Ordering, Licensing, and Account Management
Role of Cisco Plug and Play
- Provisioning of Cisco Catalyst SD-WAN Cloud-Hosted Controllers
Ordering
Licensing
- License requirements for various Cisco Catalyst SD-WAN fabric configurations
Account Management

Ordering, Licensing, and Account Management

Note

To achieve simplification and consistency, the Cisco SD-WAN solution has been rebranded as Cisco Catalyst SD-WAN. In addition, from Cisco IOS XE SD-WAN Release 17.12.1a and Cisco Catalyst SD-WAN Release 20.12.1, the following component changes are applicable: Cisco vManage to Cisco Catalyst SD-WAN Manager, Cisco vAnalytics to Cisco Catalyst SD-WAN Analytics, Cisco vBond to Cisco Catalyst SD-WAN Validator, Cisco vSmart to Cisco Catalyst SD-WAN Controller, and Cisco Controllers to Cisco Catalyst SD-WAN Control Components. See the latest Release Notes for a comprehensive list of all the component brand name changes. While we transition to the new names, some inconsistencies might be present in the documentation set because of a phased approach to the user interface updates of the software product.

Role of Cisco Plug and Play

Cisco Plug and Play replaces the legacy process of Cisco Catalyst SD-WAN Salesforce (SFDC).

Refer to the following guide for information about Cisco Catalyst SD-WAN Plug and Play:

Provisioning of Cisco Catalyst SD-WAN Cloud-Hosted Controllers

The Cisco SD-WAN Portal allows creation of the Cisco Catalyst SD-WAN cloud-hosted controllers for a sales order after the following conditions are met:

The sales order has the cloud subscription licenses for edge nodes and Cisco SD-WAN Control Components. SKUs are only needed for additional paid controllers.
Cisco Catalyst SD-WAN items in the sales order are marked as Shipped.
The sales order is assigned to an active Smart Account (SA), and, within that SA, to a Virtual Account (VA).

Ordering

License types and ordering information

There are two types of licenses and contracts.

A La Carte: Purchase DNA Cloud (DNA-C) licenses and Cisco Catalyst SD-WAN Controller stock keeping units (SKUs) (if required).
Enterprise Agreement (EA): Purchase an EA bundle that includes Cisco Catalyst SD-WAN Controller SKUs (if required).

A La Carte Ordering

For customers who prefer to purchase a la carte licenses for Cisco Catalyst SD-WAN Controller, see Cisco Catalyst SD-WAN Controller Ordering Guide.

EA Ordering

For provisioning a Cisco Catalyst SD-WAN cloud-hosted controller for an Enterprise Agreement (EA) customer, place a request on the EA Workspace (EAWS).

Licensing

License requirements for various Cisco Catalyst SD-WAN fabric configurations

First fabric

Table 1. First fabric associated with the Smart Account
For these requirements...		Here's what you need...
SD-WAN fabric requirements	Certified environment	SD-WAN Control Components SKU requirements	Device license requirements	Comments
Cloud-delivered	No	None	DNA-C license for each device. See Note (2).
Dedicated fabric  (See Note (1))	No	Check with your Cisco Sales representative or channel partner. See Note (3).	DNA-C license for each device. See Note (2).	Check with your Cisco Sales representative to determine whether your network specifications require a dedicated fabric.
Dedicated fabric  (See Note (1))	Yes	Check with your Cisco Sales representative or channel partner. See Note (3).	DNA-C license for each device. See Note (2).	A certified environment requires a dedicated fabric.

(1): Setting up a dedicated fabric requires opening a Cisco TAC case with Cisco SD-WAN Cloud Infra Team.

(2): See the Cisco DNA Software for SD-WAN and Routing Ordering Guide for information about ordering DNA-C licenses.

(3): See the Cisco Catalyst SD-WAN Control Components Ordering Guide.

Additional fabrics

Table 2. **Second or subsequent fabrics associated with the Smart Account**
For these requirements...		Here's what you need...
SD-WAN fabric requirements	Certified environment	SD-WAN Control Components SKU requirements	Device license requirements	Comments
Cloud-delivered	No	None	DNA-C license for each device. See Note (2).
Dedicated Fabric  (See Note (1))	No	Check with your Cisco Sales representative or channel partner. See Note (3).	DNA-C license for each device. See Note (2).	Check with your Cisco Sales representative to determine whether your network specifications require a dedicated fabric.
Dedicated Fabric  (See Note (1))	Yes	SD-WAN Control Components license required. See Note (3).	DNA-C license for each device. See Note (2).	A certified environment requires a dedicated fabric.

(1): Setting up a dedicated fabric requires opening a Cisco TAC case with Cisco SD-WAN Cloud Infra Team.

(2): See the Cisco DNA Software for SD-WAN and Routing Ordering Guide for information about ordering DNA-C licenses.

(3): See the Cisco Catalyst SD-WAN Control Components Ordering Guide.

Account Management

Transfer Overlay to Another Account

To move an overlay from one Smart Account (SA) or Virtual Account (VA) to another SA or VA:

Open a Cisco TAC support case for the migration request.
Specify the SA and VA details for both the source and destination in the Cisco TAC case.

There is no downtime expected for this migration.

You can move the device serial numbers to the new SA or VA using the PNP Transfer Selected button, or you can open a Cisco TAC support case for assistance.

The functionality and the following details of the overlay do not change during this migration:

Organization name
Cisco SD-WAN Validator, Cisco SD-WAN Manager, or Cisco SD-WAN Controller DNS name
All current IPs assigned to all controllers
The entire Cisco SD-WAN Manager configuration, including certificates
Current allowed list of IP addresses

After the overlay migration, you may need to update the SA credentials configured in the Cisco SD-WAN Manager settings.

On-Premises to Cloud Migration Process Details

In the case, where an existing on-premise Cisco Catalyst SD-WAN overlay needs to be migrated to Cisco-provisioned cloud-hosted controllers, the process is outlined below:

Note

This migration process is only supported for on-premise single tenant overlays to a cloud-hosted single tenant overlay controller set. This migration is not supported for shared tenant or multi-tenant overlays.

Overall Process

Purchase Cisco DNA subscriptions for cloud and controller SKUs for cloud.
You must open a Cisco TAC support case with the Cisco CloudOps team and request for the on-premises to cloud migration.

You must provide details about the following:

Existing Smart Account (SA) and Virtual Account (VA) where the on-premises overlay controller profile is created.
The sales order number where cloud subscriptions were purchased.
Current on-premises configured organization name of overlay.
Choice of the required cloud type.
Choice of the required primary and secondary region of provisioning.
Single email address as contact for receiving alert notifications and other communications from the Cisco CloudOps team (team email address is preferred).
Optional choice of hostname for the FQDN of the Cisco SD-WAN Manager and the Cisco SD-WAN Validator to be provisioned.
Optional choice of custom private IP subnets required for TACACS/AAA/Syslog or other such use cases (provide a /24 IP prefix for each of the two regions of provisioning).
Current on-premises overlay fabric size in terms of number of edges deployed.
Current on-premises overlay Cisco SD-WAN Manager, Cisco SD-WAN Validator, and Cisco SD-WAN Controller instances running software versions.
Current on-premises overlay controller certificate source (Cisco/Symantec/Enterprise) root CA.

Configuration database backup copy from the current on-premises overlay Cisco SD-WAN Manager.

Note

You can either reset the Cisco SD-WAN Manager configuration database password to the default and then take the backup, or take the backup with your configured password and share that password on the Cisco TAC case.

Copy of the running configuration from the current on-premises overlay Cisco SD-WAN Manager
Range of system-IP addresses to be used for cloud-hosted controllers (should be an unused range within the current on-premises Cisco Catalyst SD-WAN fabric).

The Cisco CloudOps team provisions the cloud-hosted controller set, installs controller certificates, and shares details.
The Cisco CloudOps team applies the configuration database backup and the running configuration provided from the on-premises Cisco SD-WAN Manager to the new cloud-hosted Cisco SD-WAN Manager instance.
You may need to update your enterprise firewalls as required, with the new IPs of the cloud-hosted controllers.
Set up and execute a pilot change window to migrate one or more test edge nodes to the cloud-hosted controllers and then roll back to the on-premises Cisco SD-WAN Manager.
Migration is triggered by configuring the new Cisco SD-WAN Validator FQDN on the edge node.
Take necessary measures to prepare for the final change window.
Set up and execute a final change window to migrate all edge nodes from on-premises to cloud-hosted controller set.
If templates were created and applied for the on-premises Cisco SD-WAN Manager, Cisco SD-WAN Validators, and Cisco SD-WAN Controllers, then they must be reviewed and corrected, before applying them to the cloud-hosted controllers, post migration. Special care must be taken with respect to the interface configuration.

Prerequisites

Before opening a case, you must upgrade all your existing controllers and edge nodes to one of the latest Cisco-suggested release versions and verify that your data plane is stable.
You must have all edge nodes attached to a template or agree to reconfigure the edge nodes manually for the migration.
You must have all edge nodes with working NTP and DNS.
You must provide the root CA to Cisco if in case you are using enterprise certificates on the on-premises controllers.
You must have out-of-band access to edge nodes via console or an alternate way in case the edge nodes need manual configuration for recovery.

Considerations and Impact

You must work with your Cisco Account Team or Cisco support to procure Cisco Catalyst SD-WAN cloud subscriptions and add them to the existing Smart Account (SA) and Virtual Account (VA) where the on-premises overlay controller profile is created.
The Cisco CloudOps team provisions Cisco SD-WAN Manager only in the primary region.

There is a Cisco SD-WAN Validator and Cisco SD-WAN Controller instance provisioned in both the primary and the secondary regions.
The Cisco CloudOps team creates a new controller profile in the same SA/VA as the existing on-premises overlay.

This allows the cloud-hosted controller set to have the same organization name as the existing on-premises overlay. This in turn makes it possible to transfer the configuration database from on-premises Cisco SD-WAN Manager to the cloud-hosted Cisco SD-WAN Manager.

The configuration database restore method, otherwise, can't be used if the source and destination Cisco SD-WAN Manager instances have different organization name configured. Organization name on a cloud-hosted Cisco SD-WAN Manager instance can't be changed once provisioned.
As the new Cisco SD-WAN Manager is configured using the configuration database restore method, the statistics database from the on-premises Cisco SD-WAN Manager will not be migrated.
If Cisco SD-WAN Analytics is in use on the on-premises overlay, it continues to work.

There may be some data loss when the migration happens, as the new cloud Cisco SD-WAN Manager starts fresh data collection and sends it to the Cisco SD-WAN Analytics servers.
As the Cisco SD-WAN Validator FQDN changes, the configuration on the edge nodes requires to be updated for the migration.

This can be done via CLI templates from Cisco SD-WAN Manager applied to all the edge nodes. If no CLI templates exist on the on-premises Cisco SD-WAN Manager, you must create and apply them before starting the migration. If you do not prefer CLI templates, then you would need to manually reconfigure all the edge nodes individually via console or ssh.
If any issue occurs during the edge node migration, you may need to have an out-of-band management access to the edge nodes to make changes manually to switch over to new Cisco SD-WAN Validators.
At the time of migration, the control and data plane flaps for each edge node as it is pointed to the new Cisco SD-WAN Validator DNS and reconnects to the new cloud-hosted controllers.
It is mandatory that all edge nodes be configured with working NTP and DNS before the migration.
Rollback plan would involve Cisco SD-WAN Validator configuration to be changed back on the edge nodes to the on-premises Cisco SD-WAN Validator.
After successful migration, the controller profile that you hosted can be deleted from Cisco PNP SA/VA.

Cloud-Hosted Controller Deletion Policy

Cisco can delete a customer cloud-hosted controller overlay based on the following conditions:

Certificate Expiration

Identification Stage: If your controller certificates have been expired for 15 days or more, and you have not renewed the certificates, Cisco can move your cloud-hosted controller to a shutdown state. The expired controller certificates indicate that the cloud-hosted controller overlay and the connected devices are not being used.
Final Termination: If your fabric remains in the shutdown state for a period of at least 30 days, and if you have not made any communication to Cisco to recover the controllers, Cisco deletes the controllers. As a result, your data cannot be recovered.
Reprovisioning: After a fabric is removed, it needs to be reprovisioned. If you have an active Cisco Digital Network Architecture (Cisco DNA) license, you can request a new fabric.

Abandoned Overlays

Identification Stage: If the cloud-hosted controllers are provisioned for six months or more and
- there are no active edge devices, or
- the overlays are in the shutdown state for 30 days or more for reasons other than those set forth in this Cloud-Hosted Controller Policy,
then Cisco can deem your cloud-hosted controller as abandoned. Please note that no active edge devices or shutdown overlays indicate that the Cisco Catalyst SD-WAN overlay and the cloud-hosted controller devices are not being used.
Notification Stage: Cisco sends notifications to you communicating the overlay abandoned state along with a target shutdown date.
Shutdown Stage: If the customer overlay continues to remain unused even after the notifications, Cisco shuts down the overlay on the specified date.
Final Termination: If you have not communicated to Cisco to recover Cisco Catalyst SD-WAN cloud-hosted controllers within 30 days of the overlay shutdown, Cisco deletes the controllers. As a result, the customer data cannot be recovered.
Reprovisioning: Once an overlay is deleted, it needs to be reprovisioned. If you have an active Cisco Digital Network Architecture (Cisco DNA) license, you can request a new cloud-hosted controller overlay.

DNA Subscription Expired

This policy applies to Cisco Digital Network Architecture (Cisco DNA) subscriptions for the devices licensed before Cisco made the cloud controller subscription separately available. It is also known as Pre-Controller Subscription Offering.

Identification Stage: If all the Cisco DNA subscriptions for your devices connected to the cloud-hosted controller have expired, Cisco can deem your corresponding cloud-hosted controller as subscription expired.
Notification Stage: Cisco sends notifications to you communicating the overlay abandoned state along with a target shutdown date. Ensure that you keep your contact information up-to-date to receive timely notifications.
Shutdown Stage: If the customer overlay continues to run with the expired DNA subscriptions even after the notifications, Cisco shuts down the overlay on the specified date.
Final Termination: If you have not communicated to Cisco to recover your Cisco Catalyst SD-WAN cloud-hosted controllers within 30 days of the overlay shutdown, Cisco deletes the controllers. As a result, the customer data cannot be recovered.
Reprovisioning: Once an overlay is deleted, it needs to be reprovisioned. You can purchase a new cloud-hosted controller overlay by purchasing the required stock keeping units (SKUs).

Controller Subscription Expired

A controller subscription is licensed separately from the Cisco Digital Network Architecture (Cisco DNA) subscriptions for devices.

Identification Stage: If the subscription of your cloud-hosted controllers has expired, and if you have not renewed it, Cisco can deem your corresponding cloud-hosted controller as subscription expired.
Notification Stage: Cisco sends notifications to you communicating the overlay abandoned state along with a target shutdown date. Ensure that you keep your contact information up-to-date to receive timely notifications.
Shutdown Stage: If the controller subscription continues to remain unrenewed even after the notifications, Cisco shuts down the overlay on the specified date.
Final Termination: If you have not communicated to Cisco to recover your Cisco Catalyst SD-WAN cloud-hosted controllers within 30 days of the overlay shutdown, Cisco deletes the controllers. As a result, the customer data cannot be recovered.
Reprovisioning: Once an overlay is deleted, it needs to be reprovisioned. You can purchase a new cloud-hosted controller overlay by purchasing the required stock keeping units (SKUs).

Note

Failure to renew your DNA subscription for the Cisco cloud-hosted controllers may impact the functionality of the Cisco Catalyst SD-WAN features that are part of the Cisco DNA subscription for your devices. It is because these features are dependent on Cisco SD-WAN Controllers.

Cisco Catalyst SD-WAN CloudOps

Bias-Free Language

Book Title

Cisco Catalyst SD-WAN CloudOps

Chapter Title