Step 1 |
Boot up the
host.
|
Step 2 |
Review the
APIC-EM
License Agreement screen that appears and choose either
<view
license agreement> to review the license agreement or
accept>> to accept the license agreement and
proceed.
Note
|
You will not
be able to proceed without accepting the license agreement.
|
After accepting
the license agreement, you are then prompted to select a configuration option.
|
Step 3 |
Review the
Welcome to the APIC-EM Configuration Wizard! screen
and choose the
Create
a new APIC-EM cluster option to begin.
You are then
prompted to enter values for the
NETWORK ADAPTER #1 (eth0).
|
Step 4 |
Enter
configuration values for the
NETWORK ADAPTER #1 (eth0) on the host.
The
configuration wizard discovers and prompts you to confirm values for the
network adapter or adapters on your host. For example, if your host has three
network adapters you are prompted to confirm configuration values for network
adapter #1 (eth0), network adapter #2 (eth1), and network adapter #3 (eth2)
respectively.
Note
|
The primary
interface for the controller is eth0 and it is best practice to ensure that
this interface is made highly available.
|
On Cisco UCS
servers, the NIC labeled with number 1 would be the physical NIC. The NIC
labeled with the number 2 would be eth1.
Host IP address
|
Enter the host IP address to use for the network adapter. This host IP address
(and network adapter) connects to the external network or networks.
These external network(s) consists of the network devices, NTP
servers, as well as providing access to the northbound REST APIs. The external
network(s) also provides access to the controller GUI.
Note
|
The configuration wizard validates the value entered and issues
an error message if incorrect. If you receive an error message for the host IP
address, then check to ensure that eth0 (ethernet interface) is connected to
the correct network adapter.
|
|
Virtual IP
|
(Optional) Enter a virtual IP address to use for this network
adapter. You should only configure a virtual IP address, if you are setting up
a multi-host deployment.
|
Netmask
|
Enter the netmask for the network adapter's IP address.
|
Default Gateway IP
address
|
Enter a default gateway IP address to use for the network adapter.
Note
|
If no other routes match the traffic, traffic will be routed through this IP
address.
|
|
DNS Servers
|
Enter the DNS server or servers IP addresses (separated by
spaces) for the network adapter.
|
Static Routes
|
If
required for your network, enter a space separated list of static routes in
this format: <network>/<netmask>/<gateway>
Static
routes, which define explicit paths between two routers, cannot be
automatically updated; you must manually reconfigure static routes when network
changes occur. You should use static routes in environments where network
traffic is predictable and where the network design is simple. You should not
use static routes in large, constantly changing networks because static routes
cannot react to network changes.
|
Once satisfied
with the controller network adapter settings, enter
next>> to proceed. After entering
next>>, the configuration wizard proceeds to
validate the values you entered. After validation and if your host has two
network adapters, you are prompted to enter values for
NETWORK ADAPTER #2 (eth1). If your host has three
network adapters, you are prompted to enter values for
NETWORK ADAPTER #2 (eth1) and
NETWORK ADAPTER #3 (eth2). If you do not have any
additional network adapters or if you do not have more than one non-routable
network, then proceed directly to the next step.
|
Step 5 |
If the
controller is being deployed in your network behind a proxy server and the
controller's access to the Internet is through this proxy server, then enter
configuration values for the
HTTPS
PROXY.
Note
|
If there is
no proxy server between the controller and access to the Internet, then this
step will not appear. Instead, you will be prompted to enter values for
CLOUD CONNECTIVITY.
|
HTTPS Proxy
|
Enter the protocol (HTTP or HTTPS), IP address, and port number
of the proxy.
For
example, enter
https://209.165.200.11:3128
|
HTTPS Proxy
Username
|
Enter the username, if authentication is required for the proxy.
|
HTTPS Proxy
Password
|
Enter the password, if authentication is required for the proxy.
|
After
configuring the
HTTPS PROXY, enter
next>> to proceed. After entering
next>>, you are then prompted to enter values
for
CLOUD CONNECTIVITY.
|
Step 6 |
Enter
configuration values for
CLOUD
CONNECTIVITY.
CCO Username
|
Enter a Cisco Connection Online (CCO) username for cloud
connectivity. For example, enter the username that you use to log into the
Cisco website to access restricted locations as either a Cisco customer or
partner.
Note
|
If you do not have a CCO username and password, then enter your company name in
the username and company name fields and leave the password field empty for
this step. This will permit you to proceed through the config-wizard process.
Values entered for this step are used for telemetry collection. For information
about telemetry collection, see
Telemetry Collection.
|
|
CCO Password
|
Enter a Cisco Connection Online (CCO) password for the CCO
username. For example, enter the password that you use to
log into the Cisco website to access restricted locations as either a Cisco
customer or partner.
|
Company Name
|
Enter the company or organization's name with which you are
affiliated.
|
Once satisfied
with the cloud connectivity settings, enter
next>> to proceed. After entering
next>>, the configuration wizard proceeds to
validate the values entered. After validation, you are then prompted to enter
values for the
LINUX USER SETTINGS.
|
Step 7 |
Enter
configuration values for the
LINUX
USER SETTINGS.
Linux Password
|
Enter a Linux password.
The
Linux password is used to ensure security for both the Grapevine root and
clients located on the host (appliance, server, or virtual machine). Access to
the Grapevine root and clients by you or the controller requires this password.
The
default username is grapevine.
For
information about the requirements for a Linux password, see the Password
Policy section, in Chapter 3,
Cisco APIC-EM
Security.
Note
|
The Linux password is encrypted and hashed in the controller database.
|
|
Re-enter Linux
Password
|
Confirm the Linux password by entering it a second time.
|
Seed Phrase Password
Generation
|
(Optional) Instead of creating and entering your own password in
the above
Linux Password fields, you can enter a seed phrase
and have the configuration wizard generate a random and secure password using
that seed phrase.
Enter a seed phrase and then press <Generate
Password> to generate the password.
|
Auto Generated
Password
|
(Optional) The seed phrase appears as part of a random and
secure password. If desired, you can either use this password "as is", or you
can further edit this auto generated password.
Note
|
When finished with the password, be sure to save it to a secure
location for future reference.
|
Press <Use Generated Password> to save the password.
|
After
configuring the Linux password, enter
next>> to proceed. After entering
next>>, you are then prompted to enter values
for the APIC-EM
ADMIN USER SETTINGS.
|
Step 8 |
Enter
configuration values for the
APIC-EM ADMIN USER SETTINGS.
Administrator
Username
|
Enter an administrator username.
Your
administrator username and password are used to ensure security for the
controller itself. Access to the controller's GUI requires that you enter this
username and password.
|
Administrator
Password
|
Enter an administrator password.
For
information about the requirements for an administrator password, see the
Password Policy section, in Chapter 3,
Cisco APIC-EM
Security.
Note
|
The administrator password is encrypted and hashed in the controller database.
|
|
Re-enter Administrator
Password
|
Confirm the administrator password by entering it a second time.
|
Seed Phrase Password
Generation
|
(Optional) Instead of creating and entering your own password in
the above
Administrator Password fields, you can enter a seed
phrase and have the configuration wizard generate a random and secure password
using that seed phrase.
Enter a seed phrase and then press <Generate
Password> to generate the password.
|
Auto Generated
Password
|
(Optional) The seed phrase appears as part of a random and
secure password. If desired, you can either use this password "as is", or you
can further edit this auto generated password.
Note
|
When finished with the password, be sure to save it to a secure
location for future reference.
|
Press <Use Generated Password> to save the password.
|
After
configuring the administrator password, enter
next>> to proceed.
After entering
next>>, you are then prompted to enter values
for either the
NTP
SERVER SETTINGS.
|
Step 9 |
Enter
configuration values for
NTP
SERVER SETTINGS.
NTP servers
|
Enter a single NTP server address or a list of NTP servers each
separated by a space.
The
Elastic Services Platform (Grapevine) manages a Network Time Protocol (NTP)
server to provide time synchronization for the Grapevine clients. You must
configure the NTP server for the clients. The NTP server is external to the
cluster.
Note
|
We
recommend that for redundancy purposes, you configure at least three NTP
servers for your
Cisco APIC-EM
deployment.
|
|
Note
|
Cisco
routers can also be configured as NTP servers.
|
After
configuring the NTP server(s), enter
next>> to proceed. After entering
next>>, you are then prompted to enter values
for
INTER-HOST COMMUNICATION.
|
Step 10 |
Enter configuration values for
INTER-HOST COMMUNICATION.
Enable IPSec
Encryption
|
You
can configure IPSec tunneling for communications between the hosts in a
multi-host cluster. By selecting
yes, you configure IPSec tunneling.
The
default is IPSec and the default option is set to
yes.
|
Once satisfied
with the inter-host communication setting, enter
next>> to proceed. After entering
next>>, the configuration wizard proceeds to
validate the values you entered.
|
Step 11 |
Enter
configuration values for CONTROLLER CLEAN-UP.
Harvest All Virtual Disks
|
Entering
yes will delete all Grapevine virtual disks that
belong to the controller for this specific deployment.
For
an initial configuration, enter
no.
|
Delete All
Clients
|
Entering
yes will delete all Grapevine clients that belong to
the controller for this specific deployment.
For
an initial configuration, enter
no.
|
For an initial
configuration, enter
no for both options.
After
configuring the controller clean-up, enter
next>> to proceed. After entering
next>>, you are then prompted to enter values
to finish the configuration and begin the configuration wizard installation.
|
Step 12 |
A final
message appears stating that the wizard is now ready to proceed with applying
the configuration.
The following
options are available:
-
[back]—Review
and verify your configuration settings.
-
[cancel]—Discard your configuration settings and
exit the configuration wizard.
-
[save &
exit]—Save your configuration settings and exit the configuration
wizard.
-
[proceed]—Save
your configuration settings and begin applying them.
Enter
proceed>> to complete the installation. After
entering
proceed>>, the configuration wizard applies
the configuration values that you entered above.
At the end of
the configuration process, a
CONFIGURATION SUCCEEDED! message appears.
|
Step 13 |
Open your
browser and enter the host IP address to access the
Cisco APIC-EM
GUI.
You can use
the displayed IP address of the
Cisco APIC-EM
GUI at the end of the configuration process.
|
Step 14 |
After
entering the IP address in the browser, a message stating that "Your connection
is not private" appears.
Ignore the
message and click the
Advanced link.
|
Step 15 |
After
clicking the
Advanced link, a message stating that the site’s
security certificate is not trusted appears.
Ignore the
message and click the link.
Note
|
This message
appears because the controller uses a self-signed certificate. You will have
the option to upload a trusted certificate using the controller GUI after
installation completes.
|
|
Step 16 |
In the
Login window, enter the administrator username and
password that you configured above and click the
Log
In button.
|