Monitoring of cloud-hosted control components covers these areas:

• Infrastructure monitoring, including:

  • CPU and data disk utilization,

  • loss of connectivity to network interfaces, and

  • failure to reach instances.

• Service monitoring, including:

  • expiration of control component SSL certificates,

  • availability of the Cisco SD-WAN Manager web server,

  • and loss of control connection to the control components.

Cloud monitoring helps ensure the availability of SD-WAN Control Components as part of the Cisco Catalyst SD-WAN cloud hosting services. By default, Cisco SD-WAN Manager has a user named viptelatac with operator privileges. We use this user to log in to Cisco SD-WAN Manager to collect and monitor the health of Cisco Catalyst SD-WAN.

You can view periodic logins from the monitoring system using the viptelatac user in the Cisco SD-WAN Manager audit log. The monitoring service uses RestAPIs to collect health information from Cisco SD-WAN Manager.

The Cloud Infra team uses the viptelatac user to log in to Cisco SD-WAN Manager for additional health checks. The team also uses this account to triage issues in response to internal alerts and to assist with your Technical Assistance Center (TAC) cases.

To disable the cloud monitoring system, open a TAC case with the Cisco Catalyst SD-WAN Cloud Infra team and request to disable the cloud monitoring. After monitoring is disabled, remove the configured viptelatac user from Cisco SD-WAN Manager.

Beginning with Cisco SD-WAN Release 20.3.1, the system uses a push-based monitoring model. In this model, the monitoring architecture uses Cisco SD-WAN Manager to authenticate with the system and send the health data. Cisco SD-WAN Manager pushes the data rather than the monitoring system logging into the Cisco SD-WAN Manager with the viptelatac user.

To enable this feature, you must provide consent on the Cisco SD-WAN Manager settings page and configure a one-time password (OTP). After Cisco SD-WAN Manager is upgraded to 20.3.1 or later, the viptelatac user is no longer required.

To enable monitoring, log in to Cisco SD-WAN Manager and perform these steps:

1. Go to Settings > Cloud Services > Enable.

2. Enter the OTP value. Request the token from the CloudOps team by opening a TAC Support case.

3. Leave the Cloud Gateway URL blank.

4. Check the vMonitoring option.

5. Approve permission to collect fabric health status data from Cisco SD-WAN Manager.

For version 20.3.x and later, the Cloud Infra team uses the ciscotacro and ciscotacrw users to log in to the Cisco SD-WAN Manager for additional health checks, to triage issues in response to internally generated alerts, and to assist with your Technical Assistance Center (TAC) cases. The same user also performs automated infrastructure upgrades and certain software updates when prenotified changes are communicated to customer contacts for the fabric.

The ciscotacro user has read-only operator group privilege, while ciscotacrw has read-write netadmin group privilege. The Cloud Infra team uses the ciscotacrw user for certain enhanced debugging functions, cloud infrastructure upgrades, and management.

Only specific support teams have permission to log in with these user accounts. The system uses a token challenge and token response-based password mechanism rather than static passwords.

To disable this access on any of the Cisco Catalyst SD-WAN fabric control components, remove the user from the configuration. Note that removing any of these users limits the ability of the support team to triage issues.

The CloudOps team manages the infrastructure of cloud-hosted instances. The team also helps with monitoring and back-end infrastructure maintenance. However, the team does not change or manage the running software version or configuration of the instances.

The CloudOps team may send alert notifications to indicate software issues, misconfiguration, or features that are overusing capacity. You may also be running your own tests, changes, or configuration updates that the team is not aware of.

The CloudOps team will notify you instead of taking direct action on the hosted control component instances. The team will ask you to open a Technical Assistance Center (TAC) support case for assistance and evaluation as needed. After you open a TAC case, TAC and the CloudOps team will work with you to resolve the issue.

Each cloud-hosted fabric has one customer contact email address defined as the owner to receive CloudOps Alert notifications. Your fabric uses the contact email address from the End Customer details in the Sales Order as the owner contact by default.

You can open a Technical Assistance Center (TAC) case to review or update the contact information.

If you have cloud-based dedicated single-tenant control components, you can directly update the owner contact email address through the Cisco Catalyst SD-WAN Portal.

Only one email address contact can be defined as the owner. Use a group mailing list email address.