Adding and Deleting Sites

Cisco NDO and APIC Interoperability Support

Cisco Nexus Dashboard Orchestrator (NDO) does not require a specific version of APIC to be running in all sites. The APIC clusters in each site as well as the NDO itself can be upgraded independently of each other and run in mixed operation mode as long as the fabric can be on-boarded to the Nexus Dashboard where the Nexus Dashboard Orchestrator service is installed. As such, we recommend that you always upgrade to the latest release of the Nexus Dashboard Orchestrator.

However, keep in mind that if you upgrade the NDO before upgrading the APIC clusters in one or more sites, some of the new NDO features may not yet be supported by an earlier APIC release. In that case a check is performed on each template to ensure that every configured option is supported by the target sites.

The check is performed when you save a template or deploy a template. If the template is already assigned to a site, any unsupported configuration options will not be saved; if the template is not yet assigned, you will be able to assign it to a site, but not be able to save or deploy the schema if it contains configuration unsupported by that site.

In case an unsupported configuration is detected, an error message will show, for example: This APIC site version <site-version> is not supported by NDO. The minimum version required for this <feature> is <required-version> or above.

The following table lists the features and the minimum required APIC release for each one:


Note


While some of the following features are supported on earlier Cisco APIC releases, Release 4.2(4) is the earliest release that can be on-boarded to the Nexus Dashboard and managed by this release of Nexus Dashboard Orchestrator.


Feature

Minimum APIC Version

ACI Multi-Pod Support

Release 4.2(4)

Service Graphs (L4-L7 Services)

Release 4.2(4)

External EPGs

Release 4.2(4)

ACI Virtual Edge VMM Support

Release 4.2(4)

DHCP Support

Release 4.2(4)

Consistency Checker

Release 4.2(4)

vzAny

Release 4.2(4)

Host Based Routing

Release 4.2(4)

CloudSec Encryption

Release 4.2(4)

Layer 3 Multicast

Release 4.2(4)

MD5 Authentication for OSPF

Release 4.2(4)

EPG Preferred Group

Release 4.2(4)

Intersite L3Out

Release 4.2(4)

EPG QoS Priority

Release 4.2(4)

Contract QoS Priority

Release 4.2(4)

Single Sign-On (SSO)

Release 5.0(1)

Multicast Rendezvous Point (RP) Support

Release 5.0(1)

Transit Gateway (TGW) support for AWS and Azure Sites

Release 5.0(1)

SR-MPLS Support

Release 5.0(1)

Cloud LoadBalancer High Availability Port

Release 5.0(1)

Service Graphs (L4-L7 Services) with UDR

Release 5.0(2)

3rd Party Device Support in Cloud

Release 5.0(2)

Cloud Loadbalancer Target Attach Mode Feature

Release 5.1(1)

Support security and service insertion in Azure for non-ACI networks reachable through Express Route

Release 5.1(1)

CSR Private IP Support

Release 5.1(1)

Extend ACI policy model and automation for Cloud native services in Azure

Release 5.1(1)

Flexible segmentation through multiple VRF support within a single VNET for Azure

Release 5.1(1)

Private Link automation for Azure PaaS and third-party services

Release 5.1(1)

Openshift 4.3 IPI on Azure with ACI-CNI

Release 5.1(1)

Cloud Site Underlay Configuration

Release 5.2(1)

Adding Cisco ACI Sites

This section describes how to add a Cisco APIC or Cloud Network Controller site using the Cisco Nexus Dashboard GUI and then enable that site to be managed by Cisco Nexus Dashboard Orchestrator.

Before you begin

  • If you are adding on-premises ACI site, you must have completed the site-specific configurations in each site's APIC, as described in previous sections in this chapter.

  • You must ensure that one or more sites you are adding are running Release 4.2(4) or later.

Procedure


Step 1

Log in to your Cisco Nexus Dashboard and open the Admin Console.

Step 2

From the left navigation menu, choose Operate and click Sites..

Step 3

Choose Add Site and provide site information.

  1. For Site Type, select ACI or Cloud Network Controller depending on the type of ACI fabric you are adding.

  2. Provide the controller information.

    • You must provide the Host Name/IP Address, User Name, and Password. for the APIC controller currently managing your ACI fabrics.

      Note

       

      For APIC fabrics, if you use the site with Cisco Nexus Dashboard Orchestrator service only, you can provide either the in-band or out-of-band IP address of the APIC. If you use the site with Cisco Nexus Dashboard Insights as well, you must provide the in-band IP address.

    • For on-premises ACI sites managed by Cisco APIC, if you plan to use this site with Day-2 Operations applications such as Cisco Nexus Insights, you must also provide the In-Band EPG name that is used to connect the Cisco Nexus Dashboard to the fabric you are adding. Otherwise, if you use this site with Cisco Nexus Dashboard Orchestrator only, you can leave this field blank.

    • For Cloud Network Controller sites, Enable Proxy if your cloud site is reachable through a proxy.

      Proxy must be already configured in your Cisco Nexus Dashboard’s cluster settings. If the proxy is reachable through management network, a static management network route must also be added for the proxy IP address. For more information about proxy and route configuration, see Nexus Dashboard User Guide for your release.

  3. Click Save to finish adding the site.

    Currently, the sites are available in the Cisco Nexus Dashboard, but you still must enable them for Cisco Nexus Dashboard Orchestrator management as described in the following steps.

Step 4

Repeat the previous steps for any additional ACI or Cloud Network Controller sites.

Step 5

From the Cisco Nexus Dashboard's Services page, open the Cisco Nexus Dashboard Orchestrator service.

You are automatically signed in using the Cisco Nexus Dashboard user's credentials.

Step 6

In the Cisco Nexus Dashboard Orchestrator GUI, manage the sites.

  1. From the left navigation menu, select Sites.

  2. In the main pane, change the State from Unmanaged to Managed for each fabric that you want the NDO to manage.

    When managing the sites, you must provide a unique site ID for each site.

Note

 

Ensure that ACI site names are limited to 125 characters or less to avoid any issues when enabling orchestration.


Removing Sites

This section describes how to disable site management for one or more sites using the Cisco Nexus Dashboard Orchestrator GUI. The sites remain present in the Cisco Nexus Dashboard.

Before you begin

You must ensure that all templates associated with the site you want to remove are not deployed.

Procedure


Step 1

Open the Cisco Nexus Dashboard Orchestrator GUI.

You can open the NDO service from the Cisco Nexus Dashboard's Service Catalog. You are automatically signed in using the Cisco Nexus Dashboard user's credentials.

Step 2

Remove the site from all templates.

You must remove the site from all templates with which it is associated before you can unmanaged the site and remove it from your Cisco Nexus Dashboard.

  1. Navigate to Configure > Tenant Template > Applications.

  2. Click a Schema that contains one or more templates that are associated with the site.

  3. From the Overview drop-down, choose a template that's associated with the site that you want to remove.

  4. From the Actions drop-down, choose Add/Remove Sites and uncheck the site that you want to remove.

    This removes configurations that were deployed using this template to this site.

    Note

     

    For nonstretched templates, you can choose to preserve the configurations that are deployed by the template to the sites by selecting Actions > Dissociate Sites instead. This option allows you to retain configurations that are deployed by NDO but no longer manage those objects from NDO.

  5. Repeat this step for all templates associated with the site that you want to unmanage in this and all other schemas.

Step 3

Remove the site's underlay configuration.

  1. From the left navigation menu, select Configure > Site To Site Connectivity.

  2. In the main pane, click Configure.

  3. In the left sidebar, select the site that you want to unmanage.

  4. Click View Details to load site settings.

    Figure 1.
    Configure > Site to Site Connectivity > Site > View Details
  5. In right sidebar's Inter-Site Connectivity tab, disable the Multi-Site check box.

    This disables EVPN peering between this site and other sites.

  6. Click Deploy to deploy the changes to the site.

Step 4

In the Cisco Nexus Dashboard Orchestrator GUI, disable the sites.

  1. From the left navigation menu, select Sites.

  2. In the main pane, change the State from Managed to Unmanaged for the site that you want to unmanage.

    Note

     

    If the site is associated with one or more deployed templates, you will not be able to change its state to Unmanaged until you undeploy those templates, as described in the previous step.

Step 5

Delete the site from Cisco Nexus Dashboard.

If you no longer want to manage this site or use it with any other applications, you can delete the site from the Cisco Nexus Dashboard as well.

Note

 

The site must not be currently in use by any of the services that are installed in your Cisco Nexus Dashboard cluster.

  1. In the top navigation bar, click the Home icon to return to the Cisco Nexus Dashboard GUI.

  2. From the left navigation menu of the Cisco Nexus Dashboard GUI, select Operate > Sites.

  3. Select one or more sites that you want to delete.

  4. In the top right of the main pane, select Actions > Delete Site.

  5. Provide the site's sign-in information and click OK.

    The site will be removed from the Cisco Nexus Dashboard.


Cross Launch to Fabric Controllers

Cisco Nexus Dashboard Orchestrator currently supports several configuration options for each type of fabrics. For many extra configuration options, you may need to sign in directly into the fabric's controller.

You can cross-launch into the specific site controller's GUI from the NDO's Operate > Sites screen by selecting the actions (...) menu next to the site and clicking Open in user interface. Cross-launch works with out-of-band (OOB) management IP of the fabric.

If the same user is configured in Cisco Nexus Dashboard and the fabric, you will be signed in automatically into the fabric's controller using the same log in information as the Cisco Nexus Dashboard user. For consistency, we recommend configuring remote authentication with common users across Cisco Nexus Dashboard and the fabrics.