Guidelines for a Cisco Catalyst SD-WAN Manager Cluster
The following guidelines apply to a Cisco SD-WAN Manager cluster:
-
We recommend that all members of a Cisco SD-WAN Manager cluster be located in the same data center.
-
We recommend that the IP addresses of all members of the Cisco SD-WAN Manager cluster be in the same subnet.
-
We recommend that Cisco SD-WAN Manager cluster interface should not be the same as transport interface. Beginning with Cisco vManage Release 20.9.1, this is enforced. If you attempt to configure this, Cisco SD-WAN Manager displays an error message.
-
The cluster interface should not be accessible externally.
-
Access to Cisco SD-WAN Manager cluster IP addresses is restricted to Cisco SD-WAN Manager instances in the same cluster.
-
The members of a Cisco SD-WAN Manager cluster rely on timestamps to synchronize data and to track device uptime. For this time-dependent data to remain accurate, if you need to change the clock time of a Cisco SD-WAN Manager server in a cluster, make the same change on every Cisco SD-WAN Manager server in the cluster.
-
In a three node cluster deployment, only one node can have a systematic failure. When one node fails, the Cisco SD-WAN Manager Graphical User Interface (GUI) of two remaining nodes are reachable and can communicate with remaining nodes through SSH. If two nodes fail, the GUI goes down for all the devices.
-
When logged in using a single sign-on (SSO) user with netadmin privilege, user cannot perform any of the cluster or disaster recovery operations using the SSO user. For any cluster operations like add, delete node, or enable SD-AVC, Cisco SD-WAN Manager expects any local username and password part of net-admin group. In case of multitenancy, only admin user can update the SD-AVC. Other users even with netadmin privileges cannot update SD-AVC.