《在您的组织中部署Nexus仪表板.pdf》由会员分享,可在线阅读,更多相关《在您的组织中部署Nexus仪表板.pdf(116页珍藏版)》请在三个皮匠报告上搜索。
1、#CiscoLive#CiscoLiveMatthias Wessendorf,Principal Engineermatteq4erBRKDCN-39143914Deploying Nexus Dashboard Deploying Nexus Dashboard in your Organizationin your Organization 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App 3Que
2、stions?Use Cisco Webex App to chat with the speaker after the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June 9
3、,2023.12343https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKDCN-3914Agenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicIntroductionWhat is Nexus Dashboard?A view under the hood.Deploying Nexus DashboardOperating Nexus DashboardSummaryBRKDCN-39144 2023
4、Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAt the end of the session you will Be able to define the requirements for deploying a Nexus Dashboard in your Organisation.By describing the Deployment model,centralized vs.stretchedNetwork requirmenets and attachment to the netwo
5、rkSizing a Nexus Dashboard for the different services.BRKDCN-39145 5Introduction 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNexus DashboardDeployment evolutionPastTodayPhysical Platform ClusterVirtual/Cloud PlatformBRKDCN-39147 7 2023 Cisco and/or its affiliates.All r
6、ights reserved.Cisco Public#CiscoLiveConsume all services in one placeInsightsOrchestratorData BrokerPrivate cloudPublic cloudNexus DashboardSimple to automate,simple to consumePowering automationUnified agile platformSAN ControllerFabric DiscoveryFabric ControllerBRKDCN-39148 8 2023 Cisco and/or it
7、s affiliates.All rights reserved.Cisco Public#CiscoLiveNexus Dashboard:One viewConventionalOne viewSiloedOperationsGlobal accessNexus Dashboard One ViewSpreadsheetCLI ScriptMonitoring softwareBRKDCN-39149 9 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco Nexus Dashbo
8、ard Platform102.2 GHz(Node-G2)or 2.8Ghz(Node-G4)CPU x 2256 GB memory2.4 TB x 4 HDD10G/25G/40G connectModern Scale-out application services stack to host data center operations applicationsHigh AvailabilityNetwork automationScale-out clusterMay 2020SE 1.1.3Nexus Dashboard Insights3rdParty appsNDONDON
9、exus Dashboard OrchestratorBRKDCN-391410 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVirtual Nexus Dashboard PlatformAPP-Node64 GB memory550G SDD16 vCPUsVirtual Platform to Support NDI,NDO and NDFC in ProductionKVMAvailable forMay 2020SE 1.1.3Nexus Dashboard Insights3r
10、dParty appsNDONDONexus Dashboard OrchestratorDATA-Node128 GB memory3TB SSD/NVMe*32 vCPUsESXi*Spinning disk wont workBRKDCN-39141111 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNexus Dashboard:A Unified Agile Platform12The operator viewThe admin viewCustomize views and
11、workflowsConsistent user management and access controlConsistent one-time onboarding of domains and servicesFrictionless navigation across multiple services and sitesConsume service(s)from single placeSingle dashboard for lifecycle management of services and Ops infraBRKDCN-391412What is Nexus Dashb
12、oard?-a view under the hood-2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveProactive NotificationsConfiguration compliancyRealtime Telemetry CollectionFaster resolution through correlationSingle Dashboard to view healthSingle UI to consume app services Secure cluster and
13、app managementHardened secure container OSInfrastructure for secure K8 bringupCisco Nexus DashboardNexus Dashboard14Nexus Dashboard PlatformUnder the HoodApplication ServicesOpenSearch KafkaShared ServicesSSO APIGWInfra ServicesKubernetesuService LifecycleKey Vault,ClusterSystem ServicesAtomix OSSec
14、ure Container OSCisco Nexus Dashboard OrchestratorCisco Nexus Dashboard InsightsFrictionless accessStandardized service access Industry standard container management14BRKDCN-3914 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDeployment ModelDeployed ServicesNDI*NDI*NDO*N
15、DO*NDI and NDONDI and NDONDFC*NDFC*Total number of nodes needed6363Type of master nodesDATAAPPDATAAPPTotal number of DATA nodes needed3030Total number of APP nodes needed3333Depending on the services(NDI/NDO)being deployed on top of vND the number of required nodes and which node type must be deploy
16、ed as master is changingScale numbers are documented in the ND cluster sizing tool*3 APP node PoC setup for NDI with reduced scale is available*1 APP node PoC setup for NDO with reduced scale is available*1 APP node PoC setup for NDFC with reduced scale is availableBRKDCN-39141515 2023 Cisco and/or
17、its affiliates.All rights reserved.Cisco Public#CiscoLiveAn ACI fabric is onboarded on ND by specifying the IP address of one of the nodes of the APIC cluster This can be either the APICs IB or OOB address.In case of the usage of NDI it must be the APICs IB addressND uses the Data Interface to estab
18、lish the initial connection to that APICs IP address If the connection is successful,ND discovers all the OOB and IB IP addresses for the other nodes in the APIC clusterND to APIC Connectivity ConsiderationsACI InbandACI Out-of-bandND Data InterfaceND Mgmt InterfaceBRKDCN-39141616 2023 Cisco and/or
19、its affiliates.All rights reserved.Cisco Public#CiscoLiveAn DCNM site is onboarded on ND by specifying the Inband IP address of the DCNM,no other IP is supportedND uses the Data Interface to establish the initial connection to that DCNM IP address ND to DCNM Connectivity ConsiderationsDCNM InbandDCN
20、M Out-of-bandND Data InterfaceND Mgmt InterfaceDCNM Enh.FabricBRKDCN-39141717 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAn NDFC site is onboarded on ND by specifying the Inband IP address of the ND hosting the NDFC,no other IP is supportedND uses the Data Interface t
21、o establish the initial and ongoing connection to that ND Data IP address hosting NDFCND to NDFC Connectivity ConsiderationsND InbandND Out-of-bandND Data InterfaceND Mgmt InterfaceBRKDCN-39141818vNDConsiderations for ND 2.2 or earlier 2023 Cisco and/or its affiliates.All rights reserved.Cisco Publi
22、c#CiscoLiveBRKDCN-3914If you plan to leverage Persistent IPs for NDI or NDFCPort-Group and virtual Switch,where the vND is connected to has to be:Connected via PC or vPC Connected via a single link A/A without PC or vPC is not supported A/S at Hypervisor level without PC or vPC is not supported Inte
23、rface failover at UCS level(or equivalent)without PC or vPC is supportedIn a nutshell the virtual switch has to have a single logical uplink.This is addressed in ND 2.3 and later release.Attaching vND to the Network(via UCS FI or equivalent or direct)2020 2023 Cisco and/or its affiliates.All rights
24、reserved.Cisco Public#CiscoLiveBRKDCN-3914Attaching vND to Network(via UCS FI or equivalent)A/A uplinks of Port-Group/virtual Switch without PC or vPCA/S uplinks of Port-Group/virtual Switch at Hypervisor level without PC or vPCA/S uplinks of Port-Group/virtual Switch at UCS level(aka as Fabric Fail
25、over)without PC or vPCAAA AAAAASSSSSingle uplinks of Port-Group/virtual SwitchAASupportedSupportedUnsupportedUnsupported2121 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKDCN-3914Attach vND to Network(directly)A/A uplinks of Port-Group/virtual Switchwith PC or vPCA/A
26、uplinks of Port-Group/virtual Switchwithout PC or vPCA/S uplinks of Port-Group/virtual Switch at Hypervisor level without PC or vPCSingle uplink of Port-Group/virtual SwitchUnsupportedUnsupportedSupportedSupportedAAA AAASSPort-Channel used as uplink of Port-Group/virtual SwitchSupported2222Persisten
27、t IPs and their usage 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveImportant Requirement for NDI 5.1 and later for DCNM/NDFC and for NetFlow/SFlowNexus Dashboard Cluster Nodes need to be Layer-2 Adjacent on Data InterfaceIPv4 requirements:You need to assign 6 IPs,out of
28、 the range of the Data Interface Subnet,Nexus Dashboard Cluster.3 IP are needed for SW Telemetry receiver and 3 for HW Telemetry.IPv6 requirements:You need to assign 7 IPs,out of the range of the Data Interface Subnet,Nexus Dashboard Cluster.3 IP are needed for SW Telemetry receiver,3 for HW Telemet
29、ry and 1 for Assurance CollectorBRKDCN-39142424 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePersistent IP Pool 1/2Is needed to assign persistent IPs to Services/AppsThese IPs are staying the same even the Service/App is moved to another ND NodeAre entered as host IP ad
30、dresses under Cluster Configuration-External Service PoolsCurrently used by NDI 6.0,when monitoring DCNM based Sites or Netflow/Sflow collection used for ACI/DCNMOnly required for the Data Subnet of NDBRKDCN-39142525 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePersiste
31、nt IP Pool 2/2BRKDCN-39142626 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAppsAppsMgmt InterfaceMgmt InterfaceData InterfaceData InterfacePersistent IPsPersistent IPsSupport for Data and Support for Data and Mgmt in the same Mgmt in the same Subnet*Subnet*NDFCL2 adjace
32、ntL2 adjacent/L3 adjacent with L3 HA2 IPs in mgmt network(for default settings)or 2 IPs data network(for POAP etc.via data network)+1 IP per fabric for EPL in data networknoNDI for DCNM based SitesL3 adjacentL2 adjacent6 IPs in data network(+1 for IPv6)noNDI for ACI based SitesL3 adjacentL3 adjacent
33、-/-yesNDI with SFLOW/Netflow functionL3 adjacentL2 adjacent6 IPs in data interface network*noNDOL3 adjacentL3 adjacent-/-yes*if NDI is for DCNM no additional IPs are needed.*supported but not recommended BRKDCN-39142727 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveND L3
34、 peering/L3 HAFor use of persistent IPs,there are now 2 choices:1.L2 All ND data interfaces are in the same subnet/L2 Domain and Persistent IPs are out of the same Network2.L3All ND data interfaces can be in different subnets and have a BGP peering towards the network.Persistent IPs must not be out
35、of any of these subnets.ND nodes will only update the external peer with persistent IPs and not learn any prefixes.The local routing table will still be honoredOnly supported on ND Data InterfaceBRKDCN-39142828 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveeBGP Peering w
36、ith NetworkEach ND node can be a separate AS or all in a single ASMulti-hop BGP peering is not supportedEach ND node can peer to multiple Nodes(max 2)via IPv4 or IPv6Can be configured during bootstrap or added laterPersitent IPs have to be out of an IP subnet not overlapping with any ND local IPCisc
37、o Nexus Dashboard clusterAS61234 eBPGReachability of Persitent IPs per ND NodeBRKDCN-39142929Attaching ND to your Network 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveND Cluster attached to any Networking InfraCisco Nexus Dashboard cluster L3out INB VRFL3 NetworkManagem
38、ent NetworkData InterfaceManagement InterfaceL3out INB VRFFabric AFabric B Apps on ND talk via Data Interface IP to Inband Management Network in mgmt.tenant of ACI fabrics or the Inband Mgmt of DCNM based fabrics IP reachability to all ACI/DCNM fabrics is established via L3out to Inband Management N
39、etwork in INB VRF in each ACI fabric For DCNM based Fabrics the connectivity is done to the inbandMgmt of the DCNM and the switches.InbandMgmtFabric CRecommendedBRKDCN-39143131 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveND Cluster attached to DCNM/NDFC based FabricCis
40、co Nexus Dashboard cluster VLANManagement NetworkData InterfaceManagement InterfaceL3out INB VRFFabric BL3outL3 Network Apps on ND talk via Data Interface IP to Inband Management Network or Data Network on DCNM/NDFC and switches in the fabric Data Interface IP Subnet is an VLAN in the fabric in the
41、underlay.IP reachability to other ACI/DCNM/NDFC fabrics is established via L3outFabric AInbandMgmtFabric CBRKDCN-39143232 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveND Cluster attached to ACI FabricCisco Nexus Dashboard cluster EPG/BDManagement NetworkData InterfaceMa
42、nagement InterfaceL3out INB VRFFabric BL3outL3 Network Apps on ND talk via Data Interface IP to Inband Management Network in mgmt.tenant of ACI fabrics Data Interface IP Subnet is an EPG/BD in ACI fabric.This EPG needs contract to talk to local ACI Inband EPG in Mgmt tenant Recommendation is to plac
43、e ND in Mgmt tenant and VRF INB IP reachability to other ACI/DCNM fabrics is established via L3outFabric AInbandMgmtFabric CBRKDCN-39143333 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePro/Contra of connecting to an ACI/NDFC/DCNM fabricProProContraContra-Easy connection
44、 between ND and Inband Management of ACI fabric-ND cluster is tied to a single fabric-Reachability to other sites/fabrics has to go via L3out-ND cluster relies on single ACI fabricMake NXOS statementBRKDCN-39143434 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePro/Contra
45、 of connecting to any Networking InfraProProContraContra-ND Cluster is not tied to any ACI Fabric-Same communication paths between all sites.-All communications between ACI Apps on ND need to go via L3outMake NXOS statementBRKDCN-39143535 2023 Cisco and/or its affiliates.All rights reserved.Cisco Pu
46、blic#CiscoLiveRecommendations/Best Practice Do not connect whenever possible to an ACI Fabric/DCNM based Fabric directly:ND and Apps are relying on a functioning of the fabric,could be impacting during outages or maintenanceIf you monitor multiple sites the ND cluster is not depend on a single siteI
47、f a ND cluster is connected to a single fabric:Fully supported/working BUT keep in mindIssues in the fabric may impact the function of the ND cluster and the apps as they share fate.BRKDCN-39143636 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePlacement of Master/Standby
48、 Nodes for Distribute/Stretched ND Clusters(recommended for NDO)Number Number of Sitesof Sites1 12 23 34 45 51M1,M2,M32M1,M2M3,S13M1M2M34M1M2M3S15M1M2M3S1M1,M2,M3:ND Master NodesS1:ND Standby NodeBRKDCN-39143737 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhen Centrali
49、zed or Distributed/Stretched ClusterCentralizedCentralizedDistributed/StretchedDistributed/Stretched-With NDI/NDFC deployed-For redundancy/DR for NDO-NDI do not gain any better redundancy with distribute/stretched clusters.You more likely expose the cluster to interconnection failures with a distrib
50、uted/stretched cluster-Synchronization traffic is kept between the ND nodes and only telemetry traffic is streamed via WAN-Same traffic path for reaching each siteRecommended for NDI/NDFCRecommended for NDOBRKDCN-39143838Deployment Options for ND 2023 Cisco and/or its affiliates.All rights reserved.
51、Cisco Public#CiscoLiveDefinition Terms and Assumptions/RequirementsSite:geographical datacenter location with 1 or more fabricsRTT requirements for:ND:between ND nodes 150msNDO:to APIC 500ms,to DCNM 50ms,between ND/NDO nodes 150msNDI:between ND/NDI nodes 50ms,to APIC/Fabric 50msNDFC:between ND/NDI n
52、odes 50ms,to Fabric 50ms(200ms if no PoAP is used)Always select the lowest common denominator.E.g.NDI and NDO co-hosted:between ND nodes 50ms,to APIC/Fabric 50msBRKDCN-39144040 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDeployment RequirementsCustomer has more than 1
53、SiteNumber of ND clusters is driven by number of switches and combination of appsLocation of the ND clusters is driven by type of the apps:NDO:cluster should be distributed for HA/DR reasonsNDI,NAE:cluster can be distributed,but should be placed close to source of telemetry dataAlways keep virtual N
54、D for NDO in consideration,to satisfy the HA/DR requirementPlease check the sizing calculator for ND for the supported apps and scale on CCOBRKDCN-39144141 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSome Deployment Considerations 1/2Try to keep the potential points of
55、 failure for reachability between the ND nodes as low as possible.When distributing a ND clusterND Data and Mgmt interface of ND nodes can be in different subnets.Only IP connectivity is needed.(Please allow ports listed in documentation)!For NDI being hosted on ND2.1 or later for DCNM/NDFC based fa
56、brics,you need to have the Data Interfaces of the ND nodes L2 adjacent or eBGP enabled and provide persistant IPs!For NDI being hosted on ND2.1 or later leveraging Netflow/Sflow,you need to have the Data Interfaces of the ND nodes L2 adjacent and provide persistant IPs!When deploying NDFC on ND2.1 o
57、r later the Management Interfaces of ND nodes have to be L2 adjacent.Also Data Interfaces of the ND nodes have to be L2 adjacent.BRKDCN-39144242 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSome Deployment Considerations 2/2In MPOD,ACI is taking care of the reachability
58、,Keep in mind loosing IPN connectivity will e.g.break NDIIn MSITE communication can not happen via ISN.It has to go via L3OUT in each site.Telemetry is sent via INB EPG in Mgmt Tenant,this is not managed by NDO!Data Interface IPs,have to be different from INB EPG subnet of ACI,when ND cluster is con
59、nected to ACI fabricAll communication of Apps hosted on ND is initiated via Data Interface IPsBRKDCN-39144343 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveHA/Redundancy with Stretched ND clustersCisco Nexus Dashboard cluster 1NDO/NDFCSite 1 Fabric 1Site 2 Fabric 22 ND m
60、aster nodes are always needed to keep the ND cluster operational.If you deploy a stretched cluster across 2 sites,you SHOULD deploy in the site with a single ND master node,a ND standby node.In case of a failure of 2 ND master nodes,you have to manual promote the standby to master to replace a faile
61、d master.NDO/NDFC are the only apps surviving this.When the failed master needs to be wiped and re-added as standby node.Master1 Master2Master3StandbyBRKDCN-39144444 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOption 1:1 Site/Fabric(below 500 nodes)NDISingle cluster(x
62、number of nodes,cluster connected to either ACI fabric or legacy infra with IP reachability)Cisco Nexus Dashboard cluster 1NDISite 1 Fabric 1Cluster#1BRKDCN-39144545 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOption 2:1+Site(below 500 nodes)NDISingle cluster(x number
63、of nodes,cluster connected to either ACI fabric or legacy infra with IP reachability,Cluster can be stretched or local to a site)Cisco Nexus Dashboard cluster 1 NDICisco Nexus Dashboard cluster 1NDISite 1 Fabric 1Site 2 Fabric 2Central deploymentdistributed deploymentSite 2 Fabric 2Site 1 Fabric 1Cl
64、uster#1Cluster#2RecommendedBRKDCN-39144646 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOption 3a:1+Site(below 500 nodes)NDI and NDOSingle ND cluster for NDI(x number of nodes,cluster connected to either ACI fabric or legacy infra with IP reachability)Single additional
65、virtual ND cluster for NDO to meet HA/DR requirementsVirtual Cisco Nexus Dashboard cluster 2NDOCisco Nexus Dashboard cluster 1NDISite 2 Fabric 2Site 1 Fabric 1Cluster#1Cluster#2RecommendedBRKDCN-39144747 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOption 3b:1+Site(belo
66、w 500 nodes)NDI and NDOSingle ND cluster(x number of nodes,cluster connected to either ACI fabric or legacy infra with IP reachability)Cisco Nexus Dashboard cluster 1NDICisco Nexus Dashboard cluster 1NDINDONDONot recommended as NDO is not distributedSite 2 Fabric 2Site 1 Fabric 1Site 1 Fabric 1Site
67、2 Fabric 2Cluster#1Cluster#1Not recommended as NDI is distributed,consider vND for NDO(Option 3a)BRKDCN-39144848 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOption 4:1+Site(above 500 nodes)NDI and NDOMultiple ND cluster(x number of nodes,cluster connected to either ACI
68、 fabric or legacy infra with IP reachability)and ND federationCisco Nexus Dashboard cluster 1NDICisco Nexus Dashboard cluster 2NDICisco Nexus Dashboard cluster 3NDOSite 1 Fabric 1Site 2 Fabric 2Cluster#1Cluster#2Cluster#3RecommendedBRKDCN-39144949Operating Nexus DashboardOneViewaka as ND Federation
69、2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKDCN-3914ND Federation is an association of several ND clusters that allows working across with them as if they were a single entity and simplify the consumption of their resourcesND clusters onboard other ND clusters creat
70、ing a trusted environment which allows to learn about those clusters and to communicate and share information with each otherInformation shared between clusters is visible on each cluster being part of that federation.Also this data is accessible from each cluster.Apps can query for information rela
71、ted to other clusters in the federation for purposes such as onboarding(for eg NDI/Sites)or groupingRemote User is required to setup and use ND FederationOverview5252 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKDCN-3914Federation ArchitectureND Cluster 2APIGWND Clus
72、ter 1FMAPIGWND Cluster 3APIGWND Cluster 4APIGWSMSMSMSM User configures an ND cluster as Federation manager(FM)and connects it to other ND clusters FM manages the federation keeping track of member cluster reachability,node status,sites.etc.FM uses Site Managers(SM)on all ND clusters to replicate thi
73、s information for local queries/display APIGW is used to sync keys(for accessing data)between federation members5353 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKDCN-3914Expand the Infrastructure menuSelect Cluster ConfigurationGo to the Multi Cluster Connectivity ta
74、bClick“Connect Cluster”Onboard Clusters(Federation Configuration)5454 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKDCN-3914Complete the target cluster information(IP of Mgmt Interface of remote cluster)Click saveOnboard Clusters(Federation Configuration)5555 2023 Cis
75、co and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKDCN-3914After connecting a cluster,it will show up on the Multi Cluster Connectivity table User would be able to connect more clusters or disconnect clusters from the tableThe cluster name on the header bar becomes a link to selec
76、ta specific clusterCentral Dashboard is added to the header barLocal cluster and FM are marked in the listViewing Connected Clusters Information5656 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKDCN-3914Central Dashboard5757 2023 Cisco and/or its affiliates.All rights
77、 reserved.Cisco Public#CiscoLiveBRKDCN-3914OneView across all Clusters5858 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKDCN-3914Switch to another cluster without reloading the UI entirelyClick on the cluster name from the header bar to select a cluster to switch toCl
78、ick on a cluster and click SelectSwitch Cluster5959Public API 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKDCN-3914API publicly availableSwagger built-in Apps onboarded to ND populate their APIs there as well(e.g.NDI)Overview6161 2023 Cisco and/or its affiliates.All
79、rights reserved.Cisco Public#CiscoLiveBRKDCN-3914API UI6262Registering Nodes to existing Cluster and Standby Node 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKDCN-3914New nodes are discovered via CIMC and bootstrappedDuring registration Role is selected(Worker or Sta
80、ndby)Worker Node is for horizontal ScalingStandby Node is increasing HA as it can replace a failed MasterDifference between Replace and Standby is,that Replace is a RMA workflow where the new node is installed and brought up.Standby is replacing a failed master with an already bootstrapped nodeWorke
81、rs can only be replaced by delete and re-addRegister new Nodes and Standby Master6464 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLifecycle of non-Master NodesNewNodeWorker or StandbyMasterDeletedSelect Role Standby or WorkerBootstrapWorker:DeleteStandby:FailoverBRKDCN
82、-39146565 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAdding a new Node1.Provide CIMC details to discover node2.Fill in node details3.Node is bootstrapped and registered4.Node status will change from“unregistered”to“discovering”to“active”BRKDCN-39146666 2023 Cisco and/
83、or its affiliates.All rights reserved.Cisco Public#CiscoLiveReplace a failed Master with Standby NodeStandby Node is part of ClusterMaster is failedBRKDCN-39146767 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFailover to StandbySelect failed Master and click Fail OverSe
84、lect Standby to replace failed MasterIf you receive a replacement for the failed node,you can register it as a Standby nodeBRKDCN-39146868Manual Recovery of 2 failed Masters 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive2 Master Nodes are failed1 Standby Nodes are requir
85、ed to get the system back onlineLog in to the remaining masterRun“acs failover”command to failover one of failed master to standbyacs failover-failedIP -failedIP -standbyIP Note:Use inband ipaddress for above parametersRecovery Process if 2 Masters are down 1/3BRKDCN-39147070 2023 Cisco and/or its a
86、ffiliates.All rights reserved.Cisco Public#CiscoLiveacs cluster masters will show 1 Active Master and 2 Inactive MastersRecovery Process if 2 Masters are down 2/3BRKDCN-39147171 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCommand(both failed Masters needs to be entered
87、):acs failover-failedIP 192.192.1.102-failedIP 192.192.1.106-standbyIP 192.192.1.105State will be copied from remaining Master to Standby nodeBoth nodes will rebootStandby node will reboot and come up as MasterRecovery Process if 2 Masters are down 3/3BRKDCN-39147272Firmware Upgrade 2023 Cisco and/o
88、r its affiliates.All rights reserved.Cisco Public#CiscoLiveFirmware UploadClick in Images first to upload a firmware imageBRKDCN-39147474 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFirmware UploadClick Add ImageBRKDCN-39147575 2023 Cisco and/or its affiliates.All righ
89、ts reserved.Cisco Public#CiscoLive2 Options supported either via remote(http server)or localFirmware UploadBRKDCN-39147676 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFirmware UploadBRKDCN-39147777 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Cisco
90、LiveSetup Firmware UpgradeClick to Setup an UpgradeBRKDCN-39147878 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSelect FirmwareBRKDCN-39147979 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCurrent Cluster Setup is validatedBRKDCN-39148080 20
91、23 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveInstall Firmware to NodesBRKDCN-39148181 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveInstalling Firmware to NodesBRKDCN-39148282 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#C
92、iscoLiveOnce Install is done Click ActivateBRKDCN-39148383 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveActivation ProgressBRKDCN-39148484 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhen the node you are connected to is activating,it will
93、 disconnect you.Please connect to another SE node.Check status via:Node going through an update will display:Monitoring Firmware UpgradeBRKDCN-39148585Remote Authentication 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveND adds support for following authentication provide
94、rsLDAPTACACSRADIUSRBAC is supported via cisco-avpairIs used for SSO,if the remote user has access rights to APIC,the user is automatically signed into APIC UI(4.2.6,5.1 and later)and DCNM 11.5,when cross launching the UI.This is assuming the same auth.domain is used.Remote AuthenticationBRKDCN-39148
95、787 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLogin without and with enabled Login DomainBRKDCN-39148888 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCreate a Login DomainBRKDCN-39148989 2023 Cisco and/or its affiliates.All rights reserv
96、ed.Cisco Public#CiscoLiveCreate a Login DomainNeed to have a valid remote user to add provider backend will query the remote auth server with provider info and user/pass before it can be added.BRKDCN-39149090 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveChange Default A
97、uthentication for LoginBRKDCN-39149191 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLogin Screen with Login DomainBRKDCN-39149292 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAdministratorAdministrator allows access to all objects and confi
98、gurations.(Dashboard role)AV Pair Value:adminUser Manager User Manager allows access to users and authentication configurations.(Dashboard role)AV Pair Value:aaaDashboard User Dashboard User allows access only to the Dashboard view and launching applications;does not allow any changes to the Nexus D
99、ashboard configurations.(Dashboard role)AV Pair Value:app-userSite Administrator Site Administrator allows access to configurations related to the sites on-boarding and configuration.(Dashboard role)AV Pair Value:site-adminSite Manager Site Manager allows application user to manage the sites used by
100、 that application.(NDO App role)AV Pair Value:config-managerPolicy Manager Policy Manager allows application user to view policy objects.(NDO App role)AV Pair Value:site-policyTenant Manager Tenant Manager allows application user to view tenants(NDO App role)AV Pair Value:tenant-policyRBAC and User
101、Roles 1/2BRKDCN-39149393 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco-avpair is used for RBAC via remote AuthAVPAIR format shell:domains=/|/|Example All admin access:shell:domains=all/admin/Tenant Mgr,Site Mgr and readonly AAA:shell:domains=all/tenant-policy|site-
102、admin/aaaLocal Users can be assigned to User roles as well while creating the UserRBAC and User Roles 2/2BRKDCN-39149494 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveUser Roles for Local UsersBRKDCN-39149595Configurable Security Settings 2023 Cisco and/or its affiliates
103、.All rights reserved.Cisco Public#CiscoLiveIdle and Session Timeout is configurableCustom Certificates can be usedUser needs to provide valid cert chain backend does the validation before applying custom certs.Also with ND 2.3 you can have ND verify the Certificates of the onboarded Site-Controller
104、before onboardingConfigurable Security SettingsBRKDCN-39149797 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveConfigure Security SettingsBRKDCN-39149898 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveConfigure Security SettingsSession and Idle
105、Timeout in SecondsCustomer Certificate and Root CertificateBRKDCN-39149999 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKDCN-3914100Resource Monitoring 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveProvides Monitoring onCPURAMI/O DiskI/O N
106、etworkNode or Cluster level ViewNamespaces ViewResource MonitoringBRKDCN-3914102102 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveResource Monitoring on Node and Cluster LevelBRKDCN-3914103103Event Analytic 2023 Cisco and/or its affiliates.All rights reserved.Cisco Publi
107、c#CiscoLiveEvent AnalyticEvent Analytics enables easy access your Nexus Dashboards events and audit logs.In addition to viewing the events and logs directly in the Nexus Dashboard GUI,you can also configure the cluster to stream the events to an external syslog serverBRKDCN-3914105105 2023 Cisco and
108、/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEventsCluster-wide events like:CPU usage above 80%Memory usage above 80%Storage usage above 80%BRKDCN-3914106106 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveConfiguring Syslog Servers 1/3BRKDCN-3914107107 202
109、3 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveConfiguring Syslog Servers 2/3BRKDCN-3914108108 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveConfiguring Syslog Servers 3/3BRKDCN-3914109109Conclusion 2023 Cisco and/or its affiliates.All rights res
110、erved.Cisco Public#CiscoLiveTake AwayBetter visibility with real time analysisMeaningful,actionable anomaliesRoot Cause is a few clicks awayAssurance for your configuration intentBRKDCN-3914111111 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session survey
111、s!Attendees who fill out a minimum of four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!112BRKDCN-3914These points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in
112、the Cisco Live Challenge for every survey completed.2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in
113、 LabsVisit the On-Demand Library for more sessions at www.CiscoL you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive115Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:1234115 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKDCN-3914#CiscoLive