First Published: August 21, 2023

Last Updated: November 30, 2023

Release Notes for Cisco DNA Center on ESXi, Release 2.3.7.0 and 2.3.7.3

Cisco DNA Center on ESXi is a new form factor that supports Cisco DNA Center in a virtual environment. The virtual form factor helps customers rapidly deploy and operate Cisco DNA Center. For customers who are running Cisco Prime Infrastructure on a virtual machine (VM), Cisco DNA Center on ESXi provides a migration path to take advantage of Cisco DNA Center features.


Note

Cisco DNA Center on ESXi is available in a phased rollout. Until the software becomes generally available, contact your Cisco sales representative to request this release. Upon completion of the phased rollout, Cisco DNA Center on ESXi will be made generally available to all customers.

This document describes the features, limitations, and bugs for Cisco DNA Center on ESXi, Release 2.3.7.0 and 2.3.7.3.

For links to all of the guides in this release, see Related Documentation.

Change History

The following table lists changes to this document since its initial release.

Table 1. Document Change History

Date

Change

Location

2023-11-30

United States' Federal Information Processing Standard (FIPS) support added.

New and Changed Features in Cisco DNA Center 2.3.7.3 on ESXi

2023-11-30

The following changes were made:

  • Removed VMWare 8.x from the VA requirements as only VMWare 7.x has been tested.

  • Removed information about concurrent sessions from the VM requirements as this is scale information, not requirements.

VA Requirements

2023-11-17

Cisco DNA Center on ESXi, Release 2.3.7.3.

2023-08-21

Initial release.

Overview

Cisco DNA Center offers centralized, intuitive management that makes it fast and easy to design, provision, and apply policies across your network environment. The Cisco DNA Center user interface provides end-to-end network visibility and uses network insights to optimize network performance and deliver the best user and application experience.

Cisco DNA Center on ESXi offers the same centralized and intuitive management as the Cisco DNA Center platform. The main difference is that Cisco DNA Center on ESXi delivers this functionality in a virtual appliance (VA) form-factor.

Package Versions in Cisco DNA Center on ESXi, Release 2.3.7.0 and 2.3.7.3

Package Name

Release 2.3.7.3

 Release 2.3.7.0

Release Build Version

Release Version

2.3.7.3.75176

2.3.7.0.75530
System Updates

System

2.3.125

2.3.119

System Commons

2.713.65350

2.710.65515

Package Updates

Access Control Application

2.713.65350

2.710.65515

AI Endpoint Analytics

1.11.524

1.11.214

AI Network Analytics

3.1.23

3.1.20

Application Hosting

2.3.123072406

2.3.123062006

Application Visibility and Policy

2.713.1175027

2.710.117277

Assurance

2.370.1152

2.370.270

Automation - Intelligent Capture

2.713.65350

2.710.65515

Cisco DNA Center Global Search

6.3.8

6.3.7

Cisco DNA Center Platform

6.3.118

6.3.91

Cisco DNA Center UI

3.1.28

3.1.8

Cisco Identity Services Engine Bridge

2.713.90102

2.710.80885

Cloud Connectivity

6.1.43

6.1.40

Cloud Connectivity - Contextual Content

6.2.12

6.2.11

Cloud Connectivity - Digestor

6.2.8

6.2.2

Core Platform

0.5.186

0.5.162

DxHub Cloud Connectivity

6.3.11

6.3.6

Identity and Access Management

4.0.32

4.0.30

Identity and Access Management - UI

3.1.11

3.1.9

Multiple Cisco DNA Center

2.713.65350

2.710.65515

Network Controller Platform

2.713.65350

2.710.65515

Network Data Platform - Base Analytic

2.370.10091

2.370.312

Network Data Platform - Caching Infra

6.2.7

6.2.7

Network Data Platform - Core

6.2.33

6.2.27

Network Data Platform - Ingestion Infra

6.2.16

6.2.16

Network Data Platform - Manager

6.2.13

6.2.13

Network Data Platform - Pipeline Infra

6.2.24

6.2.24

Network Data Platform - Storage Management

6.2.53

6.2.47

RCA-Scripts Package

0.1.11

0.1.11

Rogue and aWIPS

2.9.39

2.9.29

SD Access

2.713.65350

2.710.65515

System Management Operations

1.1.1101

1.1.1090

Telemetry

3.2.14

3.2.11

Features

New and Changed Features in Cisco DNA Center 2.3.7.3 on ESXi

Table 2. New and Changed Features for Cisco DNA Center 2.3.7.3 on ESXi

Feature

Description

IPv6

IPv6 is now supported.

IP ACL

IP ACL is now supported.

Backup and Restore

You can use the backup and restore functions to create the backup files and to restore to the same or different virtual appliance. For information, see the Cisco DNA Center 2.3.7.3 on ESXi Administrator Guide.

Custom Role-Based Access Control (RBAC)

You can create custom roles that permit or restrict user access to certain Cisco DNA Center functions.

Prime Data Migration Tool (PDMT)

You can use this tool to migrate Cisco Prime Infrastructure Data to Cisco DNA Center.

United States' Federal Information Processing Standard (FIPS)

Added support for FIPS, which is an optional mode that can be enabled when installing the Cisco DNA Center image. By default, FIPS mode is disabled.

Unsupported Features

Cisco DNA Center on ESXi supports all of the features that the Cisco DNA Center supports, except for the following features:

Unsupported Features

  • Automation: Cisco Wide Area Bonjour application, Cisco vManage for SD-WAN, Cisco DNA Traffic Telemetry Appliance, Cisco Secure Network Analytics.

  • Wireless: Cisco User Defined Network (UDN), Cisco Umbrella.

  • Assurance: Sensor.

  • System Workflows: Backup and Restore using VMware vSphere Client snapshot function, Backup and Restore from Cisco DNA Center hardware appliance to Cisco DNA Center on ESXi virtual appliance.

  • Diagnostics Center: Validation Tool under System > System Health > Tools.

  • Setting Page: Authentication API Encryption.

  • Security Policy Access (SPA): Security Sensor in Endpoint Analytics and Group Based Policy Analytics (GBPA).

  • Telemetry: VM- and host-level telemetry.

VA Requirements

The Cisco DNA Center on ESXi is intended for enterprise environments, such as manufacturing or education, where a large-scale requirement is present within a single physical environment.

See the following tables for the minimum Cisco DNA Center on ESXi virtual machine requirements. For performance tips that cover the most performance-critical areas of VMware vSphere Client 7.0, see Performance Best Practices for VMware vSphere 7.0 (PDF).

Table 3. Virtual Machine Minimum Requirements
Feature Description

Virtualization platform and hypervisor

VMware vSphere (which includes ESXi and vCenter Server) 7.0.x, including all patches

Processors

Intel 2.1-GHz and above CPU

32 vCPUs with 64-GHz reservation must be dedicated to the VM

Memory

256-GB DRAM with 256-GB reservation must be dedicated to the VM

Storage

3-TB solid-state drive (SSD)

If you plan to create backups of your virtual appliance, also reserve additional datastore space. For information, see "Backup Server Requirements" in the Cisco DNA Center on ESXi Administrator Guide.

IO Bandwidth

180 MB/sec

IOPS

2000-2500

Latency

Cisco DNA Center on ESXi to network device connectivity: 200 ms

Limitations and Restrictions

Cisco DNA Center on ESXi has the following limitations and restrictions:

  • Unlike the Cisco DNA Center platform, you cannot connect VMs to create three-node clusters. To achieve high availability, you need to use VMware vSphere. For more information, see the "High Availability" section in the Cisco DNA Center on ESXi Administrator Guide, "Configure System Settings" chapter.

  • Cisco DNA Center on ESXi does not support the following VMware vSphere features:

    • Fault tolerance

    • Suspending and resuming VMs

    • Cloning VMs

    • Snapshot (as backup)

  • With Cisco DNA Center on ESXi, application telemetry is not supported for Cisco Catalyst 9500 Series Switches.

  • To configure the Management interface and the Enterprise interface, manually create a virtual machine using the VMware vSphere UI and then configure both interfaces using either the Maglev Configuration wizard or the Install Configuration wizard. For more information, see the "Deploy a Virtual Appliance" section in the Cisco DNA Center on ESXi Deployment Guide.

Multiple Cisco DNA Center—Limited Availability

Multiple Cisco DNA Center allows you to define a single global set of virtual networks for software-defined access across multiple Cisco DNA Center clusters integrated with a single Cisco ISE system. This Multiple Cisco DNA Center functionality is a Limited Availability offering in Cisco DNA Center on ESXi.

To facilitate global administration of Cisco SD-Access across multiple Cisco DNA Center clusters with a consistent set of virtual networks, the Multiple Cisco DNA Center feature leverages the existing secure connection with Cisco ISE to propagate virtual networks, Security Group Tags (SGTs), access contracts, and Group-Based Access Control (GBAC) Policy from one cluster to another cluster, all integrated with the same Cisco ISE deployment. Cisco ISE takes the information learned from one cluster (the Author node) and propagates it to the other clusters (Reader nodes).

Because there are significant caveats for the Multiple Cisco DNA Center functionality, the Cisco SD-Access Design Council reviews the requests and provides guidance for use of the Multiple Cisco DNA Center to participants in the Limited Availability program.

Contact your account team to submit a request to the Cisco SD-Access Design Council to participate in the Limited Availability program.

Customers who are using Cisco ISE Version 3.1 or earlier must request and install the Limited Availability package before enabling Multiple Cisco DNA Center.


Note

After this functionality is enabled, it can be disabled only by deleting Cisco ISE. In addition, if this functionality is enabled, because pxGrid is a required component of the solution, pxGrid cannot be disabled subsequently.

Deployment Overview

For information about how to deploy Cisco DNA Center Virtual Appliance in a VMware vSphere environment, see the Cisco DNA Center on ESXi Deployment Guide. The guide also covers configurations we recommend you make before you use the product.

Bugs

Open Bugs

The following table lists the open bugs in Cisco DNA Center on ESXi, Release 2.3.7.0 and 2.3.7.3.

Bug Identifier Headline

CSCwf30781

No client data and AP health displayed in the Assurance Custom Dashboard Library.

CSCwh20543

Under scale conditions, the Cisco DNA Center on ESXi UI is not accessible for several hours while restoring data.

CSCwh29540

When we restore managed service, restore mongo db in the end.

CSCwh30610

An RBAC issue occurs when the promotion or demotion of local user roles is not enforced.

CSCwi02622

During ova installation, Cisco DNA Center on ESXi reports, "A required disk image is missing."

Resolved Bugs

The following table lists the resolved bugs in Cisco DNA Center on ESXi, Release 2.3.7.3.

Table 4. Resolved Bugs in Release 2.3.7.3
Bug Identifier Headline

CSCwd95767

UI displays an error while fetching policies under Group Based Access Control.

CSCwf24930

Unable to discover or provision devices after enabling IP ACL.

CSCwf54789

Cisco DNA Center doesn't display a child mesh AP (in Root role) that is associated to its RAP in the topology diagram on the 360 page.

CSCwf57536

Need to save the mongo data into a temporary database before back up. Otherwise, you cannot log in to the UI if the restore fails.

CSCwf88543

Client location drop-down list on the Intelligent Capture window is not showing Packet rate as an option.

CSCwf94473

Upcoming links in the Access Control Application (ACA) window do not redirect to upcoming Group Based Policy tasks.

CSCwf89999

L3 VN creation failure (Error NCSP11000) due to missing ACA package installation.

CSCwh03364

Diff counts are mismatched, and ignored CLI doesn't contain the pattern.

CSCwh05919

Telemetry connections are down on Polaris switches and wireless controllers after performing a backup and restore on Cisco DNA Center on ESXi.

CSCwh11989

Network device interface detail information window hangs while loading and doesn't show any data.

CSCwh13369

The heatmap on the Client iCAP 360 window isn't displayed. However, it displays correctly on the Map Design window.

CSCwh20543

Under scale conditions, the Cisco DNA Center on ESXi UI is not accessible for several hours while restoring data.

CSCwh28304

Adding a new port assignment to a switch removes the existing port assignments from the switch.

Communications, Services, and Additional Information

  • To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.

  • To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.

  • To submit a service request, visit Cisco Support.

  • To discover and browse secure, validated enterprise-class apps, products, solutions, and services, visit Cisco DevNet.

  • To obtain general networking, training, and certification titles, visit Cisco Press.

  • To find warranty information for a specific product or product family, access Cisco Warranty Finder.

Cisco Bug Search Tool

Cisco Bug Search Tool (BST) is a gateway to the Cisco bug-tracking system, which maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. The BST provides you with detailed defect information about your products and software.

Documentation Feedback

To provide feedback about Cisco technical documentation, use the feedback form available in the right pane of every online document.

Related Documentation

We recommend that you read the following documents relating to Cisco DNA Center on ESXi.

For This Type of Information... See This Document...

Cisco DNA Center on ESXi release information, including new features, limitations, and open and resolved bugs.

Release Notes for Cisco DNA Center on ESXi, Release 2.3.7.0 and 2.3.7.3

Installation and configuration of Cisco DNA Center on ESXi, including postinstallation tasks.

Cisco DNA Center 2.3.7.0 Deployment Guide

Cisco DNA Center 2.3.7.3 on ESXi Deployment Guide

Configuration of system settings, user accounts, licensing and high availability. Procedures for configuring and performing backup and restore.

Cisco DNA Center 2.3.7.0 on ESXi Administrator Guide

Cisco DNA Center 2.3.7.3 on ESXi Administrator Guide

Use of the Cisco DNA Center GUI and its applications.

Cisco DNA Center User Guide

Security features, hardening, and best practices to ensure a secure deployment.

Cisco DNA Center Security Best Practices Guide

Supported devices, such as routers, switches, wireless access points, NFVIS platforms, and software releases.

Cisco DNA Center Compatibility Matrix

Hardware and software support for Cisco SD-Access.

Cisco SD-Access Compatibility Matrix

Use of the Cisco DNA Assurance GUI.

Cisco DNA Assurance User Guide

Use of the Cisco DNA Center platform GUI and its applications.

Cisco DNA Center Platform User Guide

Use of Rogue Management functionality as a dashboard within Cisco DNA Assurance in the Cisco DNA Center GUI.

Cisco DNA Center Rogue Management Application Quick Start Guide

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)