Log in to your existing Multi-Site Orchestrator.

Backup existing deployment configuration.

1. From the left navigation pane, select Operations > Backups & Restore.

2. In the main window, click New Backup.

   A New Backup window opens.

3. In the Name field, provide the name for the backup file.

   The name can contain up to 10 alphanumeric characters, but no spaces or underscores (_).

4. Choose Local for the Backup Location.

5. Click Save to create the backup.

Download the backup file from the existing Orchestrator.

Deploy a Nexus Dashboard release 2.0.2h or later cluster and configure fabric connectivity.

Ensure that your Nexus Dashboard cluster is appropriately scaled based on the fabric sizes and number of applications.

Install the NDO service in your Nexus Dashboard.

On-board all sites to the Nexus Dashboard.

1. From the left navigation menu, select Sites.

2. In the top right of the main pane, select Actions > Add Site.

If adding an ACI site, provide the following information:

1. For Site Type, select ACI or Cloud ACI depending on the type of ACI fabric you are adding.

2. Provide the controller information.

   You need to provide the Host Name/IP Address, User Name, and Password. for the APIC controller currently managing your ACI fabrics. If NDO is the only application you plan to host, you can specify either the in-band or out-of-band address of the on-premises APIC; however, if you plan to host other applications, such as Nexus Insights, you must specify the in-band address.

   Note	This address must be reachable from the Nexus Dashboard's data interface.

   For on-premises ACI sites managed by Cisco APIC, if you plan to use this site with Day-2 Operations applications such as Nexus Insights, you must also provide the In-Band EPG name used to connect the Nexus Dashboard to the fabric you are adding. Otherwise, if you will use this site with Nexus Dashboard Orchestrator only, you can leave this field blank.

3. Click Add to finish adding the site.

   At this time, the sites will be available in the Nexus Dashboard, but you still need to enable them for Nexus Dashboard Orchestrator management as described in the following steps.

If adding a DCNM site, provide the following information:

1. For Site Type, select DCNM.

2. Provide the DCNM controller information.

   You need to provide the Host Name/IP Address of the in-band (eth2) interface, User Name, and Password. for the DCNM controller currently managing your DCNM fabrics.

3. Click Select Sites to select the specific fabrics managed by the DCNM controller.

   In the fabric selection window that opens, check one or more fabrics that you managed in your existing Multi-Site deployment and click Select.

Add any remote authentication servers you had configured in your Multi-Site Orchestrator to the Nexus Dashboard.

Disconnect the existing Multi-Site Orchestrator cluster.

Ensure that the new Nexus dashboard cluster is up and running and the NDO service is installed.

Log in to your Nexus Dashboard GUI.

Ensure that all the sites are on-boarded to Nexus Dashboard.

Open your new Nexus Dashboard Orchestrator service.

Add remote location for configuration backups.

1. From the left navigation pane, select Operations > Remote Locations.

2. In the top right of the main window, click Add Remote Location.

   An Add New Remote Location screen appears.

3. Provide the name for the remote location and an optional description.

   Two protocols are currently supported for remote export of configuration backups:

   • SCP

   • SFTP

   Note	SCP is supported for non-Windows servers only. If your remote location is a Windows server, you must use the SFTP protocol

4. Specify the host name or IP address of the remote server.

   Based on your Protocol selection, the server you specify must allow SCP or SFTP connections.

5. Provide the full path to a directory on the remote server where you will save the backups.

   The path must start with a slash (/) characters and must not contain periods (.) or backslashes (\). For example, /backups/ndo.

   Note	The directory must already exist on the remote server.

6. Specify the port used to connect to the remote server.

   By default, port is set to 22.

7. Specify the authentication type used when connecting to the remote server.

   You can configure one of the following two authentication methods:

   • Password—provide the username and password used to log in to the remote server.

   • SSH Private Files—provide the username and the SSH Key/Passphrase pair used to log in to the remote server.

8. Click Save to add the remote server.

Import the backup file to your new Nexus Dashboard Orchestrator cluster.

1. From the left navigation pane, select Operations > Backups & Restore.

2. In the main pane, click Upload.

3. In the Upload from file window that opens, click Select File and choose the backup file you want to import.

   Uploading a backup will add it to the list of the backups displayed the Backups page.

4. From the Remote Location dropdown menu, select the remote location.

5. (Optional) Update the remote location path.

   The target directory on the remote server, which you configured when creating the remote backup location, will be displayed in the Remote Path field.

   You can choose to append additional subdirectories to the path. However, the directories must be under the default configured path and must have been already created on the remote server.

6. Click Upload to import the file.

   Importing a backup will add it to the list of the backups displayed the Backups page.

   Note that even though the backups are shown on the NDO UI, they are located on the remote servers only.

Restore the configuration.

1. In the main window, click the actions (…) icon next to the backup you want to restore and select Rollback to this backup.

2. Click Yes to confirm that you want to restore the backup you selected.

   When the configuration is restored, any sites previously managed by Multi-Site Orchestrator and on-boarded to the Nexus Dashboard will be enabled for NDO management in the GUI. If the configuration backup contains sites that are not on-boarded to your Nexus Dashboard, backup restore will fail with a Pre-restore check failed error and you will need to repeat the procedure after on-boarding any missing sites.

   After the configuration is imported and restored, a number of services will be restarted.

Update the password.

Verify that backup was restored successfully and all objects and configurations are present.

1. In the Sites page, verify that all sites are listed as Managed.

   

2. In the Tenants and Schemas pages, confirm that all tenants and schemas from your previous Multi-Site Orchestrator cluster are present.

3. Navigate to Infrastructure > Infra Configuration > Configure Infra and confirm that intersite connectivity is intact.

   In the Connectivity Overview screen, verify that the existing /30 tunnels are up and connectivity was not interrupted.

   In the General Settings screen, confirm that the External Subnet Pools previously configured in Cloud APIC have been imported from the cloud sites:

   

   These subnets are used to address the IPsec tunnel interfaces and loopbacks of the Cloud Routers used for on-premises connectivity and had to be configured directly in the Cloud APIC in earlier Nexus Dashboard Orchestrator releases.

Upgrade cloud sites.

1. Upgrade a site's Cloud APIC.

   You can upgrade Cloud APIC as you typically would using the process detailed in the "Performing a System Upgrade, Downgrade or Recovery" chapters of Cisco Cloud APIC for Azure Installation Guide or Cisco Cloud APIC for AWS Installation Guide.

   Note that after the Cloud APIC upgrade, any existing public IP tunnels will remain intact and intersite connectivity via public IPsec will not be interrupted .

2. Upgrade that site's CSR.

   Starting with Cloud APIC release 5.2(1) , CSRs upgrade does not happen automatically as it used to in earlier releases, so you must manually trigger CSR upgrade after Cloud APIC is upgraded. You must upgrade the site's CSRs before moving on to upgrading the next site.

   You can upgrade Cloud APIC CSRs using the process detailed in the "Performing a System Upgrade, Downgrade or Recovery" chapters of Cisco Cloud APIC for Azure Installation Guide or Cisco Cloud APIC for AWS Installation Guide.

   As you upgrade CSRs in each site, the following will occur:

   • As each CSR is upgraded, its existing /30 tunnels will be recreated and the traffic will continue to flow.

   • Tunnel-management and all Infra configuration changes from Nexus Dashboard Orchestrator are disabled for as long as any of the cloud sites are still running any Cloud APIC or CSR releases prior to 5.2(1).

   • If the last site you upgrade is an AWS cloud site, the following will occur for that site's CSRs only:

     • The last cloud site's tunnel endpoints will be deleted by Cloud APIC and NDO will delete the corresponding tunnels that use the endpoint

     • NDO will delete the tunnels originating from CSRs in the last cloud site

     • New hcloudInterCloudSiteTunnel MO will be created and Nexus Dashboard Orchestrator's tunnel management will allocate /31 addresses for the new tunnels

     • The CSRs in this site and the CSRs in another cloud site peering with it will establish /31 tunnels.

     If the last upgraded site is an Azure site, the same /30 tunnel will be created on the CSRs and the above four bullet points are not relevant.

   For any CSRs you add or any underlay configuration changes to existing CSRs after the migration process is completed, all new tunnels created by NDO will be /31 tunnel.

   Note	If you do not see BGP sessions within 5 minutes of CSRs upgrade finishing and CSRs coming up, refresh the site's infra connectivity in the Nexus Dashboard Orchestrator Infra Configuration screen.

3. Repeat this step for each cloud site one at a time.

Verify Cloud APIC and CSR upgrades have completed.

1. In each site's Cloud APIC, check that the hcloudReconcileDone MO shows reconcileState=steadyState.

   You can check the MO by navigating to https://<cloud-apic-ip>/visore.html and searching for hcloudReconcileDone in the Class or DN or URL field.

   

2. In Nexus Dashboard Orchestrator, verify that intersite connectivity is intact.

   You can view the status by navigating to Infrastructure > Infra Configuration > Configure Infra > Connectivity Overview and checking Overlay Status and and Underlay Status tabs:

   

3. In Nexus Dashboard Orchestrator, confirm that the External Subnet Pools previously configured in Cloud APIC have been imported and are present.

   You can view the external pools by navigating to Infrastructure > Infra Configuration > Configure Infra > General Settings:

   

4. In Nexus Dashboard Orchestrator, confirm that underlay connectivity using public IPs is preserved for existing sites.

   You can check existing intersite connectivity by navigating to Infrastructure > Infra Configuration > Configure Infra, then select a specific cloud site from the left sidebar and the Underlay Connectivity tab:

   

Log in to your new Nexus Dashboard Orchestrator.

In the left navigation menu, select Infrastructure > Infra Configuration.

In the main pane, click Configure Infra.

In the left sidebar, select General Settings.

Provide the OSPF Area ID field.

Add IPN Devices information.

1. Select the IPN Devices tab.

2. Click Add IPN Device.

3. Provide the Name and the IP Address of the on-premises IPN devices.

   You must provide the IP addresses of the devices in your on-premises sites that are used as the tunnel peer address from the Cloud APIC's CSRs, not the IPN device's management IP address.

4. Click the check mark icon to save the device information.

5. Repeat this step for any additional IPN devices you want to add.

Update Underlay Configuration for inter-site connectivity between on-premises and cloud sites.

1. In the left pane, under Sites, select the on-premises site.

2. In the right <Site> Settings pane, select the Underlay Configuration tab.

3. Click +Add IPN Device to specify an IPN device.

4. From the dropdown, select one of the IPN devices you defined previously.

   The IPN devices must be already defined in the General Settings > IPN Devices list, as described in the previous step.

From the dropdown at the top of the screen, select Deploy to re-deploy the Infra configuration.

In to your Nexus Dashboard Orchestrator, navigate to Application Management > Schemas.

Import any objects that may have been changed at the controller level.

1. Select a schema.

2. Select a template.

3. Click Import and choose the site from which you want to import the objects.

4. In the Import from <site> window, select the objects and click Import.

5. Repeat this step for all templates in the schema.

In the Schema view, check if the deployment status indicated a configuration drift.

Click Deploy to bring up the configuration comparison screen to check which objects contain configuration drifts.

If configuration drift is real, resolve the conflicts.

1. Cancel the deployment process to return to the Schema view.

2. Re-import all the objects that contained a configuration drift to sync the site-local properties to NDO.

3. Re-deploy the template.

   After you resolve all configuration drift caused by the newly managed object properties, re-deploy the Schema to sync its deployment status across NDO and the fabrics.

If no changes are shown in the comparison, simply re-deploy the template.

Repeat the above steps for every schema in your Nexus Dashboard Orchestrator.