Deployment Requirements

Create an order for automatic CRS profile generation

Ensure you select the appropriate Stock Keeping Unit (SKU) for the Catalyst Center Global Manager. You also need a valid Smart Account (SA) and Virtual Account (VA) to order Catalyst Center Global Manager.


Note

  • You must be part of the SA and VA placing the order to register Catalyst Center Global Manager.

  • Ensure that you have the license and do not have SA administrator privileges. You should only have the VA administrator role.

  • Do not place multiple orders.

  • Registration of Catalyst Center with Catalyst Center Global Manager happens via using SA/VA workflow.

Before you begin deploying Catalyst Center Global Manager, you must first create and place an order to get a license using the Cisco Commerce Workspace (CCW). After obtaining the license only, the Cloud Registration Service (CRS) profile is created automatically in the CRS dashboard. This CRS profile is necessary for the first-time setup and registration of Catalyst Center Global Manager and enroll Catalyst Centers into it.


Note

You must wait 3 days after placing the Catalyst Center Global Manager order to allow the CRS profile to be created automatically. This waiting time is necessary for the initial registration and seamless enrollment of Catalyst Centers with the Catalyst Center Global Manager. It also ensures that any new Catalyst Center can discover the Catalyst Center Global Manager IP and enroll with it seamlessly. During the initial registration, Catalyst Center Global Manager registers itself with the CRS profile.

CRS Profile

The CRS profile handles authentication for both Catalyst Center Global Manager and Catalyst Center and maintains all necessary metadata required for auto-enrollment. It simplifies the process of registering Catalyst Center instances with Cisco cloud services through a centralized configuration.

Administrators configure the CRS Profile within Catalyst Center Global Manager by providing:

  • Cloud service credentials, such as Cisco SA details.

  • Authentication tokens or certificates for secure communication.

  • Endpoint details for the Cisco cloud services with which the instance is registering.

Once configured, the CRS Profile ensures secure and continuous communication between on-premises Catalyst Center instances and the Cisco cloud services.


Note

Only one CRS Profile with SA/VA combination is allowed per Catalyst Center Global Manager.

Firewall ports and security

  • Firewall Access: Must allow outbound access to ciscoconnectdna.com.

  • Connectivity: There must be connectivity from the Catalyst Center Global Manager to the controllers, and vice versa. For Catalyst Center Global Manager, only one interface is supported for the enterprise edition.

  • Supported Infrastructure:

    • Physical or virtual Catalyst Center appliances (single node or High Availability (HA) or Virtual Appliance (VA)).

    • VMware ESXi and vCenter, version 7.0.x or later

    • Network Time Protocol (NTP) needs to either be in synchronization between the Catalyst Center Global Manager and Catalyst Centers or maintain a maximum time difference of one second.

  • Ports needed to be opened: Make sure the following ports are opened on the Firewall. These ports need to be opened on the firewall to enable communication with the CRS portal and allow Catalyst Center Global Manager to interact with Catalyst Centers globally.

Port

Service name

Purpose

Recommended action

Administering or configuring Catalyst Center Global Manager

TCP 443

UI, REST, HTTPS

GUI, REST, HTTPS management port.

Port must be open.

TCP 2222

Catalyst Center Global Manager shell

Connect to the Catalyst Center Global Manager shell.

Port must be open. Restrict the known IP address to be the source.

TCP 9004

Web UI installation

Serves the GUI based installation page (required only if you decide to install Catalyst Center Global Manager using the web-based option).

Port must be open until the installation of the node is complete.

Catalyst Center Global Manager outbound to Catalyst Center and other systems

TCP 49

TACACS+

Needed only if you are using external authentication such as Cisco ISE with a TACACS+ server.

Port must be open only if you are using external authentication with a TACACS+ server.

UDP and TCP 53

DNS

Used to resolve a DNS name to an IP address.

Port must be open if DNS names are used instead of IP addresses for other services (such as an NTP DNS name).

UDP 123

NTP

Catalyst Center Global Manager uses NTP to synchronize the time from the source that you specify.

Port must be open for time synchronization.

TCP 443

HTTPS

Catalyst Center Global Manager uses HTTPS for cloud-tethered upgrades, periodic polling from Catalyst Center and communication with CRS portal.

Port must be open.

UDP 1645 or 1812

RADIUS

Needed only if you are using external authentication with a RADIUS server.

Port must be open only if an external RADIUS server is used to authenticate user login to Catalyst Center.

111

NFS

Used for Assurance backups.

Port must be open.

2049

NFS

Used for Assurance backups.

Port must be open.

20048

NFS

Used for Assurance backups.

Port must be open.

TCP and UDP 32767

NFS

Used for Assurance backups.

Port must be open.

Additional deployment requirements

Catalyst Center Global Manager is deployed as a virtual machine (VM) on VMware ESXi version 7.x or later.

You must meet these requirements listed here to deploy a Catalyst Center Global Manager virtual appliance. For performance tips on the most critical areas of VMware vSphere, refer to:

Virtual machine minimum requirements

Requirement Detail

Virtualization platform and hypervisor

VMware vSphere (which includes ESXi and vCenter Server) 7.0.x or later, including all updates.

Processors

Intel Xeon Scalable server processor (Cascade Lake or newer) or AMD EPYC Gen2 with 2.1 GHz or better clock speed.

Dedicate 8 vCPUs with a 16 GHz reservation to the VM.

Hard Disk Drive (HDD)

100 GB + 550 GB (2 HDDs).

Memory

16 GB RAM.

I/O Bandwidth

180 MB/sec.

Input/output operations per second (IOPS) rate

2000-2500, with less than 5 ms of I/O completion latency.

Latency

Catalyst Center Global Manager to Catalyst Center connectivity: 350 ms.

Active Sessions

The system supports up to 10 active user connections when network administrators log in to Catalyst Center Global Manager.

Server requirements

Requirement Detail

vCenter and ESXi

7.0x+.

Intel CPU

2.1 GHz and later.

Supported browsers

The Catalyst Center Global Manager GUI is compatible with these HTTPS-enabled browsers:

  • Google Chrome: Version 134 or later

  • Mozilla Firefox: Version 120.0.1 or later

Screen resolution:

  • Minimum: 1368 x 768 pixels

  • Recommended: 1920 x 1080 pixels

Ensure that the client systems used to log in to Catalyst Center Global Manager have 64-bit operating systems and browsers.

Scale numbers

The table lists the number of controllers, users and sites that Catalyst Center Global Manager supports.

Component

Maximum Number Supported

Controllers

25 controllers

Note

 

3-node controllers are treated as a single controller within the 25-controller scale limit

Users

10 active users

Sites

25,000 (maximum aggregated sites)

  • 100 (sites on multiple controllers)

  • 5 (same site on maximum number of controllers)

Security limitations

Catalyst Center Global Manager does not support managing Catalyst Centers with:

  • Disaster Recovery (DR)

  • Federal Information Processing Standards (FIPS)

  • IPv6 configurations-only setups

  • Air-gapped configurations

User access role requirements

  • You have matching user accounts on both Catalyst Center Global Manager and Catalyst Center.

  • You get the access permissions come from individual Catalyst Centers.