Step 1

On the VMware ESXi host or cluster where your virtual appliance will reside, download trustidevcodesigning5.pem from the same location that Cisco specified to download the Catalyst Center on ESXi OVA file.

Step 2

Unzip this file.

Step 3

Log in to the vSphere Web Client.

Step 4

Choose Administration > Certificates > Certificate Management.

Step 5

In the Trusted Root Certificates field, click Add.

Step 6

In the Add Trusted Root dialog box, click Browse.

Step 7

Navigate to and select the certificate chain that you downloaded in Step 1 (trustidevcodesigning5.pem), then click Open.

Step 8

Check the Start Root certificate push to vCenter Hosts check box, then click Add.

Step 1

In the vSphere Client, navigate to and click the datastore in which you plan to deploy a virtual appliance.

Step 2

Click the Configure tab, then click General.

Step 3

In the Datastore Capabilities area, click Edit.

Step 4

In the Configure Storage I/O Control window, do the following:

1. Click the Enable Storage I/O Control and statistics collection radio button.

2. In the Storage I/O congestion threshold area, configure the congestion threshold you want to use.

   You can either specify a peak throughput percentage or enter a value (in milliseconds).

3. (Optional) In the Statistic Collection area, check the Include I/O statistics for SDRS check box.

Step 5

Click OK.

Step 1

After deployment completes, power on the newly-created virtual machine:

1. In the vSphere Client, right-click the virtual machine.

2. Choose Power > Power On.

   

Step 2

Launch either the remote console or web console by clicking the appropriate link.

Step 3

Configure the virtual machine by completing the Maglev Configuration Wizard:

1. You don't need to enter any settings in the wizard's STATIC IP CONFIGURATION page, so click skip>>.

   Static IP settings only need to entered when you configure a virtual appliance using a browser-based web UI mode of installation.

   

2. Click Create MKS.

   

3. Click the Start using MKS pre manufactured cluster option.

   

4. Enter the configuration values for NETWORK ADAPTER #1, as shown in the following table, then click next>>.

   Catalyst Center on ESXi uses this interface to link the virtual appliance with your network.

   Host IPv4 Address field	Enter the IP address for the Enterprise interface. This is required.
   IPv4 Netmask field	Enter the netmask for the interface's IP address.
   Default Gateway IPv4 Address field	Enter a default gateway IP address to use for the interface. Important   Ensure that you enter a default gateway IP address for at least one of your appliance's interfaces. Otherwise, you will not be able to complete the configuration wizard.
   IPv4 Static Routes field	Enter one or more static routes in the following format, separated by spaces: <network>/<netmask>/<gateway>. This is usually required on the Catalyst Center on ESXi Management interface only.
   LACP Mode field	Leave this field blank, as it's not applicable to virtual appliances.

   

   The wizard validates the values you entered and issues an error message if any are incorrect. If you receive an error message, check that the value you entered is correct, then reenter it. If necessary, click <<back to reenter it.

5. You don't need to enter configuration values for NETWORK ADAPTER #2, as the Host IPv4 Address and IPv4 Netmask fields are prepopulated for the Intracluster interface. Click next>> to proceed.

   

6. Enter the configuration values for NETWORK ADAPTER #3, as shown in the following table, then click next>>.

   This interface allows you to access the Catalyst Center on ESXi GUI from the virtual appliance.

   Note	You will see this wizard page only if you have already configured an additional network adapter for the Management interface.

   Host IPv4 address field	Enter the IP address for the Management interface. This is required only if you are using this interface to access the Catalyst Center on ESXi GUI from your management network; otherwise, you can leave it blank.
   IPv4 Netmask field	Enter the netmask for the interface's IP address.
   Default Gateway IPv4 Address field	Enter a default gateway IP address to use for the interface. Important   Ensure that you enter a default gateway IP address for at least one of your appliance's interfaces. Otherwise, you will not be able to complete the configuration wizard.
   IPv4 Static Routes field	Enter one or more static routes in the following format, separated by spaces: <network>/<netmask>/<gateway>.

   Correct validation errors, if any, to proceed. The wizard validates and applies your network adapter configurations.

   

7. In the DNS Configuration page, enter the IP address of the preferred DNS server and then click next>>. If you are entering multiple DNS servers, separate the IP addresses in the list with spaces.

   Important

   For NTP, ensure port 123 (UDP) is open between Catalyst Center on ESXi and your NTP server. Configure a maximum of three DNS servers. Problems can occur if you configure more than three DNS servers for a virtual appliance.

   The wizard updates, indicating that it needs to shut down the controller in order to validate the settings you've entered so far.

   

8. Do one of the following:

   • If you need to change any settings, click <<back as needed, make the necessary changes, and then return to this wizard page.

   • If you're happy with the settings you've entered, click proceed>>.

   

9. After validation successfully completes, do one of the following:

   • If your network does not use a proxy server to access the internet, click skip proxy>> to proceed.

   • If your network does use a proxy server, enter the configuration values in the NETWORK PROXY wizard page (as shown in the following table), then click next>>.

   HTTPS Proxy field	Enter the URL or host name of an HTTPS network proxy used to access the Internet. Note   Connection from Catalyst Center on ESXi to the HTTPS proxy is supported only through HTTP in this release.
   HTTPS Proxy Username field	Enter the user name used to access the network proxy. If no proxy login is required, leave this field blank.
   HTTPS Proxy Password field	Enter the password used to access the network proxy. If no proxy login is required, leave this field blank.

   After you provide the necessary information, correct any validation errors to proceed (if necessary).

   

10. You are next prompted to enter the virtual appliance's virtual IP address in the MAGLEV CLUSTER DETAILS wizard page. Enter the virtual IP address configured for the Enterprise interface. If you configured a virtual IP address for the Management interface, enter this address as well (using a comma to separate the two IP addresses).

    You can also specify the fully qualified domain name (FQDN) for your virtual appliance. Catalyst Center on ESXi uses this domain name to do the following:

    • It uses this hostname to access your virtual appliance’s web interface and the Representational State Transfer (REST) APIs used by devices in the enterprise network that Catalyst Center on ESXi manages.

    • In the Subject Alternative Name (SAN) field of Catalyst Center on ESXi certificates, it uses the FQDN to the define the Plug and Play server that should be used for device provisioning.

    After you provide the necessary information, click next>> to proceed. Correct validation errors, if any, as you did in previous screens.

    

11. Enter the configuration values for the settings provided in the wizard's USER ACCOUNT SETTINGS page (as described in the following table), then click next>>.

    Linux Password field	Enter and confirm the password for the maglev user.
    Re-enter Linux Password field	Confirm the Linux password by entering it a second time.
    Password Generation Seed field	If you do not want to create the Linux password yourself, enter a seed phrase in this field and then press <Generate Password> to generate the password.
    Auto Generated Password field	(Optional) The seed phrase appears as part of a random and secure password. If desired, you can either use this password "as is", or you can further edit this auto-generated password. Press <Use Generated Password> to save the password.

    After you provide the necessary information, correct any validation errors to proceed (if necessary).

    

12. Enter the configuration values for the settings provided in the wizard's NTP SERVER SETTINGS page (as described in the following table), then click next>>.

    NTP Servers field

    Enter one or more NTP server addresses or hostnames, separated by spaces. At least one NTP address or hostname is required. For a production deployment, we recommend that you configure a minimum of three NTP servers.

    NTP Authentication check box

    To enable the authentication of your NTP server before it's synchronized with Catalyst Center on ESXi, check this check box and then enter the following information: The NTP server's key ID. Valid values range between 1 and 4294967295 (2^32-1). This value corresponds to the key ID that's defined in the NTP server's key file. The SHA-1 key value associated with the NTP server's key ID. This 40-character hex string resides in the NTP server's key file. Note   Ensure that you enter a key ID and key value for each NTP server that you configured in the previous field.

    After you provide the necessary information, correct any validation errors to proceed (if necessary).

    

    A final message appears, stating that the wizard is ready to apply the configuration.

13. To apply the settings you've entered to the virtual appliance, click proceed>>.

    After the configuration process completes, the virtual appliance powers on again and displays a CONFIGURATION SUCCEEDED! message. Then, it displays the Maglev login page.

    Note	It can take from 15-30 minutes for services to be stabilized so that you can login to the Catalyst Center UI.

Step 4

Complete the Quick Start Workflow.

Step 1

After deployment completes, power on the newly-created virtual machine:

1. In the vSphere Client, right-click the virtual machine.

2. Choose Power > Power On.

Step 2

Launch either the remote console or web console by clicking the appropriate link.

Step 3

Configure the virtual machine by completing the Maglev Configuration Wizard:

1. You don't need to enter any settings in the wizard's STATIC IP CONFIGURATION page, so click skip>>.

   Static IP configuration is needed only when configuring a virtual appliance using a browser-based WEB UI mode of installation.

   

2. Click Create MKS.

   

3. Click the Start configuration of MKS in advanced mode option.

   

   The next wizard page opens, indicating that all preconfigured appliance settings (except for the container and cluster subnets) will be erased. You'll need to enter values for these settings.

   This page also indicates that if you choose this option, you won't be able to go back and use the default appliance setup workflow instead. Keep this in mind before you complete the next step.

   

4. Click proceed>>.

   After all of the preconfigured appliance settings have been erased, the next wizard page opens.

5. Do one or more of the following, then click next>>:

   • Choose IPv4 addressing.

   • If you want to enable FIPS mode, click its corresponding option. For more information regarding FIPS mode, see the "FIPS Mode Support" topic in the Cisco Catalyst Center Second-Generation Appliance Installation Guide.

   

6. You don't need to enter any settings in the Layer2 mode used for the services wizard page, so click next>>.

   

7. Enter the configuration values for NETWORK ADAPTER #1, as shown in the following table, then click next>>.

   Catalyst Center on ESXi uses this interface to link the virtual appliance with your network.

   Host IPv4 Address field	Enter the IP address for the Enterprise interface. This is required.
   IPv4 Netmask field	Enter the netmask for the interface's IP address. This is required.
   Default Gateway IPv4 Address field	Enter a default gateway IP address to use for the interface. Important   Ensure that you enter a default gateway IP address for at least one of your appliance's interfaces. Otherwise, you will not be able to complete the configuration wizard.
   IPv4 Static Routes field	Enter one or more static routes in the following format, separated by spaces: <network>/<netmask>/<gateway>. This is usually required on the Management interface only.
   Cluster Link field	Leave this field blank. It is required on the Intracluster interface only.
   LACP Mode field	Leave this field blank, as it's not applicable to virtual appliances.

   The wizard validates the values you entered and issues an error message if any are incorrect. If you receive an error message, check that the value you entered is correct, then reenter it. If necessary, click <<back to reenter it.

   

8. Enter the configuration values for NETWORK ADAPTER #2, as shown in the following table, then click next>>.

   Host IPv4 Address field	Enter the IP address for the Intracluster interface. This is required. Note that you cannot change the address of the Intracluster interface later.
   IPv4 Netmask field	Enter the netmask for the interface's IP address. This is required.
   Default Gateway IPv4 Address field	Leave this field blank.
   IPv4 Static Routes field	Leave this field blank.
   Cluster Link field	Check the check box to set this interface as the link to a Catalyst Center on ESXi cluster. This is required on the Intracluster interface only.
   LACP Mode field	Leave this field blank, as it's not applicable to virtual appliances.

   Correct validation errors, if any, to proceed. The wizard validates and applies your network adapter configurations.

   

9. Enter the configuration values for NETWORK ADAPTER #3, as shown in the following table, then click next>>.

   This interface allows you to access the Catalyst Center on ESXi GUI from the virtual appliance.

   Note	You will see this wizard page only if you have already configured an additional network adapter for the Management interface.

   Host IPv4 Address field	Enter the IP address for the Management interface. This is required only if you are using this interface to access the Catalyst Center on ESXi GUI from your management network; otherwise, you can leave it blank.
   IPv4 Netmask field	Enter the netmask for the interface's IP address. This is required.
   Default Gateway IPv4 Address field	Enter a default gateway IP address to use for the interface. Important   Ensure that you enter a default gateway IP address for at least one of your appliance's interfaces. Otherwise, you will not be able to complete the configuration wizard.
   IPv4 Static Routes field	Enter one or more static routes in the following format, separated by spaces: <network>/<netmask>/<gateway>.
   Cluster Link field	Leave this field blank. It is required on the Intracluster interface only.

   Correct validation errors, if any, to proceed. The wizard validates and applies your network adapter configurations.

   

10. In the DNS Configuration page, enter the IP address of the preferred DNS server and then click next>>. If you are entering multiple DNS servers, separate the IP addresses in the list with spaces.

    Important

    For NTP, ensure port 123 (UDP) is open between Catalyst Center on ESXi and your NTP server. Configure a maximum of three DNS servers. Problems can occur if you configure more than three DNS servers for a virtual appliance.

    The wizard updates, indicating that it needs to shut down the controller in order to validate the settings you've entered so far.

    

11. Do one of the following:

    • If you need to change any settings, click <<back as needed, make the necessary changes, and then return to this wizard page.

    • If you're happy with the settings you've entered, click proceed>>.

    

12. After validation successfully completes, the NETWORK PROXY wizard page opens. Click skip proxy>> to proceed.

    

13. Confirm that you want to skip network proxy configuration by clicking skip proxy validation>>.

    

14. Next, you are prompted to enter the virtual appliance's virtual IP addresses in the MAGLEV CLUSTER DETAILS wizard page. Since clusters are not supported by Catalyst Center on ESXi, you can leave the Cluster Virtual IP Address(s) field on this page blank.

    You can also specify the fully qualified domain name (FQDN) for your virtual appliance. Catalyst Center on ESXi uses this domain name to do the following:

    • It uses this hostname to access your virtual appliance’s web interface and the Representational State Transfer (REST) APIs used by devices in the enterprise network that Catalyst Center on ESXi manages.

    • In the Subject Alternative Name (SAN) field of Catalyst Center on ESXi certificates, it uses the FQDN to the define the Plug and Play server that should be used for device provisioning.

    After you provide the necessary information, click next>> to proceed. Correct validation errors, if any, as you did in previous screens.

    

15. Enter the configuration values for the settings provided in the wizard's USER ACCOUNT SETTINGS page (as described in the following table), then click next>>.

    Linux Password field	Enter and confirm the password for the maglev user.
    Re-enter Linux Password field	Confirm the Linux password by entering it a second time.
    Password Generation Seed field	If you do not want to create the Linux password yourself, enter a seed phrase in this field and then press <Generate Password> to generate the password.
    Auto Generated Password field	(Optional) The seed phrase appears as part of a random and secure password. If desired, you can either use this password "as is", or you can further edit this auto-generated password. Press <Use Generated Password> to save the password.

    After you provide the necessary information, correct any validation errors to proceed (if necessary).

    

16. Enter the configuration values for the settings provided in the wizard's NTP SERVER SETTINGS page (as described in the following table), then click next>>.

    NTP Servers field

    Enter one or more NTP server addresses or hostnames, separated by spaces. At least one NTP address or hostname is required. For a production deployment, we recommend that you configure a minimum of three NTP servers.

    NTP Authentication check box

    To enable the authentication of your NTP server before it's synchronized with Catalyst Center on ESXi, check this check box and then enter the following information: The NTP server's key ID. Valid values range between 1 and 4294967295 (2^32-1). This value corresponds to the key ID that's defined in the NTP server's key file. The SHA-1 key value associated with the NTP server's key ID. This 40-character hex string resides in the NTP server's key file. Note   Ensure that you enter a key ID and key value for each NTP server that you configured in the previous field.

    After you provide the necessary information, correct any validation errors to proceed (if necessary).

    A final message appears, stating that the wizard is ready to apply the configuration.

    

17. Enter the configuration values for the settings provided in the wizard's MAGLEV ADVANCED SETTINGS page, (as described in the following table), then click next>>.

    Container Subnet field

    A dedicated, non-routed IP subnet that Catalyst Center on ESXi uses to manage internal services. By default, this is already set to 169.254.32.0/20, and we recommend that you use this subnet. If you choose to enter another subnet, ensure that it does not conflict with or overlap any other subnet used by the Catalyst Center on ESXi internal network or an external network. For more information, see the Container Subnet description in the Catalyst Center Second-Generation Appliance Installation Guide's "Required IP Addresses and Subnets" topic.

    Cluster Subnet field

    A dedicated, non-routed IP subnet that Catalyst Center on ESXi uses to manage internal cluster services. By default, this is already set to 169.254.48.0/20, and we recommend that you use this subnet. If you choose to enter another subnet, ensure that it does not conflict with or overlap any other subnet used by the Catalyst Center on ESXi internal network or an external network. For more information, see the Cluster Subnet description in the Catalyst Center Second-Generation Appliance Installation Guide's "Required IP Addresses and Subnets" topic.

    After you provide the necessary information, correct any validation errors to proceed (if necessary).

    A final message appears, stating that the wizard is ready to apply the configuration.

    

18. To apply the settings you've entered to the virtual appliance, click proceed>>.

    After the configuration process completes, the virtual appliance powers on again and displays a CONFIGURATION SUCCEEDED! message.

    It takes around 180 to 210 minutes for the virtual machine to become operational. The actual time will depend on things like available bandwidth, RAM, hard disk space, and the number of vCPUs. You can monitor the progress in the vSphere Client's Recent Tasks tab.

    
    

Step 4

Complete the Quick Start Workflow.

Step 1

After deployment completes, power on the newly-created virtual machine:

1. In the vSphere Client, right-click the virtual machine.

2. Choose Power > Power On.

Step 2

Launch either the remote console or web console by clicking the appropriate link.

Step 3

Configure the virtual machine by completing the Maglev Configuration Wizard:

1. You don't need to enter any settings in the wizard's STATIC IP CONFIGURATION page, so click skip>>.

   Static IP configuration is needed only when configuring a virtual appliance using a browser-based WEB UI mode of installatoin.

   

2. Click Create MKS.

   

3. Click the Start configuration of MKS in advanced mode option.

   

   The next wizard page opens, indicating that all preconfigured appliance settings (except for the container and cluster subnets) will be erased. You'll need to enter values for these settings.

   This page also indicates that if you choose this option, you won't be able to go back and use the default appliance setup workflow instead. Keep this in mind before you complete the next step.

4. Click proceed>>.

   After all of the preconfigured appliance settings have been erased, the next wizard page opens.

   

5. Deselect IPv4 mode and select IPv6 mode to configure IPv6 parameters.

   

6. You don't need to enter any settings in the Layer2 mode used for the services wizard page, so click next>>.

   

7. Enter the configuration values for NETWORK ADAPTER #1, as shown in the following table, then click next>>.

   Catalyst Center on ESXi uses this interface to link the virtual appliance with your network.

   Host IPv6 Address field	Enter the IPv6 address for the Enterprise interface. This is required.
   IPv6 Prefix Length field	Enter the prefix length (in bits) for the interface's IPv6 address.
   Default Gateway IPv4/IPv6 Address field	Enter a default gateway IPv6 address to use for the interface. Important   Ensure that you enter a default gateway IP address for at least one of your appliance's interfaces. Otherwise, you will not be able to complete the configuration wizard.
   IPv4/IPv6 Static Routes field	Enter one or more static routes in the following format, separated by spaces: <network>/<netmask>/<gateway>. This is usually required on the Catalyst Center on ESXi Management interface only.
   Cluster Link field	Leave this field blank. It is required on the Intracluster interface only.
   LACP Mode field	Leave this field blank, as it's not applicable to virtual appliances.

   The wizard validates the values you entered and issues an error message if any are incorrect. If you receive an error message, check that the value you entered is correct, then reenter it. If necessary, click <<back to reenter it.

   

8. Enter the configuration values for NETWORK ADAPTER #2, as shown in the following table, then click next>>.

   Host IPv6 Address field	Enter the IP address for the Intracluster interface. This is required. Note that you cannot change the address of the Intracluster interface later.
   IPv6 Prefix Length field	Enter the prefix length for the interface's IPv6 address. This is required.
   Default Gateway IPv6 Address field	Leave this field blank.
   IPv6 Static Routes field	Leave this field blank.
   Cluster Link field	Check the check box to set this interface as the link to a Catalyst Center on ESXi cluster. This is required on the Intracluster interface only.
   LACP Mode field	Leave this field blank, as it's not applicable to virtual appliances.

   Correct validation errors, if any, to proceed. The wizard validates and applies your network adapter configurations.

   

9. Enter the configuration values for NETWORK ADAPTER #3, as shown in the following table, then click next>>.

   This interface allows you to access the Catalyst Center on ESXi GUI from the virtual appliance.

   Note	You will see this wizard page only if you have already configured an additional network adapter for the Management interface.

   Host IPv6 Address field	Enter the IPv6 address for the Management interface. This is required only if you are using this interface to access the Catalyst Center on ESXi GUI from your management network; otherwise, you can leave it blank.
   IPv6 Prefix Length field	Enter the prefix length for the interface's IPv6 address. This is required.
   Default Gateway IPv6 Address field	Enter a default gateway IP address to use for the interface. Important   Ensure that you enter a default gateway IP address for at least one of your appliance's interfaces. Otherwise, you will not be able to complete the configuration wizard.
   IPv6 Static Routes field	Enter one or more static routes in the following format, separated by spaces: <network>/<netmask>/<gateway>.
   Cluster Link field	Leave this field blank. It is required on the Intracluster interface only.

   Correct validation errors, if any, to proceed. The wizard validates and applies your network adapter configurations.

   

10. In the DNS Configuration page, enter the IPv6 address of the preferred DNS server and then click next>>. If you are entering multiple DNS servers, separate the IP addresses in the list with spaces.

    Important

    For NTP, ensure port 123 (UDP) is open between Catalyst Center on ESXi and your NTP server. Configure a maximum of three DNS servers. Problems can occur if you configure more than three DNS servers for a virtual appliance.

    The wizard updates, indicating that it needs to shut down the controller in order to validate the settings you've entered so far.

    

11. Do one of the following:

    • If you need to change any settings, click <<back as needed, make the necessary changes, and then return to this wizard page.

    • If you're happy with the settings you've entered, click proceed>>.

    

12. After validation successfully completes, do one of the following:

    • If your network does not use a proxy server to access the internet, click skip proxy>> to proceed.

    • If your network does use a proxy server, enter the configuration values in the NETWORK PROXY wizard page (as shown in the following table), then click next>>.

    HTTPS Proxy field	Enter the URL or host name of an HTTPS network proxy used to access the Internet. Note   Connection from Catalyst Center on ESXi to the HTTPS proxy is supported only through HTTP in this release.
    HTTPS Proxy Username field	Enter the user name used to access the network proxy. If no proxy login is required, leave this field blank.
    HTTPS Proxy Password field	Enter the password used to access the network proxy. If no proxy login is required, leave this field blank.

    After you provide the necessary information, correct any validation errors to proceed (if necessary).

    

13. Next, you are prompted to enter the virtual appliance's virtual IP addresses in the MAGLEV CLUSTER DETAILS wizard page. Since clusters are not supported by Catalyst Center on ESXi, you can leave the Cluster Virtual IP Address(s) field on this page blank.

    You can also specify the fully qualified domain name (FQDN) for your virtual appliance. Catalyst Center on ESXi uses this domain name to do the following:

    • It uses this hostname to access your virtual appliance’s web interface and the Representational State Transfer (REST) APIs used by devices in the enterprise network that Catalyst Center on ESXi manages.

    • In the Subject Alternative Name (SAN) field of Catalyst Center on ESXi certificates, it uses the FQDN to the define the Plug and Play server that should be used for device provisioning.

    After you provide the necessary information, click next>> to proceed. Correct validation errors, if any, as you did in previous screens.

    

14. Enter the configuration values for the settings provided in the wizard's USER ACCOUNT SETTINGS page (as described in the following table), then click next>>.

    Linux Password field	Enter and confirm the password for the maglev user.
    Re-enter Linux Password field	Confirm the Linux password by entering it a second time.
    Password Generation Seed field	If you do not want to create the Linux password yourself, enter a seed phrase in this field and then press <Generate Password> to generate the password.
    Auto Generated Password field	(Optional) The seed phrase appears as part of a random and secure password. If desired, you can either use this password "as is", or you can further edit this auto-generated password. Press <Use Generated Password> to save the password.

    After you provide the necessary information, correct any validation errors to proceed (if necessary).

    

15. Enter the configuration values for the settings provided in the wizard's NTP SERVER SETTINGS page (as described in the following table), then click next>>.

    NTP Servers field

    Enter one or more NTP server addresses or hostnames, separated by spaces. At least one NTP address or hostname is required. For a production deployment, we recommend that you configure a minimum of three NTP servers to improve availability, time, and accuracy.

    NTP Authentication check box

    To enable the authentication of your NTP server before it's synchronized with Catalyst Center on ESXi, check this check box and then enter the following information: The NTP server's key ID. Valid values range between 1 and 4294967295 (2^32-1). This value corresponds to the key ID that's defined in the NTP server's key file. The SHA-1 key value associated with the NTP server's key ID. This 40-character hex string resides in the NTP server's key file. Note   Ensure that you enter a key ID and key value for each NTP server that you configured in the previous field.

    After you provide the necessary information, correct any validation errors to proceed (if necessary).

    A final message appears, stating that the wizard is ready to apply the configuration.

    

16. Enter the configuration values for the settings provided in the wizard's MAGLEV ADVANCED SETTINGS page, (as described in the following table), then click next>>.

    Container Subnet field	A dedicated, non-routed IPv6 subnet that Catalyst Center on ESXi uses to manage internal services. If you choose to enter another subnet, ensure that it does not conflict with or overlap any other subnet used by the Catalyst Center on ESXi internal network or an external network.
    Cluster Subnet field	A dedicated, non-routed IPv6 subnet that Catalyst Center on ESXi uses to manage internal cluster services. If you choose to enter another subnet, ensure that it does not conflict with or overlap any other subnet used by the Catalyst Center on ESXi internal network or an external network.

    After you provide the necessary information, correct any validation errors to proceed (if necessary).

    A final message appears, stating that the wizard is ready to apply the configuration.

    

17. To apply the settings you've entered to the virtual appliance, click proceed>>.

    After the configuration process completes, the virtual appliance powers on again and displays a CONFIGURATION SUCCEEDED! message.

    It takes around 180 to 210 minutes for the virtual machine to become operational. The actual time will depend on things like available bandwidth, RAM, hard disk space, and the number of vCPUs. You can monitor the progress in the vSphere Client's Recent Tasks tab.

    

Step 4

Complete the Quick Start Workflow.

Step 1

After deployment completes, power on the newly-created virtual machine:

1. In the vSphere Web Client, right-click the virtual machine.

2. Choose Power > Power On.

Step 2

Launch either the remote console or web console by clicking the appropriate link.

Step 3

Open the Install Configuration wizard:

1. In the STATIC IP CONFIGURATION page, do one of the following:

   • If you want a DHCP server to assign an IP address, subnet mask, and default gateway to your virtual appliance's Enterprise interface, click skip>>.

   • If you want to assign your own IP address, subnet mask, and default gateway to your virtual appliance's Enterprise interface, enter the information described in the following table and then click configure>>.

   

   Note	The IPv6 Mode check box is for enabling IPv6 addressing in advanced mode only. For IPv4 deployments, this check box needs to be unchecked.

   IPv6 Mode check box	If you want to enable IPv6 addressing, you'll need to do so using the Advanced Install Configuration wizard. Leave this check box unchecked to use IPv4 addressing.
   IP Address field	Enter the static IP address that you want to use.
   Netmask field	Enter the netmask for the IP address you specified in the previous field. You can enter either a netmask or CIDR address.
   Default Gateway Address field	Specify the default gateway that will be used to route traffic.
   Static Routes field	You can't specify static routes when using this wizard, so leave this field blank.

   Note the URL listed in the Web Installation field. You'll need this for the next step.

   

2. Open the URL that was displayed in the Static IP Configuration page.

   

3. Click the Start a Catalyst Center Virtual Appliance radio button, then click Next.

   

4. Click the Install radio button, then click Start.

   The Overview slider opens. Click > to view a summary of the tasks that the wizard will help you complete.

   

5. Click Start Workflow to start the wizard.

   The Virtual Appliance Interfaces page opens.

   

Step 4

Configure your virtual appliance by completing the Install Configuration wizard:

1. Click Next.

   

   The DNS Configuration page opens.

2. In the DNS field, enter the IP address of the preferred DNS server. To enter additional DNS servers, click the Add (+) icon.

   Important

   You can configure a maximum of three DNS servers. Problems can occur if you configure more than three DNS servers for an appliance.

3. Click Next.

   

   The Configure Proxy Server Information page opens.

4. Do one of the following:

   • If your network does not use a proxy server to access the internet, click the No radio button and then click Next.

   • If your network does use a proxy server to access the internet, enter the values described in the following table and then click Next.

   Proxy Server field	Enter the URL or host name of an HTTPS network proxy used to access the Internet. Note   Connection from Catalyst Center on ESXi to the HTTPS proxy is supported only via HTTP in this release.
   Port field	Enter the port that your appliance used to access the network proxy.
   Username field	Enter the username used to access the network proxy. If no proxy login is required, leave this field blank.
   Password field	Enter the password used to access the network proxy. If no proxy login is required, leave this field blank.

   

   The wizard's Advanced Appliance Settings page opens.

5. Enter configuration values for your appliance, then click Next.

   Cluster Virtual IP Addresses
   To access from Enterprise Network and For Intracluster Access fields	Enter the virtual IP address configured for the Enterprise interface. If you configured a virtual IP address for the Management interface, enter this address as well (using a comma to separate the two IP addresses).
   Fully Qualified Domain Name (FQDN) field	You can also specify the fully qualified domain name (FQDN) for your virtual appliance. Catalyst Center on ESXi uses this domain name to do the following: It uses this hostname to access your virtual appliance’s web interface and the Representational State Transfer (REST) APIs used by devices in the enterprise network that Catalyst Center on ESXi manages. In the Subject Alternative Name (SAN) field of Catalyst Center on ESXi certificates, it uses the FQDN to the define the Plug and Play server that should be used for device provisioning.
   NTP Server Settings
   NTP Server field	Enter at least one NTP server address or hostname. To enter additional NTP server addresses or hostnames, click the Add (+) icon. For a production deployment, Cisco recommends that you configure a minimum of three NTP servers.
   Turn on NTP Authentication check box	To enable the authentication of your NTP server before it's synchronized with Catalyst Center on ESXi, check this check box and then enter the following information: The NTP server's key ID. Valid values range between 1 and 4294967295 (2^32-1). This value corresponds to the key ID that's defined in the NTP server's key file. The SHA-1 key value associated with the NTP server's key ID. This 40-character hex string resides in the NTP server's key file. Note   Ensure that you enter a key ID and key value for each NTP server that you configured in the previous field.
   Subnet Settings
   Container Subnet field	A dedicated, non-routed IP subnet that Catalyst Center on ESXi uses to manage internal services. By default, this is already set to 169.254.32.0/20, and you cannot enter another subnet.
   Cluster Subnet field	A dedicated, non-routed IP subnet that Catalyst Center on ESXi uses to manage internal cluster services. By default, this is already set to 169.254.48.0/20, and you cannot enter another subnet.

   

   The Enter CLI Password page opens.

6. Enter and confirm the password for the maglev user, then click Next.

   

   The wizard validates the information that you entered and notifies you of any settings that need to be changed before you can proceed with the wizard. If the settings you entered are valid, the wizard's Summary page opens.

   Note	To download the appliance configuration as a JSON file, click the corresponding link.

7. Scroll to the bottom of the screen and review all of the settings that you have entered while completing the wizard. If necessary, click the appropriate Edit link to open the wizard screen in which you want to make updates.

   

8. To complete the configuration of your Catalyst Center on ESXi virtual appliance, click Start Configuration.

   The wizard screen continuously updates during the process, indicating the tasks that are currently being completed and their progress, as well as any errors that have occurred. To save a local copy of this information as a text file, click the Download link.

   

Step 5

After appliance configuration completes, click the copy icon to copy the default admin superuser password.

Step 1

After deployment completes, power on the newly-created virtual machine:

1. In the vSphere Web Client, right-click the virtual machine.

2. Choose Power > Power On.

Step 2

Launch either the remote console or web console by clicking the appropriate link.

Step 3

Open the Advanced Install Configuration wizard:

1. In the STATIC IP CONFIGURATION page, do one of the following:

   • If you want a DHCP server to assign an IP address, subnet mask, and default gateway to your virtual appliance's Enterprise interface, click skip>>.

   • If you want to assign your own IP address, subnet mask, and default gateway to your virtual appliance's Enterprise interface, enter the information described in the following table and then click configure>>.

   

   IPv6 Mode check box	IPv6 is supported. However, if you want to deploy IPv4, leave this check box unchecked.
   IP Address field	Enter the static IP address that you want to use.
   Netmask field	Enter either a netmask or CIDR address for the IP address you specified in the previous field.
   Default Gateway Address field	Specify the default gateway that will be used to route traffic.
   Static Routes field	You can't specify static routes when using this wizard, so leave this field blank.

   

   Note the URL listed in the Web Installation field. You'll need this for the next step.

2. Open the URL that was displayed in the Static IP Configuration page.

3. Click the Start a Catalyst Center Virtual Appliance radio button, then click Next.

   

4. Click the Advanced Install radio button, then click Start.

   The Advanced Install Overview slider opens. Click > to view a summary of the tasks that the wizard will help you complete.

   

5. Click Start Workflow to start the wizard.

   The Virtual Appliance Interface Overview page opens, providing a description of the four appliance interfaces that you can configure.

   

Step 4

Configure your virtual appliance by completing the Advanced Install Configuration wizard:

1. Click Next.

   

   The How would you like to set up your appliance interfaces? page opens

   

   If your network resides behind a firewall, do the following:

   • Click the allow access to these URLs link to view a pop-up window that lists the URLs that Catalyst Center on ESXi must be able to access.

   • Click the open these ports link to view a pop-up window that lists the network service ports that must be available for Catalyst Center on ESXi to use.

   By default, the Enterprise Network Interface check box is already checked. It's also prepopulated with the values you entered in the STATIC IP CONFIGURATION page.

2. Do the following for each appliance interface you want to use, then click Next:

   • Click its check box and enter the appropriate configuration values.

   • If necessary, click its Add/Edit Static Route link to configure static routes. Click + as needed to configure additional routes. When you're done, click Add.

   The DNS Configuration screen opens.

3. Enter the IP address of the preferred DNS server, then click Next. To enter additional DNS servers, click the Add (+) icon.

   Important

   For each node in your cluster, configure a maximum of three DNS servers. Problems can occur if you configure more than three DNS servers for an appliance. For NTP, ensure port 123 (UDP) is open between Catalyst Center on ESXi and your NTP server.

   

   The Configure Proxy Server Information screen opens.

4. Do one of the following and then click Next:

   • If your network does not use a proxy server to access the internet, click the No radio button.

   • If your network does use a proxy server to access the internet, enter the values described in the following table:

   Proxy Server field	Enter the URL or host name of an HTTPS network proxy used to access the Internet. Note   Connection from Catalyst Center on ESXi to the HTTPS proxy is supported only via HTTP in this release.
   Port field	Enter the port your appliance used to access the network proxy.
   Username field	Enter the user name used to access the network proxy. If no proxy login is required, leave this field blank.
   Password field	Enter the password used to access the network proxy. If no proxy login is required, leave this field blank.

   

   The wizard validates the information you have entered and notifies you of any settings that need to be changed before you can proceed with the wizard. If the settings you have entered are valid and the port is up, the wizard's Advanced Appliance Settings screen opens.

5. Enter configuration values for your appliance, then click Next.

   

   Cluster Virtual IP Addresses
   To access from Enterprise Network and For Intracluster Access fields	Enter the virtual IP address configured for the Enterprise interface. If you configured a virtual IP address for the Management interface, enter this address as well (using a comma to separate the two IP addresses).
   Fully Qualified Domain Name (FQDN) field	You can also specify the fully qualified domain name (FQDN) for your virtual appliance. Catalyst Center on ESXi uses this domain name to do the following: It uses this hostname to access your virtual appliance’s web interface and the Representational State Transfer (REST) APIs used by devices in the enterprise network that Catalyst Center on ESXi manages. In the Subject Alternative Name (SAN) field of Catalyst Center on ESXi certificates, it uses the FQDN to the define the Plug and Play server that should be used for device provisioning.
   NTP Server Settings
   NTP Server field	Enter at least one NTP server address or hostname. To enter additional NTP server addresses or hostnames, click the Add (+) icon. For a production deployment, Cisco recommends that you configure a minimum of three NTP servers.
   Turn On NTP Authentication check box	To enable the authentication of your NTP server before it's synchronized with Catalyst Center on ESXi, check this check box and then enter the following information: The NTP server's key ID. Valid values range between 1 and 4294967295 (2^32-1). This value corresponds to the key ID that's defined in the NTP server's key file. The SHA-1 key value associated with the NTP server's key ID. This 40-character hex string resides in the NTP server's key file. Note   Ensure that you enter a key ID and key value for each NTP server that you configured in the previous field.
   Subnet Settings
   Container Subnet field	A dedicated, non-routed IP subnet that Catalyst Center on ESXi uses to manage internal services. By default, this is already set to 169.254.32.0/20, and we recommend that you use this subnet.
   Cluster Subnet field	A dedicated, non-routed IP subnet that Catalyst Center on ESXi uses to manage internal cluster services. By default, this is already set to 169.254.48.0/20, and we recommend that you use this subnet.

   The Enter CLI Password page opens.

6. Enter and confirm the password for the maglev user, then click Next.

   

   The wizard validates the information you have entered and notifies you of any settings that need to be changed before you can proceed with the wizard. If the settings you have entered are valid, the wizard's Summary page opens.

   Note	To download the appliance configuration as a JSON file, click the corresponding link.

   

7. Scroll to the bottom of the screen and review all of the settings that you have entered while completing the wizard. If necessary, click the appropriate Edit link to open the wizard screen in which you want to make updates.

8. To complete the configuration of your Catalyst Center on ESXi virtual appliance, click Start Configuration.

   

   The wizard screen continuously updates during the process, indicating the tasks that are currently being completed and their progress, as well as any errors that have occurred. To save a local copy of this information as a text file, click the Download link.

   It takes around 180 to 210 minutes for the virtual machine to become operational. The actual time will depend on things like available bandwidth, RAM, hard disk space, and the number of vCPUs. You can monitor the progress in the vSphere Client's Recent Tasks tab.

   

Step 5

After appliance configuration completes, click the copy icon to copy the default admin superuser password.

Step 1

After deployment completes, power on the newly-created virtual machine:

1. In the vSphere Web Client, right-click the virtual machine.

2. Choose Power > Power On.

Step 2

Launch either the remote console or web console by clicking the appropriate link.

Step 3

Open the Advanced Install Configuration wizard:

1. In the STATIC IP CONFIGURATION page, do one of the following:

   • If you want a DHCP server to assign an IP address, subnet mask, and default gateway to your virtual appliance's Enterprise interface, click skip>>.

   • If you want to assign your own IP address, subnet mask, and default gateway to your virtual appliance's Enterprise interface, enter the information described in the following table and then click configure>>.

   

   IPv6 Mode check box	IPv6 is supported. However, if you want to deploy IPv4, leave this check box unchecked.
   IP Address field	Enter the static IPv6 address that you want to use.
   Netmask field	Enter either a netmask or CIDR address for the IP address you specified in the previous field.
   Default Gateway Address field	Specify the default gateway that will be used to route traffic.
   Static Routes field	You can't specify static routes when using this wizard, so leave this field blank.

   

   Note the URL listed in the Web Installation field. You'll need this for the next step.

2. Open the URL that was displayed in the Static IP Configuration page.

3. Click the Start a Catalyst Center Virtual Appliance radio button, then click Next.

   

4. Click the Advanced Install radio button, then click Start.

   The Advanced Install Overview slider opens. Click > to view a summary of the tasks that the wizard will help you complete.

   

5. Click Start Workflow to start the wizard.

   The Virtual Appliance Interface Overview page opens, providing a description of the four appliance interfaces that you can configure.

   

Step 4

Configure your virtual appliance by completing the Advanced Install Configuration wizard:

1. Click Next.

   

   The How would you like to set up your appliance interfaces? page opens.

   

   If your network resides behind a firewall, do the following:

   • Click the allow access to these URLs link to view a pop-up window that lists the URLs that Catalyst Center on ESXi must be able to access.

   • Click the open these ports link to view a pop-up window that lists the network service ports that must be available for Catalyst Center on ESXi to use.

   By default, the Enterprise Network Interface check box is already checked. It's also prepopulated with the values you entered in the STATIC IP CONFIGURATION page.

2. Do the following for each appliance interface you want to use, then click Next:

   • Click its check box and enter the appropriate configuration values.

   • If necessary, click its Add/Edit Static Route link to configure static routes. Click + as needed to configure additional routes. When you're done, click Add.

   The DNS Configuration screen opens.

3. Enter the IP address of the preferred DNS server, then click Next. To enter additional DNS servers, click the Add (+) icon.

   Important

   For each node in your cluster, configure a maximum of three DNS servers. Problems can occur if you configure more than three DNS servers for an appliance. For NTP, ensure port 123 (UDP) is open between Catalyst Center on ESXi and your NTP server.

   

   The Configure Proxy Server Information screen opens.

4. Do one of the following and then click Next:

   • If your network does not use a proxy server to access the internet, click the No radio button.

   • If your network does use a proxy server to access the internet, enter the values described in the following table:

   Proxy Server field	Enter the URL or host name of an HTTPS network proxy used to access the Internet. Note   Connection from Catalyst Center on ESXi to the HTTPS proxy is supported only via HTTP in this release.
   Port field	Enter the port your appliance used to access the network proxy.
   Username field	Enter the user name used to access the network proxy. If no proxy login is required, leave this field blank.
   Password field	Enter the password used to access the network proxy. If no proxy login is required, leave this field blank.

   

   The wizard validates the information you have entered and notifies you of any settings that need to be changed before you can proceed with the wizard. If the settings you have entered are valid and the port is up, the wizard's Advanced Appliance Settings screen opens.

5. Enter configuration values for your appliance, then click Next.

   

   Cluster Virtual IP Addresses
   To access from Enterprise Network and For Intracluster Access fields	Enter the virtual IP address configured for the Enterprise interface. If you configured a virtual IP address for the Management interface, enter this address as well (using a comma to separate the two IP addresses).
   Fully Qualified Domain Name (FQDN) field	You can also specify the fully qualified domain name (FQDN) for your virtual appliance. Catalyst Center on ESXi uses this domain name to do the following: It uses this hostname to access your virtual appliance’s web interface and the Representational State Transfer (REST) APIs used by devices in the enterprise network that Catalyst Center on ESXi manages. In the Subject Alternative Name (SAN) field of Catalyst Center on ESXi certificates, it uses the FQDN to the define the Plug and Play server that should be used for device provisioning.
   NTP Server Settings
   NTP Server field	Enter at least one NTP server address or hostname. To enter additional NTP server addresses or hostnames, click the Add (+) icon. For a production deployment, Cisco recommends that you configure a minimum of three NTP servers.
   Turn On NTP Authentication check box	To enable the authentication of your NTP server before it's synchronized with Catalyst Center on ESXi, check this check box and then enter the following information: The NTP server's key ID. Valid values range between 1 and 4294967295 (2^32-1). This value corresponds to the key ID that's defined in the NTP server's key file. The SHA-1 key value associated with the NTP server's key ID. This 40-character hex string resides in the NTP server's key file. Note   Ensure that you enter a key ID and key value for each NTP server that you configured in the previous field.
   Subnet Settings
   Container Subnet field	A dedicated, non-routed IPv6 subnet that Catalyst Center on ESXi uses to manage internal services. If you choose to enter another subnet, ensure that it does not conflict with or overlap any other subnet used by the Catalyst Center on ESXi internal network or an external network.
   Cluster Subnet field	A dedicated, non-routed IP subnet that Catalyst Center on ESXi uses to manage internal cluster services. If you choose to enter another subnet, ensure that it does not conflict with or overlap any other subnet used by the Catalyst Center on ESXi internal network or an external network.

   The Enter CLI Password page opens.

6. Enter and confirm the password for the maglev user, then click Next.

   

   The wizard validates the information you have entered and notifies you of any settings that need to be changed before you can proceed with the wizard. If the settings you have entered are valid, the wizard's Summary page opens.

   Note	To download the appliance configuration as a JSON file, click the corresponding link.

   

7. Scroll to the bottom of the screen and review all of the settings that you have entered while completing the wizard. If necessary, click the appropriate Edit link to open the wizard screen in which you want to make updates.

8. To complete the configuration of your Catalyst Center on ESXi virtual appliance, click Start Configuration.

   

   The wizard screen continuously updates during the process, indicating the tasks that are currently being completed and their progress, as well as any errors that have occurred. To save a local copy of this information as a text file, click the Download link.

   It takes around 180 to 210 minutes for the virtual machine to become operational. The actual time will depend on things like available bandwidth, RAM, hard disk space, and the number of vCPUs. You can monitor the progress in the vSphere Client's Recent Tasks tab.

   

Step 5

After appliance configuration completes, click the copy icon to copy the default admin superuser password.

Step 1

From the location specified by Cisco, download the Catalyst Center on ESXi OVA file.

Step 2

From the same URL, download the CC VA Launcher bundle (DNAC-SW-Launcher-2.3.7.4-VA.tar.gz) and extract it.

Step 3

Start the CC VA Launcher in interactive mode by entering the command that's specific to your operating system:

Step 4

Complete the CC VA Launcher:

1. For the host/vCenter server you want to deploy the virtual appliance on, enter its IP address, credentials, and SSL port number.

   The launcher will verify connectivity with the host/vCenter server.

2. Enter the path to the Catalyst Center on ESXi OVA file.

   If you're specifying a Microsoft Windows path, use "\\" as the delimiter. Your path should look similar to the following example: C:\\Users\\dnac\\downloads\\esxi_10.ova

3. Enter the name of the virtual machine you are going to create.

4. Choose the provisioning format the virtual disk will use, then press Enter.

   The thick provisioned format is set by default, but both thin and thick provisioning formats are supported.

   Note	For NFS datastores, thick provisioning is supported only if the underlying storage vendor supports it. If not, the datastore's default provisioning format will be picked during import.

5. Choose one of the following discovery modes, then press Enter:

   Note	This step is not applicable to standalone ESXi hosts. Proceed to Step 4h.

   • Discover all the VMware Datacenters: When selected, only the datacenters that you have access to and meet Catalyst Center on ESXi's memory, CPU reservation, and disk space requirements are listed.

   • List all available VMware Datacenters: When selected, all available datacenters are listed.

6. Choose the datacenter you want to use, then press Enter.

   The discovery time will vary, depending on network latency and the number of entities in the target environment (host/cluster/virtual machine/datastore).

7. If clusters or directly-attached hosts are available, you are prompted to choose the corresponding deployment target option:

   • If you choose the cluster option, suitable clusters and their unreserved resources are listed. Specify the cluster you want to use and proceed to Step 4h.

     Note	A warning message is displayed if the cluster you chose does not have vSphere HA enabled, as well as the cluster's Distributed Resource Scheduler (DRS) status.

   • If you choose the directly-attached hosts option (or choose the cluster option and DRS is disabled), suitable hosts are listed. Specify the host you want to use and proceed to Step 4h.

     Note	If DRS is enabled and a resource pool is found, you are prompted to confirm the resource pool's use in your deployment.

8. The suitable datastores that are available, based on the disk provisioning format you chose previously, are listed. Specify the datastore you want to use.

   Note	For NFS datastores, thick provisioning is supported only if the underlying storage vendor supports it. If not, the datastore's default provision will be picked during import.

9. Enter either y or n to specify whether you want to configure the virtual appliance's Management interface.

   A list of available networks is displayed.

10. Choose the network you want to use for the appliance's Enterprise interface.

    If you chose y in the previous step, you'll also need to choose the network you want to use for the appliance's Management interface.

11. Enter the IP address and subnet mask for the Enterprise interface:

    • If you opted to configure only the Enterprise interface (by entering n in Step 4i), enter the IP address of the gateway to be used by the Enterprise interface.

    • If you entered y in Step 4i, enter y and then configure the default gateway that the Enterprise interface will use.

    Note	The default gateway can be configured only for one of the appliance's interfaces. If you want to configure the default gateway on the Management interface, enter n.

12. Enter y or n to specify whether you want to configure static routes for the Enterprise interface.

    If you enter y, enter the number of static routes you want to set up. Also enter each route in the following format: <network>/<netmask>/<gateway>.

13. If you opted to configure the appliance's Management interface (by entering y in Step 4i), enter its IP address and subnet mask.

14. If you entered n in Step 4k, enter the default gateway that the Management interface will use.

15. Enter y or n to specify whether you want to configure static routes for the Management interface.

    If you enter y, enter the number of static routes you want to set up. Also enter each route in the following format: <network>/<netmask>/<gateway>.

16. Enter y or n to specify whether you want to configure a proxy server.

    Note	Only HTTP proxies are supported.

17. If you entered y in the previous step, specify whether authentication has been enabled for your proxy server by entering y or n.

18. If you entered y in the previous step, enter your proxy server's login credentials.

19. Enter the number of DNS servers you want to configure.

    You must configure at least one server and can configure a maximum of three. If prompted, enter the IP address for the DNS servers you want to configure.

20. Enter the number of NTP servers you want to configure.

    You must configure at least one server and can configure a maximum of three. If prompted, enter the IP address for the NTP servers you want to configure.

21. Specify whether you want to configure a fully qualified domain name (FQDN) by entering y or n.

    If you enter y, enter the appropriate FQDN.

    Note	Except for hyphens (-), the FQDN should not contain any special characters.

22. Enter and then confirm the Maglev password. The password is used to access the shell and grant SSH access.

    The password must meet the following requirements:

    • Minimum length of eight characters.

    • Cannot contain a tab or a line break.

    • Contains characters from at least three of the following categories:

      • Uppercase letters (A–Z)

      • Lowercase letters (a–z)

      • Numbers (0–9)

      • Special characters (for example, ! or #)

    A summary of the settings you just entered are displayed.

23. Start the deployment and configuration process by entering y.

    The launcher completes the following tasks:

    1. Imports the OVA file.

    2. Adds the interface to the virtual machine if you have opted to configure the Management interface.

    3. Applies the Catalyst Center on ESXi network configuration to the virtual machine.

    4. Checks whether the Enable Storage I/O Control and statistics collection option has been enabled and displays a message if it hasn't.

    5. Powers on the deployed virtual machine.

    Note	The time necessary to complete deployment depends on the available network bandwidth and datastore throughput.

Step 5

After the Catalyst Center on ESXi virtual appliance powers on, log in to the host/vCenter server you deployed and open the virtual appliance's VMWare console.

Step 6

Log in, using the same Maglev password you entered in Step 4v.

Step 7

When all of the Catalyst Center on ESXi services are up, open a supported browser and type in the IP address you entered for the Enterprise interface in Step 4k. If you configured the Management interface, enter the IP address you entered for it in Step 4m.

Step 8

When prompted by the Catalyst Center on ESXi GUI, enter the default credentials (admin/maglev1@3) to log in.

Step 1

From the location specified by Cisco, download the Catalyst Center on ESXi OVA file.

Step 2

From the same URL, download the launcher bundle (DNAC-SW-Launcher-2.3.7.4-VA.tar.gz) and extract it.

Step 3

Navigate to the directory where the CC VA Launcher bundle files were extracted and open the configuration file in a text editor.

Step 4

For the parameters provided in the configuration file, enter the values specific to your deployment.

Step 5

Run the CC VA Launcher using the values you specified in the configuration file:

Step 6

After the virtual appliance powers on, enter the host/vCenter server's credentials to open the appliance's VMware console.

Step 7

Log in, using maglev as the username and the password you specified in Step 5.

Step 8

After all of the Catalyst Center on ESXi services come up, use a supported browser to open the IP address you specified for the Enterprise interface in the configuration file.

Step 9

Log in, using admin as the username and maglev1@3 as the password.

Step 1

Do one of the following:

Step 2

Ignore the message and click Advanced.

Step 3

Ignore the message and do one of the following:

Step 4

Click Log In.

Step 5

Do one of the following and then click Login:

Step 6

Do the following in the resulting dialog box, then click Submit.

Step 7

Click Log In.

Step 8

Enter the username and password you configured for the new admin user, then click Login.

Step 9

Enter your cisco.com username and password (which are used to register software downloads and receive system communications) and then click Next.

Step 10

After reviewing these documents, click Next to accept the EULA.

Step 11

Complete the Quick Start workflow:

1. Click Let's Do it.

2. In the Discover Devices: Provide IP Ranges page, enter the following information and then click Next:

   • The name for the device discovery job.

   • The IP address ranges of the devices you want to discover. Click + to enter additional ranges.

   • Specify whether you want to designate your appliance's loopback address as its preferred management IP address. For more information, see the "Preferred Management IP Address" topic in the Cisco Catalyst Center User Guide.

3. In the Discover Devices: Provide Credentials screen, enter the information described in the following table for the type of credentials you want to configure and then click Next:

   

   GUI Components	Description
   CLI (SSH) Credentials
   Username field	Username used to log in to the CLI of the devices in your network.
   Password field	Password used to log in to the CLI of the devices in your network. The password you enter must be at least eight characters long.
   Name/Description field	Name or description of the CLI credentials.
   Enable Password field	Password used to enable a higher privilege level in the CLI. Configure this password only if your network devices require it.
   SNMP Credentials
   SNMPv2c radio button	Click to use SNMPv2c credentials.
   SNMPv3 radio button	Click to use SNMPv3 credentials.
   SNMP Credentials: SNMPv2c
   SNMPv2c Type drop-down list	Choose either read or write community strings when SNMPv2c credentials are being used.
   Name/Description field	Name or description of the SNMPv2c read or write community string.
   Community String field	Read-only community string password used only to view SNMP information on the device.
   SNMP Credentials: SNMPv3
   Name/Description field	Name or description of the SNMPv3 credentials.
   Username field	Username associated with the SNMPv3 credentials.
   Mode field	Security level that SNMP messages require: No Authentication, No Privacy (noAuthnoPriv): Does not provide authentication or encryption. Authentication, No Privacy (authNoPriv): Provides authentication, but does not provide encryption. Authentication and Privacy (authPriv): Provides both authentication and encryption.
   Authentication Password field	Password required to gain access to information from devices that use SNMPv3. The password must be at least eight characters in length. Note the following points: Some wireless controllers require that passwords be at least 12 characters long. Be sure to check the minimum password requirements for your wireless controllers. Failure to ensure these required minimum character lengths for passwords results in devices not being discovered, monitored, or managed by Catalyst Center on ESXi. Passwords are encrypted for security reasons and are not displayed in the configuration.
   Authentication Type field	Hash-based Message Authentication Code (HMAC) type used when either Authentication and Privacy or Authentication, No Privacy is set as the authentication mode: SHA: HMAC-SHA authentication. MD5: HMAC-MD5 authentication.
   Privacy Type field	Privacy type. (Enabled if you select Authentication and Privacy as Mode.) Choose one of the following privacy types: AES128: 128-bit CBC mode AES for encryption. AES192: 192-bit CBC mode AES for encryption on Cisco devices. AES256: 256-bit CBC mode AES for encryption on Cisco devices. Note   Privacy types AES192 and AES256 are supported only for use with Discovery and Inventory features. Assurance features are not supported. Privacy type AES128 is supported for Discovery, Inventory, and Assurance.
   Privacy Password field	SNMPv3 privacy password that is used to generate the secret key for encrypting messages that are exchanged with devices supported with AES128, AES192, and AES256 encryption standards. Passwords (or passphrases) must be at least eight characters long. Note the following points: Some wireless controllers require that passwords be at least 12 characters long. Be sure to check the minimum password requirements for your wireless controllers. Failure to ensure these required minimum character lengths for passwords results in devices not being discovered, monitored, or managed by Catalyst Center on ESXi. Passwords are encrypted for security reasons and are not displayed in the configuration.
   NETCONF
   Port field	The NETCONF port that Catalyst Center on ESXi should use in order to discover wireless controllers that run Cisco IOS-XE.

   

4. In the Create Site screen, group the devices you are going to discover into one site in order to facilitate telemetry and then click Next.

   You can enter the site's information manually or click the location you want to use in the provided map.

   

5. In the Enable Telemetry screen, check the network components that you want Catalyst Center on ESXi to collect telemetry for and then click Next.

   

6. In the Summary screen, review the settings that you have entered and then do one of the following:

   • If you want to make changes, click the appropriate Edit link to open the relevant screen.

   • If you're happy with the settings, click Start Discovery and Telemetry. Catalyst Center on ESXi validates your settings to ensure that they will not result in any issues. After validation is complete, the screen updates.

     Catalyst Center on ESXi begins the process of discovering your network's devices and enabling telemetry for the network components you selected. The process will take a minimum of 30 minutes (more for larger networks).

   
   

7. Click Launch Homepage to open the Catalyst Center on ESXi homepage.

   From here, you can monitor the progress of device discovery and telemetry enablement. While these tasks are completing, do one or more of the following:

   • To open the Discoveries page and confirm that the devices in your network have been discovered, click the menu icon and choose Tools > Discovery.

   • To verify that the credentials you entered previously have been configured for your site, click the menu icon and choose Design > Network Settings. Then click the Device Credentials tab.

   • To view any tasks (such as a weekly scan of the network for security advisories) that Catalyst Center on ESXi has already scheduled to run, click the menu icon and choose Activities. Then click the Tasks tab.

   • To access guided workflows that will help you set up and maintain your network, click the menu icon and choose Workflows.

   

Step 1

In the vSphere Client's navigation pane, click the HA cluster.

Step 2

Click the Configure tab.

Step 3

Choose Configuration > VM Overides and then click Add.

Step 4

Click the virtual machine you want to apply overrides to and then click OK.

Step 5

In the vSphere HA area's VM Restart Priority field, do the following:

Step 6

Click Finish.

Step 1

Log in to the vSphere Client.

Step 2

Choose the appropriate Catalyst Center cluster in the device menu.

Step 3

To configure the cluster, choose Configure > Services > vSphere Availability.

Step 4

From the top-right corner, click Edit.

Step 5

Click the toggle button to enable vSphere HA.

Step 6

Choose Failures and responses and configure the following settings:

1. Click the toggle button to enable Host Monitoring.

2. Go to the Host Failure Response drop-down list and choose Restart VMs.

Step 7

Click OK.

Step 1

Log in to the vSphere Client.

Step 2

Choose the appropriate Catalyst Center on ESXi cluster in the device menu.

Step 3

To configure the cluster, choose Configure > VM Overrides > ADD.

Step 4

In the Select a VM window, choose the deployed Catalyst Center on ESXi virtual machine.

Step 5

Click OK.

Step 6

In the Add VM Override window, go to vSphere HA > VM Restart Priority and configure the following settings:

1. Check the Override check box.

2. From the drop-down list, choose Highest.

Step 7

Click FINISH.

Step 1

If your appliance is running on the machine that's hosting Catalyst Center on ESXi, power off the appliance's virtual machine.

Step 2

Log in to VMware vSphere.

Step 3

From the vSphere client's left pane, right-click the ESXi host and then choose Edit Settings.

Step 4

In the Edit Settings dialog box, click Add New Device and then choose Hard Disk.

Step 5

In the New Hard disk field, enter the desired storage size.

Step 6

Click OK.

Step 7

Power on the appliance's virtual machine.

Step 1

From the top-left corner, click the menu icon and choose System > Settings > Backup Configuration.

Step 2

Click the Add NFS link.

Step 3

In the Add NFS slide-in pane, do the following:

1. Enter the Server Host and Source Path in the respective fields.

2. Choose NFS Version from the drop-down list.

3. The Port is added by default. You can leave the field empty.

4. (Optional) Enter the Port Mapper number.

5. Click Save.

   

Step 4

Click View NFS to view the available NFS servers.

Step 5

In the NFS slide-in pane, click the ellipsis under Actions to Delete the NFS server.

Step 1

From the top-left corner, click the menu icon and choose System > Settings > System Configuration > Backup Configuration.

You can choose a physical disk or NFS server as your backup location.

Step 2

Physical Disk: Catalyst Center provides an option to mount an external disk to the virtual machine, to store a backup copy of Assurance and automation data. To configure a physical disk, click the Physical Disk radio button and define the following settings:

Step 3

NFS: Catalyst Center creates the backup files and posts them to a remote NFS server. For information about the remote server requirements, see NFS Backup Server Requirements. To configure an NFS backup server, click the NFS radio button and define the following settings:

Step 4

Click Submit.

Step 1

From the Catalyst Center on ESXi menu, choose System > Backup & Restore.

Step 2

Click Create Backup Now.

The Create Backup Now slide-in pane opens.

Step 3

Enter a unique name for the backup, then click Save.

Catalyst Center on ESXi begins the backup process. An entry for the backup is added to the Backup & Restore window's table.

To view details regarding the backup's status, click the ellipsis, and then choose View Status.

When the backup is complete, its status changes from Creating to Success.

Step 1

From the top-left corner, click the menu icon and choose System > Backup & Restore.

Step 2

In the Backup Name column, locate the backup that you want to restore.

Step 3

In the Actions column, click the ellipsis and choose Restore.

Step 4

In the Restore Backup dialog box, enter the Encryption Passphrase that you used while configuring the backup location and click Restore.

The appliance goes into maintenance mode and starts the restore process.

When the restore operation is complete, its status in the Backup & Restore window table changes to Success.

Step 5

After the restore operation completes, click Log In to log back in to Catalyst Center on ESXi.

Step 6

Enter the admin user's username and password, then click Login.

Step 1

For your new virtual appliance, do the following to configure Catalyst Center on ESXi to use the storage disk that you configured for the faulty virtual appliance:

Step 2

To configure the storage location for the backup, do the following:

1. From the Catalyst Center on ESXi menu, choose System > Settings > System Configuration > Backup Configuration.

2. Click the Physical Disk radio button.

3. Choose the physical disk from the Mount Path drop-down list.

   

4. Enter the passphrase that will be used to encrypt the security-sensitive components of the backup (such as certificates and credentials).

   Important

   Make sure that you don't lose this passphrase. You'll need to enter it later in the succeeding steps and won't be able to restore the backup you're about to create without it.

5. Set how long backup files are kept before they are deleted.

6. Click Submit.

Step 3

To restore the backup, do the following:

1. From the Catalyst Center on ESXi menu, choose System > Backup & Restore.

   

2. Locate the backup in the Backup & Restore window's table, click the ellipsis under Actions column, and choose Restore.

3. Enter the same encryption passphrase that you entered in the preceding step, and click Restore.

   

   The appliance goes into maintenance mode and starts the restore process.

   

   When the restore operation is complete, its status in the Backup & Restore window's table changes to Success.

4. After the restore operation completes, click Log In to log back in to Catalyst Center on ESXi.

   

5. Enter the admin user's username and password, then click Login.

   

Step 1

For your new virtual appliance, do the following to configure Catalyst Center on ESXi to use the NFS server that you configured for the faulty virtual appliance:

1. From the Catalyst Center on ESXi menu, choose System > Settings > System Configuration > Backup Configuration.

2. Click the NFS radio button.

3. Choose the NFS server from the Mount Path drop-down list.

   

4. Enter the passphrase that will be used to encrypt the security-sensitive components of the backup (such as certificates and credentials).

   Important

   Make sure that you don't lose this passphrase. You'll need to enter it later in the succeeding steps and won't be able to restore the backup you're about to create without it.

5. Set how long backup files are kept before they are deleted.

6. Click Submit.

Step 2

To restore the backup, do the following:

1. From the Catalyst Center on ESXi menu, choose System > Backup & Restore.

   

2. Locate the backup in the Backup & Restore window's table, click the ellipsis under Actions column, and choose Restore.

3. Enter the same encryption passphrase that you entered in the preceding step, and click Restore.

   

   The appliance goes into maintenance mode and starts the restore process.

   

   When the restore operation is complete, its status in the Backup & Restore window's table changes to Success.

4. After the restore operation completes, click Log In to log back in to Catalyst Center on ESXi.

   

5. Enter the admin user's username and password, then click Login.

   

Step 1

From the top-left corner, click the menu icon and choose System > Backup & Restore.

Step 2

Click the Create a Schedule link.

Step 3

In the Create Schedule slide-in pane, do the following:

Step 4

(Optional) Click the ellipsis at the end of the banner message to do the following:

Step 5

After the backup starts, it appears in the Backup & Restore window. To view the list of steps executed, click the ellipsis under Actions and choose View Status.

Step 6

In the Backup & Restore window, click the In Progress, Success, or Failure tab to filter the list of backups to show only those tasks with a status of In Progress, Success, or Failure.

Step 1

From the top-left corner, click the menu icon and choose System > Backup & Restore.

Step 2

Under Actions for a specific backup, click the ellipsis and choose View Status.

Step 1

From the top-left corner, click the menu icon and choose System > Software Management.

Note	At this point, Catalyst Center performs a connectivity check. If there is a connectivity issue, the Software Management window doesn’t display a system update that's currently available.

Step 2

If the window indicates that a system update is available, click Download to download the system update.

Step 3

Check the check box for the optional packages you want to install, then click Download.

A download progress bar is displayed at the top of the Software Management window.

Step 4

Hover your cursor over the ellipsis to the right of the progress bar to access the following options:

Step 1

From the top-left corner, click the menu icon and choose System > Software Management.

Note	At this point, Catalyst Center performs a connectivity check. If there is a connectivity issue, the Software Management window doesn’t display a system update that's currently available.

Step 2

If the window indicates that a system update is available, click Upgrade.

Step 3

Do one of the following in the Upgrade Release dialog box:

Step 4

Hover your cursor over the ellipsis to the right of the progress bar to access the following options:

Step 5

In the Software Management window, click Activities to view a list of changes made to the system. You can view the system upgrade or download details, the applications installed or uninstalled, and a timestamp of the activity.

Step 6

Under the Actions column, click the ellipsis to view the tasks that occurred during the execution of the activity.

Step 1

From the top-left corner, click the menu icon and choose System > Software Management.

Step 2

Access the air gap directory on the restricted shell and copy the air gap tarball from the predetermined location using the following SCP command:

scp -P 2222 <airgap tar file> maglev@<cluster_ip>:airgap/

Step 3

In the top-right corner of the Software Management window, click Scan to view the latest available software release.

Step 4

To download the files and schedule the upgrade for a later time, do the following:

1. Click PreLoad.

2. In the Schedule Upgrade dialog box, schedule the system upgrade and click PreLoad.

   On the successful submission, a banner message at the top of the window displays the scheduled date and time of the system upgrade.

3. Click the ellipsis at the end of the banner message to edit or delete the scheduled system upgrade. You can also choose to upgrade the schedule immediately.

Step 5

To download the latest version and upgrade the system immediately, do the following:

1. Click Upgrade.

2. In the dialog box, from the listed available package applications, check the check box next to application to install the application.

3. Click Install.

Step 1

From the top-left corner, click the menu icon and choose System > Software Management.

Step 2

If any application updates are available, they are displayed at the bottom of the window. Do one of the following:

1. To install all the available application updates, click the Select All link.

2. To install individual application updates, check the appropriate check boxes.

Step 3

Click Install.

Note	During installation, dependencies are checked and installed automatically.

The window displays a progress bar for each application that's being updated.

Step 4

Click the Currently Installed Applications link and confirm that the applications you selected have been updated.

Step 5

In the Software Management window, click Activities to view a list of changes made to the system. You can view the system upgrade or download details, the applications installed or uninstalled, and a timestamp of the activity.

Step 6

Under the Actions column, click the ellipsis to view the tasks that occurred during the execution of the activity.

Step 1

From the top-left corner, click the menu icon and choose System > Software Management.

Step 2

Click the Currently Installed Applications link to view all the applications that are installed on your Catalyst Center appliance.

Step 3

Check the package you want to remove and click Uninstall.

Note	You can uninstall multiple packages simultaneously. You can uninstall only the optional packages.

Catalyst Center displays a message after the application has been removed.

Step 1

From the top-left corner, click the menu icon and choose System > Users & Roles > User Management.

Step 2

Click Add.

Step 3

Enter a first name, last name, email address, and username for the new user.

The email address must meet the requirements for the standard Apache EmailValidator class.

Step 4

Under Role List, choose one of the following roles: SUPER-ADMIN-ROLE, NETWORK-ADMIN-ROLE, or OBSERVER-ROLE.

Step 5

Enter a password and confirm it. The password must contain:

Step 6

Click Save.

Step 1

From the top-left corner, click the menu icon and choose System > Users & Roles > User Management.

Step 2

Click the radio button next to the user that you want to edit.

Step 3

Click Edit.

Step 4

Edit the first or last name or email address, if needed.

Step 5

Under Role List, choose a new role, if needed: SUPER-ADMIN-ROLE, NETWORK-ADMIN-ROLE, or OBSERVER-ROLE.

Step 6

Click Save.

Step 1

From the top-left corner, click the menu icon and choose System > Users & Roles > User Management.

Step 2

Click the radio button next to the user that you want to delete.

Step 3

Click Delete.

Step 4

At the confirmation prompt, click Continue.

Step 1

From the top-left corner, click the menu icon and choose System > Users & Roles > User Management.

Step 2

Click the radio button next to the user whose password you want to reset.

Step 3

From the More Actions drop-down list, click Reset Password.

Step 4

Enter a new password and confirm it. The new password must contain:

Step 5

Click Save.

Step 1

From the top-left corner, click the menu icon and choose System > Users & Roles > Change Password.

Step 2

Enter information in the required fields.

Step 3

Click Update.

Step 1

From the top-right corner, click your displayed username and choose My Profile and Settings > My Account.

Step 2

In the Password field, click Update Password.

Step 3

In the Update Password dialog box, enter the new password and confirm the new password.

Step 4

Click Update.

Step 1

Define a custom role.

1. From the top-left corner, click the menu icon and choose System > Users & Roles > Role Based Access Control.

2. Click Create a New Role.

   

   The Create a Role window appears. If this is your first iteration of RBAC, after you have created the new role, you will be asked to assign users to the new role.

3. If a task overview window opens, click Let’s do it to go directly to the workflow.

   The Create a New Role window opens.

   

4. Enter a name for the role and then click Next.

   

   The Define the Access window opens with a list of options. By default, the observer role is set for all Catalyst Center functions.

   

5. Click the > icon corresponding to the desired function to view the associated features.

6. Set the permission level to Deny, Read, or Write for the desired features.

   If you set the permission level of a feature to Deny, the user to whom you assign this role cannot view this feature in the GUI.

7. Click Next.

   The Summary window opens.

   

8. In the Summary window, review the configuration settings. To make any changes, click Edit.

   If you click Edit, the Role-Name window opens.