet field

    A dedicated, non-routed IP subnet that Catalyst Center on ESXi uses to manage internal cluster services. By default, this is already set to 169.254.48.0/20, and we recommend that you use this subnet.

    The Enter CLI Password page opens.

  6. Enter and confirm the password for the maglev user, then click Next.

    The wizard validates the information you have entered and notifies you of any settings that need to be changed before you can proceed with the wizard. If the settings you have entered are valid, the wizard's Summary page opens.

    Note

     

    To download the appliance configuration as a JSON file, click the corresponding link.

  7. Scroll to the bottom of the screen and review all of the settings that you have entered while completing the wizard. If necessary, click the appropriate Edit link to open the wizard screen in which you want to make updates.

  8. To complete the configuration of your Catalyst Center on ESXi virtual appliance, click Start Configuration.

    The wizard screen continuously updates during the process, indicating the tasks that are currently being completed and their progress, as well as any errors that have occurred. To save a local copy of this information as a text file, click the Download link.

    It takes around 180 to 210 minutes for the virtual machine to become operational. The actual time will depend on things like available bandwidth, RAM, hard disk space, and the number of vCPUs. You can monitor the progress in the vSphere Client's Recent Tasks tab.

Step 5

After appliance configuration completes, click the copy icon to copy the default admin superuser password.

It can take from 15-30 mins for services to be stabilized before you can login to the UI.

Important

 

Catalyst Center on ESXi automatically sets this password when you complete the Install configuration wizard. Ensure that you click the copy icon before you proceed. Otherwise, you will not be able to log in to Catalyst Center on ESXi for the first time.

Note

 

As a security measure, you'll be prompted to change this password after you log in. For more information, see Complete the Quick Start Workflow.


Configure a Virtual Appliance Using the Web UI Advanced Install Configuration Wizard for IPv6 Deployments

If you want to configure a virtual appliance using the browser-based Advanced Install configuration wizard and need to specify settings that are different from the preset appliance settings, complete the following procedure.


Important


Ensure that all of the IP addresses you enter while completing this procedure are valid IPv4 addresses with valid IPv4 netmasks. Also make sure that the addresses and their corresponding subnets do not overlap. Service communication issues can result if they do.


Before you begin

Ensure that you collected the following information:

  • Static IP address

  • Subnet mask

  • Default gateway

  • DNS address

  • NTP server details

  • Proxy server details

Ensure that you are using a supported browser. See Deployment Requirements.

Ensure that you enabled ICMP on the firewall between Catalyst Center on ESXi and both the default gateway and the DNS server you specify in the following procedure. The wizard uses ping to verify the gateway and DNS server you specify. This ping might get blocked if a firewall is in place and ICMP is not enabled on that firewall. When this happens, you will not be able to complete the wizard.

Procedure

Step 1

After deployment completes, power on the newly-created virtual machine:

  1. In the vSphere Web Client, right-click the virtual machine.

  2. Choose Power > Power On.

It takes around 90 to 120 minutes for the virtual machine to become operational. The actual time will depend on things like available bandwidth, RAM, hard disk space, and the number of vCPUs. You can monitor the progress in the vSphere Client's Recent Tasks tab.

Step 2

Launch either the remote console or web console by clicking the appropriate link.

Step 3

Open the Advanced Install Configuration wizard:

  1. In the STATIC IP CONFIGURATION page, do one of the following:

    • If you want a DHCP server to assign an IP address, subnet mask, and default gateway to your virtual appliance's Enterprise interface, click skip>>.

    • If you want to assign your own IP address, subnet mask, and default gateway to your virtual appliance's Enterprise interface, enter the information described in the following table and then click configure>>.

    IPv6 Mode check box

    IPv6 is supported. However, if you want to deploy IPv4, leave this check box unchecked.

    IP Address field

    Enter the static IPv6 address that you want to use.

    Netmask field

    Enter either a netmask or CIDR address for the IP address you specified in the previous field.

    Default Gateway Address field

    Specify the default gateway that will be used to route traffic.

    Static Routes field

    You can't specify static routes when using this wizard, so leave this field blank.

    Note the URL listed in the Web Installation field. You'll need this for the next step.

  2. Open the URL that was displayed in the Static IP Configuration page.

  3. Click the Start a Catalyst Center Virtual Appliance radio button, then click Next.

  4. Click the Advanced Install radio button, then click Start.

    The Advanced Install Overview slider opens. Click > to view a summary of the tasks that the wizard will help you complete.

  5. Click Start Workflow to start the wizard.

    The Virtual Appliance Interface Overview page opens, providing a description of the four appliance interfaces that you can configure.

Step 4

Configure your virtual appliance by completing the Advanced Install Configuration wizard:

  1. Click Next.

    The How would you like to set up your appliance interfaces? page opens.

    If your network resides behind a firewall, do the following:

    • Click the allow access to these URLs link to view a pop-up window that lists the URLs that Catalyst Center on ESXi must be able to access.

    • Click the open these ports link to view a pop-up window that lists the network service ports that must be available for Catalyst Center on ESXi to use.

    By default, the Enterprise Network Interface check box is already checked. It's also prepopulated with the values you entered in the STATIC IP CONFIGURATION page.

  2. Do the following for each appliance interface you want to use, then click Next:

    • Click its check box and enter the appropriate configuration values.

    • If necessary, click its Add/Edit Static Route link to configure static routes. Click + as needed to configure additional routes. When you're done, click Add.

    The DNS Configuration screen opens.

  3. Enter the IP address of the preferred DNS server, then click Next. To enter additional DNS servers, click the Add (+) icon.

    Important

     
    • For each node in your cluster, configure a maximum of three DNS servers. Problems can occur if you configure more than three DNS servers for an appliance.

    • For NTP, ensure port 123 (UDP) is open between Catalyst Center on ESXi and your NTP server.

    The Configure Proxy Server Information screen opens.

  4. Do one of the following and then click Next:

    • If your network does not use a proxy server to access the internet, click the No radio button.

    • If your network does use a proxy server to access the internet, enter the values described in the following table:

    Proxy Server field

    Enter the URL or host name of an HTTPS network proxy used to access the Internet.

    Note

     
    Connection from Catalyst Center on ESXi to the HTTPS proxy is supported only via HTTP in this release.

    Port field

    Enter the port your appliance used to access the network proxy.

    Username field

    Enter the user name used to access the network proxy. If no proxy login is required, leave this field blank.

    Password field

    Enter the password used to access the network proxy. If no proxy login is required, leave this field blank.

    The wizard validates the information you have entered and notifies you of any settings that need to be changed before you can proceed with the wizard. If the settings you have entered are valid and the port is up, the wizard's Advanced Appliance Settings screen opens.

  5. Enter configuration values for your appliance, then click Next.

    Cluster Virtual IP Addresses

    To access from Enterprise Network and For Intracluster Access fields

    Enter the virtual IP address configured for the Enterprise interface. If you configured a virtual IP address for the Management interface, enter this address as well (using a comma to separate the two IP addresses).

    Fully Qualified Domain Name (FQDN) field

    You can also specify the fully qualified domain name (FQDN) for your virtual appliance. Catalyst Center on ESXi uses this domain name to do the following:

    • It uses this hostname to access your virtual appliance’s web interface and the Representational State Transfer (REST) APIs used by devices in the enterprise network that Catalyst Center on ESXi manages.

    • In the Subject Alternative Name (SAN) field of Catalyst Center on ESXi certificates, it uses the FQDN to the define the Plug and Play server that should be used for device provisioning.

    NTP Server Settings

    NTP Server field

    Enter at least one NTP server address or hostname. To enter additional NTP server addresses or hostnames, click the Add (+) icon.

    For a production deployment, Cisco recommends that you configure a minimum of three NTP servers.

    Turn On NTP Authentication check box

    To enable the authentication of your NTP server before it's synchronized with Catalyst Center on ESXi, check this check box and then enter the following information:

    • The NTP server's key ID. Valid values range between 1 and 4294967295 (2^32-1).

      This value corresponds to the key ID that's defined in the NTP server's key file.

    • The SHA-1 key value associated with the NTP server's key ID. This 40-character hex string resides in the NTP server's key file.

    Note

     

    Ensure that you enter a key ID and key value for each NTP server that you configured in the previous field.

    Subnet Settings

    Container Subnet field

    A dedicated, non-routed IPv6 subnet that Catalyst Center on ESXi uses to manage internal services. If you choose to enter another subnet, ensure that it does not conflict with or overlap any other subnet used by the Catalyst Center on ESXi internal network or an external network.

    Cluster Subnet field

    A dedicated, non-routed IP subnet that Catalyst Center on ESXi uses to manage internal cluster services. If you choose to enter another subnet, ensure that it does not conflict with or overlap any other subnet used by the Catalyst Center on ESXi internal network or an external network.

    The Enter CLI Password page opens.

  6. Enter and confirm the password for the maglev user, then click Next.

    The wizard validates the information you have entered and notifies you of any settings that need to be changed before you can proceed with the wizard. If the settings you have entered are valid, the wizard's Summary page opens.

    Note

     

    To download the appliance configuration as a JSON file, click the corresponding link.

  7. Scroll to the bottom of the screen and review all of the settings that you have entered while completing the wizard. If necessary, click the appropriate Edit link to open the wizard screen in which you want to make updates.

  8. To complete the configuration of your Catalyst Center on ESXi virtual appliance, click Start Configuration.

    The wizard screen continuously updates during the process, indicating the tasks that are currently being completed and their progress, as well as any errors that have occurred. To save a local copy of this information as a text file, click the Download link.

    It takes around 180 to 210 minutes for the virtual machine to become operational. The actual time will depend on things like available bandwidth, RAM, hard disk space, and the number of vCPUs. You can monitor the progress in the vSphere Client's Recent Tasks tab.

Step 5

After appliance configuration completes, click the copy icon to copy the default admin superuser password.

It can take from 15-30 mins for services to be stabilized before you can login to the UI.

Important

 

Catalyst Center on ESXi automatically sets this password when you complete the Install configuration wizard. Ensure that you click the copy icon before you proceed. Otherwise, you will not be able to log in to Catalyst Center on ESXi for the first time.

Note

 

As a security measure, you'll be prompted to change this password after you log in. For more information, see Complete the Quick Start Workflow.


Configure a Virtual Appliance Using the Interactive CC VA Launcher

To configure a Catalyst Center on ESXi virtual appliance using the CC VA Launcher, complete the following procedure.

Procedure

Step 1

From the location specified by Cisco, download the Catalyst Center on ESXi OVA file.

Step 2

From the same URL, download the CC VA Launcher bundle (DNAC-SW-Launcher-2.3.7.4-VA.tar.gz) and extract it.

The bundle contains the following files:

  • Launcher application: dnac-esxi-launcher

  • Configuration file for single network interface controller (NIC) deployments: config.json

  • Configuration file for dual network interface controller (NIC) deployments: config_dual_nic.json

  • Logger configuration file: log_config.json

  • License: LICENSE

Step 3

Start the CC VA Launcher in interactive mode by entering the command that's specific to your operating system:

  • macOS: ./dnac-esxi-launcher

  • Microsoft Windows: dnac-esxi-launcher.exe

  • Linux: ./dnac-esxi-launcher

Step 4

Complete the CC VA Launcher:

  1. For the host/vCenter server you want to deploy the virtual appliance on, enter its IP address, credentials, and SSL port number.

    The launcher will verify connectivity with the host/vCenter server.

  2. Enter the path to the Catalyst Center on ESXi OVA file.

    If you're specifying a Microsoft Windows path, use "\\" as the delimiter. Your path should look similar to the following example: C:\\Users\\dnac\\downloads\\esxi_10.ova

  3. Enter the name of the virtual machine you are going to create.

  4. Choose the provisioning format the virtual disk will use, then press Enter.

    The thick provisioned format is set by default, but both thin and thick provisioning formats are supported.

    Note

     

    For NFS datastores, thick provisioning is supported only if the underlying storage vendor supports it. If not, the datastore's default provisioning format will be picked during import.

  5. Choose one of the following discovery modes, then press Enter:

    Note

     

    This step is not applicable to standalone ESXi hosts. Proceed to Step 4h.

    • Discover all the VMware Datacenters: When selected, only the datacenters that you have access to and meet Catalyst Center on ESXi's memory, CPU reservation, and disk space requirements are listed.

    • List all available VMware Datacenters: When selected, all available datacenters are listed.

  6. Choose the datacenter you want to use, then press Enter.

    The discovery time will vary, depending on network latency and the number of entities in the target environment (host/cluster/virtual machine/datastore).

  7. If clusters or directly-attached hosts are available, you are prompted to choose the corresponding deployment target option:

    • If you choose the cluster option, suitable clusters and their unreserved resources are listed. Specify the cluster you want to use and proceed to Step 4h.

      Note

       

      A warning message is displayed if the cluster you chose does not have vSphere HA enabled, as well as the cluster's Distributed Resource Scheduler (DRS) status.

    • If you choose the directly-attached hosts option (or choose the cluster option and DRS is disabled), suitable hosts are listed. Specify the host you want to use and proceed to Step 4h.

      Note

       

      If DRS is enabled and a resource pool is found, you are prompted to confirm the resource pool's use in your deployment.

  8. The suitable datastores that are available, based on the disk provisioning format you chose previously, are listed. Specify the datastore you want to use.

    Note

     

    For NFS datastores, thick provisioning is supported only if the underlying storage vendor supports it. If not, the datastore's default provision will be picked during import.

  9. Enter either y or n to specify whether you want to configure the virtual appliance's Management interface.

    A list of available networks is displayed.

  10. Choose the network you want to use for the appliance's Enterprise interface.

    If you chose y in the previous step, you'll also need to choose the network you want to use for the appliance's Management interface.

  11. Enter the IP address and subnet mask for the Enterprise interface:

    • If you opted to configure only the Enterprise interface (by entering n in Step 4i), enter the IP address of the gateway to be used by the Enterprise interface.

    • If you entered y in Step 4i, enter y and then configure the default gateway that the Enterprise interface will use.

    Note

     

    The default gateway can be configured only for one of the appliance's interfaces. If you want to configure the default gateway on the Management interface, enter n.

  12. Enter y or n to specify whether you want to configure static routes for the Enterprise interface.

    If you enter y, enter the number of static routes you want to set up. Also enter each route in the following format: <network>/<netmask>/<gateway>.

  13. If you opted to configure the appliance's Management interface (by entering y in Step 4i), enter its IP address and subnet mask.

  14. If you entered n in Step 4k, enter the default gateway that the Management interface will use.

  15. Enter y or n to specify whether you want to configure static routes for the Management interface.

    If you enter y, enter the number of static routes you want to set up. Also enter each route in the following format: <network>/<netmask>/<gateway>.

  16. Enter y or n to specify whether you want to configure a proxy server.

    Note

     

    Only HTTP proxies are supported.

  17. If you entered y in the previous step, specify whether authentication has been enabled for your proxy server by entering y or n.

  18. If you entered y in the previous step, enter your proxy server's login credentials.

  19. Enter the number of DNS servers you want to configure.

    You must configure at least one server and can configure a maximum of three. If prompted, enter the IP address for the DNS servers you want to configure.

  20. Enter the number of NTP servers you want to configure.

    You must configure at least one server and can configure a maximum of three. If prompted, enter the IP address for the NTP servers you want to configure.

  21. Specify whether you want to configure a fully qualified domain name (FQDN) by entering y or n.

    If you enter y, enter the appropriate FQDN.

    Note

     

    Except for hyphens (-), the FQDN should not contain any special characters.

  22. Enter and then confirm the Maglev password. The password is used to access the shell and grant SSH access.

    The password must meet the following requirements:

    • Minimum length of eight characters.

    • Cannot contain a tab or a line break.

    • Contains characters from at least three of the following categories:

      • Uppercase letters (A–Z)

      • Lowercase letters (a–z)

      • Numbers (0–9)

      • Special characters (for example, ! or #)

    A summary of the settings you just entered are displayed.

  23. Start the deployment and configuration process by entering y.

    The launcher completes the following tasks:

    1. Imports the OVA file.

    2. Adds the interface to the virtual machine if you have opted to configure the Management interface.

    3. Applies the Catalyst Center on ESXi network configuration to the virtual machine.

    4. Checks whether the Enable Storage I/O Control and statistics collection option has been enabled and displays a message if it hasn't.

    5. Powers on the deployed virtual machine.

    Note

     

    The time necessary to complete deployment depends on the available network bandwidth and datastore throughput.

Step 5

After the Catalyst Center on ESXi virtual appliance powers on, log in to the host/vCenter server you deployed and open the virtual appliance's VMWare console.

A terminal shell opens after the virtual appliance boots up, which can take up to 60 minutes.

Step 6

Log in, using the same Maglev password you entered in Step 4v.

The default username is maglev.

Step 7

When all of the Catalyst Center on ESXi services are up, open a supported browser and type in the IP address you entered for the Enterprise interface in Step 4k. If you configured the Management interface, enter the IP address you entered for it in Step 4m.

Step 8

When prompted by the Catalyst Center on ESXi GUI, enter the default credentials (admin/maglev1@3) to log in.


Configuration File Parameters

The following table describes the parameters you need to enter values for in the config.json file.


Note


For optional parameters you are not using, enter an empty string (""). For example, if you don't want to specify an FQDN for the virtual appliance, its entry would look like this: "fqdn": ""


Category Configuration Parameter Description

Host/vCenter information (host_info)

ip (ip)1

IP address or FQDN of the vCenter or standalone ESXi host that the OVA will be imported to.

Note

 

You cannot specify a host that's managed by vCenter.

SSL Port (ssl_port)1

Port that HTTPS is configured for on the vCenter or ESXi host. The default port is 443.

Import configuration (import_info)

OVA file path (ova_path) 1

Directory where the Catalyst Center on ESXi OVA file was downloaded to.

Note

 

If you're specifying a Microsoft Windows path, use "\\" as the delimiter. Your path should look similar to the following example: C:\\Users\\dnac\\downloads\\esxi_10.ova

VM Name (vm_name) 1

Name of the VM.

Datacenter (data_center) 2

Name of the datacenter the virtual appliance OVA file will be imported to. This parameter is not applicable to standalone ESXi host deployments.

Cluster Name (cluster) 3

Name of the cluster where the virtual machine will reside.

Resource Pool (resource_pool)3

Resource pool in which the imported VM should be placed. This parameter is not applicable to ESXi host deployments.

Host Name (host_name)2

The ESXi host (managed by vCenter) in which the VM should be placed. This parameter is not applicable to standalone ESXi host deployments.

Datastore (datastore)1

Name of the datastore where the VMDK and other supporting files should be placed.

Disk Provision (disk_provision)1

The virtual disk's provisioning format. The thick provisioned format is set by default, but both thin and thick provisioning formats are supported.

Enterprise Network (network: enterprise_network)1

Name of the host network that will be mapped to the virtual machine's Enterprise network.

Management Network (network: management_network)4

Name of the host network that will be mapped to the virtual machine's Management network, which is used to access Catalyst Center on ESXi's GUI.(Optional)

Catalyst Center on ESXi configuration information (dnac_info)

IP Address (address)1

IP address of the virtual appliance's Enterprise network interface.

Subnet mask (netmask) 1

Subnet mask for the virtual appliance's Enterprise network interface.

Gateway (gateway)1,5

IP address of the Enterprise network interface's gateway.

Routes (routes)5

Static routes for the Enterprise interface. Enter routes in the following format: <network-IP-address>/<netmask>/<gateway-IP-address>. If you're specifying multiple routes, separate them with a comma (,).

IP Address (address)4

IP address of the virtual appliance's Management interface.

Subnet mask (netmask) 4

Subnet mask for the virtual appliance's Management network interface.

Gateway (gateway)1,5

IP address of the Management network interface's gateway.

Routes (routes)5

Static routes for the Management interface. Enter routes in the following format: <network-IP-address>/<netmask>/<gateway-IP-address>. If you're specifying multiple routes, separate them with a comma (,).

DNS servers (dns_servers)1

DNS servers used by the virtual appliance. Specify at least one server. You can specify a maximum of three servers, separated by commas.

HTTP Proxy (http_proxy)6

HTTP proxy the virtual appliance will use. When specifying the proxy, use the following format: http://IP-address-or-FQDN:port-number

Note

 

Keep the the proxy's username and password handy if authentication has been enabled.

NTP server (ntp)1

NTP servers used by the virtual appliance. Specify at least one server. You can specify a maximum of three servers, separated by commas.

FQDN (fqdn)6

Fully qualified domain name to be configured for the virtual appliance. Aside from hyphens, this name should not contain any special characters.

1 Mandatory parameter
2 Mandatory parameter that's applicable only to vCenter Server
3 Optional parameter that's applicable only to vCenter, and not stand-alone ESXi hosts
4 Mandatory parameter applicable only to dual NIC deployments
5 Optional parameter applicable only to dual NIC deployments
6 Optional parameter

Configure a Virtual Appliance Using the CC VA Launcher in Silent Mode

The CC VA Launcher's Silent mode allows you to deploy a Catalyst Center on ESXi virtual appliance using the settings specified in the config.json configuration file. This mode is useful when you want to integrate the launcher in your deployment automation workflow. To configure a virtual appliance using the launcher's silent mode, complete the following procedure.

Procedure

Step 1

From the location specified by Cisco, download the Catalyst Center on ESXi OVA file.

Step 2

From the same URL, download the launcher bundle (DNAC-SW-Launcher-2.3.7.4-VA.tar.gz) and extract it.

The bundle contains the following files:

  • Launcher application: dnac-esxi-launcher

  • Configuration file you need to update if you're only configuring the Enterprise interface: config.json

  • Configuration file you need to update if you're configuring both the Enterprise and Management interfaces: config_dual_nic.json

  • Logger configuration file: log_config.json

  • License: LICENSE

Step 3

Navigate to the directory where the CC VA Launcher bundle files were extracted and open the configuration file in a text editor.

  • For single NIC deployments, where you only want to configure the appliance's Enterprise interface, open config.json.

  • For dual NIC deployments, where you want to configure the appliance's Enterprise and Management interfaces, open config_dual_nic.json.

Step 4

For the parameters provided in the configuration file, enter the values specific to your deployment.

See Configuration File Parameters for more information.

Note

 

For optional parameters you are not using, enter an empty string (""). For example, if you don't want to specify an FQDN for the virtual appliance, its entry would look like this: "fqdn": ""

Step 5

Run the CC VA Launcher using the values you specified in the configuration file:

  1. If necessary, navigate back to the directory where the launcher bundle files were extracted.

  2. Enter the command that's specific to your operating system:

    • macOS: ./dnac-esxi-launcher config.json -c configuration-filename -u vCenter-or-host-username -p vCenter-or-host-password -l Maglev-password --proxy_user proxy-username --proxy_password proxy-password

    • Microsoft Windows: dnac-esxi-launcher.exe config.json -c configuration-filename -u vCenter-or-host-username -p vCenter-or-host-password -l Maglev-password --proxy_user proxy-username --proxy_password proxy-password

    • Linux: ./dnac-esxi-launcher config.json -c configuration-filename -u vCenter-or-host-username -p vCenter-or-host-password -l Maglev-password --proxy_user proxy-username --proxy_password proxy-password

    Note

     
    • If the host/vCenter server is installed with self-signed certificate, enter the following command instead to skip SSL certificate validation: ./dnac-esxi-launcher config.json -d -u vCenter-or-host-username -p vCenter-or-host-password -l Maglev-password (single NIC deployment) or ./dnac-esxi-launcher config_dual_nic.json -d -u vCenter-or-host-username -p vCenter-or-host-password -l Maglev-password (dual NIC deployment)

    • The --proxy_user and --proxy_password parameters are optional and only need to be entered if an authentication-based proxy is being used.

The CC VA Launcher completes the following tasks after it starts:

  • Verifies connectivity with the host/vCenter server.

  • Validates the target environment and configuration parameters.

  • Displays a configuration summary after successful validation.

  • Imports the OVA file.

  • If you opted to configure the Management interface, the launcher adds this interface to the imported virtual machine.

  • Applies the Catalyst Center on ESXi network configuration to the virtual machine.

  • Checks whether the Enable Storage I/O Control and statistics collection option has been enabled and displays a message if it hasn't.

  • Powers on the deployed virtual machine.

The deployment time will vary, depending on the available network bandwidth and target datastore's throughput.

Step 6

After the virtual appliance powers on, enter the host/vCenter server's credentials to open the appliance's VMware console.

It can take up to an hour for the a terminal shell to open.

Step 7

Log in, using maglev as the username and the password you specified in Step 5.

Step 8

After all of the Catalyst Center on ESXi services come up, use a supported browser to open the IP address you specified for the Enterprise interface in the configuration file.

Step 9

Log in, using admin as the username and maglev1@3 as the password.


Complete the Quick Start Workflow

After you have deployed and configured a Catalyst Center on ESXi virtual appliance, you can log in to its GUI. Use a compatible, HTTPS-enabled browser when accessing Catalyst Center on ESXi.

When you log in for the first time as the admin superuser (with the username admin and the SUPER-ADMIN-ROLE assigned), the Quick Start workflow automatically starts. Complete this workflow to discover the devices that Catalyst Center on ESXi will manage and enable the collection of telemetry from those devices.

Before you begin

To log in to Catalyst Center on ESXi and complete the Quick Start workflow, you will need:

Procedure

Step 1

Do one of the following:

  • If you completed either of the Maglev Configuration wizards, access the Catalyst Center on ESXi GUI by using HTTPS:// and the IP address of the Catalyst Center on ESXi GUI that was displayed at the end of the configuration process.

  • If you completed either of the browser-based configuration wizards, click Open Catalyst Center Virtual Appliance on the wizard's last page.

One of the following messages appears (depending on the browser you are using):

  • Google Chrome: Your connection is not private

  • Mozilla Firefox: Warning: Potential Security Risk Ahead

Step 2

Ignore the message and click Advanced.

One of the following messages appears:

  • Google Chrome:
    This server could not prove that it is GUI-IP-address; its security certificate is not trusted by your computer's
     operating system. This may be caused by a misconfiguration or an attacker intercepting your connection.
  • Mozilla Firefox:
    Someone could be trying to impersonate the site and you should not continue.
    Websites prove their identity via certificates.
    Firefox does not trust GUI-IP-address because its certificate issuer is unknown,
    the certificate is self-signed, or the server is not sending the correct intermediate certificates.

These messages appear because the controller uses a self-signed certificate. For information on how Catalyst Center on ESXi uses certificates, see the "Certificate and Private Key Support" section in the Cisco Catalyst Center Administrator Guide.

Step 3

Ignore the message and do one of the following:

  • Google Chrome: Click the Proceed to GUI-IP-address (unsafe) link.

  • Mozilla Firefox: Click Accept the Risk and Continue.

Step 4

Click Log In.

The Catalyst Center on ESXi login screen appears.

Step 5

Do one of the following and then click Login:

  • If you completed either of the Maglev configuration wizards or the browser-based Install configuration wizard, enter the admin's username (admin) and password (maglev1@3).

  • If you completed the browser-based Advanced Install configuration wizard, enter the admin's username (admin) and password that you set when you configured your Catalyst Center on ESXi appliance.

In the next screen, you are prompted to configure a new admin user (as the default credentials used to log in for the first time will be deleted).

Step 6

Do the following in the resulting dialog box, then click Submit.

  • In the Roles drop-down list, ensure that the SUPER-ADMIN user role is selected.

  • Enter the new admin user's username.

  • Enter and then confirm the new admin user's password.

Step 7

Click Log In.

The Catalyst Center on ESXi login screen appears.

Step 8

Enter the username and password you configured for the new admin user, then click Login.

Step 9

Enter your cisco.com username and password (which are used to register software downloads and receive system communications) and then click Next.

Note

 

If you don't want to enter these credentials at this time, click Skip instead.

The Terms & Conditions screen opens, providing links to the software End User License Agreement (EULA) and any supplemental terms that are currently available.

Step 10

After reviewing these documents, click Next to accept the EULA.

The Quick Start Overview slider opens. Click > to view a description of the tasks that the Quick Start workflow will help you complete in order to start using Catalyst Center on ESXi.

Step 11

Complete the Quick Start workflow:

  1. Click Let's Do it.

  2. In the Discover Devices: Provide IP Ranges page, enter the following information and then click Next:

    • The name for the device discovery job.

    • The IP address ranges of the devices you want to discover. Click + to enter additional ranges.

    • Specify whether you want to designate your appliance's loopback address as its preferred management IP address. For more information, see the "Preferred Management IP Address" topic in the Cisco Catalyst Center User Guide.

  3. In the Discover Devices: Provide Credentials screen, enter the information described in the following table for the type of credentials you want to configure and then click Next:

    GUI Components

    Description

    CLI (SSH) Credentials

    Username field

    Username used to log in to the CLI of the devices in your network.

    Password field

    Password used to log in to the CLI of the devices in your network. The password you enter must be at least eight characters long.

    Name/Description field

    Name or description of the CLI credentials.

    Enable Password field

    Password used to enable a higher privilege level in the CLI. Configure this password only if your network devices require it.

    SNMP Credentials

    SNMPv2c radio button

    Click to use SNMPv2c credentials.

    SNMPv3 radio button

    Click to use SNMPv3 credentials.

    SNMP Credentials: SNMPv2c

    SNMPv2c Type drop-down list

    Choose either read or write community strings when SNMPv2c credentials are being used.

    Name/Description field

    Name or description of the SNMPv2c read or write community string.

    Community String field

    Read-only community string password used only to view SNMP information on the device.

    SNMP Credentials: SNMPv3

    Name/Description field

    Name or description of the SNMPv3 credentials.

    Username field

    Username associated with the SNMPv3 credentials.

    Mode field

    Security level that SNMP messages require:

    • No Authentication, No Privacy (noAuthnoPriv): Does not provide authentication or encryption.

    • Authentication, No Privacy (authNoPriv): Provides authentication, but does not provide encryption.

    • Authentication and Privacy (authPriv): Provides both authentication and encryption.

    Authentication Password field

    Password required to gain access to information from devices that use SNMPv3. The password must be at least eight characters in length. Note the following points:

    • Some wireless controllers require that passwords be at least 12 characters long. Be sure to check the minimum password requirements for your wireless controllers. Failure to ensure these required minimum character lengths for passwords results in devices not being discovered, monitored, or managed by Catalyst Center on ESXi.

    • Passwords are encrypted for security reasons and are not displayed in the configuration.

    Authentication Type field

    Hash-based Message Authentication Code (HMAC) type used when either Authentication and Privacy or Authentication, No Privacy is set as the authentication mode:

    • SHA: HMAC-SHA authentication.

    • MD5: HMAC-MD5 authentication.

    Privacy Type field

    Privacy type. (Enabled if you select Authentication and Privacy as Mode.) Choose one of the following privacy types:

    • AES128: 128-bit CBC mode AES for encryption.

    • AES192: 192-bit CBC mode AES for encryption on Cisco devices.

    • AES256: 256-bit CBC mode AES for encryption on Cisco devices.

    Note

     
    • Privacy types AES192 and AES256 are supported only for use with Discovery and Inventory features. Assurance features are not supported.

    • Privacy type AES128 is supported for Discovery, Inventory, and Assurance.

    Privacy Password field

    SNMPv3 privacy password that is used to generate the secret key for encrypting messages that are exchanged with devices supported with AES128, AES192, and AES256 encryption standards. Passwords (or passphrases) must be at least eight characters long.

    Note the following points:

    • Some wireless controllers require that passwords be at least 12 characters long. Be sure to check the minimum password requirements for your wireless controllers. Failure to ensure these required minimum character lengths for passwords results in devices not being discovered, monitored, or managed by Catalyst Center on ESXi.

    • Passwords are encrypted for security reasons and are not displayed in the configuration.

    NETCONF

    Port field

    The NETCONF port that Catalyst Center on ESXi should use in order to discover wireless controllers that run Cisco IOS-XE.

  4. In the Create Site screen, group the devices you are going to discover into one site in order to facilitate telemetry and then click Next.

    You can enter the site's information manually or click the location you want to use in the provided map.

  5. In the Enable Telemetry screen, check the network components that you want Catalyst Center on ESXi to collect telemetry for and then click Next.

  6. In the Summary screen, review the settings that you have entered and then do one of the following:

    • If you want to make changes, click the appropriate Edit link to open the relevant screen.

    • If you're happy with the settings, click Start Discovery and Telemetry. Catalyst Center on ESXi validates your settings to ensure that they will not result in any issues. After validation is complete, the screen updates.

      Catalyst Center on ESXi begins the process of discovering your network's devices and enabling telemetry for the network components you selected. The process will take a minimum of 30 minutes (more for larger networks).

  7. Click Launch Homepage to open the Catalyst Center on ESXi homepage.

    From here, you can monitor the progress of device discovery and telemetry enablement. While these tasks are completing, do one or more of the following:

    • To open the Discoveries page and confirm that the devices in your network have been discovered, click the menu icon and choose Tools > Discovery.

    • To verify that the credentials you entered previously have been configured for your site, click the menu icon and choose Design > Network Settings. Then click the Device Credentials tab.

    • To view any tasks (such as a weekly scan of the network for security advisories) that Catalyst Center on ESXi has already scheduled to run, click the menu icon and choose Activities. Then click the Tasks tab.

    • To access guided workflows that will help you set up and maintain your network, click the menu icon and choose Workflows.


Postdeployment Configurations

After deploying a virtual appliance, you'll need to complete the following postdeployment tasks to run the appliance.

Enable VM Restart Priority

If VMware vSphere HA is enabled in your environment, complete the following procedure to ensure that the virtual appliance's VM is prioritized to power on first during an HA failover.

Procedure

Step 1

In the vSphere Client's navigation pane, click the HA cluster.

Step 2

Click the Configure tab.

Step 3

Choose Configuration > VM Overides and then click Add.

Step 4

Click the virtual machine you want to apply overrides to and then click OK.

Step 5

In the vSphere HA area's VM Restart Priority field, do the following:

  1. Check the Override check box.

  2. From the drop-down list, choose High.

Step 6

Click Finish.


Configure Authentication and Policy Servers

Catalyst Center uses AAA servers for user authentication and Cisco ISE for both user authentication and access control. Use this procedure to configure AAA servers, including Cisco ISE.

Before you begin

If you are using Cisco ISE to perform both policy and AAA functions, make sure that Catalyst Center and Cisco ISE are integrated.

If you are using another product (not Cisco ISE) to perform AAA functions, make sure to do the following:

  • Register Catalyst Center with the AAA server, including defining the shared secret on both the AAA server and Catalyst Center.

  • Define an attribute name for Catalyst Center on the AAA server.

  • For a Catalyst Center multihost cluster configuration, define all individual host IP addresses and the virtual IP address for the multihost cluster on the AAA server.

Before you configure Cisco ISE, confirm that:

  • You have deployed Cisco ISE on your network. For information on supported Cisco ISE versions, see the Cisco Catalyst Center Compatibility Matrix. For information on installing Cisco ISE, see the Cisco Identity Services Engine Install and Upgrade guides.

  • If you have a standalone Cisco ISE deployment, you must integrate Catalyst Center with the Cisco ISE node and enable the pxGrid service and External RESTful Services (ERS) on that node.


    Note


    Although pxGrid 2.0 allows up to four pxGrid nodes in the Cisco ISE deployment, Catalyst Center releases earlier than 2.2.1.x do not support more than two pxGrid nodes.


  • If you have a distributed Cisco ISE deployment:

    You must integrate Catalyst Center with the primary policy administration node (PAN), and enable ERS on the PAN.


    Note


    We recommend that you use ERS through the PAN. However, for backup, you can enable ERS on the Policy Service Nodes (PSNs).


    You must enable the pxGrid service on one of the Cisco ISE nodes within the distributed deployment. Although you can choose to do so, you do not have to enable pxGrid on the PAN. You can enable pxGrid on any Cisco ISE node in your distributed deployment.

    The PSNs that you configure in Cisco ISE to handle TrustSec or SD Access content and Protected Access Credentials (PACs) must also be defined in Work Centers > Trustsec > Trustsec Servers > Trustsec AAA Servers. For more information, see the Cisco Identity Services Engine Administrator Guide.

  • You must enable communication between Catalyst Center and Cisco ISE on the following ports: 443, 5222, 8910, and 9060.

  • The Cisco ISE host on which pxGrid is enabled must be reachable from Catalyst Center on the IP address of the Cisco ISE eth0 interface.

  • The Cisco ISE node can reach the fabric underlay network via the appliance's NIC.

  • The Cisco ISE admin node certificate must contain the Cisco ISE IP address or the fully qualified domain name (FQDN) in either the certificate subject name or the Subject Alternative Name (SAN).

  • The Catalyst Center system certificate must list both the Catalyst Center appliance IP address and FQDN in the SAN field.


    Note


    For Cisco ISE 2.4 Patch 13, 2.6 Patch 7, and 2.7 Patch 3, if you are using the Cisco ISE default self-signed certificate as the pxGrid certificate, Cisco ISE might reject that certificate after applying those patches. This is because the older versions of that certificate have the Netscape Cert Type extension specified as the SSL server, which now fails (because a client certificate is required).

    This issue doesn’t occur in Cisco ISE 3.0 and later. For more information, see the Cisco ISE Release Notes.


Procedure


Step 1

From the top-left corner, click the menu icon and choose System > Settings > External Services > Authentication and Policy Servers.

The System menu shows the following options: System 360, Software Management, Backup & Restore, Settings, Data Platform, and Users & Roles, with an emphasis on Settings.

Step 2

From the Add drop-down list, choose AAA or ISE.

The Authentication and Policy servers page shows the options to add an AAA or ISE server.

Step 3

To configure the primary AAA server, enter the following information:

  • Server IP Address: IP address of the AAA server.

  • Shared Secret: Key for device authentications. The shared secret must contain from 4 to 100 characters. It cannot contain a space, question mark (?), or less-than angle bracket (<).

    The AAA sever slide-in pane shows the server IP address field, shared secret field, and option to enable advanced settings.

Step 4

To configure a Cisco ISE server, enter the following details:

  • Server IP Address: IP address of the Cisco ISE server.

  • Shared Secret: Key for device authentications. The shared secret must contain from 4 to 100 characters. It cannot contain a space, question mark (?), or less-than angle bracket (<).

  • Username: Username that is used to log in to Cisco ISE via HTTPS.

  • Password: Password for the Cisco ISE HTTPS username.

    Note

     

    The username and password must be an ISE admin account that belongs to the Super Admin.

  • FQDN: Fully qualified domain name (FQDN) of the Cisco ISE server.

    Note

     
    • We recommend that you copy the FQDN that is defined in Cisco ISE (Administration > Deployment > Deployment Nodes > List) and paste it directly into this field.

    • The FQDN that you enter must match the FQDN, Common Name (CN), or Subject Alternative Name (SAN) defined in the Cisco ISE certificate.

    The FQDN consists of two parts, a hostname and the domain name, in the following format:

    hostname.domainname.com

    For example, the FQDN for a Cisco ISE server can be ise.cisco.com.

  • Virtual IP Address(es): Virtual IP address of the load balancer behind which the Cisco ISE policy service nodes (PSNs) are located. If you have multiple PSN farms behind different load balancers, you can enter a maximum of six virtual IP addresses.

    The Add ISE server slide-in pane displays the following configurable fields: server IP address, shared secret, username, password, FDQN, and virtual IP address(es), with the option to enable advanced settings.

Step 5

Click Advanced Settings and configure the settings:

  • Connect to pxGrid: Check this check box to enable a pxGrid connection.

    If you want to use the Catalyst Center system certificate as the pxGrid client certificate (sent to Cisco ISE to authenticate the Catalyst Center system as a pxGrid client), check the Use Catalyst Center Certificate for pxGrid check box. You can use this option if all the certificates that are used in your operating environments must be generated by the same Certificate Authority (CA). If this option is disabled, Catalyst Center will send a request to Cisco ISE to generate a pxGrid client certificate for the system to use.

    When you enable this option, ensure that:

    • The Catalyst Center certificate is generated by the same CA as is in use by Cisco ISE (otherwise, the pxGrid authentication fails).

    • The Certificate Extended Key Use (EKU) field includes "Client Authentication."

  • Protocol: TACACS and RADIUS (the default). You can select both protocols.

    Attention

     

    If you do not enable TACACS for a Cisco ISE server here, you cannot configure the Cisco ISE server as a TACACS server under Design > Network Settings > Servers when configuring a AAA server for network device authentication.

  • Authentication Port: UDP port used to relay authentication messages to the AAA server. The default UDP port used for authentication is 1812.

  • Accounting Port: UDP port used to relay important events to the AAA server. The default is UDP port 1812.

  • Port: TCP port used to communicate with the TACACS server. The default TCP port used for TACACS is 49.

  • Retries: Number of times that Catalyst Center attempts to connect with the AAA server before abandoning the attempt to connect. The default number of attempts is 3.

  • Timeout: The time period for which the device waits for the AAA server to respond before abandoning the attempt to connect. The default timeout is 4 seconds.

Note

 

After the required information is provided, Cisco ISE is integrated with Catalyst Center in two phases. It takes several minutes for the integration to complete. The phase-wise integration status is shown in the Authentication and Policy Servers window and System 360 window.

Cisco ISE server registration phase:

  • Authentication and Policy Servers window: "In Progress"

  • System 360 window: "Primary Available"

pxGrid subscriptions registration phase:

  • Authentication and Policy Servers window: "Active"

  • System 360 window: "Primary Available" and "pxGrid Available"

If the status of the configured Cisco ISE server is shown as "FAILED" due to a password change, click Retry, and update the password to resynchronize the Cisco ISE connectivity.

The Add ISE server dialog box shows the configurable settings when adding an ISE server.

Step 6

Click Add.

Step 7

To add a secondary server, repeat the preceding steps.

Step 8

To view the Cisco ISE integration status of a device, do the following:

  1. From the top-left corner, click the menu icon and choose Provision > Inventory.

    The Inventory window displays the device information.

  2. From the Focus drop-down menu, choose Provision.

  3. In the Devices table, the Provisioning Status column displays information about the provisioning status of your device (Success, Failed, or Not Provisioned).

    Click See Details to open a slide-in pane with additional information.

    The list of authentication and policy servers is displayed, and the IP address, protocol, type, status, and available actions are shown for each server.
  4. In the slide-in pane that is displayed, click See Details.

    The slide-in pane shows the app name, configuration time and date, and description with the option to see details.
  5. Scroll down to the ISE Device Integration tile to view detailed information about the integration status of the device.

    The ISE Device Configuration tile shows the date and time for the integration status of the device.

High Availability

VMware vSphere High Availability (HA) provides high availability for Catalyst Center on ESXi by linking the virtual machines and their hosts in the same vSphere cluster. vSphere HA requires shared storage to function. If a host failure occurs, the virtual machines restart on alternate hosts. vSphere HA responds to the failure based on its configuration, and vSphere HA detects the failure at the following levels:

  • Host level

  • Virtual machine (VM) level

  • Application level

In the current release, Catalyst Center only supports high availability for host-level failures.

Configure VMware vSphere HA for Host-Level Failures

To configure vSphere HA for host-level failures, complete the following procedure.

Before you begin

For the Catalyst Center virtual machine to take over from the failed hosts, at least two hosts must have the unreserved CPU/Memory resources described in the Cisco Catalyst Center on ESXi Release Notes.


Note


Enable HA Admission Control with the appropriate configuration to ensure that the Catalyst Center virtual machine has sufficient resources to take over for the failed host. The configuration should allow the virtual machine to be restarted on another host without any impact to the system. If the necessary resources are not reserved, the virtual machine restarted on the failover host may fail due to resource shortage.


Procedure

Step 1

Log in to the vSphere Client.

Step 2

Choose the appropriate Catalyst Center cluster in the device menu.

Step 3

To configure the cluster, choose Configure > Services > vSphere Availability.

Step 4

From the top-right corner, click Edit.

Step 5

Click the toggle button to enable vSphere HA.

Step 6

Choose Failures and responses and configure the following settings:

  1. Click the toggle button to enable Host Monitoring.

  2. Go to the Host Failure Response drop-down list and choose Restart VMs.

Configuration settings for vSphere HA, host monitoring, and host failure response.

Step 7

Click OK.


Configure Catalyst Center on ESXi Virtual Machine for Priority Restart

For the Catalyst Center on ESXi virtual machine to have priority restart upon host failure, complete the following procedure.

Procedure

Step 1

Log in to the vSphere Client.

Step 2

Choose the appropriate Catalyst Center on ESXi cluster in the device menu.

Step 3

To configure the cluster, choose Configure > VM Overrides > ADD.

Step 4

In the Select a VM window, choose the deployed Catalyst Center on ESXi virtual machine.

Step 5

Click OK.

Step 6

In the Add VM Override window, go to vSphere HA > VM Restart Priority and configure the following settings:

  1. Check the Override check box.

  2. From the drop-down list, choose Highest.

Configuration settings for vSphere HA virtual machine restart priority.

Step 7

Click FINISH.


Backup and Restore

You can use the backup and restore functions to create the backup files and to restore to the same or different virtual appliance (if required for your network configuration).

Automation and Assurance data are unified to use a single data storage device. The data can be stored on a physical disk that is attached to the virtual machine or on a remote Network File System (NFS) server.

Backup

You can back up both automation and Assurance data.

Automation data consists of Catalyst Center databases, credentials, file systems, and files. The automation backup is always a full backup.

Assurance data consists of network assurance and analytics data. The first backup of Assurance data is a full backup. After that, backups are incremental.


Note


Do not modify the backup files. If you do, you might not be able to restore the backup files to Catalyst Center on ESXi.


Catalyst Center on ESXi creates the backup files and posts them to a physical disk or an NFS server.

You can add multiple physical disks for backup. If the previous backup disk runs out of disk space, you can use the other added disks for backup. For information on how to add a physical disk, see Add a Physical Disk for Backup and Restore. You must change the disk in the System > Settings > Backup Configuration window, and save changes for the new disk to be used as a backup location. For information on how to change the physical disk, see Configure the Location to Store Backup Files.

You can also add multiple NFS servers for backup. For information on how to add an NFS server, see Add the NFS Server. You must change the NFS server in the System > Settings > Backup Configuration window, and save changes for the new NFS server to be used as a backup location. For information on how to change the NFS server, see Configure the Location to Store Backup Files.


Note


Only a single backup can be performed at a time. Performing multiple backups at once is not supported.


When a backup is being performed, you cannot delete the files that have been uploaded to the backup server, and changes that you make to these files might not be captured by the backup process.

We recommend the following:

  • Perform a daily backup to maintain a current version of your database and files.

  • Perform a backup after making changes to your configuration, for example, when changing or creating a new policy on a device.

  • Perform a backup only during a low-impact or maintenance period.

You can schedule weekly backups on a specific day of the week and time.

Restore

You can restore backup files from the physical disk or NFS server using Catalyst Center on ESXi.

Catalyst Center on ESXi supports cross-version backup and restore; that is, you can create a backup on one version of Catalyst Center on ESXi and restore it to another version of Catalyst Center on ESXi. For example, a backup on Catalyst Center on ESXi 2.3.7.0-75530 version can be restored to Catalyst Center on ESXi 2.3.7.3-75176 version. The same applies to the later releases of Catalyst Center on ESXi.


Note


A backup created on a virtual machine can only be restored on a virtual machine with the same or later software version.


When you restore the backup files, Catalyst Center on ESXi removes and replaces the existing database and files with the backup database and files. While a restore is being performed, Catalyst Center on ESXi is unavailable.

You can restore the backup files of a failed or faulty virtual appliance. For more information, see Restore Data from a Physical Disk for a Faulty Virtual Appliance and Restore Data from an NFS Server for a Faulty Virtual Appliance.

Also, you can restore a backup to a Catalyst Center on ESXi appliance with a different IP address.


Note


After a backup and restore of Catalyst Center on ESXi, you must access the Integration Settings window and update (if necessary) the Callback URL Host Name or IP Address.


Backup and Restore Event Notifications

You can receive a notification whenever a backup or restore event takes place. To configure and subscribe to these notifications, complete the steps described in the "Work with Event Notifications" topic of the Cisco Catalyst Center Platform User Guide. When completing this procedure, ensure that you select and subscribe to the SYSTEM-BACKUP and SYSTEM-RESTORE events.

Operation Event

Backup

The process to create a backup file for your system has started.

A backup file could not be created for your system.

  • This event typically happens because the necessary disk space is not available on remote storage.

  • You encountered connectivity issues or latency while creating a backup file on your system.

Restore

The process to restore a backup file has started.

The restoration of a backup file failed.

  • This event typically happens because the backup file has become corrupted.

  • You encountered connectivity issues or latency while creating a backup file from your system.

NFS Backup Server Requirements

To support data backups on the NFS server, the server must be a Linux-based NFS server that meets the following requirements:

  • Support NFS v4 and NFS v3. (To verify this support, from the server, enter nfsstat -s.)

  • Have read and write permissions on the NFS export directory.

  • Have a stable network connection between Catalyst Center on ESXi and the NFS server.

  • Have sufficient network speed between Catalyst Center on ESXi and the NFS server.


Note


You cannot use an NFS-mounted directory as the backup server. A cascaded NFS mount adds a layer of latency and is therefore not supported.


Requirements for Multiple Catalyst Center on ESXi Deployments

If your network includes multiple Catalyst Center clusters, the following example configuration shows how to name your NFS server backup directory structure:

Resource Example Configuration

Catalyst Center on ESXi clusters

  1. cluster1

  2. cluster2

Backup server hosting automation and Assurance backups

The example directory is /data/, which has ample space to host both types of backups.

NFS export configuration

The content of the /etc/exports file:

/data/cluster1 *(rw,sync,no_subtree_check,all_squash)
/data/cluster2 *(rw,sync,no_subtree_check,all_squash)

Backup Physical Disk Nomenclature

To use a physical disk for backup, you must add a physical disk to the virtual machine. To easily identify the physical disks for backups, UUID is used.

UUID is a unique identifier that is associated with the disk, which does not change across reboots. A disk that is removed and added to a different cluster will have the same UUID, as long as it is not formatted again.

The disk is explicitly labeled as mks-managed.

You can view the physical disks available for backup in the System > Settings > Backup Configuration window, under the Mount Path drop-down list.

Hover over the i icon to view the physical disk nomenclature, which is shown in the following format:

/data/external/disk-<uuid>

Backup Storage Requirements

Catalyst Center on ESXi stores backup copies of Assurance and automation data on a physical disk that is attached to the virtual machine or a remote NFS server. You must allocate enough external storage for your backups to cover the required retention. We recommend the following storage.

Virtual Appliance Assurance Data Storage (14 Days Incremental)

Automation Data Storage (Daily Full)

Physical Disk/NFS Server (Assurance and Automation) Storage

DN-SW-APL

1.75 TB

50 GB

1.75 TB + 50 GB

Additional notes:

  • The preceding table assumes fully loaded virtual appliance configurations that support the maximum number of access points and network devices for each appliance.

  • The automation backup sizing is estimated for one daily backup. If you want to retain backups for additional days, multiply the required storage by the additional number of days. For example, if you have a DN-SW-APL virtual appliance and you want to store five copies of automation data backups generated once each day, the total storage required is 5 * 50 GB = 250 GB.

  • The total backup time varies depending on your daily data load and the amount of historical data that you want to retain.

  • The write path to Catalyst Center depends on the network throughput from Catalyst Center to the NFS server. The NFS server must have a throughput of at least 100 MB/sec.

  • As with any other IT service, monitoring NFS performance is required to ensure optimal performance.

Add a Physical Disk for Backup and Restore

Use this procedure to add a physical disk that can be used for backup and restore operations.

Procedure

Step 1

If your appliance is running on the machine that's hosting Catalyst Center on ESXi, power off the appliance's virtual machine.

The Power menu shows the available power options for the virtual machine, with power off emphasized.

Step 2

Log in to VMware vSphere.

Step 3

From the vSphere client's left pane, right-click the ESXi host and then choose Edit Settings.

The Edit Settings option in the list of available actions.

Step 4

In the Edit Settings dialog box, click Add New Device and then choose Hard Disk.

The Hard Disk option in the Add New Device drop-down list.

Step 5

In the New Hard disk field, enter the desired storage size.

The New Hard disk field shows the storage size set to 125 GB.

Note

 

For information on the recommended storage space for backup, see Backup Storage Requirements.

Step 6

Click OK.

Step 7

Power on the appliance's virtual machine.

The Power On option is shown in the list of available actions.

What to do next

You can now configure the added physical disk for backup. For information on how to configure the physical disk, see Configure the Location to Store Backup Files.

Add the NFS Server

Catalyst Center allows you to add multiple Network File System (NFS) servers for backup purposes. Use this procedure to add an NFS server that can be used for the backup operation.

Procedure

Step 1

From the top-left corner, click the menu icon and choose System > Settings > Backup Configuration.

Step 2

Click the Add NFS link.

Step 3

In the Add NFS slide-in pane, do the following:

  1. Enter the Server Host and Source Path in the respective fields.

  2. Choose NFS Version from the drop-down list.

  3. The Port is added by default. You can leave the field empty.

  4. (Optional) Enter the Port Mapper number.

  5. Click Save.

    The Add NFS slide-in pane displays the server host, source path, NFS version, port, and port number fields.

Step 4

Click View NFS to view the available NFS servers.

The Backup Configuration page shows the NFS server details.

The NFS slide-in pane displays the list of NFS servers, along with details.

The NFS List shows the following for each NFS server: server host, source path, mount path, NFS version, port, and port mapper.

Step 5

In the NFS slide-in pane, click the ellipsis under Actions to Delete the NFS server.

Note

 

You can delete the NFS server only when there is no backup job in progress.

The delete option for an NFS server.

What to do next

Configure the added NFS server for backup. For more information, see Configure the Location to Store Backup Files.

Configure the Location to Store Backup Files

Catalyst Center allows you to configure backups for automation and Assurance data.

Use this procedure to configure the storage location for backup files.

Before you begin

Make sure that the following requirements are met:

  • Only a user with SUPER-ADMIN-ROLE permissions can perform this procedure.

  • The data backup server must meet the requirements described in NFS Backup Server Requirements.

Procedure

Step 1

From the top-left corner, click the menu icon and choose System > Settings > System Configuration > Backup Configuration.

You can choose a physical disk or NFS server as your backup location.

The Backup Configuration page shows the physical disk option, mount path, encryption passphrase, and backup retention.

Step 2

Physical Disk: Catalyst Center provides an option to mount an external disk to the virtual machine, to store a backup copy of Assurance and automation data. To configure a physical disk, click the Physical Disk radio button and define the following settings:

Note

 

The physical disk option is only supported for single-node virtual machines.

Field Description

Mount Path

Location of the external disk.

Encryption Passphrase

Passphrase used to encrypt the security-sensitive components of the backup. These security-sensitive components include certificates and credentials.

This passphrase is required, and you will be prompted to enter this passphrase when restoring the backup files. Without this passphrase, backup files are not restored.

Backup Retention

Number of backups for which the data is retained.

Data older than the specified number of backups is deleted.

Step 3

NFS: Catalyst Center creates the backup files and posts them to a remote NFS server. For information about the remote server requirements, see NFS Backup Server Requirements. To configure an NFS backup server, click the NFS radio button and define the following settings:

Field Description

Mount Path

Location of the remote server.

Encryption Passphrase

Passphrase used to encrypt the security-sensitive components of the backup. These security-sensitive components include certificates and credentials.

This passphrase is required, and you will be prompted to enter this passphrase when restoring the backup files. Without this passphrase, backup files are not restored.

Backup Retention

Number of backups for which the data is retained.

Data older than the specified number of backups is deleted.

Step 4

Click Submit.

After the request is submitted, you can view the configured physical disk or NFS server under System > Backup & Restore.


Create a Backup

Use this procedure to create a backup of your virtual appliance.

Before you begin
You must configure the backup location. For more information, see Configure the Location to Store Backup Files.
Procedure

Step 1

From the Catalyst Center on ESXi menu, choose System > Backup & Restore.

Step 2

Click Create Backup Now.

The Create Backup Now slide-in pane opens.

Step 3

Enter a unique name for the backup, then click Save.

Catalyst Center on ESXi begins the backup process. An entry for the backup is added to the Backup & Restore window's table.

To view details regarding the backup's status, click the ellipsis, and then choose View Status.

When the backup is complete, its status changes from Creating to Success.


Restore Data from Backups

Use this procedure to restore backup data from your virtual appliance. To restore backup data from a failed or faulty virtual appliance, see Restore Data from a Physical Disk for a Faulty Virtual Appliance.

Caution


The Catalyst Center restore process restores only the database and files. The restore process does not restore your network state or any changes that were made since the last backup, including any new or updated network policies, passwords, certificates, or trustpool bundles.


Before you begin

Make sure that the following requirements are met:

  • Only a user with SUPER-ADMIN-ROLE permissions can perform this procedure.

  • You have backups from which to restore data.

When you restore data, Catalyst Center on ESXi enters maintenance mode, and is unavailable until the restore process is completed. Make sure you restore data at a time when Catalyst Center on ESXi can be unavailable.

Procedure

Step 1

From the top-left corner, click the menu icon and choose System > Backup & Restore.

If you have created a backup, it appears in the Backup & Restore window.

Step 2

In the Backup Name column, locate the backup that you want to restore.

Step 3

In the Actions column, click the ellipsis and choose Restore.

Step 4

In the Restore Backup dialog box, enter the Encryption Passphrase that you used while configuring the backup location and click Restore.

The appliance goes into maintenance mode and starts the restore process.

When the restore operation is complete, its status in the Backup & Restore window table changes to Success.

Step 5

After the restore operation completes, click Log In to log back in to Catalyst Center on ESXi.

Step 6

Enter the admin user's username and password, then click Login.


Restore Data from a Physical Disk for a Faulty Virtual Appliance

Use this procedure to restore data from a physical disk for a virtual appliance that has failed or is faulty.

Procedure

Step 1

For your new virtual appliance, do the following to configure Catalyst Center on ESXi to use the storage disk that you configured for the faulty virtual appliance:

  1. Power OFF the appliance's virtual machine.

  2. Open a vSphere Client, right-click the Catalyst Center on ESXi virtual machine in the left pane, and then choose Edit Settings.

  3. In the Edit Settings dialog box, click Add New Device and then choose Existing Hard Disk.

  4. In the Select File dialog box, click your ESXi host, click the storage disk (.vmdk) that was created, and then click OK.

  5. Power on the appliance's virtual machine.

It takes approximately 45 minutes for all the services to restart.

Note

 

After the virtual machine comes back up, run the magctl appstack status command to confirm that the services are running.

Step 2

To configure the storage location for the backup, do the following:

  1. From the Catalyst Center on ESXi menu, choose System > Settings > System Configuration > Backup Configuration.

  2. Click the Physical Disk radio button.

  3. Choose the physical disk from the Mount Path drop-down list.

  4. Enter the passphrase that will be used to encrypt the security-sensitive components of the backup (such as certificates and credentials).

    Important

     

    Make sure that you don't lose this passphrase. You'll need to enter it later in the succeeding steps and won't be able to restore the backup you're about to create without it.

  5. Set how long backup files are kept before they are deleted.

  6. Click Submit.

Step 3

To restore the backup, do the following:

  1. From the Catalyst Center on ESXi menu, choose System > Backup & Restore.

  2. Locate the backup in the Backup & Restore window's table, click the ellipsis under Actions column, and choose Restore.

  3. Enter the same encryption passphrase that you entered in the preceding step, and click Restore.

    The appliance goes into maintenance mode and starts the restore process.

    When the restore operation is complete, its status in the Backup & Restore window's table changes to Success.

  4. After the restore operation completes, click Log In to log back in to Catalyst Center on ESXi.

  5. Enter the admin user's username and password, then click Login.


Restore Data from an NFS Server for a Faulty Virtual Appliance

Use this procedure to restore data from an NFS server for a virtual appliance that has failed or is faulty.

Procedure

Step 1

For your new virtual appliance, do the following to configure Catalyst Center on ESXi to use the NFS server that you configured for the faulty virtual appliance:

  1. From the Catalyst Center on ESXi menu, choose System > Settings > System Configuration > Backup Configuration.

  2. Click the NFS radio button.

  3. Choose the NFS server from the Mount Path drop-down list.

  4. Enter the passphrase that will be used to encrypt the security-sensitive components of the backup (such as certificates and credentials).

    Important

     

    Make sure that you don't lose this passphrase. You'll need to enter it later in the succeeding steps and won't be able to restore the backup you're about to create without it.

  5. Set how long backup files are kept before they are deleted.

  6. Click Submit.

Step 2

To restore the backup, do the following:

  1. From the Catalyst Center on ESXi menu, choose System > Backup & Restore.

  2. Locate the backup in the Backup & Restore window's table, click the ellipsis under Actions column, and choose Restore.

  3. Enter the same encryption passphrase that you entered in the preceding step, and click Restore.

    The appliance goes into maintenance mode and starts the restore process.

    When the restore operation is complete, its status in the Backup & Restore window's table changes to Success.

  4. After the restore operation completes, click Log In to log back in to Catalyst Center on ESXi.

  5. Enter the admin user's username and password, then click Login.


Schedule Data Backup

You can schedule recurring backups and define the day of the week and the time of day when they will occur.

Before you begin

Make sure that the following requirements are met:

Procedure

Step 1

From the top-left corner, click the menu icon and choose System > Backup & Restore.

The Backup & Restore window is displayed.

Step 2

Click the Create a Schedule link.

Note

 

You can schedule a new backup only when there is no backup job in progress.

Step 3

In the Create Schedule slide-in pane, do the following:

  1. In the Backup Name field, enter a unique name for the backup.

  2. Choose a schedule option:

    • Schedule Daily: To schedule the backup job daily, choose the time of the day when you want the backup to occur.

    • Schedule Weekly: To schedule the backup job weekly, choose the days of the week and time of the day when you want the backup to occur.

  3. Define the scope of the backup:

    • Cisco DNA Center (All data): This option allows the system administrator to create a backup for automation, Assurance, and system-specific sets.

    • Cisco DNA Center (without Assurance data): This option allows the administrator to create a backup for automation and system-specific sets.

  4. Click Save.

The Backup & Restore window displays a banner message that shows the day and time for which the backup is scheduled.

Step 4

(Optional) Click the ellipsis at the end of the banner message to do the following:

  1. Click Edit to edit the schedule.

  2. Click Upcoming Schedules to make any changes to the upcoming schedules. If you don't want the backup to occur on a scheduled date and time, in the Upcoming Schedules slide-in pane, click the toggle button to disable a particular schedule.

  3. Click Delete to delete the schedule.

Step 5

After the backup starts, it appears in the Backup & Restore window. To view the list of steps executed, click the ellipsis under Actions and choose View Status.

You can also view the backup status under the Status column.

Step 6

In the Backup & Restore window, click the In Progress, Success, or Failure tab to filter the list of backups to show only those tasks with a status of In Progress, Success, or Failure.

During the backup process, Catalyst Center creates the backup database and files. The backup files are saved to the specified location. You are not limited to a single set of backup files, but can create multiple backup files that are identified with their unique names. The status of the backup job changes from In Progress to Success when the process is finished.

Note

 

If the backup process fails, there is no impact to the appliance or its database. The most common reason for a failed backup is insufficient disk space. If your backup process fails, make sure that there is sufficient disk space on the remote server and attempt another backup.


View the Status of the Backup and Restore

You can view the success or failure status of backup and restore operations.

Procedure

Step 1

From the top-left corner, click the menu icon and choose System > Backup & Restore.

The Backup & Restore window is displayed.

Step 2

Under Actions for a specific backup, click the ellipsis and choose View Status.

The Task Details window shows the status and other details.

Manage Applications

Catalyst Center provides many of its functions as individual applications, packaged separately from the core infrastructure. This enables you to install and run the applications that you want and uninstall those you are not using, depending on your preferences.

The number and type of application packages shown in the Software Management window vary depending on your Catalyst Center version and your Catalyst Center licensing level. All the application packages that are available to you are shown, whether or not they are currently installed.

Some applications are so basic that they are required on nearly every Catalyst Center deployment. For a description of a package, click the Currently Installed Applications link and place your cursor over its name.

Each Catalyst Center application package consists of service bundles, metadata files, and scripts.


Note


Perform all application management procedures from the Catalyst Center GUI. Although you can perform many of these procedures using the CLI (after logging in to the shell), we do not recommend this. In particular, if you use the CLI to deploy or upgrade packages, you must ensure that no deploy or upgrade command is entered unless the results of the maglev package status command show all the packages as NOT_DEPLOYED, DEPLOYED, or DEPLOYMENT_ERROR. Any other state indicates that the corresponding activity is in progress, and parallel deployments or upgrades are not supported.


Download the Latest System Version

The Software Management window indicates the latest Catalyst Center version available.

Complete the following procedure to download the packages for the latest system version.

Before you begin

Only a user with SUPER-ADMIN-ROLE permissions can perform this procedure.

Procedure

Step 1

From the top-left corner, click the menu icon and choose System > Software Management.

Note

 
At this point, Catalyst Center performs a connectivity check. If there is a connectivity issue, the Software Management window doesn’t display a system update that's currently available.

Step 2

If the window indicates that a system update is available, click Download to download the system update.

Step 3

Check the check box for the optional packages you want to install, then click Download.

A download progress bar is displayed at the top of the Software Management window.

Step 4

Hover your cursor over the ellipsis to the right of the progress bar to access the following options:

  • Create Schedule: Choose this option to schedule the date and time an upgrade should take place. Schedule the upgrade, then click Create.

  • View Download Progress: Choose this option to view the progress of the packages that are being downloaded.


Upgrade to the Latest System Version

The Software Management window indicates the latest Catalyst Center version available.

Complete the following procedure to upgrade to the latest system version.

Before you begin

Only a user with SUPER-ADMIN-ROLE permissions can perform this procedure.

Procedure

Step 1

From the top-left corner, click the menu icon and choose System > Software Management.

Note

 
At this point, Catalyst Center performs a connectivity check. If there is a connectivity issue, the Software Management window doesn’t display a system update that's currently available.

Step 2

If the window indicates that a system update is available, click Upgrade.

Step 3

Do one of the following in the Upgrade Release dialog box:

  • Click the Upgrade Now radio button, check the check boxes for the optional packages you want to upgrade, and then click Install.

    The packages for the latest release are downloaded. After the download completes, the upgrade begins automatically.

  • Click the Upgrade Later radio button, set the date and time you want the upgrade to begin, and then click Schedule.

    The download of packages for the latest release starts immediately. A progress bar is displayed at the top of the Software Management window.

Step 4

Hover your cursor over the ellipsis to the right of the progress bar to access the following options:

  • To configure another start date and time for the upgrade, click Edit Schedule.

    In the Schedule Upgrade dialog box, set the new start date and time, then click Update.

  • To view the progress of the packages that are being downloaded, click View Download Progress.

Note

 

Catalyst Center enters Maintenance mode during the upgrade, and remains unavailable while the system update takes place. After the update completes, log back in to Catalyst Center.

After the system upgrade is complete, a message at the top of the window indicates that your system is up to date.

Step 5

In the Software Management window, click Activities to view a list of changes made to the system. You can view the system upgrade or download details, the applications installed or uninstalled, and a timestamp of the activity.

Step 6

Under the Actions column, click the ellipsis to view the tasks that occurred during the execution of the activity.


Download and Install the Latest System Version in Air Gap Mode

The system upgrade is completed by connecting to the internet and using the online update process. However, in some cases, the upgrade is maintained strictly within internal networks (that is, within an air-gapped environment). This upgrade may be necessary to support additional security or regulatory requirements.


Note


With the Air Gap mode enabled, you can do the following:

  • Communicate with only private IP subnets.

  • Add IP address ranges to pass through the air-gapped environment by using the provided API.

  • Switch between Air Gap mode and Cloud mode.


Before you begin

Air Gap mode must be enabled on the cluster. For information about how to enable Air Gap mode, see the Cisco Catalyst Center Air Gap Deployment Guide.

Procedure

Step 1

From the top-left corner, click the menu icon and choose System > Software Management.

Step 2

Access the air gap directory on the restricted shell and copy the air gap tarball from the predetermined location using the following SCP command:

scp -P 2222 <airgap tar file> maglev@<cluster_ip>:airgap/

If it is a three-node cluster, you can copy the file to any node.

Step 3

In the top-right corner of the Software Management window, click Scan to view the latest available software release.

Step 4

To download the files and schedule the upgrade for a later time, do the following:

  1. Click PreLoad.

  2. In the Schedule Upgrade dialog box, schedule the system upgrade and click PreLoad.

    On the successful submission, a banner message at the top of the window displays the scheduled date and time of the system upgrade.

  3. Click the ellipsis at the end of the banner message to edit or delete the scheduled system upgrade. You can also choose to upgrade the schedule immediately.

Step 5

To download the latest version and upgrade the system immediately, do the following:

  1. Click Upgrade.

  2. In the dialog box, from the listed available package applications, check the check box next to application to install the application.

  3. Click Install.

Note

 

Catalyst Center enters maintenance mode during the upgrade and remains unavailable while the system update takes place.

After the system upgrade is complete, a message at the top of the window indicates that your system is up to date.

Note

 
  • If the system can connect to the external cloud when the air gap mode is enabled, use the following command to verify the network policy:
    sudo calicoctl get gnp allow-outbound-external -o yaml
  • Use the following command to verify if ALM has network mode as air gap:
    kubectl get pods -n maglev-control-plane alm-agent-8469679dfb-nvkxk -o yaml | grep -A1 NETWORK_MODE

    Note

     

    The above command can only be run from a full shell (_shell and consent token).

  • Use the following command to get the scan status and logs:
    kubectl get pods -n maglev-control-plane | grep ef-airgap-seed
  • Use the following command to get the preload status and logs:

    kubectl get pods -n maglev-control-plane | grep ef-airgap-scan

Download and Install Application Updates

Catalyst Center treats individual applications as separate from the core infrastructure. Specifically, individual packages for applications can be installed to run on Catalyst Center.

Packages for applications may take time to install and deploy. Therefore, install the packages during a maintenance period for your network.

Before you begin

Only a user with SUPER-ADMIN-ROLE permissions can perform this procedure.

Procedure

Step 1

From the top-left corner, click the menu icon and choose System > Software Management.

Note

 
At this point, Catalyst Center performs a connectivity check. If there is a connectivity issue, the Software Management window doesn’t display the application updates that are currently available.

Step 2

If any application updates are available, they are displayed at the bottom of the window. Do one of the following:

  1. To install all the available application updates, click the Select All link.

  2. To install individual application updates, check the appropriate check boxes.

Step 3

Click Install.

Note

 

During installation, dependencies are checked and installed automatically.

The window displays a progress bar for each application that's being updated.

Step 4

Click the Currently Installed Applications link and confirm that the applications you selected have been updated.

Step 5

In the Software Management window, click Activities to view a list of changes made to the system. You can view the system upgrade or download details, the applications installed or uninstalled, and a timestamp of the activity.

Step 6

Under the Actions column, click the ellipsis to view the tasks that occurred during the execution of the activity.


Uninstall an Application

Catalyst Center treats individual applications as separate from the core infrastructure. Specifically, individual packages for applications can be uninstalled from Catalyst Center.

You can uninstall only packages for applications that are not system critical.

Before you begin

Only a user with SUPER-ADMIN-ROLE permissions can perform this procedure.

Procedure

Step 1

From the top-left corner, click the menu icon and choose System > Software Management.

Step 2

Click the Currently Installed Applications link to view all the applications that are installed on your Catalyst Center appliance.

Step 3

Check the package you want to remove and click Uninstall.

Note

 
  • You can uninstall multiple packages simultaneously.

  • You can uninstall only the optional packages.

Catalyst Center displays a message after the application has been removed.


Manage Users

A user profile defines the login, password, and role (permissions) of a user.

You can configure both internal and external profiles for users. Internal user profiles reside in Catalyst Center, and external user profiles reside on an external AAA server.

A default user profile with SUPER-ADMIN-ROLE permissions is created when you install Catalyst Center.

About User Roles

Users are assigned user roles that specify the functions that they are permitted to perform:

  • Administrator (SUPER-ADMIN-ROLE): Users with this role have full access to all of the Catalyst Center functions. They can create other user profiles with various roles, including those with the SUPER-ADMIN-ROLE.

  • Network Administrator (NETWORK-ADMIN-ROLE): Users with this role have full access to all of the network-related Catalyst Center functions. However, they do not have access to system-related functions, such as backup and restore.

  • Observer (OBSERVER-ROLE): Users with this role have view-only access to the Catalyst Center functions. Users with an observer role cannot access any functions that configure or control Catalyst Center or the devices it manages.

Create an Internal User

You can create a user and assign this user a role.

Before you begin

Only a user with SUPER-ADMIN-ROLE permissions can perform this procedure.

Procedure

Step 1

From the top-left corner, click the menu icon and choose System > Users & Roles > User Management.