Getting Started

Configuring System Settings

To deploy the services and functions for enterprise branch networks in Enterprise Service Automation, you need to configure the system settings.

Setting Up the Initial Configuration

You can do the initial system setup before logging into the homepage. For more details, see Logging into Enterprise Service Automation section in Cisco Enterprise Service Automation 1.0 Quick Start Guide.

To configure the system settings after logging into the application, do the following:

    Step 1   Choose Configuration > System Configuration from the navigation menu.
    Step 2   To configure an SNMP Server for approval notifications and status alerts, enter the following information: Host Name, Port, Mail Server Username, Password, From email address, and then Click Save.
    Step 3   To configure the approval workflow for the defined branch profiles:
    1. Click Workflow tab and choose the following options:

      • Enable Email for Workflow

      • Branch Profile Workflow Auto Approve

      • Branch Profile Workflow Approver

      Note   

      To select Branch Profile Workflow Approver, it is required to create user(s) and their roles in User Management under Configuration after logging into Enterprise Service Automation application.

    2. Click Save .
    Step 4   To add external controllers:
    1. Click APIC-EM tab and enter the following information:

      • Name—User-defined name for the server.

      • User Name—This is APIC-EM communication username.

      • Password—This is APIC-EM communication password.

      • Protocol—Https protocol for secure communication.

      • Host—IP address of the server.

      • Port—Port number of the server.

    2. Click Save.
    3. Click Prime Infrastructure tab and enter the following information:

      • Name—User-defined name for the server.

      • User Name—This is Prime Infrastructure communication username.

      • Password—This is Prime Infrastructure communication password.

      • Protocol—Https protocol for secure communication.

      • Host—IP address of the server.

      • Port—Port number of the server.

      • Broker User Name—This xmpBroker is a static name from Prime Infrastructure.

      • Broker Password—The xmpBroker password that is generated from Prime Infrastructure through JMS. To get xmpBroker password, See Pre-requisites section in Enterprise Service Automation 1.0 Quick Start Guide.

    4. Click Save.
    Note   

    • Prime Infrastructure and APIC-EM should be installed before installing Enterprise Service Automation.

    • Once ESA is installed, it will automatically add Prime Infrastructure and APIC-EM ane enable JMS on Prime Infrastructure. Installation script restarts Prime Infrastructure to enable JMS.

    • To check whether these external systems are up and running, click Check Connection under APIC-EM and Prime Infrastructure tabs.

    Step 5   (Optional) To display customized notifications on the login page, enter the Login disclaimer and click Save.
    Step 6   To ensure system security, check the appropriate Password Policy rules and click Submit.

    Managing Groups

    In Enterprise Service Automation, you can map a particular network configuration profile to a region and populate each site in the region with the common attributes, thus forming a regional hierarchy. By default, ESA displays a group hierarchy. However, you can also customize the group hierarchy. You can choose the group hierarchy to configure and provision the branch profiles. That is, a group can be associated with a custom profile while creating a branch profile. The components in the branch profile that are assigned to a particular group, inherits the common properties automatically, thus avoids the need to define the predefined attributes for individual components being provisioned.

    To add or customize the group hierarchy, follow these steps:

      Step 1   Choose Configuration > Group Management from the navigation menu.
      Step 2   Choose an existing node from the hierarchy and click Add Node.
      Step 3   Choose the new node to add the parameters.
      Step 4   Edit the default Name, if required.
      Step 5   Click Add Row below appropriate node and enter the required parameter details.
      Note   

      The variable name provided in the required details should match with the variable name in the template.

      Step 6   Click Save.
      Step 7   Click Edit icon on the right side to edit the parameters of the node and click Save, if required.
      Note   

      You can also delete the node, collapse and expand all nodes.

      Managing Users and Roles

      In Enterprise Service Automation, you can manage users and roles by creating custom users based on Role Based Authorization and control (RBAC) model. Before adding users, you should refer to the defined tasks for the user so that the users can be assigned to the appropriate roles while adding.

      To add a user, follow these steps:

        Step 1   Choose Configuration > User Management.
        Step 2   To view the roles to add users, click Roles tab.
        Note   

        The roles along with appropriate set of tasks are listed accordingly. If you want to delete a role, choose the appropriate role, click Delete and then click Save.

        Step 3   To add users, click Users tab and click Add User.
        Step 4   Enter the required details and click Save.

        The Users tab displays the list of users added to the system, from where you can edit the user details.

        Adding Credential Profiles

        Credential profiles are the set of credentials that are applied to a device or a group of devices, instead of entering them manually for each device. These credential profiles are added to Enterprise Service Automation and configured to devices and virtual network functions during branch provisioning.

        To add a credential profile, follow these steps:

          Step 1   Choose Configuration > Credential Profile from the navigation menu.
          Step 2   Click Add Credential Profile.
          Step 3   Enter the Profile Name and Description under the General Parameters.
          Note   

          The maximum length for the credential profile name must be 32 characters.

          Step 4   Choose any one of the following:

          • SNMP—Choose the appropriate Version and enter the credentials and required values.

            Note   

            ASAv configuration does not support SNMP version 3 during provisioning.

          • Telnet/SSH Parameters—Choose the Protocol and enter the credentials and required values.

          Step 5   Click Save.

          Once these credential profiles are added, they are listed in Credentials Profiles page and the corresponding configurations are added to the existing templates.

          Note   

          Make sure that at least one credential profile is created to initiate the branch provisioning.

          Managing Certificates

          To run the Enterprise Service Automation application, you need signed SSL certificates for secured data transmission. Certificates can be self-signed by the server that presents it or can be digitally signed by a third-party recognized certificate authority(CA) that your system already trusts. When you launch the ESA application, a self-signed SSL certificate gets validated and is pre-installed into the system. When external systems, such as APIC-EM and Prime Infrastructure, are added to ESA application, self-signed certificates from those systems are automatically downloaded and added to the system. You can also manually add third-party signed certificate, in case of new certificate request or expiry of the certificate. Third-party signed certificate issued by CA is automatically trusted in web browsers and assures that you have been verified by a trusted third-party.


          Note

          Make sure that the right certificates are installed into the system and that validation is enabled for security. It is not recommended to bypass certificate validation.

          To add a third-party signed certificate, follow these steps:

            Step 1   Choose Configuration > Certificate Management.
            Step 2   Upload or drag and drop a valid file from your computer.
            Step 3   Click Import.

            Adding Network Knowledge Packs

            Enterprise Service Automation supports Network Knowledge Packs (NKPs) that are defined and prepackaged within the system. It includes cisco validated topology designs (templates) that are used while adding branch profiles to provision the virtual branches.

            To add additional network knowledge packs, follow these steps:

              Step 1   Choose Configuration > NKP Management from the navigation menu.
              Step 2   Upload or drag and drop a ESA certified NKP file from your computer.
              Step 3   Click Import.

              These knowledge packs are added to the configuration template list. While adding branch profile, you can choose the matching template from the list based on relevance factor.

              Synchronizing Changes Manually

              In Prime Infrastructure, the changes in CLI templates and database indexes are automatically synchronized in Enterprise Service Automation application every 24 hours. In case of any disk failure or index file movement or file corruption or deployment failure, you can manually synchronize database indexes in ESA through its intuitive user interface.

              To manually synchronize the internal or external changes in Prime Infrastructure:

                Step 1   Choose Configuration > Manual Sync from the navigation menu.
                Step 2   Click Sync Indexes to synchronize the database search indexes.
                Step 3   Click Sync CLI Templates to synchronize the CLI templates for configuring the parameters.

                Running System Backup

                You can run the system backup to recover and restore the critical data in the system. Backups should be done on a regular basis to avoid data loss.

                To run a system backup:

                  Step 1   Choose Configuration > System Backup from the navigation menu.
                  Step 2   Click Run Backup.

                  The Application Backup page shows the following details: Backup Time, Size of the data, Status. You can also download .ENC file in the Actions column to view the backup details.

                  Adding Devices to Enterprise Service Automation

                  To provision branches and branch profiles on your network, you need to add devices to the system. Enterprise Service Automation works with PI (Prime Infrastructure) and APIC-EM (Application Policy Infrastructure Controller) to automate the deployment of new devices (along with its pre-configured information) on your network. Thus, the device is pre-provisioned automatically.

                  Adding Single Device

                  To add a single device, follow these steps:

                    Step 1   Choose Devices > Add Devices from the navigation menu.
                    Step 2   Click Add Single Device.
                    Step 3   Enter the required information and click Save.

                    Adding Bulk Devices

                    To add bulk devices, follow these steps:

                      Step 1   Choose Devices > Add Devices from the navigation menu.
                      Step 2   Upload or drag and drop a valid CSV file from your computer on the Add Devices page
                      Note   

                      To view the sample CSV template, click Download sample template file on the Add Devices page.

                      Step 3   Click Import.

                      Adding Branches to Enterprise Service Automation

                      Enterprise Service Automation supports simultaneous provisioning of multiple branches through its intuitive graphical user interface. To provision branches on the enterprise network, you need to add the branches with its location specifications to the network. You can manually add single branch or multiple branches simultaneously.

                      Adding Single Branch

                      To add a single branch location to the network, follow these steps:

                        Step 1   Choose Branches > Add Branches from the navigation menu.
                        Step 2   Click Add Single Branch.
                        Step 3   Enter the required details and click Save.

                        A single branch with its specifications is added and visualized in the geographical map and table.

                        Adding Multiple Branches

                        To add multiple branches simultaneously to the network, follow these steps:

                          Step 1   Choose Branches > Add Branches from the navigation menu.
                          Step 2   Upload or drag and drop a valid CSV file from your computer on the Add Branches page.
                          Note   

                          To view the sample CSV template, click Download sample template file on the Add Branches page.

                          Step 3   Click Import.

                          Once done, the added branch locations are visualized in the geographical map and table.

                          Adding Branch Profiles to Enterprise Service Automation

                          A profile is a template or reusable pattern that is used to define your branch for deployment. To automate the deployment, you can create custom profiles based on the predefined matching templates. Predefined templates are cisco validated topologies based on prescriptive designs that are available through Prime Infrastructure.

                          Adding Profile with Physical Devices

                          To add a branch profile with physical components, follow these steps:

                            Step 1   Choose Profiles > Create New Profile from the navigation menu.
                            Step 2   Drag the physical device icon into the design area.
                            Step 3   Drag the arrows from the devices to connect.

                            On the right side of the design area, the matching templates from NKPs are displayed.

                            Note   

                            You can only choose templates from pre-defined NKPs. You cannot customize the profiles.

                            Step 4   Click View to view the matching template that are 100 % relevant to the created profile in the design area.

                            The template shows the topology diagram, recommended devices and best practices.

                            Note   

                            The template that matches 100% is indicated in green. The less relevant matching templates are indicated in orange.

                            Step 5   Click Use Template.
                            Step 6   Click Name field to edit the default profile name.
                            Step 7   To custom configure the components in the topology diagram:
                            1. Select the component from the topology diagram.
                            2. Choose the Group from the drop-down list and click Apply Group Selection.
                              Note   

                              Selecting or changing the group will apply or override the configuration parameters that are applied to the profile.

                            3. Choose the Device type for the selected component from the drop-down list.
                            4. Choose the Config for the selected Device type from the drop-down list.
                              Note   

                              It is required to add configuration templates in Prime Infrastructure and to synchronize with ESA by adding the attribute 'ESA'.

                              The selected configuration details are listed, which you can expand further and enter the mandatory parameters and credentials, if required.

                            Note   

                            Network Knowledge Packs built within Enterprise Service Automation gives the basic configuration for deploying the branch profile. By default, the basic configuration is selected. Physical NKPs are designed assuming that the HUB site is provisioned with IWAN application of APIC-EM, that is integrated with ESA.

                            Step 8   Click Save and Submit for Approval.

                            The request is sent to the approver to approve or can be auto-approved by the system depending upon the configured workflow settings. Also, the branch profile is added to the system and shown on the available profiles.

                            Adding Profile with Virtual Network Functions(VNFs)

                            To add a branch profile to Enterprise Network Functions Virtualization Infrastructure Software(NFVIS):

                              Step 1   Choose Profiles > Create New Profile from the navigation menu.
                              Step 2   Drag the hosting platform, such as UCS E series, UCS C series, ENCS into the design area.
                              Step 3   Drag the appropriate Virtual Network Functions (VNFs), such as router, NGFW, WAAS and third-party VNFs.
                              Step 4   Depending on the services, drag the arrows to connect the Virtual Network Functions to the respective networks.

                              On the right side of the design area, the matching templates from NKPs are displayed.

                              Note   

                              You can only choose templates from pre-defined NKPs. You cannot customize the profiles except 3rd party VNFs(Linux or Windows).

                              Step 5   Click View to view the matching template that are 100 % relevant to the created profile in the design area.

                              The template shows the topology diagram, recommended Devices and Best Practices.

                              Note   

                              The template that matches 100% is indicated in green. The less relevant matching templates are indicated in orange and yellow.

                              Step 6   Click Use Template.
                              Step 7   Click theName field to edit the default profile name.
                              Step 8   To custom configure the components in the topology diagram:
                              1. Select the component (VNF or Hosting platform) from the topology diagram.
                              2. Choose the Group from the drop-down list and click Apply Group Selection.
                              3. Choose the Device for the selected component from the drop-down list.
                              4. Choose the configuration for the selected Device from the drop-down list.

                                The selected configuration details are listed, which you can expand further to enter the required parameters.

                                Note   

                                The above steps are common for configuring the VNFs and hosting platform. In case of VNFs, you are required to do the following steps.

                              5. Choose the Image location from the drop-down list.
                                Note   

                                The image location can be a URL of a HTTP server or a link path if pre-loaded through NfV Portal (For example: file:///data/intdatastore/uploads/<imagename.tar.gz>). If images are uploaded to Prime Infrastructure's Virtual Repository and Prime Infrastructure has proper DNS configured, this path will be loaded onto ESA automatically.

                              6. Choose the Image Profile from the drop-down list.
                              Step 9   Click Save and Submit for Approval.

                              The request is sent to the approver to approve or can be auto-approved by the system depending upon the configured workflow settings. Also, the branch profile is added to the system and shown on the available profiles.

                              Provisioning Branches

                              Enterprise Service Automation allows simultaneous provisioning of multiple branches and the required network services. This allows time taken to provision multiple branches to be drastically reduced and also ensures consistent configuration. After branch locations and branch profiles have been added to the system and approved, you can quickly and easily provision branches by mapping them to appropriate branch profiles.

                              Provisioning Single Branch

                              You can provision a single branch by mapping it to the created profile using map view and table view.

                              To provision a single branch, follow these steps:

                                Step 1   Choose Branches > Branch Map View.
                                Note   

                                To provision a branch from the Table view, select the branch location from Branch Management page and click Map to Profile in the Actions column. In case of many branches listed, you can use search function in the top right-hand corner of the Branch Management page to view a specific branch.

                                Step 2   Select a branch location from the map that you want to provision. The branch location details window is shown on the right side.
                                Note   

                                You can use search function in the top right-hand corner of the Branch Management page to view a specific branch. You can also use advanced search feature to view the branches based on its provisioning status.

                                Step 3   Click Provision Branch.
                                Step 4   To map to profile, select a Branch Profile to assign to the selected branch location and click Next.

                                The summary of the deployment is shown.

                                Step 5   Click Next.
                                Step 6   Choose Prime Infrastructure Server and APIC-EM Controller from the drop-down list.
                                Step 7   Choose the appropriate Group from the drop-down list and click Apply Group Selection.
                                Step 8   Click Next .
                                Step 9   To configure the required parameters, do any one of the following:
                                1. To configure the required parameters offline:

                                  1. Click Download.

                                  2. Fill-in the required parameters in the excel file.

                                  3. Upload or drag and drop the file and click Import.

                                  Note   

                                  For offline deployments, you can also save the deployment process to resume later in the workflow by providing the deployment name. Choose Deployments > Offline Deployments to select the deployment name and click Resume in the Actions column.

                                2. To manually configure the parameters for each component in the template:

                                  1. Click Provision Manually.

                                  2. Select a component from the topology diagram to configure the parameters.

                                  3. To configure the VNFs:

                                    1. Choose a Credential Profile from the drop-down list.

                                    2. Enter the Prime Infrastructure VNF Management IP address.

                                      Note   

                                      Credential Profile and Management IP is not applicable to all the VNFs. It is applicable only to VNFs that are managed in Prime Infrastructure.

                                    3. Expand the Device Config to enter the required parameters.

                                  4. To configure the hosting platform:

                                    1. Choose the Serial Number from the drop-down list.

                                    2. Expand the UCS Credential Config to enter the credentials.

                                      Note   

                                      You can provision with default UCS credentials or create a new user/password. You cannot update password on any UCS user profile in provisioning.

                                Step 10   Click Provision Branch.
                                Note    You can also track the branch provisioning status that are in progress as Enterprise Service Automation uses APIC-EM and NFVIS at the branch to know the VNFs chaining together and fully provision them.

                                Provisioning Multiple Branches

                                You can also provision multiple branches simultaneously by mapping it to created profile.

                                To provision multiple branches, follow these steps:

                                  Step 1   Choose Profiles > Available Profiles.
                                  Step 2   Choose the profile that you want to map to branches and click Map to Branch in the Actions column.
                                  Step 3   Select one or more branches to assign to the selected profile and click Next.

                                  The summary of the deployment is shown.

                                  Step 4   Click Next .
                                  Step 5   Choose Prime Infrastructure Server and APIC-EM Controller for the assigned branch(es) from the drop-down list.
                                  Step 6   Choose the appropriate Group for the assigned branch(es) from the drop-down list, click Apply Group Selection.
                                  Step 7   Click Next.
                                  Step 8   To configure the required parameters offline:
                                  1. Click Download.
                                    Note   

                                    Enterprise Service Automation supports multi-branch provisioning only through Download excel option to fill in network parameters.

                                  2. Fill-in the required parameters in the excel file.
                                  3. Upload or drag and drop the file and click Import.
                                    Note   

                                    For offline deployments, you can also save the deployment process to resume later in the workflow by providing the deployment name. Choose Deployments > Offline Deployments to select the deployment name and click Resume in the Actions column.

                                  Step 9   Click Provision Branch.