Getting Started with Enterprise Access Service Pack

This chapter has the following sections:

Logging in to Cisco MSX

To log into the Cisco Managed Services Accelerator (MSX) user interface, enter the given URL in your web browser address field, where server-ip is the IP address or fully qualified domain name (FQDN) of the Cisco MSX server. 

https://<server-ip> or https://<your_portal_fqdn>

Depending on your network configuration, the first time your browser connects to the Cisco MSX web server, you may have to update your client browser to trust the security certificate of the server. This update ensures the security of the connection between your client and the Cisco MSX web server.

To log out, click Logout, on the right hand side settings menu.

Managing Tenants, Tenant Groups, and Users

The multitenant architecture of Cisco MSX provides the ability to segment the data stored by the tenant. Data is partitioned by tenant when the tenants are defined. This provides data security and privacy for each of the tenants, while allowing cloud or managed service providers the flexibility to consolidate many smaller customer configurations on a set of infrastructure servers.

Given here are the points you should know while configuring tenants:

  • Tenant administrators are linked to their data by a tenant object

  • Tenant objects should be consistent and unique across all clusters.

  • A tenant administrator cannot view or modify the data of another tenant.

To manage tenants:

Procedure

Step 1

Log in to the Cisco MSX portal.
Step 2

From the left pane, click Tenants to view the details of existing tenants (customers), in the Manage Tenants window.

  • To add a new tenant:

    1. Click Add Tenant and enter the customer name and description, email address, website URL, and contact number.

    2. Click Save.

      The new customer details are listed on the Manage Tenants window.

  • To update tenant details: Choose a tenant from the list and click the Edit icon.
  • To delete a tenant: Choose a tenant from the list and click the Delete icon.

Managing Tenant Groups

After you create tenants, you can configure tenant groups, which are a collection of tenants. You can assign functions such as service extensions, and parameter values, to tenant groups.

To manage tenant groups:

Procedure

Step 1

Log in to the Cisco MSX portal.

Step 2

From the left pane, click Tenant Groups to view the details of tenant groups, in the Manage Tenant Groups window.

Step 3

Click Add Tenant Group.

Step 4

Enter the tenant group name and description.
Step 5

Choose the tenants that you want to add to the tenant group.

Note 
A tenant can be associated with only one tenant group. The Tenant drop-down lists only the tenants that are not associated with any tenant group.
Step 6

Click Save.

Managing Users

You can add new user details, assign an appropriate role to the user, and associate the new user to the tenant.

To manage users:

Procedure

Step 1

Log in to the Cisco MSX portal.

Step 2

From the left pane, click Users to view the details of users in the Manage Users window.

Step 3

Click Add User and enter the user name and ID, email address, and contact number.

Step 4

To assign a role, you can choose from the available options.

Note 

For information on categories and permissions for the Enterprise Access service pack, see Cisco Managed Services Accelerator (MSX) 3.10 Platform and Service Pack Permissions Addendum.

Step 5

Choose a tenant from the Associate Tenants drop-down list.
Step 6

Click Save. The details of the new user are displayed in the Manage User window.

Managing User Roles

A user is granted access to system resources based on access privileges. For example, a user with the Service Extension Designer role can import service extension templates, define service extension parameters, and define default parameter values.

Adding a User Role

Procedure

Step 1

Log in to the Cisco MSX portal.

Step 2

From the left pane, click Roles.

The Manage Roles window is displayed.

Step 3

Click Add Role.

Step 4

Enter the role name, display name, and description.

Step 5

To assign the permission for the role, click Category and select the corresponding check boxes for the permissions that you want to grant to the role.

The types of permission you can grant are:

Permission

Description

View

Provides read-only access to the function.

Manage

Provides access to read and manage tasks associated with the function.

Step 6

Click Save.

Modifying an Existing Role

Procedure

Step 1

Log in to the Cisco MSX portal.

Step 2

From the left pane, click Roles to view the list of roles.

The Manage Roles window is displayed.
Step 3

Select the role that you want to modify and click the Edit icon.

Step 4

To assign or revoke permissions for the roles, click Category and select or clear the corresponding check box for the permissions.

The types of permission you can grant are:

Permission

Description

View

Provides only read-only access to the function.

Manage

Provides access to read and manage tasks associated with the function.

Table 1. Enterprise Access-Specific Permissions

Permission

Associated Tasks

View (Control Plane)

Allows you to:

  • View control planes and Cisco DNA Center details.

  • View Cisco DNA Center site hierarchy

Manage (Control Plane)

Allows you to:

  • Attach control plane

  • Edit control plane

  • Detach control plane

  • View Cisco DNA Center details with additional information like address, control plane ID (for internal use and debugging)

  • Launch the Cisco DNA Center by clicking on the tile, which takes you to the appropriate page in the Cisco DNA Center.

  • View list of templates

  • Create templates

  • Assign template to a network profile

  • Add/Delete/Provision device

    Note 

    For add/delete/provision a device, you also need the DEVICE_MANAGEMENT permission from platform.

  • Add SDA fabrics and site domains

  • View SDA fabrics and site domains

  • Delete SDA fabrics and site domains

  • Add Cisco DNA Center site hierarchy

  • Delete Cisco DNA Center site hierarchy
Note 
For a complete list of permissions that allow you to customize various aspects of a service workflow, such as managing tenants, notifications, and integration with BSS systems, see Platform permissions listed in Cisco Managed Services Accelerator (MSX) 3.10 Platform and Service Pack Permissions Addendum.
Step 5

Click Save.

Managing Cisco MSX Service Pack-Specific User Roles

In Cisco MSX, user permissions are managed using Role-Based Access Control (RBAC). RBAC restricts or authorizes system access for users based on user roles. Based on the permissions that are assigned to a user by an administrator, you can define and customize how the services are exposed to customers.

The permissions allow users to customize various aspects of a service workflow, such as managing tenants, notifications, integration with BSS systems, and managing announcements.

The role-based access permissions are categorized into:

  • Service Pack Specific Permissions: Include permissions for controlling various settings of the service packs.

  • Services, Configurations, and Devices Specific Permissions: Include permissions for configuring various settings of the devices and services.

  • Integrations, Settings, and Log Specific Permissions: Include permissions for controlling integration, log, and SSO configurations.

  • Users, Roles, and Tenants Specific Permissions: Include permissions to configure users, remote users, tenants, roles, and provider settings.

For more information on Cisco MSX out-of-box roles, see the Cisco Managed Services Accelerator (MSX) 3.10 Platform User Guide. For a complete list of all the permissions available in Cisco MSX, see the Cisco Managed Services Accelerator (MSX) 3.10 Platform and Service Packs Permissions Addendum.

In Cisco MSX Enterprise Access Service Pack, you need to create a new role and assign the permissions that are required to order, operate, and view the Enterprise Access services.

To create a Cisco MSX Enterprise Access-specific role and to assign it to users:

Procedure

References

1

Log in to the Cisco MSX portal (Admin or Super user)

See Logging in to Cisco MSX, for details.

2

Create Tenants

See Managing Tenants, Tenant Groups, and Users, for details.

3

Create a new role and assign the permissions required to operate Cisco MSX Enterprise Access.

For information about creating a new user role, see the Cisco Managed Services Accelerator (MSX) 3.10 Platform User Guide.

For information about creating a new user role, see Managing User Roles.

4

Create users, assign a role that is defined in Step 3 to the user, and select all the tenants that the user needs to access.

See Managing Tenants, Tenant Groups, and Users, for details.

For information on Cisco MSX features such as Configuring Announcements, and Defining Terms and Conditions, see the Cisco Managed Services Accelerator (MSX) 3.10 Platform User Guide.