Get Started with SAE GUI

This chapter describes the Cisco Secure Agile Exchange (SAE) GUI and how you can use it to design your services, create sites, deploy your services and sites, and view and edit details related to your SAE sites. For information on the Cisco SAE solution, its components, and deployment workflow, see Cisco Secure Agile Exchange (SAE) Solution Guide.

About SAE UI

The UI makes it fast and easy for you to design your services, create service chains, and deploy your services and sites. When you have brought up your CSP devices and switching, you can use the UI to perform all other service chain workflows.

Deploy SAE Solution QCOW2 in CSP

Recommended Resources, Pre-requisites, and Packages

Recommended resources for the qcow2 service is as follows:

  • CPU: 4 CPU's

  • RAM: 32 gigabytes

  • Hard Disk: 300 gigabytes or more

Prerequisites

  • CSP version should be greater than 2.5.1

  • Have the host information like hostname, IP address, netmask, gateway, DNS IP address handy.

  • VLAN # and Management Network for VNF running in the CSP where this host is going to be deployed.

Packages

The sae-solution image and sae-sol-2-2-0-1.qcow2, is an image that packages the following OS/applications.

  • Harmon CentOS 7: CentOS provided by Harmon with Linux kernel hardened up.

  • NSO Platform version: 5.2.3.6

  • SAE Core Function Pack (CFP) version: 2.2

  • Network Element Driver (NED): Beside the NEDs that come with SAE CFP, additional NEDs are bundled in this qcow2.

    • CSRv: cisco-ios-cli-6.66 version 6.66.1

    • ASAv: cisco-asa-cli-6.11 version 6.11

    • Palo Alto: paloalto-panos_cli-cli-4.7 version 4.7.4

    • Tailf-HCC: tailf-hcc version 4.5.0

    • Quagga: quagga-bgp-cli-4.2 version 4.2.6

  • SAE GUI: version 2.2.0-2020-Dec-21-15_09


Note

For more information, on how to deploy the QCOW2 image on CSP, connect to our CISCO Support/Service team.


SAE Upgrade Procedure

Upgrade and Install SAE RPM package

Run the following command to check and remove previous version of RPM and Debian before installing new RPM.

For RPM

  1. Verify if any previous RPM's are present on your VM by running the following command.

    rpm -qa saeui
  2. Remove the previous RPM's by running the following command.

    sudo rpm -e <package name>

    Example is as follow:

    sudo rpm -e saeui-2-1.0.noarch

For Debian

  1. Verify if any previous Debian's are present on your VM by running the following command.

    dpkg -l saeui
  2. Remove previous Debian's by running the following command.

    sudo dpkg -r <package name>

    Example is as follow:

    sudo dpkg -r saeui

Log In

Access the SAE UI by entering the network IP address of SAE in the browser.

Use the UI continuously to remain logged in. You are logged out of your session automatically after 30 minutes of inactivity.

Procedure


Step 1

Enter the URL in your browser.

Step 2

Enter the username and password that is assigned to you by the system administrator. The home page displays.

Step 3

To log out, expand the drop-down list next to your username at the top-right corner and click Logout.


Default Home Page

After you log in to SAE GUI, you see the home page and Configuration is selected by default. You will be on the Site area. If you have already configured sites using the GUI, a snapshot of all your sites is displayed. If you don't have any existing infrastructure and are starting from scratch, the site area will be blank.

The home page has the two main areas: Configuration and Monitoring & Operations

Configuration has the following areas: Site, Service Design, Service Catalog, and Global.

  • Site: A Site is a collection of CSPs and physical network functions installed in one location. It allows you to onboard your installation into your SAE software. The Site area displays snapshots of your existing sites and tenants under each of your sites. For existing sites, you can perform the following actions: export infrastructure, add resource zone, add tenants to the site, discover site inventory, edit site, and delete site. Click Add to create a new site.

  • Service Design: The Service Design area is the area where you create the templates i.e., Service templates as well as the Service Chain templates. The Service templates will define how the service will look like e.g. number of CPUs, type of VNFs, etc. The Service Chain templates will define the structure of the service chain. However, Service template is VNFD and Service Design template is NSD. The Service Design area has three subareas: Virtual Services, Physical Services, and Service Chains. If you have existing virtual services, the Virtual Services area displays them by default in card view. Click Add to add virtual services.

    The Virtual Services subarea displays your existing virtual service if any in card view by default.

    The Physical Services subarea displays your existing physical service if any in card view by default.

    The Service Chains subarea displays your existing service chains if any in card view by default. The card view displays the service chains according to the NSD Group name. If the NSD Group name is not defined the service chains created will be displayed in the Default group. Click Add to create a new service chain.

  • Service Catalog: The Service Catalog area has the following subareas: Catalog, Virtual Service Instance, Physical Service Instance, Service Chain Instance, Organization, and Server Profile. The Catalog area displays your existing catalogs, if any, by default in card view.

  • Global: The Global area has the following subareas: IP Address Pool, ID Pool, Authentication, Settings, Devices and Config Parameters. You can complete basic configuration tasks like creating authentication groups for NSO to access your devices and services and creating resource pools.

Monitoring & Operations has the following sections: Device Notifications and Service State Changes. The monitoring operation section display the notifications extracted from NSO.

Service Deployment Stages

Service deployment stages in SAE are broadly categorized into Infrastructure, Service Design, and Service Deployment. Each of these stages has a set of tasks that are associated with them. The tasks are like building blocks for deploying services. Unless stated otherwise, you can perform the tasks in any order.

Infrastructure

Setup: The infrastructure setup stage includes modeling and wiring the hardware devices and configuring them. These tasks are outside the scope of SAE GUI.

Infrastructure Discovery: When the infrastructure is set up, use the SAE GUI to discover it.

Authentication: Use the SAE GUI to complete some basic global configuration such as adding authentication groups. Authentication groups contain the credentials for NSO to access your devices.

Resource Pools: Resource pools include VLAN ID Pool, BGP autonomous system Pool, Management IP pool, Data IP Pool, and VNID Pool. You need resource pools at the time of creating a site. Resource pools are assigned to SAE sites and the tenants under the sites.

Catalog: Think of a catalog as a container that holds together information server profiles and service chain instances that SAE sites and tenants can use. You need a catalog at the time of adding your organization and tenant and creating service instances and service chain instances. When you associate a catalog with to your organization, the organization can use all the services and service chains associated with the catalog.

Organization: Adding organizations and tenants allow you to associate catalogs with them.

Site: Create an SAE site for your organization or tenants and allocate resource pools to them for use during service deployment.

Service Design

Services: In the service design phase, you add services like routers, firewall, and load balancers. At the time of adding services, you can also add specifications for each of the services: disk space, memory, the location where the software image of the service can be downloaded from, interfaces to be used, CPU, and so on.

Service Chains: Similar to how hardware appliances are connected to each other, service chains are formed by connecting services. All end-to-end service chains have a consumer endpoint and a provider endpoint. Half chains have either a consumer or a provider endpoint on one end and a chain endpoint on the other. Use the chain endpoints to connect two half chains.

Service Instances: Services are generic, whereas service instances are specific sets of configurations that can be applied to your services. You can define multiple service instances for a single service by changing some parameters like service flavor, and other variables. At the time of deploying a service chain, you choose a service instance to apply to the service you choose.

Service Chain Instances: Similar to service instances, you can create service chain instances for each of the services in a service chain. At the time of creating a service chain instance, you choose a catalog that the service chain instance should be a part of. You also choose the service chain for which you are creating the instance. After this, you can specify service instances for each of the services in the service chains.

Service Deployment

Service Chains: In the Site area of the GUI, you can add consumer half chains, provider half chains, stitching chains, end-to-end chains, and gateways. The service chain models that you created during the Design phase will be available for you to add to your sites.

Endpoints: Create endpoints to connect service chains to the external network. Endpoints can be created at an organization (provider) level and at the tenant level. Both provider level and tenant level endpoints can be created from the Site area. When you click any tenants from the Site area, you can view and edit their details and also see all the provider level and tenant level endpoints.