Cisco CloudOps Overview
Types of fabric network in Cisco Catalyst SD-WAN
Coverage and responsibilities in cloud management
Example cloud solution architecture
Supported clouds and cloud regions in AWS and Azure
Cisco Catalyst SD-WAN provisioning on cloud
Customer responsibilities in cloud management
Cisco CloudOps responsibilities in cloud management

Cisco CloudOps Overview

Note

To achieve simplification and consistency, the Cisco SD-WAN solution has been rebranded as Cisco Catalyst SD-WAN. In addition, from Cisco IOS XE SD-WAN Release 17.12.1a and Cisco Catalyst SD-WAN Release 20.12.1, the following component changes are applicable: Cisco vManage to Cisco Catalyst SD-WAN Manager, Cisco vAnalytics to Cisco Catalyst SD-WAN Analytics, Cisco vBond to Cisco Catalyst SD-WAN Validator, Cisco vSmart to Cisco Catalyst SD-WAN Controller, and Cisco Controllers to Cisco Catalyst SD-WAN Control Components. See the latest Release Notes for a comprehensive list of all the component brand name changes. While we transition to the new names, some inconsistencies might be present in the documentation set because of a phased approach to the user interface updates of the software product.

Cisco provides a cloud-hosted subscription service for its Cisco Catalyst SD-WAN Control Components. This service streamlines and speeds up deployment. It also lowers operational costs and includes instance monitoring and advanced analytics capabilities.

About This Guide

Network design engineers and network operators interested in purchasing or deploying Cisco Catalyst SD-WAN cloud-based subscription options can use this guide to learn about the capabilities and services of the cloud-hosted Cisco Catalyst SD-WAN Control components managed by Cisco. It covers the hosting processes for the cloud infrastructure, assigned responsibilities, and pertinent recommendations.

Types of fabric network in Cisco Catalyst SD-WAN

Cisco SD-WAN Cloud fabric

In a Cisco SD-WAN Cloud fabric, the control components are hosted and managed by Cisco. This fabric type is best for customers who prefer to focus on their edge device networking instead of cloud control component infrastructure operations.

Cisco SD-WAN Cloud fabrics always run on the long-lived recommended software releases, providing reliability and stability.

The Cloud fabric is mapped to the customer’s Smart Account and Virtual Account for easier device onboarding, utilizing the external management capabilities of their Virtual Account.
Cisco SD-WAN Cloud-Pro fabric

In addition to the capabilities of a Cisco SD-WAN Cloud fabric, a Cisco SD-WAN Cloud-Pro fabric allows you to access these options:
- Isolated/Private instance of SD-WAN Control Components.
- Specific software versions.
- AWS or Azure for a Cloud provider and specific location from available Cloud provider regions for deployment of Control Components.
- Ability to choose your Control component software upgrade schedule.
- Commercial certifications, such as PCI DSS, C5, ENS, CC, and TxRAMP.

Cisco SD-WAN Cloud-MSP fabric

In this type of fabric, the hosting of control components (Cisco SD-WAN Manager, Cisco SD-WAN Validator, and Cisco SD-WAN Controller) is dedicated to Managed Service Providers (MSPs). The MSP hosts and manages tenants within this multitenant environment for their end-customers.

Note

A Cisco SD-WAN Cloud-MSP fabric can be hosted only on the AWS cloud provider.

Coverage and responsibilities in cloud management


Task	Cisco SD-WAN Cloud	Cisco SD-WAN Cloud-Pro	Cisco SD-WAN Cloud-MSP	Comments
Provision fabrics
Provision fabrics from Cisco Catalyst SD-WAN Portal	Customer	Customer	Cisco CloudOps
Monitor and troubleshoot cloud control components infrastructure
Monitor CPU and data disk utilization	Cisco CloudOps
Troubleshot loss of connectivity to network interfaces
Troubleshoot failure to reach instances
Monitor Cisco Catalyst SD-WAN services
Provide expiration notification of control component SSL certificates	Cisco CloudOps
Monitor availability of the Cisco SD-WAN Manager web server
Troubleshoot loss of control connection to the control components
Manage capacity of Cisco Catalyst SD-WAN control components	Cisco CloudOps			Cisco CloudOps monitors and upgrades the instance capacity according to the number of devices on the fabric. Cluster expansion may occur.
Disaster Recovery
Capture periodic volume snapshots	Cisco CloudOps			In multitenancy, the volume and configuration snapshots apply to the entire multitenant Cisco SD-WAN Manager cluster, not to individual tenants.
Capture periodic configuration backups	Cisco CloudOps
Capture on-demand snapshots	Not applicable	Customer	Customer
Restore fabric based on volume or configuration	Cisco CloudOps
Onboard Cisco SD-WAN Analytics	Not applicable *	Customer	Customer	* Cisco SD-WAN Analytics is onboarded by default for all Cisco Catalyst SD-WAN deployments.
Assist with on-premises to cloud migration	Cisco CloudOps			For more details on the on-premises to cloud migration, refer to On-Premises to Cloud Migration Process Details on the Cisco website.
Configure custom subnets and TACACS	Not applicable	Customer	Customer	Set up custom subnets and TACACS during Day-0 provisioning. For Day-N, you can open a TAC case with Cisco CloudOps. TACACS is available for Cisco SD-WAN Cloud-MSP fabrics via MT-Edge. Refer to the Cisco Catalyst SD-WAN Systems and Interfaces Configuration Guide for more information.
Renew control component certificates	Cisco CloudOps	Customer *	Customer *	* CloudOps can help renew certificates when requested.
Upgrade software
Upgrade control component software	Cisco CloudOps	Cisco CloudOps *	Cisco CloudOps *	* We perform upgrades only to recommended releases.
Upgrade edge device or node software	Customer
Upload and manage edge images in Cisco SD-WAN Manager Software Repository	Cisco CloudOps	Customer	Customer
Respond to Cisco CloudOps notifications to authorize the service window, approve an instance reboot, review changes, or verify changes carried out by Cisco CloudOps	Customer
Create Smart Accounts (SA) or Virtual Accounts (VA) on software.cisco.com and attach Cisco Catalyst SD-WAN subscribed devices to the SA and VA	Customer
Allow external management of SA and VA on PNP Connect	Customer	Not applicable	Not applicable	Do not allow external management of SA and VA on PNP Connect before provisioning a fabric in Cisco Catalyst SD-WAN Portal. The provisioning workflow automatically enables the external management.
Accept external management of SA and VA and map tenant VA to your SA and VA	Cisco CloudOps	Not applicable	Not applicable
Define device configuration templates and policies through Cisco SD-WAN Manager	Customer
Perform other activities that require you to log in to Cisco SD-WAN Manager. These activities include template and policy configuration and edge device management	Customer
Manage certificates for web servers	Cisco CloudOps	Customer *	Customer **	* CloudOps can help renew certificates when requested. ** CloudOps can renew web certificates if the Cisco SD-WAN Cloud-MSP fabric is deployed in the cisco.com domain.
Sync edge serials with credentials	Not applicable *	Customer	Customer	* Cisco SD-WAN Cloud customers can use their Cisco Connection Online (CCO) login credentials for SSO and syncing edge serials.
Manage the allowed IP access list	Not applicable	Customer	Customer
Configure a custom identity provider (IdP)	Not applicable	Customer	Customer	Cisco SD-WAN Cloud only supports CCO as an identity provider. You can use SSO to navigate among Catalyst SD-WAN applications such as Cisco SD-WAN Manager, Cisco SD-WAN Analytics, and Cisco Catalyst SD-WAN Portal.

Example cloud solution architecture

When you choose a cloud-based subscription for your Cisco Catalyst SD-WAN Control Components, we deploy Cisco SD-WAN Manager, Cisco SD-WAN Validator, and Cisco SD-WAN Controller on the public cloud. We then provide you with administrator access. By default, a single Cisco SD-WAN Manager, Cisco SD-WAN Validator, and Cisco SD-WAN Controller are deployed in the primary cloud region. An additional Cisco SD-WAN Validator and Cisco SD-WAN Controller are deployed in the secondary or backup region.

This figure displays the architecture of the solution, showing the relationship between Cisco Catalyst SD-WAN Control Components in the cloud. — Figure 1. Solution Architecture

Supported clouds and cloud regions in AWS and Azure

These clouds and cloud regions are supported for Cisco Catalyst SD-WAN Control Component deployments:

Table 1. Supported clouds and cloud regions for SD-WAN Cloud
Amazon Web Services (AWS)
Asia Pacific (APAC) Europe (EU) United States (US) Africa

Table 2. Supported clouds and cloud regions for Cisco SD-WAN Cloud-Pro
Amazon Web Services (AWS)	Microsoft Azure
Asia Pacific—Jakarta \| Indonesia Asia Pacific—Mumbai \| India Asia Pacific—Hyderabad \| India Asia Pacific—Seoul \| South Korea Asia Pacific—Singapore \| Singapore Asia Pacific—Sydney \| Australia Asia Pacific—Melbourne \| Australia Asia Pacific—Tokyo \| Japan Africa—Cape Town Canada Central—Montreal \| Canada Canada West—Calgary \| Canada EU—Frankfurt \| Germany EU—Ireland \| Dublin EU—London \| United Kingdom EU—Stockholm \| Sweden South America—São Paulo \| Brazil US East—Northern Virginia \| United States US West—Northern California \| United States US West—Oregon \| United States	Asia Pacific \| Australia East—Sydney \| New South Wales Asia Pacific \| Australia Southeast—Melbourne \| Victoria Asia Pacific \| Japan East—Tokyo Asia Pacific \| Southeast Asia—Singapore Asia Pacific \| West India—Mumbai Asia Pacific \| South India UAE North—Dubai Asia Pacific \| Australia Central—Canberra South Africa—North Canada Central—Montreal \| Canada Canada East Americas \| Brazil South—Sao Paulo State Europe \| France Central—Paris Europe \| North Europe—Ireland Europe \| UK South—London Europe \| West Europe—Netherlands Americas \| East US—Virginia Americas \| West US—California Americas \| West US 2—Washington

Cisco Catalyst SD-WAN provisioning on cloud

Note

By default, we provision one Cisco SD-WAN Manager, two Cisco SD-WAN Validators and two Cisco SD-WAN Controllers for a fabric with fewer than 1,500 devices.

For information on recommended computing resources, refer to Recommended Computing Resources for Cisco Catalyst SD-WAN Control Components on the Cisco website.

Customer responsibilities in cloud management

Your failure to meet the responsibilities outlined in this section will invalidate the SD-WAN Cloud SLA, including any guaranteed service uptimes.

Manage the allowed access-list with your source public IP ranges for management access of control components.
Renew control component certificates on time.
Before you make any changes in the Cisco Catalyst SD-WAN Portal, capture an on-demand snapshot by using the Take an On-Demand Snapshot procedure. Then, back up the configuration using the Back Up the Active Cisco SD-WAN Manager procedure.
Upgrade the software.

You can open a Cisco Technical Assistance Center (TAC) case if you face any issues with software upgrade, or want a version rollback.

The Cisco SD-WAN Validator and Cisco SD-WAN Controller are stateless services. Therefore, you do not need to take backups for these services. Cisco SD-WAN Manager automatically pushes the configurations once they are attached to templates.

We recommend that you create and attach templates to the Cisco SD-WAN Validator and Cisco SD-WAN Controller instead, so that the Cisco SD-WAN Manager backups automatically include the configuration backup of the control components.

The Cisco Catalyst SD-WAN support teams can assist with the control component software upgrade for all deployment types.

It is your responsibility to upgrade the software version of an edge device. For the compatible versions of edge devices based on control component versions, refer to Cisco SD-WAN Control Components Compatibility Matrix.
Respond to notifications sent by the CloudOps team to authorize the service window, approve an instance reboot, review changes, or verify changes carried out by the CloudOps team.
For a Cisco SD-WAN Cloud-Pro fabric, configure the third interface on Cisco SD-WAN Manager with a static IP or a DHCP-based IP to use it for Software Defined Application Visibility and Control (SD-AVC). By default, the third interface is in the shutdown state.
Open a TAC case to arrange a service window when you receive a notification from the CloudOps team. Some operations require your consent before they can be performed.
Create Smart Accounts or Virtual Accounts on software.cisco.com and attach Cisco Catalyst SD-WAN subscribed devices to them.
Define device configuration templates and policies through Cisco SD-WAN Manager.
Perform other activities that require logging in to Cisco SD-WAN Manager.
For a Cisco SD-WAN Cloud fabric, open a Cisco TAC support case if you need specific software versions to be added in the Cisco SD-WAN Manager software repository.

Cisco CloudOps responsibilities in cloud management

Fabric Provisioning

Provision cloud-hosted control components for your Cisco Catalyst SD-WAN fabric, configure a unique admin password with an expiration time of one week, and hand over Cisco SD-WAN Manager to you.
Configure Cisco SD-WAN Manager with a default template and policy when you choose the default template and policy push option on the sales order.
Create and manage Cisco SD-WAN Cloud, Cisco SD-WAN Cloud-Pro, and Cisco SD-WAN Cloud-MSP clusters as needed.
For direct enterprise customers, manage tenants on Cisco SD-WAN Cloud-MSP fabrics.

Monitor and Troubleshoot

Use a real-time monitoring system to check the health of Cisco Catalyst SD-WAN control components and generates alerts. The check includes the health of Cisco SD-WAN Manager, application servers, web servers, other microservices, and configuration or statistics databases.
Take proactive action for cloud infrastructure issues, which are beyond your control. Otherwise, notify you about the potential issues and request that you open a Technical Assistance Center (TAC) support case for further investigation.
Manage alerts based on notifications from the cloud provider environments on instance status, CPU inactivity status, or network inactivity status.
Resolve the alerts proactively if it doesn’t require a down time of the services and notify you when services experience intermittent disruptions.
Send renewal notices to you thirty, fifteen, and five days before certificate expiration on Cisco SD-WAN Manager. Your Cisco Catalyst SD-WAN control component certificates remain valid for one year.

Cloud Infrastructure Support

Carry out disaster recovery workflows, such as creating snapshots of volumes or configurations. Restore Cisco SD-WAN Manager clusters based on these snapshots.
Provision custom subnetting to extend your on-premises network into the cloud-hosted fabric's network.
Manage on-premises-to-cloud migrations.

Capacity Management

Monitor the growth of devices per fabric and control component instance capacity parameters such as CPU, disk, and memory utilization.
Increase the capacity of the service instances according to a preset guideline when needed.

Cisco Catalyst SD-WAN CloudOps

Bias-Free Language

Book Title