Deployment Requirements
Create an order to automate generation of CRS profile
Firewall ports and security
Additional requirements

Deployment Requirements

Create an order to automate generation of CRS profile

Ensure you select the appropriate Stock Keeping Unit (SKU) for the Catalyst Center Global Manager. You also need a valid Smart Account (SA) and Virtual Account (VA) to order Catalyst Center Global Manager.

Note

You must be part of the SA and VA placing the order to register Catalyst Center Global Manager.

Registration of Catalyst Center with Catalyst Center Global Manager happens automatically using SA/VA workflow.

Before you begin deploying Catalyst Center Global Manager, you need to first create and place an order to get a license using the Cisco Commerce Workspace (CCW). After you obtain the license only, the Cloud Registration Service (CRS) profile gets created in the CRS dashboard automatically. When you order Catalyst Center Global Manager, a CRS Profile is automatically created, which is required to register Catalyst Center Global Manager and enroll Catalyst Centers into it.

Note

You need to wait 3 days after placing the Catalyst Center Global Manager order to allow time for the CRS profile to be created. During the initial registration, Catalyst Center Global Manager registers itself with the CRS profile. This ensures that any new Catalyst Center can discover the Catalyst Center Global Manager IP and enroll with it seamlessly.

CRS Profile

The CRS profile is responsible for both Catalyst Center Global Manager and Catalyst Center authentication and maintains all necessary metadata required for auto-enrollment. It simplifies the process of registering Catalyst Center instances with Cisco cloud services through a centralized configuration.

Administrators configure the CRS Profile within Catalyst Center Global Manager by providing:

Cloud service credentials (For example, Cisco SA details).
Authentication tokens or certificates for secure communication.
Endpoint details for the Cisco cloud services the instance is registering with.

Once configured, the CRS Profile ensures secure and continuous communication between the on-premises Catalyst Center instances and the Cisco cloud services.

Note

Only one CRS Profile with SA/VA combination per Catalyst Center Global Manager is allowed.

Firewall ports and security

Firewall Access: Must allow outbound access to ciscoconnectdna.com.
Connectivity: There must be connectivity from the Catalyst Center Global Manager to the controllers, and vice versa. For Catalyst Center Global Manager, only one interface is supported for the enterprise edition.
Supported Infrastructure:
- Physical or virtual Catalyst Center appliances (single node or High Availability (HA) or Virtual Appliance (VA)).
- VMware ESXi and vCenter, version 7.0.x or later
- Network Time Protocol (NTP) needs to either be in synchronization between the Catalyst Center Global Manager and Catalyst Centers or maintain a maximum time difference of one second.
Ports needed to be opened: Make sure the following ports are opened on the Firewall. These ports need to be opened on the firewall to enable communication with the CRS portal and allow Catalyst Center Global Manager to interact with Catalyst Centers globally.


Port	Service name	Purpose	Recommended action
Administering or configuring Catalyst Center Global Manager
TCP 443	UI, REST, HTTPS	GUI, REST, HTTPS management port.	Port must be open.
TCP 2222	Catalyst Center Global Manager shell	Connect to the Catalyst Center Global Manager shell.	Port must be open. Restrict the known IP address to be the source.
TCP 9004	Web UI installation	Serves the GUI based installation page (required only if you decide to install Catalyst Center Global Manager using the web-based option).	Port must be open until the installation of the node is complete.
Catalyst Center Global Manager outbound to Catalyst Center and other systems
TCP 49	TACACS+	Needed only if you are using external authentication such as Cisco ISE with a TACACS+ server.	Port must be open only if you are using external authentication with a TACACS+ server.
UDP and TCP 53	DNS	Used to resolve a DNS name to an IP address.	Port must be open if DNS names are used instead of IP addresses for other services (such as an NTP DNS name).
UDP 123	NTP	Catalyst Center Global Manager uses NTP to synchronize the time from the source that you specify.	Port must be open for time synchronization.
TCP 443	HTTPS	Catalyst Center Global Manager uses HTTPS for cloud-tethered upgrades, periodic polling from Catalyst Center and communication with CRS portal.	Port must be open.
UDP 1645 or 1812	RADIUS	Needed only if you are using external authentication with a RADIUS server.	Port must be open only if an external RADIUS server is used to authenticate user login to Catalyst Center.
111	NFS	Used for Assurance backups.	Port must be open.
2049	NFS	Used for Assurance backups.	Port must be open.
20048	NFS	Used for Assurance backups.	Port must be open.
TCP and UDP 32767	NFS	Used for Assurance backups.	Port must be open.

Additional requirements

Catalyst Center Global Manager is deployed as a virtual machine (VM) on VMware ESXi version 7.x or later.

The following requirements must be met in order to successfully deploy a Catalyst Center Global Manager virtual appliance. For performance tips that cover the most performance-critical areas of VMware vSphere, see:

VMware vSphere Client 7.0: Performance Best Practices for VMware vSphere 7.0, Update 3 (PDF)
VMware vSphere Client 8.0: Performance Best Practices for VMware vSphere 8.0 (PDF)

Virtual machine minimum requirements


Feature	Description
Virtualization platform and hypervisor	VMware vSphere (which includes ESXi and vCenter Server) 7.0.x or later, including all patches.
Processors	Intel Xeon Scalable server processor (Cascade Lake or newer) or AMD EPYC Gen2 with 2.1 GHz or better clock speed. 8 vCPUs with 16 GHz reservation must be dedicated to the VM.
Hard Disk Drive (HDD)	100 GB + 550 GB (2 HDDs).
Memory	16 GB RAM.
I/O Bandwidth	180 MB/sec.
Input/output operations per second (IOPS) rate	2000-2500, with less than 5 ms of I/O completion latency.
Latency	Catalyst Center Global Manager to Catalyst Center connectivity: 350 ms.
Active Sessions	Up to 10 active user connections are supported for network admins to log in to Catalyst Center Global Manager.

Server requirements


Feature	Description
vCenter and ESXi	7.0x+.
Intel CPU	2.1 GHz and later.

Supported browsers

The Catalyst Center Global Manager GUI is compatible with these HTTPS-enabled browsers:

Google Chrome: Version 134 or later
Mozilla Firefox: Version 120.0.1 or later

Screen resolution:

Minimum: 1368 x 768 pixels
Recommended: 1920 x 1080 pixels

We recommend that the client systems you use to log in to Catalyst Center Global Manager be equipped with 64-bit operating systems and browsers.

Scale numbers

The table lists the number of controllers, users and sites that Catalyst Center Global Manager supports.


Component	Maximum Number Supported
Controllers	25 controllers
Users	10 active users
Sites	25000 (maximum aggregated sites) 100 (sites on multiple controllers) 5 (same site on maximum number of controllers)

Security Limitations

Catalyst Center Global Manager does not support managing Catalyst Centers with:

Disaster Recovery (DR)
Federal Information Processing Standards (FIPS)
IPv6 configurations-only setups
Air-gapped configurations

User Access Roles

Users must exist on both Catalyst Center Global Manager and Catalyst Center with matching usernames.
Access permissions are inherited from individual Catalyst Centers.

Cisco Catalyst Center Global Manager Deployment Guide, Release 1.2.1

Bias-Free Language

Book Title

Cisco Catalyst Center Global Manager Deployment Guide, Release 1.2.1

Chapter Title