Information About Disaster Recovery
In the Cisco Catalyst SD-WAN solution, which includes Cisco SD-WAN Manager, Cisco Catalyst SD-WAN Controller, and Cisco Catalyst SD-WAN Validator, only the Cisco SD-WAN Manager is stateful and can't be deployed in an active/active mode. The disaster recovery solution aims to deploy Cisco SD-WAN Manager across two data centers in primary/secondary mode.
The user account used for disaster recovery supports only local authentication and does not support remote authentication methods such as TACACS+ or RADIUS. This user must be dedicated solely to disaster recovery tasks and must not be used for any other functions, such as cluster management because of the following reasons:
-
Reliability: Using dedicated accounts for DR sync minimizes configuration errors and reduces operational risks.
-
Resilience: Prevents issues related to user lockouts or account overrides, ensuring DR processes are not impacted by administrative changes to other accounts.
-
Audit and compliance: Dedicated users provide clear separation for auditing purposes, making it easier to track and log DR-related activities.
-
Industry standard: All our customers, including those in highly regulated sectors such as finance, follow this model. It is the recommended and supported deployment standard.
-
Avoid remote authentication issues: TACACS-based users are prone to disruptions due to potential latency or connectivity issues with remote authentication servers. Using local accounts eliminates these risks, ensuring uninterrupted DR sync and cluster operations.
-
Password rotation: Capabilities are provided via API/GUI on active cluster and through CLI on standby cluster.
Disaster recovery provides an administrator-triggered failover process. When disaster recovery is registered, data is replicated automatically between the primary and secondary Cisco SD-WAN Manager clusters. If necessary, you can manually initiate a failover to the secondary cluster.
Disaster recovery is validated as follows:
Release |
Validated for |
---|---|
Cisco IOS XE Catalyst SD-WAN Release 17.4.1a, Cisco SD-WAN Release 20.4.1, and earlier |
Three-node cluster |
Cisco IOS XE Catalyst SD-WAN Release 17.4.1a and Cisco SD-WAN Release 20.4.1 |
Six-node cluster |
Cisco IOS XE Catalyst SD-WAN Release 17.5.1a and Cisco SD-WAN Release 20.5.1 |
Deployment with a single primary node |