Installation Requirements
Cisco Crosswork Change Automation and Health Insights Installation Requirements
Cisco Crosswork Data Gateway Installation Requirements

Installation Requirements

This section contains the following topics:

Cisco Crosswork Change Automation and Health Insights Installation Requirements

Cisco Crosswork Network Automation deployment requirements vary, depending on which of the platform's components are installed together and the number of hosts. This section provides general guidelines and minimum requirements for installing Cisco Crosswork Change Automation and Health Insights on a single host, unless otherwise specified.

This section contains the following topics:

Virtual Machine (VM) Requirements

You can deploy Cisco Crosswork Change Automation and Health Insights as a VM on a host that meets the following minimum requirements.

Note

Upgrading Cisco Crosswork Change Automation and Health Insights generally requires additional storage apart from the following minimum requirements. For more information, see Upgrade Cisco Crosswork Change Automation and Health Insights.

Table 1.
Requirement	Description
Hypervisor and vCenter	VMware ESXi 6.5 Update 2 or later. VMware vCenter Server 6.5 Update 2d or later. VMware vCenter Server 6.7 Update 3b (HTML5 mode).
Memory	96 GB
Storage	Storage requirements vary based on factors such as the number of devices being supported, amount of KPI data being collected, and the type of deployment selected. For demos and lab environments, Cisco recommends the thin provision format as it requires the least amount of storage on the host machine. This deployment configuration uses roughly 23 GB of storage. For live systems, Cisco recommends the Thick provision eager zeroed format which allocates 1 TB of storage by default. This should be sufficient for most customer use cases. Solid state drives (SSD) are preferred over traditional hard disk drives (HDD). If you are using HDD, the minimum speed should be 10,000 RPM. For more information, see the volume requirements displayed in the VMware GUI when configuring disk space, as shown in Install Cisco Crosswork Change Automation and Health Insights Via vCenter.
vCPU	16 vCPUs
Network Connections	For live deployments, Cisco recommends using dual interfaces, one for the management network and one for the data communications between Cisco Crosswork Change Automation and Health Insights and Cisco Crosswork Data Gateway. For demos and lab deployments you can choose between using a single interface or dual interfaces.
IP Addresses	Two IP addresses (IPv4 or IPv6): One public IP for the Management Network virtual interface and one public or private IP for the Data Network virtual interface.
NTP Servers	The IPv4/IPv6 addresses or host names of the NTP servers you plan to use. If you want to enter multiple NTP servers, separate them with spaces. These should be the same NTP servers you use to synchronize devices, clients, and servers across your network. The NTP server(s) must be reachable via the network or the installation will fail.
DNS Servers	The IPv4/IPv6 addresses of the DNS servers you plan to use. These should be the same DNS servers you use to resolve host names across your network.
DNS Search Domain	The search domain you want to use with the DNS servers (for example, `cisco.com`). You can only have one search domain.
Disclaimer	The text of the legal disclaimer displayed to clients accessing the VM via the command line. Consult your organization's IT or legal department for the content of this text.

Important Notes

The VM runs Ubuntu Server 18.04.1 (ubuntu-18.04.1-server).
Kubernetes runs within the Cisco Crosswork Change Automation and Health Insights VM and uses Docker for containerization. The number of containers varies as applications are added or deleted.

Platform Support for Telemetry

Cisco Crosswork Change Automation and Health Insights supports model-driven telemetry (MDT), SNMP and CLI protocols on the following platforms.


OS	Platform	Software Version¹	Config Mode	Protocol	Encoding	Transport
Cisco IOS-XR	Cisco ASR 9K (ASR 9001, ASR 9004)	6.4.1, 6.5.1, 6.5.2, 6.5.3, 6.6.2	NSO XR NED CLI 7.13.9	MDT	KVGPB	TCP
	Cisco NCS 5500	6.4.1, 6.5.3, 6.6.2
	Cisco XRV9K	6.5.1, 6.5.2, 6.5.3, 6.6.2
	Cisco NCS 6000	6.4.1, 6.4.2
	Cisco NCS 1K (NCS 1004)	7.0.1
	Cisco CRS (CRS 1K, CRS 3K)	6.4.2
Cisco IOS-XE	Cisco CSR 1Kv	16.10		SNMP CLI
Cisco IOS-XE	Cisco ASR 1K (ASR 1006)	16.9.2, 16.10
Cisco NX-OS	Cisco Nexus 9K	7.0(3).7(2)
Cisco NX-OS	Cisco Nexus 7K	8.4(0).SK(1)

¹ Includes any later version that is backward-compatible with the 6.2.1 (device-native) or 6.1.4 XR CLI YANG model (as appropriate). Before attempting to deploy with a particular later version, please check for compatibility with your Cisco Customer Experience team.

Note

The platform support information is provided with the assumption that you plan to stream telemetry in band with other traffic. If you want to stream telemetry via a separate management VRF, you must use Cisco IOS XR version 6.2.1 or later.

Cisco NSO and NED Requirements


Software/Driver	Version
Cisco Network Services Orchestrator (Cisco NSO)	5.2.03
Cisco IOS XR Network Element Driver (NED)	7.13.9
Cisco IOS Network Element Driver	6.36

Supported Web Browsers

This version of Cisco Crosswork Change Automation and Health Insights supports the web browsers shown in the table below.

Recommended display resolution: 1600 x 900 pixels or higher (minimum: 1366 x 768).


Browser	Version
Google Chrome	70 or later
Mozilla Firefox	70 or later

In addition to using a supported browser, all client desktops accessing geographical map information in the Cisco Crosswork Change Automation and Health Insights topology maps must be able to reach the mapbox.com map data URL directly, via the standard HTTPS port 443. Similar guidance may apply if you choose a different map data provider, as explained in "Configure Geographical Map Settings" in the Cisco Crosswork Change Automation and Health Insights User Guide.

Ports Used

As a general policy, any ports that are not needed should be disabled. To view a list of all open listening ports, log in as a Linux CLI admin user and run the netstat -aln command.

The following table lists the external ports that are open on the Cisco Crosswork Change Automation and Health Insights VM.

Table 2. External Ports That Are Open on the VM
Port	Protocol	Usage
22	TCP	Remote SSH traffic
323	UDP	Network Time Protocol (NTP) listener
30603	TCP	User interface (NGINX server listens for secure connections on port 443)
30607	TCP	For Cisco Crosswork Data Gateway to report vitals and download images.
30649	TCP	Cisco Crosswork Data Gateway monitos jobs and reports the job status to Cisco Crosswork Change Automation and Health Insights.
30993	TCP	Cisco Crosswork Data Gateway sends the collected data to Crosswork Kafka destination.

The following table lists the destination ports on external devices that may be protected by a firewall. Cisco Crosswork Change Automation and Health Insights uses these ports to connect to network devices for reachability control. You must open the required ports to allow Cisco Crosswork Change Automation and Health Insights to connect to these devices.

Table 3. Destination Ports Used by Cisco Crosswork Change Automation and Health Insights
Port	Protocol	Usage
7	TCP/UDP	Discover endpoints using ICMP
22	TCP	Initiate SSH connections with managed devices
53	TCP/UDP	Connect to DNS
123	UDP	Network Time Protocol (NTP)
830	TCP	Initiate NETCONF

Cisco Crosswork Data Gateway Installation Requirements

This section provides general guidelines and minimum requirements for installing Cisco Crosswork Data Gateway.

This section contains the following topics:

Virtual Machine (VM) Requirements
Supported Cisco OS
Ports Used

Virtual Machine (VM) Requirements

You can deploy Cisco Crosswork Data Gateway as a VM on a host that meets the following minimum requirements:

Requirement

Hypervisor

VMware vCenter 6.5 Update2d
VMware ESX 6.5 Update2
VMware vCenter 6.7 Update1
VMware ESX 6.7 Update1

Memory

32 GB

Disk space

50 GB

Note

This is the deployment size only. Once started, VM disk space will increase based on the VMware overhead.

vCPU

8 vCPUs

Interfaces

Three virtual interfaces in the VM:

One virtual interface for management network traffic, including SSH access to the VM. The DNS and NTP servers, and the default gateway, must be reachable via this interface.
One virtual interface for Northbound data traffic:
- The Cisco Crosswork Change Automation and Health InsightsCisco Crosswork Optimization Engine data interface must be reachable from this interface (routable) to be able to connect to Kafka data destinations.
- Cisco Crosswork Data Gateway uses this interface to receive collection jobs and send back their statuses to Crosswork.
- This interface is also used by external applications other than Cisco Crosswork Optimization EngineCisco Crosswork Change Automation and Health Insights.
One virtual interface for Southbound data traffic. The devices must be reachable via this interface (routable).

IP Addresses

Three IPv4 or IPv6 addresses: One public IP for the management network virtual interface and two public or private IPs for the Northbound and Southbound data network virtual interfaces.

The DNS and NTP servers, and the default gateway, must be reachable via the management network IP address. The data destinations must be reachable via Northbound data network IP address. The managed devices and providers must be reachable via Southbound data network IP address.

NTP Servers

The IPv4/IPv6 addresses or host names of the NTP servers you plan to use. If you want to enter multiple NTP servers, separate them with spaces. These should be the same NTP servers you use to synchronize devices, clients, and servers across your network. Confirm that the NTP IP address or host name is reachable from after configuration or installation will fail.

Also, the ESXi hosts that will run the Cisco Crosswork Optimization EngineCisco Crosswork Change Automation and Health Insights and Cisco Crosswork Data Gateway VM must have NTP configured, or the initial handshake may fail with "certificate not valid" errors.

DNS Servers

The IPv4/IPv6 addresses of the DNS servers you plan to use. These should be the same DNS servers you use to resolve host names across your network.

DNS Search Domain

The search domain you want to use with the DNS servers (for example, cisco.com). You can only have one search domain.

Destination Networks

If you are using a single interface (demo or lab install) you will have one destination network (virtual switch).

For live deployments, we recommend one virtual switch for the Data Network (connection between the Cisco Crosswork Change Automation and Health Insights VM and the Cisco Crosswork Data Gateway VM) and second virtual switch for all the management traffic (vms to dns, ntp and the network you will use to access and manage the applications).

Important Notes

The VM runs Ubuntu Server 18.04.1 (ubuntu-18.04.1-server).

Supported Cisco OS

Note

The below table lists only the software versions on which Cisco Crosswork Data Gateway 1.1 was tested. Cisco Crosswork Data Gateway allows you to expand device coverage by means of custom packages. See Section Manage Custom Software Packages in Cisco Crosswork Change Automation and Health Insights 3.1 User Guide for information on how to expand the device coverage.


OS	Software Version	Config Mode	Protocol	Encoding	Transport
IOS-XR	6.4.1, 6.5.1, 6.5.2, 6.5.3, 6.6.2	NSO XR NED CLI 7.13.9	MDT	KVGPB	TCP
	6.4.1, 6.5.3, 6.6.2
	6.5.1, 6.5.2, 6.5.3, 6.6.2
	6.4.1, 6.4.2
	7.0.1
	6.4.2
IOS-XE	16.10,		SNMP, CLI
	16.9.2, 16.10
NX-OS	7.0(3).7(2)
	8.4(0).SK(1)

Note

All collection types support IPv4 and IPv6. For any IPv4/IPv6 and Day0 configs and limitations for different device platforms, please refer your network administrator and platform configuration guide.

Ports Used

As a general policy, any ports that are not needed should be disabled.

The following table shows the minimum set of ports needed for Cisco Crosswork Data Gateway to operate correctly.

Note

If you are not using the default SCP port 22, you can specify the port as a part of the SCP command. For example,

-P55 user@host:path/to/file

where 55 is a custom port.

Table 4. Ports to be Opened on Cisco Crosswork Data Gateway Management Interface
Port	Protocol	Used for...	Direction
22	TCP	SSH server	Inbound
22	TCP	SCP client	Outbound
123	UDP	NTP Client	Outbound
53	UDP	DNS Client	Outbound
30607	TCP	Crosswork Controller	Outbound

Table 5. Ports to be Opened on Cisco Crosswork Data Gateway Northbound Interface
Port	Protocol	Used for...	Direction
30649	TCP	Crosswork Controller	Outbound
30993	TCP	Crosswork Kafka	Outbound
Site Specific	Site Specific	Kafka and gRPC Destination	Outbound

Table 6. Ports to be Opened on Cisco Crosswork Data Gateway Southbound Interface
Port	Protocol	Used for...	Direction
161	UDP	SNMP Collector	Inbound
1062	UDP	SNMP TrapCollector	Inbound
9010	TCP	MDT Collector	Inbound
22	TCP	CLI Collector	Outbound

The Interface role to physical name mapping is:

Management Interface: eth0
Southbound Data Interface: eth1
Northbound Data Interface: eth2

Cisco Crosswork Change Automation and Health Insights 3.1 Installation Guide

Bias-Free Language

Book Title

Cisco Crosswork Change Automation and Health Insights 3.1 Installation Guide

Chapter Title