Deployment Requirements

Required firewall ports and connectivity

Firewall Access: Allow outbound access to ciscoconnectdna.com.
Connectivity: Ensure connectivity exists between the Catalyst Center Global Manager and the controllers. Catalyst Center Global Manager supports only one interface for the enterprise edition.
Supported Infrastructure: includes:
- Physical or virtual Catalyst Center appliances (single node or High Availability (HA) or Virtual Appliance (VA)).
- VMware ESXi and vCenter, version 7.0.x or later
- Network Time Protocol (NTP) needs to be synchronized between the Catalyst Center Global Manager and Catalyst Centers. Alternatively, ensure they maintain a maximum time difference of one second.
Ports required to be open on the firewall: Open the following ports on the firewall to enable communication with the HTTPS-enabled browsers and allow Catalyst Center Global Manager to interact with Catalyst Centers globally.


Port	Service name	Purpose	Recommended action
Administering or configuring Catalyst Center Global Manager.
TCP 443	UI, REST, HTTPS	GUI, REST, HTTPS management port.	Open the port.
TCP 2222	Catalyst Center Global Manager shell	Connect to the Catalyst Center Global Manager shell.	Keep the port open. Restrict the known IP address to be the source.
TCP 9004	Web UI installation	Serves the GUI-based installation page. (This port is required only if you decide to install Catalyst Center Global Manager using the web-based option.)	Keep the port open until the node installation is complete.
Catalyst Center Global Manager outbound to Catalyst Center and other systems.
TCP 49	TACACS+	Needed only if you are using external authentication such as Cisco ISE with a TACACS+ server.	Open the port only if you are using external authentication with a TACACS+ server.
UDP and TCP 53	DNS	Used to resolve a DNS name to an IP address.	Open the port when you use DNS names instead of IP addresses for other services, such as an NTP DNS name.
UDP 123	NTP	Catalyst Center Global Manager uses NTP to synchronize the time from the source that you specify.	Open the port for time synchronization.
TCP 443	HTTPS	Catalyst Center Global Manager uses HTTPS for cloud-tethered upgrades, periodic polling from Catalyst Center and communication with HTTPS-enabled browsers.	Open the port.
UDP 1645 or 1812	RADIUS	Needed only if you are using external authentication with a RADIUS server.	Open the port only if an external RADIUS server is used to authenticate user login to Catalyst Center.
111	NFS	Used for Assurance backups.	Open the port.
2049	NFS	Used for Assurance backups.	Open the port.
20048	NFS	Used for Assurance backups.	Open the port.
TCP and UDP 32767	NFS	Used for Assurance backups.	Open the port.

Additional deployment requirements

Catalyst Center Global Manager is deployed as a virtual machine (VM) on VMware ESXi version 7.x or later.

You must meet these requirements listed here to deploy a Catalyst Center Global Manager virtual appliance. For performance tips on the most critical areas of VMware vSphere, refer to:

VMware vSphere Client 7.0: Performance Best Practices for VMware vSphere 7.0, Update 3 (PDF)
VMware vSphere Client 8.0: Performance Best Practices for VMware vSphere 8.0 (PDF)

Virtual machine minimum requirements


Requirement	Detail
Virtualization platform and hypervisor	VMware vSphere (which includes ESXi and vCenter Server) 7.0.x or later, including all updates.
Processors	Intel Xeon Scalable server processor (Cascade Lake or newer) or AMD EPYC Gen2 with 2.1 GHz or better clock speed. Dedicate 8 vCPUs with a 16 GHz reservation to the VM.
Hard Disk Drive (HDD)	100 GB + 550 GB (2 HDDs).
Memory	16 GB RAM.
I/O Bandwidth	180 MB/sec.
Input/output operations per second (IOPS) rate	2000-2500, with less than 5 ms of I/O completion latency.
Latency	Catalyst Center Global Manager to Catalyst Center connectivity: 350 ms.
Active Sessions	The system supports up to 20 active user connections when network administrators log in to Catalyst Center Global Manager.

Server requirements


Requirement	Detail
vCenter and ESXi	7.0x+.
Intel CPU	2.1 GHz and later.

Supported browsers

The Catalyst Center Global Manager GUI is compatible with these HTTPS-enabled browsers:

Google Chrome: Version 134 or later
Mozilla Firefox: Version 120.0.1 or later

Screen resolution:

Minimum: 1368 x 768 pixels
Recommended: 1920 x 1080 pixels

Ensure that the client systems used to log in to Catalyst Center Global Manager have 64-bit operating systems and browsers.

Scale numbers

The table lists the number of controllers, users and sites that Catalyst Center Global Manager supports.

Component

Maximum Number Supported

Controllers

25 controllers

Note

3-node clusters are treated as a single controller within the 25-controller scale limit

Users

20 active users

Sites

25,000 (maximum aggregated sites)

100 (sites on multiple controllers)
5 (same site on maximum number of controllers)

Security limitations

Catalyst Center Global Manager does not support managing Catalyst Centers with:

Disaster Recovery (DR)
Federal Information Processing Standards (FIPS)
IPv6 configurations-only setups
Air-gapped configurations

User access role requirements

You have matching user accounts on both Catalyst Center Global Manager and Catalyst Center.
You get the access permissions come from individual Catalyst Centers.

Cisco Catalyst Center Global Manager Deployment Guide, Release 1.3.1

Bias-Free Language

Book Title

Cisco Catalyst Center Global Manager Deployment Guide, Release 1.3.1

Chapter Title