Cisco Catalyst SD-WAN Portal

Overview of the Cisco Catalyst SD-WAN Portal

The Cisco Catalyst SD-WAN Portal is a cloud-infrastructure automation tool that: which

  • is tailored for Cisco Catalyst SD-WAN,

  • provides a quick way to provision, monitor, and maintain Cisco Catalyst SD-WAN control components on public cloud providers, and

  • supports user authentication and granular access management for high security.

You can provision these control components using the Cisco Catalyst SD-WAN Portal:

  • Cisco SD-WAN Manager

  • Cisco SD-WAN Validator

  • Cisco SD-WAN Controller

  • Optional virtual devices such as the Cisco Catalyst 8000v

Benefits and Functions

Figure 1. Cisco Catalyst SD-WAN Portal Benefits and Operations
Cisco Catalyst SD-WAN Portal Benefits and Operations diagram

The Cisco Catalyst SD-WAN Portal enforces multi-factor authentication (MFA) by default for the portal access. You can configure the Cisco Catalyst SD-WAN Portal to use an identity provider (IdP) that lets you connect any user with any application on any device, using single sign-on (SSO). The Cisco Catalyst SD-WAN Portal is modularized into separate web servers, backend servers, and database clusters to achieve software scalability.

Cisco vMonitor collects data on the cloud infrastructure and generates health notifications about the overlay infrastructure for the customer in a common database. The Cisco vOrchestrator web server is also accessible for advanced features and existing infrastructure-tier customizations, if any, that you use. The Cisco Catalyst SD-WAN Portal uses Cisco vMonitor and Cisco vOrchestrator by way of API calls to orchestrate actions and monitor the overlay.


Note

Cisco vMonitor and Cisco vOrchestrator can be accessed by Cisco FedOps only.

All three applications use a common global database that includes multiple read replicas for high availability and disaster recovery. The applications connect to the database using either Transport Layer Security (TLS) or Secure Sockets Layer (SSL).

Architecture (Government)

Figure 2. Cisco Catalyst SD-WAN Portal Architecture
Cisco Catalyst SD-WAN Portal Architecture diagram

Audience

This document is intended for customers such as service providers, partners, and other end users.

There are two types of users for Cisco Catalyst SD-WAN Portal for Government:

  • Customers, such as service providers, partners, and other end users.

  • Cisco Catalyst SD-WAN Federal Operations (FedOps): A Cisco team that maintains and monitors Cisco Catalyst SD-WAN for Government.

Prerequisites for the Cisco Catalyst SD-WAN Portal

Benefits of the Cisco Catalyst SD-WAN Portal

The Cisco Catalyst SD-WAN Portal:

  • enables visibility into critical statistics like instance CPU utilization,

  • provides a centralized dashboard for real-time monitoring of your Cisco Catalyst SD-WAN overlay networks,

  • includes a wizard-driven interface that helps you easily navigate to tasks within the workflow,

  • lets you select cloud providers and specify geographic locations for primary and secondary data storage,

  • supports secure login using an identity provider (IdP) for single sign-on (SSO) with multi-factor authentication (MFA),

  • supports role-based access control (RBAC),

  • and supports provisioning new overlay networks with custom subnets that enable on-premises TACACS+ server connections.

Smart Accounts and Virtual Accounts

For more information, see Workflow for Smart Account and Virtual Accounts for Provisioning the Controllers.

Smart Accounts

Smart Accounts are centralized, cloud-based data repositories that:

  • contain the software licenses purchased by an organization,

  • serve as a central hub for license management, and

  • enable real-time enterprise-wide license management and compliance.

Use the Smart Account as a central repository to view software assets you have purchased, register and report software use, and manage licenses for your organization.

Using the Cisco Catalyst SD-WAN Portal, the Smart Account administrator can view and manage your control component infrastructure. Management tasks include viewing IP addresses for control components and changing the control component IP access lists. To restrict access for other users, go to the Manage Smart Account section on Cisco Software Central and remove those users as Smart Account administrators. Alternatively, use the identity provider (IdP) onboarding feature to grant access to the Cisco Catalyst SD-WAN Portal based on trusted users in the IdP.

Virtual Accounts

Virtual Accounts are subaccounts within your Smart Account that:

  • help you organize your Cisco assets in a way that aligns with your business,

  • can be set up by department, product, geography, or another designation that suits your business model, and

  • allow you to organize and manage your software licenses, devices, and users more granularly.

The system creates a default Virtual Account for you. Create an additional dedicated Virtual Account for Cisco Catalyst SD-WAN fabrics.

For more information, see Create a Virtual Account Associated with Your Smart Account.

To provision a Cisco Catalyst SD-WAN control component, associate a Virtual Account with an offer attribute that is Cisco Catalyst SD-WAN-capable. An Cisco Catalyst SD-WAN-capable attribute is associated with a Virtual Account when ordering your Cisco DNA cloud license.


Note

When you order DNA licenses using the enterprise agreement, the system does not automatically associate Virtual Accounts to an SD-WAN-capable attribute. Submit a cloud control component provisioning request form through the Enterprise Agreement Workspace for the CloudOps team to provision the control components. Contact Cisco Catalyst SD-WAN Technical Support to request access to the desired Virtual Account on the Cisco Catalyst SD-WAN Portal. After receiving access, you can provision the control components by providing the necessary enterprise agreement contract information.