Before using the Cisco Crosswork Network Controller applications, it is recommended that you familiarize yourself with basic concepts and complete necessary planning and information-gathering steps:

• User Roles: Cisco recommends using role-based access control to restrict users to only the software functions necessary for their job duties. By default, new users have full administrative privileges. To avoid extending these privileges to every user, you should plan a system of user roles, create these roles, and assign them to user profiles accordingly.

• User Accounts: Cisco recommends creating separate accounts for all users to maintain an audit record of user activity on the system. Prepare a list of users for the Crosswork Network Controller applications, decide on their usernames and preliminary passwords, and create user profiles for them. Crosswork Network Controller also supports integration with TACACS+, LDAP, and RADIUS servers for centralized management of user roles and accounts. For more details, see Set Up User Authentication (TACACS+, LDAP, and RADIUS).

• Device-Access Groups: Device-Access Groups (DAGs) are groups of devices that define device access for users. Users who are associated with DAGs can make configuration changes and provision services on the devices within those groups. When creating a user, you must assign them at least one DAG and a role. For more details, see Manage Device Access Groups.

• Credential Profiles: For the Crosswork Network Controller to access a device or interact with a provider, it must present credentials. Instead of entering credentials each time, you can create credential profiles to securely store this information. The platform supports unique credentials for each access protocol and allows bundling multiple protocols and their corresponding credentials into a single profile. Devices using the same credentials can share a credential profile. For example, if all routers in a particular building share a single SSH user ID and password, you can create one credential profile for Crosswork Network Controller to manage them.

  Before creating a credential profile, gather the access credentials and supported protocols needed to monitor and manage your devices. This includes user IDs, passwords, and additional data such as SNMPv2 read and write community strings, and SNMPv3 authentication and privilege types. For other providers (NSO, SR-PCE, Storage, Alert, and WAE), this always includes user IDs, passwords, and connection protocols. Use this information to create credential profiles.

• Tags: Tags are simple text strings that you can attach to devices to help group them. The Crosswork Network Controller includes a short list of pre-made tags for grouping network devices. You can also create your own tags to identify, find, and group devices for various purposes.

  Plan a preliminary list of custom tags to create when setting up the system, so you can use them to group your devices when you first onboard them. You don't need a complete list of tags initially, as you can always add more later. However, ensure that all the tags you plan to use are in place before you need them. Otherwise, you must manually go back and add them where you wish to use them. For more details, see Create Tags.

• Providers: Crosswork Network Controller applications rely on external services like Cisco Crosswork Network Services Orchestrator (NSO) or SR-PCE for tasks such as configuration changes and segment routing path computation. To manage access and reuse information between Crosswork Network Controller applications, a provider (for example, NSO, SR-PCE) must be configured for each external service. The provider family determines the type of service supplied to Crosswork Network Controller and the unique parameters that must be configured. The parameters needed to configure a provider depend on the type of Crosswork Network Controller application used. It is important to review and gather each application's requirements before configuring a provider. For more information, see About Provider Families and Provider Dependency.

  • Cisco Crosswork Network Services Orchestrator (NSO) is used by many Crosswork Network Controller applications to make changes to device configurations and provision services on devices. To add NSO as a provider, you need the IP address and credentials used for communication. For more details, see Add Cisco NSO Providers.

    Note	Additional steps are required when using NSO in LSA mode. For more details on these steps, see Enable Layered Service Architecture (LSA).

  • If you plan to use Crosswork Optimization Engine, at least one Cisco SR-PCE provider must be defined to discover devices and distribute policy configurations to devices. Additional SR-PCEs can be used for more complex network topologies and redundancy. You can either manually add devices to the system (see Add Devices to the Inventory for more details) or auto-onboard them via SR-PCE discovery (see Add Cisco SR-PCE Providers for more details). While you can change the configuration at any time, it is ideal to decide which process you will use before getting too far into the deployment and configuration of Crosswork Network Controller.

• Devices: You can onboard devices using the UI, a CSV file, an API, SR-PCE discovery, or zero touch provisioning. The method used to onboard a device determines the type of information needed to configure it in Crosswork Network Controller. Also, Crosswork Network Controller can forward device configuration to NSO, which may affect how you provision an NSO provider. For more information, see Add Devices to the Inventory.

  Note	For information on device configuration, device monitoring, and device management workflows, see the Crosswork Network Controller 7.0 Device Lifecycle Management guide.

• External Data Destination(s): Crosswork Network Controller functions as the controller for the Crosswork Data Gateway. Operators planning to have Crosswork Data Gateway forward data to other data destinations must understand the format required by those destinations and other connection requirements. This is covered in detail in Crosswork Data Gateway.

• Labels: Labels are used with Crosswork Change Automation to restrict which users can execute a playbook. For example, you may allow lower-level operators to run check playbooks but use labels to prevent them from running more complex or impactful playbooks that make changes to network device configurations.

• If you plan to use Crosswork Health Insights, KPI (Key Performance Indicators) Profiles are used to monitor the health of the network. You can establish unique performance criteria based on how a device or devices are used in the network. KPIs can be grouped to form a KPI Profile. It is helpful to have a clear idea of the data you plan to monitor and the performance targets you want to establish as you set up Health Insights.

• If you plan to install the Crosswork Service Health application, you should review the provided samples to determine if they are adequate for monitoring devices in your network.

Note that you can capture the devices, credential profiles, tags, and providers lists in spreadsheet form, convert the spreadsheet to CSV format, and then upload them in bulk to the Crosswork Network Controller application using the Import feature. You can access CSV templates for each of these lists by clicking the Import icon in the corresponding places in the user interface. Select the Download template link when prompted to choose an export destination path and filename.

The first step in getting started with Crosswork Network Controller is to prepare the system for use. The table below provides topics to refer to for help when executing each of the following tasks:

Note	This workflow assumes that you have already installed Crosswork Network Controller Applications and Crosswork Data Gateway. For the installation instructions, please refer to the latest version of Cisco Crosswork Network Controller 7.0 Installation Guide.

If you were able to complete the recommended planning steps explained in "Before you begin", you should have all the information you need to finish each step in this workflow.