Cisco CloudOps Overview

Note

To achieve simplification and consistency, the Cisco SD-WAN solution has been rebranded as Cisco Catalyst SD-WAN. In addition, from Cisco IOS XE SD-WAN Release 17.12.1a and Cisco Catalyst SD-WAN Release 20.12.1, the following component changes are applicable: Cisco vManage to Cisco Catalyst SD-WAN Manager, Cisco vAnalytics to Cisco Catalyst SD-WAN Analytics, Cisco vBond to Cisco Catalyst SD-WAN Validator, Cisco vSmart to Cisco Catalyst SD-WAN Controller, and Cisco Controllers to Cisco Catalyst SD-WAN Control Components. See the latest Release Notes for a comprehensive list of all the component brand name changes. While we transition to the new names, some inconsistencies might be present in the documentation set because of a phased approach to the user interface updates of the software product.

Cisco provides a cloud-hosted subscription service for its Cisco Catalyst SD-WAN Control Components—such as Cisco SD-WAN Manager, Cisco SD-WAN Validator, and Cisco SD-WAN Controller—designed to streamline and speed up deployment. This approach also helps lower the operational costs of managing these components independently. Additionally, the cloud model includes instance monitoring and advanced analytics capabilities.

About This Guide

This document serves as a guide to the Cisco-managed, cloud-hosted Cisco Catalyst SD-WAN Control components, explaining their capabilities and services. Furthermore, it comprehensively details the cloud infrastructure's hosting processes, assigned responsibilities, and pertinent recommendations.

Audience

This document is intended for network design engineers and network operators interested in purchasing or deploying Cisco Catalyst SD-WAN cloud-based subscription options.

Types of Fabric Network in Cisco Catalyst SD-WAN

Cisco SD-WAN Cloud Fabric: In a Cisco SD-WAN Cloud fabric, Cisco hosts and manages the control components. This fabric type is best for customers who prefer to focus on their edge device networking instead of Cloud control component infrastructure operations.

Some of the salient features of this fabric are:
- Cisco SD-WAN Cloud fabrics always run on the long-lived recommended software releases, providing reliability and stability.
  
  SD-WAN Fabric is mapped to Customer’s Smart Account and Virtual account for easier device onboarding, utilizing external management capability of their Virtual Account (VA).
Cisco SD-WAN Cloud-Pro Fabric: In addition to the capabilities of a Cisco SD-WAN Cloud fabric, a Cisco SD-WAN Cloud-Pro fabric allows you to access these options:
- Isolated/Private instance of SD-WAN Control Components.
- Specific software versions.
- AWS or Azure for a Cloud provider and specific location from available Cloud provider regions for deployment of Control Components.
- Ability to choose your Control component software upgrade schedule.
- Commercial Certifications, such as PCI/C5/ENS/CC.
- Government Certifications, such as TxRAMP/StateRAMP.

Cisco SD-WAN Cloud-Pro Fabric - Multitenant (for MSPs): In this type of fabric, the hosting of control components (Cisco SD-WAN Manager, Cisco SD-WAN Validator, and Cisco SD-WAN Controller) is dedicated to the Managed Service Providers. The Managed service provider hosts and manages tenants within this Multitenant environment for their end-customers.

Note

A Cisco SD-WAN Cloud-Pro Fabric - Multi-tenant can be hosted only on the AWS cloud provider.

Coverage Summary


Task	Cisco SD-WAN Cloud	Cisco SD-WAN Cloud-Pro	Cisco SD-WAN Cloud-Pro - Multitenant	Comments
Provision Fabric
Provisioning from Cisco Catalyst SD-WAN Portal	Customer	Customer	Cisco CloudOps
Monitor and Troubleshoot Cloud Control Components infrastructure
CPU and data disk utilization	Cisco CloudOps
Loss of connectivity to network interfaces
Failure to reach instances
Monitor Cisco Catalyst SD-WAN services
Expiry notification of control component SSL certificates	Cisco CloudOps
Availability of the Cisco SD-WAN Manager web server
Loss of control connection to the control components
Capacity management of Cisco Catalyst SD-WAN Controllers	Cisco CloudOps			Cisco CloudOps monitors and upgrades the instance capacity (including expansion to clusters) based on the number of devices on the fabric.
Disaster Recovery
Take periodic volume-based snapshots	Cisco CloudOps			Note that in multitenancy, the volume-based and config-based snapshot is for the entire multitenancy Cisco SD-WAN Manager cluster, not for any particular tenant.
Take periodic configuration-based backups	Cisco CloudOps
Take On-demand snapshots	Not Applicable	Customer	Customer
Restore fabric based on volume or configurations	Cisco CloudOps
Onboard to Cisco SD-WAN Analytics	*Not Applicable	Customer	Customer	Cisco SD-WAN Analytics is onboarded by default for all Cisco Catalyst SD-WAN deployments.
Assist on-premises to cloud migration assistance	Cisco CloudOps			For more details on the On-prem to cloud migration, see On-Premises to Cloud Migration Process Details.
Custom subnets and TACACS	Not Applicable	Customer	Customer	For customers, setting up custom subnets and TACACS is only possible during Day-0 provisioning. For Day-N, customers can open a TAC case with Cisco CloudOps. TACACS is not available for multitenant fabric at present.
Renew control component certificates	Cisco CloudOps	*Customer	*Customer	*CloudOps can help renew certificates on customer request.
Upgrade software
Control component software upgrade	Cisco CloudOps	*Cisco CloudOps	*Cisco CloudOps	*Cisco performs upgrades only to recommended releases.
Edge device/node software upgrade	Customer
Upload and manage Edge images in Cisco SD-WAN Manager Software Repository	Cisco CloudOps	Customer	Customer
Respond to Cisco CloudOps notifications to authorize the service window, instance reboot, review, or verify changes carried out by Cisco CloudOps	Customer
Create Smart Accounts (SA) or Virtual Accounts (VA) on software.cisco.com and attach Cisco Catalyst SD-WAN subscribed devices to the SA/VA	Customer
Allow external management of SA/VA on PNP Connect	Customer	Not Applicable	Not Applicable	Do not allow external management of SA/VA on PNP Connect before provisioning a fabric in Cisco Catalyst SD-WAN Portal. The provisioning workflow automatically enables the external management.
Accept external management of SA/VA and map tenant VA to customer SA/VA	Cisco CloudOps	Not Applicable	Not Applicable
Define device configuration templates and policies through Cisco SD-WAN Manager	Customer
Perform other activities that require logging in to Cisco SD-WAN Manager, such as template and policy configuration and edge device management	Customer
Manage web server certificates	Cisco CloudOps	*Customer	**Customer	CloudOps can help renew certificates on customer request. *CloudOps can renew web certificates if the MT fabric is deployed in the cisco.com domain.
Sync edge serials with credentials	*Not Applicable	Customer	Customer	*Cisco SD-WAN Cloud customers use their Cisco Connection On-line (CCO) login credentials for Single-Sign-On and syncing edge serials.
Managed Allowed IP access list	Not Applicable	Customer	Customer
Custom Identity Provider (IdP) Configuration	Not Applicable	Customer	Customer	Cisco SD-WAN Cloud only supports Cisco Connection On-line (CCO) as an identity provider. Customers can use Single-Sign-On to navigate among Catalyst SD-WAN applications such as Cisco SD-WAN Manager, Cisco SD-WAN Analytics, and Cisco Catalyst SD-WAN Portal.

Solution Design

About This Solution

When you choose a cloud-based subscription for your Cisco Catalyst SD-WAN Control Components, Cisco deploys Cisco SD-WAN Manager, Cisco SD-WAN Validator, and Cisco SD-WAN Controller on the public cloud. Cisco then provides you with administrator access. By default, a single Cisco SD-WAN Manager, Cisco SD-WAN Validator, and Cisco SD-WAN Controller are deployed in the primary cloud region and an additional Cisco SD-WAN Validator and Cisco SD-WAN Controller are deployed in the secondary or backup region.

Supported Clouds and Cloud Regions

The following clouds and cloud regions are supported for Cisco Catalyst SD-WAN Control Component deployments:

Table 1. Supported clouds and cloud regions for SD-WAN Cloud
Amazon Web Services
APAC EU US

Table 2. Supported clouds and cloud regions for Cisco SD-WAN Cloud-Pro
Amazon Web Services	Microsoft Azure
Asia Pacific—Jakarta \| Indonesia Asia Pacific—Mumbai \| India Asia Pacific – Hyderabad \| India Asia Pacific—Seoul \| South Korea Asia Pacific—Singapore \| Singapore Asia Pacific—Sydney \| Australia Asia Pacific – Melbourne \| Australia Asia Pacific – Thailand \| Thailand Asia Pacific—Tokyo \| Japan Africa—Cape Town Canada Central—Montreal \| Canada Canada West—Calgary \| Canada EU—Frankfurt \| Germany EU—Ireland \| Dublin EU—London \| UK EU—Stockholm \| Sweden South America—Sao Paulo \| Brazil US East—Northern Virginia \| USA US West—Northern California \| USA US West—Oregon \| USA	Asia Pacific \| Australia East—Sydney \| New South Wales Asia Pacific \| Australia Southeast—Melbourne \| Victoria Asia Pacific \| Japan East—Tokyo Asia Pacific \| Southeast Asia—Singapore Asia Pacific \| West India—Mumbai Asia Pacific \| South India UAE North—Dubai Asia Pacific \| Australia Central—Canberra South Africa—North Canada Central—Montreal \| Canada Canada East Americas \| Brazil South—Sao Paulo State Europe \| France Central—Paris Europe \| North Europe—Ireland Europe \| UK South—London Europe \| West Europe—Netherlands Americas \| East US—Virginia Americas \| West US—California Americas \| West US 2—Washington

Cisco Catalyst SD-WAN Provisioning on Cloud

Note

By default, Cisco provisions one Cisco SD-WAN Manager, two Cisco SD-WAN Validators and two Cisco SD-WAN Controllers for a fabric of size <1500.

For information on recommended computing resources, see Recommended Computing Resources for Cisco Catalyst SD-WAN Control Components.

Customer Responsibilities

Manage allowed access-list with your source public IP ranges for management access of control components.
Renew control component certificates on time.
Before making any changes in the Cisco Catalyst SD-WAN Portal, take the on-demand snapshot using the procedure, Take an On-Demand Snapshot and configuration backup using Back Up the Active Cisco SD-WAN Manager procedure.
Upgrade the software.
- You can open a TAC case for the following:
  - If you face any issues with software upgrade.
  - If you want any rollback.
- The Cisco SD-WAN Validator and Cisco SD-WAN Controller are stateless services. Therefore, you do not need to take backups for these services. Cisco SD-WAN Manager automatically pushes the configurations once they are attached to templates.
  
  We recommend that you create and attach templates to the Cisco SD-WAN Validator and Cisco SD-WAN Controller instead, so the Cisco SD-WAN Manager backups automatically include the configuration backup of the control components.
- The Cisco Catalyst SD-WAN support teams can assist with the control component software upgrade for all deployment types.
- It is your responsibility to upgrade the software version of an edge device. For the compatible versions of edge devices based on control component versions, see Cisco SD-WAN Controller Compatibility Matrix.
Respond to the notifications sent by Cisco CloudOps to authorize the service window, instance reboot, review, or verify changes carried out by Cisco CloudOps.
For a Cisco SD-WAN Cloud-Pro fabric, configure the third interface on Cisco SD-WAN Manager with static IP or DHCP based IP to use it for SD-AVC. By default the third interface is in shut state.
Open a TAC case to arrange a service window when you receive a notification from Cisco CloudOps. Some operations can be performed only with the consent of the customer.
Create Smart Accounts (SA) or Virtual Accounts (VA) on software.cisco.com and attach Cisco Catalyst SD-WAN subscribed devices to the SA or VA.
Define device configuration templates and policies through Cisco SD-WAN Manager.
Perform other activities that require logging in to Cisco SD-WAN Manager.
For a Cisco SD-WAN Cloud fabric, open a Cisco TAC support case if you need specific software versions to be added in the Cisco SD-WAN Manager software repository.

Your failure to meet the responsibilities outlined in this section will invalidate the SD-WAN Cloud SLA, including any guaranteed service uptimes.

Responsibilities of Cisco CloudOps

Fabric Provisioning

Provision cloud-hosted control components for your Cisco Catalyst SD-WAN fabric, configure a unique admin password with an expiry time of a week, and hand over Cisco SD-WAN Manager to you.
Configure Cisco SD-WAN Manager with a default template and policy when you choose the default template and policy push option on the sales order.
Create and manage Cisco SD-WAN Cloud, Cisco SD-WAN Cloud-Pro, and MT clusters as needed.
Manage tenants on multitenant fabrics (for direct enterprise customers).

Monitor and Troubleshoot

Cisco CloudOps monitors the health of cloud-hosted fabric and troubleshoots if there are any issues.

Cisco CloudOps is backed by a real-time monitoring system that checks the health of Cisco Catalyst SD-WAN control components and generates alerts. The check includes the health of Cisco SD-WAN Manager, application or web server, other micro services, and configuration or statistics databases.
Take proactive action for cloud infrastructure issues, which are beyond your control. Else, notify you about the potential issues and request you to open a Cisco TAC support case for further investigation.
Manage alerts based on notifications from the cloud provider environments on instance up or down states and CPU or network inactivity status.
Resolve the alerts proactively if it doesn’t require a down time of the services. Notify you when services flap.
Send 30-, 15-, and 5-day notices to you to renew expiring certificates on Cisco SD-WAN Manager. Cisco Catalyst SD-WAN control component certificates have a validity of one year.

Cloud Infrastructure Support

Carry out disaster recovery workflows, including snapshot volumes or configurations. Restore Cisco SD-WAN Manager clusters based on volumes or configurations.
Provision custom subnetting to extend your on-premises network into the cloud-hosted fabric network.
Manage on-premises to cloud migrations.

Capacity Management

Monitor the growth of devices per fabric along with the control component instance capacity parameters such as CPU, disk, and memory utilizations. Follow a pre-set guideline to increase the capacity of the service instances as needed.

Cisco Catalyst SD-WAN CloudOps

Bias-Free Language

Book Title

Cisco Catalyst SD-WAN CloudOps

Chapter Title