Introduction

This document has information about the new features in Cisco Managed Services Accelerator 3.4.

  • Platform

  • Service Packs

    • SD-WAN

    • vBranch

    • Managed Device

This document also tells you how to find information about the known and resolved issues in Cisco MSX 3.4, using Cisco Bug Search Tool.

Cisco Managed Services Accelerator 3.4 Features

This section describes the features in Cisco MSX 3.4. For details about the specific features, see the guides that are mentioned in the Related Documentation Section.

Table 1. Cisco MSX Platform 3.4 Features and Enhancements
Features Description

Multiple Subscriptions for a Tenant

Using this feature, a tenant can order a service more than once. To enable this feature, you must make the necessary configuration changes at the service pack end. For more information, see Cisco Managed Services Accelerator (MSX) 3.4 Platform User Guide.

Changes in Handling Personally Identifiable Information (PII)

The following personally identifiable information is no longer collected in Cisco MSX 3.4:

  • User’s Mobile Number and Phone Number

  • Tenant’s Mobile Number, Phone Number, and Email address

Cisco MSX only displays or collects the information that the users can configure from the Account Settings page.

  • User’s First Name

  • User's Last Name

  • User's Email Address

    Note 
    The email address of the user is collected to communicate the password reset information, and for the other similar user-specific notifications.
Two-Factor Authentication This feature introduces additional security in MSX. It involves a two-stage verification of the user identity, before granting users access to the MSX portal. After this feature is enabled, users must provide the following authentication factors for logging into the MSX Portal:
  • Username and password

  • One-time authentication code (OTP). This code is sent to the registered email address of the user.

For more information, see 'Enabling Two-Factor User Authentication Process' in Cisco Managed Services Accelerator (MSX) 3.4 Platform User Guide.

Limit Concurrent Sessions

A user with an administrator role can limit the number of simultaneous active sessions a user can have in a Cisco MSX instance. For more information, see 'Enabling Concurrent Sessions' in Cisco Managed Services Accelerator (MSX) 3.4 Platform User Guide.

Support for Single Sign-On (SSO)

MSX supports the following methods for SSO:

  • MSX as an IdP: If Service Providers do not have an IdP, MSX can be configured as an IdP.

  • Support for Multiple IdPs: If SPs already have one or more northbound IdPs, they can configure MSX to work with these IdPs to set up SSO.

For more information, see 'Configuring Single Sign-On Using SAML' in Cisco Managed Services Accelerator (MSX) 3.4 Platform User Guide.

UI/UX Enhancements

The following are the UI/UX enhancements:

  • Cisco MSX provides UI customizations that allow the Service Provides to alter the portal appearance and the portal experience.

  • New Tenant dashlet that shows the list of existing tenants with their details on the Manage Tenants page.

For more information, see 'Customizing MSX Portal' in Cisco Managed Services Accelerator (MSX) 3.4 Platform User Guide.

Table 2. Cisco MSX SD-WAN 3.4 Features and Enhancements
Features Description
Traffic Policies

An operator can configure the following traffic policies to control the data packet flow:

  • Transport Preference

  • Application Relevance

For more information, see 'Configuring SD-WAN Traffic Policies' in the Cisco Managed Services Accelerator (MSX) 3.4 SD-WAN Service Pack User Guide.

Integrating LiveAction Service Providers can integrate the LiveAction network performance monitoring software with SD-WAN on Cisco MSX. If LiveAction is integrated with SD-WAN, the service pack users can launch it from the MSX portal. For more information, see 'Monitoring SD-WAN Reporting Metrics Using Third-Party Network Monitoring Applications' in the Cisco Managed Services Accelerator (MSX) 3.4 SD-WAN Service Pack User Guide
Table 3. Cisco MSX vBranch 3.4 Features and Enhancements
Features Description
FQDN support for PnP Server vBranch supports FQDN for the PnP server. This feature is supported only on the following releases of Cisco NFVIS and vBranch Core Function Pack:
  • Cisco NFVIS 3.8.1 or later

  • Cisco vBranch Core FP 1.2.1 release or later

Installation Notes

A complete, end-to-end, Cisco MSX installation includes the installation of:

  • MSX Platform: A common framework across the full range of service creation requirements.

  • MSX Service Packs: Pre-packaged software capabilities fully automate the end-to-end service creation. Service creation includes ordering, service chaining, orchestration, service assurance, and all the necessary virtualized network functions (VNFs) on the Cisco MSX platform.

For more information on the prerequisites and the installation process, see the Cisco Managed Services Accelerator (MSX) 3.4 Installation Guide.

Note
Note

You will need Cisco Customer or Cisco Employee privileges to access Cisco MSX 3.4 documentation.

Upgrade Notes

You can directly upgrade from Cisco MSX 3.3 to 3.4 using the MSX binaries available on the Download Software page on Cisco.com. For detailed information about the upgrade, see the 'Upgrading MSX' chapter of the Cisco Managed Services Accelerator (MSX) 3.4 Installation Guide. However, if you are on releases earlier than MSX 3.2.1 and want to upgrade to 3.4, contact Cisco Technical Assistance Center (TAC) to guide you through the process.

Important Upgrade Note about Deprecated Permissions in SD-WAN

The 'Create SD-WAN Control Plane' and 'SD-WAN Home' permissions were removed in Cisco MSX 3.2. If these permissions associated with any of the custom roles in releases earlier than MSX 3.2, then these roles would be automatically removed after upgrading to Cisco MSX 3.4. You must apply the new permissions – SD-WAN Control Plane (Manage), SD-WAN Control Plane (View), and SD-WAN Data Plane (View) to perform the SD-WAN tasks. For more information on the SD-WAN permissions, see the Cisco Managed Services Accelerator (MSX) 3.4 Platform and Service Pack Permissions Addendum.

Important Notes

  • When more than one service pack is deployed on Cisco MSX, ensure that the PnP management address pool is unique. For example, when the Managed Device service pack is running on a single MSX, the management address pool configuration in NSO CLI:

    • For Managed Device
      set resource-pools ip-address-pool managed-device-pool subnet 10.255.0.0 16
  • The revocation check needs to be turned off on the CPE devices if a self-signed certificate is used during the installation to be able to communicate to the PnP proxy server.

    Log in to the CPE and run the following command to turn off the revocation check:
    crypto pki trustpoint ipnp
    enrollment terminal
    revocation-check none

Cisco Managed Services Accelerator Bugs

For a complete list of open bugs for this release, use the Cisco Bug Search Tool.

  • Bug Search Tool Requirements: Register for a Cisco account if you do not have one. Go to https://tools.cisco.com/RPF/register/register.do.

  • You can filter for Known and Fixed Issues in the Bug Search Tool. Select Product as Cisco Managed Services Accelerator, and enter 3.4 or 3.4.0 as the version for the Releases field.

See Bug Search Tools & Resources on Cisco.com. For more details on the tool overview and functionality, check out the help page,which is located at http://www.cisco.com/web/applicat/cbsshelp/help.html .

This section contains lists of open and resolved bugs for this release.

Open Bugs

This section lists the open bugs for Cisco Managed Services Accelerator (MSX) 3.4.

Bug ID

Descriptions

Platform Bugs

CSCvk18483

SAML: Successful logout destination required.

SD-WAN Bugs

CSCvk50717

Address input does not accept non-English addresses suggested by Google API.

CSCvk48246

If create control plane fails, it is not indicated in the portal.

CSCvk50704

Having no application under one of the eight queues causes template validation failed in vSmart.

CSCvk53343

Transient applications do not include historical changes to applications.

CSCvk53295

Cannot deploy 18.3.0 Dual Link, 17.2.2 site post upgrade due to missing entries.

Managed Device Bugs

CSCvk03887

Add new Template: Error if the template name is not alphanumeric.

vBranch Bugs

CSCvk51453

Can't delete a deployed site after device being disconnected or IP address is changed.

Resolved Bugs

This section lists the resolved bugs for Cisco Managed Services Accelerator (MSX) 3.4.

Bug ID

Descriptions

Managed Device Bugs

CSCvj60396

Unable to delete managed device site after upgrade.

CSCvk32550

Devices are not rolling back to day-1 after deprovisioning a service.

CSCvk24903

Site status did not move to UP state after provisioning service.

CSCvk05187

Site drill down page does not appear when a site is selected.

Cisco MSX 3.4.0 Patches

The following are the available patches on 3.4 release:

  • 3.4.0-10004

  • 3.4.0-10003

Table 4. Patch 3.4.0-10004

Bug ID

Descriptions

Patch Instructions

The following SD-WAN bugs have been fixed in 3.4.0 -10004 patch release. Download the 3.4.0 -10004 patch from the Download Software page on www.cisco.com

CSCvm67842

Two-Factor Authentication impacts pnp proxy. vBranch and Managed Devices service packs no longer work with Two-Factor Authentication enabled.

  1. Go to Download Software page.

  2. In the Inception VM, run the following commands:

    1. Download the pnp-proxy-3.4.0-0.5.1.tarfile to Inception VM, using the following curl command:
      curl -O source location of pnp-proxy-3.4.0-0.5.1.tar
    2. docker load --input pnp-proxy-3.4.0-0.5.1.tar

    3. docker tag <image id of pnp-proxy> registry.service.consul:5000/pnp-proxy-3.4.0-0.5.1.tar

    4. docker push registry.service.consul:5000/pnp-proxy-3.4.0-0.5.1

  3. SSH to kubernetes-master node.In the kube-master, do the following:

    1. Go to the following directory:
      cd /etc/kube-manifests
    2. Stop the ipnp.
      kubectl delete -f ipnp-rc.yml
    3. Edit ipnp-rc.yml file and update the image version to be 3.4.0-0.5.1.

    4. Start the ipnp.
      kubectl create -f ipnp-rc.yml

CSCvm87938

External Entity fields need to have the least restriction in MSX.

  1. Update the SD-WAN UI. To update, use the following procedure:

    1. Go to Download Software page.

    2. Download the skyfallui-files-3.4.0-10004.tarfile to Inception VM and place it in /home/centos folder in the Inception VM.

    3. Copy the UI patch files from Inception VM to kube-master.
      scp skyfallui-files-3.4.0-10004.tar centos@<kube-master-ip>:/home/centos
    4. Log in to kube-master.

    5. Go to the following directory: cd /home/centos

    6. Untar the file (skyfallui-files-3.4.0-10004.tar) : tar -xvf skyfallui-files-3.4.0-10004.tar. This will untar under 'services' folder in current directory.

    7. Goto the following directory:
      cd /data/vms/skyfallui/services/
    8. Replace the 'sdwan' folder in above folder from /home/centos/services as follows:
      sudo cp -R /home/centos/services/sdwan
    Note 
    After applying the patch, it is recommended to clear browser cache OR use browser in Incognito mode.
  2. Update the SD-WAN microservices. To update, use the following procedure:

    1. Go to Download Software page.

    2. Download the microservice patch tar (sdwanservice-3.4.0-10004.tar)file to Inception VM, using the following curl command:
      curl -O source location of sdwanservice-3.4.0-10004.tar
    3. docker load --input sdwanservice-3.4.0-10004.tar

    4. docker tag <image id of sdwanservice> registry.service.consul:5000/sdwanservice-3.4.0-10004

    5. SSH to kubernetes-master node.In the kube-master, do the following:

      1. cd /etc/kube-manifests

      2. Stop the SD-WAN microservice.
        kubectl delete -f sdwanservice-rc.yml
      3. Edit sdwanservice-rc.yml file and update the image version to be 3.4.0-10004 (image: registry.service.consul:5000/sdwanservice-3.4.0-10004).

      4. Start the SD-WAN microservice.
        kubectl create -f sdwanservice-rc.yml
        

As an Operator, need View Control Plane routing updated based on SAML domain, so that Non -SSO users can launch vManage.

Table 5. Patch 3.4.0-10003

Bug ID

Descriptions

Patch Instructions

SD-WAN Bugs:

The following SD-WAN bugs have been fixed in 3.4.0-10003 patch release. Download the 3.4.0-10003 patch from the Download Software page on www.cisco.com

CSCvk79084

SD-WAN resource strings are not copied to external path during SP deployment in vf staging environment.

  1. Go to https://software.cisco.com/download/specialrelease/8f99534c51ca7d712984f97b1138070d.

  2. Get the sdwan_ResourceFiles.tar.gzfile.

  3. Log in to Inception VM.

  4. scp 'sdwan_ResourceFiles.tar.gz' file from Inception VM to kube-master Example: scp sdwan_ResourceFiles.tar.gz centos@<kube-master-ip>:/home/centos

  5. Log in to kube-master.

  6. Go to the following directory: cd /data/vms/administration/templates/

  7. Copy the sdwan_ResourceFiles.tar.gz file here. cp/home/centos/sdwan_ResourceFiles.tar.gz sdwan_ResourceFiles.tar.gz

  8. Untar the file : tar -xvf sdwan_ResourceFiles.tar.gz.The two sdwan files should be present: DefaultResource_sdwan_en_US.txt & DefaultResource_ui_sdwan_en_US.txt

CSCvj33266

SD-WAN: Cluster mode for 2 green site shows “red” - it should show green

  1. Go to https://software.cisco.com/download/specialrelease/8f99534c51ca7d712984f97b1138070d.

  2. Get the sdwan-3.4.0-10003.jsfile.

  3. Log-in to Inception VM.

  4. Get the patched 'sdwan-3.4.0-10003.js' file and have it placed in /home/centos folder in inception VM.

  5. scp 'sdwan-3.4.0-10003.js' file from Inception VM to kube-master Example: scp sdwan.js centos@<kube-master-ip>:/home/centos

  6. Log-in to kube-master.

  7. Goto the following directory: cd /data/vms/skyfallui/services/sdwan/

  8. Replace the 'sdwan.js' folder from /home/centos as follows:cp /home/centos/sdwan-3.4.0-10003.js sdwan.js

Note 
Clear browser cache OR use browser in an Incognito mode after applying the patch.

CSCvk48296

SD-WAN - Site Summary for previously clicked site is displayed incorrectly

  1. Go to https://software.cisco.com/download/specialrelease/8f99534c51ca7d712984f97b1138070d.

  2. Get the sdwan-3.4.0-10003.jsfile.

  3. Log-in to Inception VM.

  4. Get the patched 'sdwan-3.4.0-10003.js' file and have it placed in /home/centos folder in inception VM.

  5. scp 'sdwan-3.4.0-10003.js' file from Inception VM to kube-master Example: scp sdwan.js centos@<kube-master-ip>:/home/centos

  6. Log-in to kube-master.

  7. Goto the following directory: cd /data/vms/skyfallui/services/sdwan/

  8. Replace the 'sdwan.js' folder from /home/centos as follows:cp /home/centos/sdwan-3.4.0-10003.js sdwan.js

Note 
Clear browser cache OR use browser in an Incognito mode after applying the patch.

CSCvk78450

Cannot create a 18.2.0 and 18.3.0 new Control Plane from MSX UI

  1. Go to https://software.cisco.com/download/specialrelease/8f99534c51ca7d712984f97b1138070d.

  2. Get the sdwan-3.4.0-10003.jsfile.

  3. Log-in to Inception VM.

  4. Get the patched 'sdwan-3.4.0-10003.js' file and have it placed in /home/centos folder in inception VM.

  5. scp 'sdwan-3.4.0-10003.js' file from Inception VM to kube-master Example: scp sdwan.js centos@<kube-master-ip>:/home/centos

  6. Log-in to kube-master.

  7. Goto the following directory: cd /data/vms/skyfallui/services/sdwan/

  8. Replace the 'sdwan.js' folder from /home/centos as follows:cp /home/centos/sdwan-3.4.0-10003.js sdwan.js

Note 
Clear browser cache OR use browser in an Incognito mode after applying the patch.

CSCvm18111

vEdge Dual Edge Template has issue when both interfaces are enabled

  1. Go to https://software.cisco.com/download/specialrelease/8f99534c51ca7d712984f97b1138070d.

  2. Get the patched image vedge-duallink-18.3.0.tar.gzfile.

  3. Get the dual link vEdge-Dual-link.zip templates file

  4. Log in to Inception VM.

  5. Get the vedge-duallink-18.3.0.tar.gz image in home/centos folder in inception VM.

  6. scp vedge-duallink-18.3.0.tar.gz file from Inception VM to kube-master Example: scp vedge-duallink-18.3.0.tar.gz centos@<kube-master-ip>:/home/centos

  7. Log in to kube-master

  8. Go to the following directory: cd /data/vms/skyfallui/images/

  9. Replace vedge-duallink-18.3.0.tar.gz to /home/centos as follows : cp /home/centos/vedge-duallink-18.3.0.tar.gz vedge-duallink-18.3.0.tar.gz

  10. Extract vEdge-Dual-link.zip templates and upload from the MSX Portal as follows: Goto Configurations> vBranch > Settings > Template management > "Upload template".

Accessibility Features

For a list of accessibility features in Cisco MSX, see Voluntary Product Accessibility Template (VPAT) on the Cisco website, or contact accessibility@cisco.com.

All product documents are accessible except for images, graphics, and some charts. If you want to receive the product documentation in audio format, braille, or large print, contact accessibility@cisco.com.

Related Documentation

You can access Cisco MSX documentation at https://www.cisco.com/c/en/us/support/cloud-systems-management/virtual-managed-services/tsd-products-support-series-home.html.

For additional reference, you can access the following 3.4 documents. You will need Cisco Customer or Cisco Employee privileges to access Cisco MSX 3.4 documentation.

Note
Note

To access APIs documentation on the Swagger UI, you must login to the MSX UI and navigate to My Profile > Swagger API.

Cisco MSX SDK documentation is available here: https://developer.cisco.com/site/msx/

Document

Description

Cisco Managed Services Accelerator (MSX) 3.4 Installation Guide

This guide covers the installation of the Cisco MSX solution that includes the installation of the MSX platform and the MSX Service Packs.

Cisco Managed Services Accelerator (MSX) 3.4 Platform User Guide

This guide covers the post install configuration required to set up the Cisco MSX.

Cisco Managed Services Accelerator (MSX) 3.4 Platform and Service Pack Permissions Addendum

This document covers all the permissions that are required to operate the Cisco MSX and the service packs.

Cisco Managed Services Accelerator (MSX) 3.4 Managed Device Service Pack Guide

This guide includes details that are related to subscribing the Managed Device service pack, configuring the service, and troubleshooting service errors.

Cisco Managed Services Accelerator(MSX) 3.4 vBranch Service Pack Guide

This guide includes details related to subscribing the vBranch service pack, configuring the service, and troubleshooting service errors.

Cisco Managed Services Accelerator(MSX) 3.4 SD-WAN Service Pack Guide

This guide includes details that are related to deploying, managing, configuring the SD-WAN service, and troubleshooting service errors.

Cisco Managed Services Accelerator (MSX) 3.4 Solution Overview Guide

This guide provides a comprehensive explanation of the design of the Cisco MSX solution that enables service providers to offer flexible and extensible services to their business customers.

Open Source Used in Cisco MSX and Service Packs

This guide contains licenses and notices for Open Source software that are used in this product.