Cloud-delivered Cisco Catalyst SD-WAN Getting Started Guide

Cloud-delivered Cisco Catalyst SD-WAN is a platform for Cisco Catalyst SD-WAN services that reduces and simplifies operational tasks for your Cisco Catalyst SD-WAN fabric. With this platform, you can deploy the Cisco Catalyst SD-WAN fabric, managing only edge devices and the edge network, while Cisco manages almost all the operational responsibilities for the fabric. Cloud-delivered Cisco Catalyst SD-WAN provides flexible cloud consumption, operational simplicity, and the comprehensive analytics features that are part of Cisco Catalyst SD-WAN.

Cloud-delivered Cisco Catalyst SD-WAN is ideal for small-sized or medium-sized businesses and enterprises that have limited network resources and want to limit the operational burdens of running the Cisco Catalyst SD-WAN fabric.

This document describes the initial setup and configuration procedures for Cloud-delivered Cisco Catalyst SD-WAN. Perform these procedures from the Cisco Catalyst SD-WAN Portal, which provides options for creating and accessing management tools for fabrics in Cloud-delivered Cisco Catalyst SD-WAN.

Prerequisites for Cloud-delivered Cisco Catalyst SD-WAN

  • Active Cisco Smart Account.

  • Active Cisco Virtual Account.

  • SA-Admin role for your Cisco Smart Account. This is required to access the Cisco Catalyst SD-WAN Portal for the first time to create a fabric. It is not required thereafter.

  • Valid order for a Cisco DNA Cloud subscription on the Cisco Commerce site (formerly Cisco Commerce Workspace).

Create fabrics in the Cisco Catalyst SD-WAN Portal

After logging into Cisco Catalyst SD-WAN Portal, you can:

  • by default, create a cloud-delivered Cisco SD-WAN fabric, or

  • find information about requesting a Cisco-hosted dedicated SD-WAN fabric.

Create a Cloud-delivered Cisco SD-WAN fabric

All users who have a valid Smart Account are eligible to add a Cloud-delivered Cisco SD-WAN fabric. No Smart Account license is required to create a Cloud-delivered Cisco SD-WAN fabric.


Note

Cloud-delivered Cisco SD-WAN is only available in limited locations in the US/EU/APAC regions. If you require a Cisco Catalyst SD-WAN fabric to be hosted in a specific location apart from the available locations for cloud-delivered fabrics, you need to provision a Cisco-hosted dedicated fabric.


Note

In the Create Catalyst SD-WAN Fabric section, a banner is shown for all customers to inform them of all the required steps to create dedicated fabrics. See Cisco Catalyst SD-WAN Portal Configuration Guide for more information.

Procedure

Step 1

Enter https://ssp.sdwan.cisco.com to log in to the Cisco Catalyst SD-WAN Portal.

Step 2

Enter your Cisco Connection Online (CCO) user name.

Step 3

Enter your Cisco Connection Online (CCO) password.

The Cisco Catalyst SD-WAN Portal Dashboard opens.

Step 4

In the dashboard, click Create Fabric.

Step 5

On the Create Fabric page, do the following:

  1. From the Smart Account drop-down list, choose the name of your Cisco Smart Account.

  2. From the Virtual Account drop-down list, choose the name of your Cisco Virtual Account.

  3. Enter the Fabric Name.

  4. Chose the Fabric Location.

  5. Enter the Fabric Admin(s).

Note

 

All the information selected and entered is listed in the Preview section located on the right side of the page.

Step 6

Accept the Terms & Conditions (located in the Preview section).

Step 7

After all the information is selected and entered, click Create Fabric from the dashboard.

You are notified by email that the fabric has been created.

What to do next

You can begin to access the fabric by logging back into the Cisco Catalyst SD-WAN Portal.

Add User

When you create a fabric, you are automatically given the Admin role for that fabric. You can then configure roles for other users.

A role defines which Cisco Catalyst SD-WAN Manager features a user has read-only access to, and which features they have read and write access to.


Note
Before you can add a role for a user, the user must have an account in Cisco Connection Online.

  1. Log in to the Cisco Catalyst SD-WAN Portal with the Admin role for the fabric.

  2. Click View Details.

  3. On the Fabric Details page, click User Role.

  4. Click Add User.

  5. In the User Email ID field, enter the Cisco Connection Online email address for whom you are adding a role.

  6. From the Role drop-down list, choose the user group to belong to.

    User groups are configured in Cisco Catalyst SD-WAN Manager. A user group specifies which features the users in the group have read-only access to, and which features the users have read and write access to.

  7. Click Add.

Access Cisco Catalyst SD-WAN Manager

Cisco SD-WAN Manager provides options for configuring, managing, and monitoring a fabric. Any user with a user role that has been added to the Cisco Catalyst SD-WAN Portal can access Cisco SD-WAN Manager.

  1. Log in to the Cisco Catalyst SD-WAN Portal.

    This login provides single sign-on authentication for the Cisco Catalyst SD-WAN Portal and Cisco SD-WAN Manager.

  2. Click Manage Fabric for the fabric you want to access.

To exit the Cisco SD-WAN Manager and return to the Cisco Catalyst SD-WAN Portal, choose SD-WAN Portal from the Cisco SD-WAN Manager menu.

Add Devices

You can add edge devices configured in your Smart Account to any defined Cloud-delivered fabric using Cisco SD-WAN Manager.

Procedure

Step 1

Log in to the Cisco Catalyst SD-WAN Portal.

Step 2

From the list of available fabrics, select a fabric to add devices to and click Manage Fabric.

The Cisco SD-WAN Manager instance for the selected fabric opens.

Step 3

From the Cisco SD-WAN Manager menu, select Configuration > Devices.

Step 4

Click Sync Smart Account.

The Sync Smart Account pane opens.

Step 5

Click Sync.

After synchronization, the devices in your Smart Account appear in the list of edge devices in Cisco SD-WAN Manager. Note that is is the Cisco SD-WAN Manager instance that corresponds to the fabric selected in an earlier step.

Access Cisco Catalyst SD-WAN Analytics for a Fabric

Cisco SD-WAN Analytics provides information about device behavior, traffic, and related activities in your fabric.

  1. Log in to the Cisco Catalyst SD-WAN Portal as a user with the Admin role for the fabric and navigate to the Cisco Catalyst SD-WAN for that fabric.

  2. From the Cisco Catalyst SD-WAN menu, choose Analytics > Overview.

For more information, see Cisco Catalyst SD-WAN Analytics.

Migrating Cisco Hosted Cisco Catalyst SD-WAN to Cloud-delivered Cisco Catalyst SD-WAN

Overview

If you are using Cisco hosted Cisco Catalyst SD-WAN with a dedicated fabric and fewer than 800 devices, we recommend that you migrate to cloud-delivered Cisco Catalyst SD-WAN to simplify your operations, reduce your daily networking management tasks, and bring your fabric into compliance with the Cisco Catalyst SD-WAN controller policy.

If you choose not to migrate, you need to purchase controllers for a dedicated Cisco Catalyst SD-WAN fabric.

Migration Process

If you are entitled to migrate from Cisco hosted Cisco Catalyst SD-WAN to cloud-delivered Cisco Catalyst SD-WAN, we’ll contact you. We’ll let you know that you are entitled to the migration, and we’ll request the information that we need from you for the migration process.

Alternatively, you can open a case with the Cisco Technical Assistance Center (TAC) and request that the Cisco Cloud Operations team perform a migration.

After you provide the information that is required for a migration, we’ll contact you within 48 hours to schedule a maintenance window during which to perform the migration. This migration can take up to approximately 6 hours, depending on the number of devices in your fabric.

The Cisco Cloud Operations team performs the migration remotely. If any issues prevent a successful migration, we’ll resolve the issues and contact you as needed.

A migration has a minimal effect on the data plane because the control connection is automatically reestablished after the migration completes.

What to Expect From the Migration

  • Enterprise certificates are not supported in cloud-delivered Cisco Catalyst SD-WAN.

  • Custom subnets are not supported in cloud-delivered Cisco Catalyst SD-WAN. Custom subnets that were configured in your Cisco hosted Cisco Catalyst SD-WAN for a dedicated fabric are removed during the migration.

  • A new URL is generated for accessing Cisco Catalyst SD-WAN Manager. You can access this URL from the Cisco Catalyst SD-WAN Portal. Your old URL for accessing Cisco Catalyst SD-WAN Manager is not retained.

  • Proxy settings from your Cisco hosted Cisco Catalyst SD-WAN for a dedicated fabric are disabled.

  • Statistics data from your Cisco hosted Cisco Catalyst SD-WAN for a dedicated fabric are not retained.

  • Analytics data from your Cisco hosted Cisco Catalyst SD-WAN for a dedicated fabric data is not retained.

  • Identity provider information Cisco hosted Cisco Catalyst SD-WAN for a DEDICATED fabric is not retained.

  • Configuring your own identity provider information is not supported in cloud-delivered Cisco Catalyst SD-WAN.

  • No inbound rules setting is required in cloud-delivered Cisco Catalyst SD-WAN.

Migration Prerequisites

Before we perform your migration from Cisco hosted Cisco Catalyst SD-WAN to cloud-delivered Cisco Catalyst SD-WAN:

  • Ensure that you have valid cloud-delivered Cisco Catalyst SD-WAN licenses in the Cisco Smart Account and Virtual Account for your current dedicated fabric.

    For information about obtaining these licenses, contact your Cisco representative.

  • Upgrade your Cisco hosted Cisco Catalyst SD-WAN fabric to match the current cloud-delivered Cisco Catalyst SD-WAN version. We’ll let you know what this version is.

    For upgrade instructions, see Upgrade SD-WAN Controllers with the Use of vManage GUI or CLI.

  • When requested, provide us with the netadmin credentials for your existing Cisco hosted Cisco Catalyst SD-WAN fabric.

  • Optionally, delete all Cisco Catalyst 8000 Edge Platforms that you are using as cloud gateways for TACACS. Cloud-delivered Cisco Catalyst SD-WAN currently does not support cloud gateways for TACACS. If you do not delete these platforms, they exist after the migration but are not functional.

Post Migration

After the migration completes, your old Cisco hosted Cisco Catalyst SD-WAN fabric is no longer operational. You can access your new cloud-delivered Cisco Catalyst SD-WAN fabric using the Cisco Catalyst SD-WAN Portal. For more information, see Cisco Catalyst SD-WAN Portal Configuration Guide.

Additional considerations before provisioning cloud-delivered Cisco Catalyst SD-WAN

Cloud-delivered Cisco Catalyst SD-WAN may not fully meet your unique needs if the following features are required. For these cases, please refer to the instructions for creating a dedicated fabric in the Cisco Catalyst SD-WAN Portal Configuration Guide.

  • BYO-IDP (Bring Your Own IDP)

  • SD-WAN Manager API

  • Identity Services Engine (ISE) Integrations (such as SD-WAN/SDA, Trustsec, ACI)

  • Multi-Region Fabric (MRF)

  • Cloud gateways for AAA/TACACS/SYSLOG

  • Specific requirements for control component locations (such as data sovereignty)

  • 1000+ edge devices in an SD-WAN fabric