Cisco Data Center Network Manager Guide

Cisco DCNM Installation and Upgrade Guide for LAN Fabric
Deployment, Release 11.3(1)
First Published: 2019-12-20
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of
the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
This product includes cryptographic software written by Eric Young ([email protected]).
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)
This product includes software written by Tim Hudson ([email protected]).
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL:
http://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (1110R)
© 2019
Cisco Systems, Inc. All rights reserved.
CONTENTS
CHAPTER 1
Overview
1
Introduction 1
Installation Options 2
Deployment Options 2
Upgrading Cisco DCNM 3
System Requirements 3
CHAPTER 2
Guidelines and Limitations
9
Guidelines and Limitations 9
CHAPTER 3
Prerequisites
11
Prerequisites for DCNM Open Virtual Appliance 11
Prerequisites for DCNM ISO Virtual Appliance 12
Prerequisites for Cisco DCNM Virtual Appliance HA 12
Deploying Cisco DCNM Virtual Appliances in HA mode 12
Availability of Virtual IP Addresses 13
Installing an NTP Server 13
CHAPTER 4
Installing the Cisco DCNM
15
Installing DCNM on Open Virtual Appliance 15
Downloading the Open Virtual Appliance File 15
Deploying the Open Virtual Appliance as an OVF Template 16
Installing the Cisco DCNM OVA in Standalone Mode 20
Installing the Cisco DCNM OVA in Native HA mode 23
Installing DCNM on ISO Virtual Appliance 30
Downloading the ISO Virtual Appliance File 30
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
iii
Contents
Installing the DCNM ISO Virtual Appliance on UCS (Bare Metal) 31
Installing the DCNM ISO Virtual Appliance on KVM 37
Installing the DCNM ISO Virtual Appliance on Windows Hyper-V 38
Creating Virtual Switches 38
Creating Virtual Machines 40
Installing DCNM ISO Virtual Appliance 44
Installing Cisco DCNM ISO in Standalone Mode 47
Installing the Cisco DCNM ISO in Native HA mode 51
Convert Standalone Setup to Native-HA Setup 58
Installing Cisco DCNM Compute Node 59
CHAPTER 5
Upgrading Cisco DCNM
63
Upgrading Cisco DCNM 63
Upgrading ISO or OVA through Inline Upgrade 64
Inline Upgrade for DCNM Virtual Appliance in Standalone Mode 64
Inline Upgrade for DCNM Virtual Appliance in Native HA Mode 66
Inline Upgrade for DCNM Compute Nodes 69
CHAPTER 6
Deployment Best Practices
71
Best Practices for Deploying Cisco DCNM and Computes 71
Guidelines to Use the Best Practices 72
Deployments for Redundancy in Cisco DCNM 72
IP Address Configurations in Cisco DCNM 73
Scenario 1: All 3 Ethernet Interfaces are in Different Subnets 73
Scenario 2: eth2 Interface in Different Subnet 76
Physical Connectivity of Cisco DCNM and Compute Nodes 78
CHAPTER 7
Disaster Recovery (Backup and Restore)
83
Backup and Restore Cisco DCNM Compute in a Clustered Mode of setup 83
Backup and Restore Cisco DCNM and Application Data on Standalone DCNM setup 83
Backup and Restore Cisco DCNM and Application Data on Native HA setup 84
Recovering Cisco DCNM Single HA Node 85
CHAPTER 8
Certificates 89
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
iv
Contents
Certificate Management 89
Best practices for Certificate Management 90
Display Installed Certificates
90
Installing a CA Signed Certificate 92
Installing a CA Signed Certificate on Cisco DCNM Standalone Setup 92
Installing a CA Signed Certificate on Cisco DCNM Native HA setup 93
Exporting certificate from Active Node to Standby Node 95
Restoring the certificates after an upgrade 96
Restoring Certificates on Cisco DCNM Standalone setup after Upgrade 97
Restoring Certificates on Cisco DCNM Native HA setup after Upgrade 98
Recovering and Restoring Previously Installed CA Signed Certificates 99
Verifying the installed certificate 100
CHAPTER 9
Running Cisco DCNM Behind a Firewall
103
Running Cisco DCNM Behind a Firewall 103
Configuring Custom Firewalls 105
CHAPTER 10
Managing Applications in a High-Availability Environment
109
Information About Application Level HA in the Cisco DCNM Open Virtual Appliance 109
Automatic Failover 110
Manually Triggered Failovers 110
Native HA Failover and Troubleshooting 110
Application High Availability Details 112
Data Center Network Management
112
RabbitMQ 114
Repositories 115
CHAPTER 11
Managing Utility Services After DCNM Deployment
117
Editing Network Properties Post DCNM Installation 117
Modifying Network Properties on DCNM in Standalone Mode 118
Modifying Network Properties on DCNM in Native HA Mode 120
Changing the DCNM Server Password Post DCNM Installation 127
Changing the DCNM Database Password on Standalone Setup 128
Changing the DCNM Database Password on Native HA Setup 128
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
v
Contents
Convert Standalone Setup to Native-HA Setup 129
Utility Services Details 131
Network Management 131
Orchestration 131
Device Power On Auto Provisioning
131
Managing Applications and Utility Services
132
Verifying the Application and Utility Services Status after Deployment 132
Stopping, Starting, and Resetting Utility Services 133
Updating the SFTP Server Address for IPv6 134
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
vi
CHAPTER
1
Overview
Cisco Data Center Network Manager (DCNM) is a management system for Cisco NXOS-based storage fabrics.
In addition to provisioning, monitoring, and troubleshooting the data center network infrastructure, the Cisco
DCNM provides a comprehensive feature-set that meets the routing, switching, and storage administration
needs of data centers. It streamlines the provisioning for the Programmable Fabric and monitors the SAN
components.
Cisco DCNM provides a high level of visibility and control through a single web-based management console
for Cisco Nexus Series Switches, Cisco MDS, and Cisco Unified Computing System (UCS) products. Cisco
DCNM also includes Cisco DCNM-SAN client and Device Manager functionality.
This section contains the following sections:
• Introduction, on page 1
• Installation Options, on page 2
• Deployment Options, on page 2
• Upgrading Cisco DCNM, on page 3
• System Requirements, on page 3
Introduction
Cisco DCNM provides an alternative to the command-line interface (CLI) for switch configuration commands.
Cisco DCNM includes these management applications:
Cisco DCNM Web UI
Cisco DCNM Web UI allows operators to monitor and obtain reports for Cisco MDS and Nexus events,
performance, and inventory from a remote location using a web browser. Licensing and discovery are part of
the Cisco DCNM Web UI.
Performance Manager
Performance Manager presents detailed traffic analysis by capturing data with SNMP. This data is compiled
into various graphs and charts that can be viewed on the Cisco DCNM Web UI. Performance Manager stores
data into Elastic search time series database. DCNM doesn't support API access to Elastic search.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
1
Overview
Installation Options
Installation Options
Cisco DCNM software images are packaged with the Cisco DCNM installer, signature certificate, and signature
verification script. Unzip the desired Cisco DCNM installer image ZIP file to a directory. Verify the image
signature by following the steps in the README file. The installer from this package installs the Cisco DCNM
software.
DCNM Open Virtual Appliance (OVA) Installer
This installer is available as an Open Virtual Appliance file (.ova). The installer contains a pre-installed OS,
DCNM, and other applications needed for programmable fabric.
DCNM ISO Virtual Appliance (ISO) Installer
This installer is available as an ISO image file (.iso). The installer is a bundle of OS, DCNM, and other
applications needed for dynamic fabric automation.
Deployment Options
You can deploy the Cisco DCNM installer in one of the following modes:
Standalone Server
All types of installers are packaged along with PostgreSQL database. The default installation steps for the
respective installers result in this mode of deployment.
High Availability for Virtual Appliances
You can deploy the DCNM Virtual appliances, both OVA and ISO, in High Availability mode to have resilience
in case of application or OS failures.
DCNM Computes
Compute nodes are scale out application hosting nodes that run resource-intensive services to provide services
to the larger Fabric. When compute nodes are added, all services that are containers, run only on these nodes.
This includes Config Compliance, Endpoint Locator, and Virtual Machine Manager.
DCNM in Clustered Mode
In a clustered mode, the Cisco DCNM Server with more compute nodes provides an architecture to expand
resources, as you deploy more applications. The DCNM Servers do not run containerized applications. All
applications that work in unclustered mode works in the clustered mode, also.
DCNM in Unclustered Mode
In unclustered mode, the Cisco DCNM runs some of its internal services as containers. Cisco DCNM leverages
resources from the Standby node for running some containers applications. The Cisco DCNM Active and
Standby nodes work together to extend resources to the overall functionality and deployment of DCNM and
its applications. However, it has limited resources to run some of the advanced applications and to extend the
system to deploy more applications delivered through the Cisco AppCenter.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
2
Overview
Upgrading Cisco DCNM
Upgrading Cisco DCNM
Before Cisco DCNM Release 11.0(1), DCNM OVA, and ISO supported SAN functionality. From Cisco
DCNM Release 11.3(1), you can install Cisco DCNM for SAN Deployment on both OVA and ISO virtual
appliances. However, there is not upgrade path for SAN OVA\ISO.
From Release 11.3(1), Cisco DCNM OVA and ISO is supported for SAN functionality.
The following table summarizes the type of upgrade that you must follow to upgrade to Release 11.3(1).
Table 1: Type of Upgrade for Classic LAN, LAN Fabric, and IP for Media (IPFM) deployments
Current Release Number
Upgrade type to upgrade to Release 11.3(1)
11.2(1)
Inline Upgrade
11.1(1)
Inline Upgrade
11.0(1)
11.0(1) → 11.1(1) → 11.3(1)
1. Upgrade to 11.1(1) using Inline Upgrade
2. Upgrade from 11.1(1) to 11.3(1) using Inline Upgrade
10.4(2) → 11.1(1) → 11.3(1)
10.4(2)
1
1. Upgrade to 11.1(1) using the DCNMUpgradeTool
2. Upgrade from 11.1(1) to 11.3(1) using Inline Upgrade
1
(This upgrade path is not supported for Cisco DCNM Media Controller deployments)
System Requirements
Note
We recommend that you do not upgrade any underlying third-party software separately. All the necessary
software components will be updated during the inline upgrade procedure. Upgrading the components outside
of DCNM upgrade will cause performance issues.
This section describes the various system requirements for proper functioning of your Cisco DCNM, Release
11.3(1).
Java Requirements
The Cisco DCNM Server is distributed with JRE 11.0.2 into the following directory:
DCNM_root_directory/java/jdk11
Server Requirements
Cisco DCNM, Release 11.3(1), supports the Cisco DCNM Server on these 64-bit operating systems:
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
3
Overview
System Requirements
• IP for Media, LAN Fabric, and Classic LAN Deployments:
• Open Virtual Appliance (OVA) with an integrated CentOS Linux release 7.6
• ISO Virtual Appliance (ISO) with an integrated CentOS Linux release 7.6
Cisco DCNM Release 11.3(1) supports the following databases:
• PostgreSQL 9.4.5
Note
The ISO/OVA installation only supports the embedded PostgreSQL database.
From Release 11.2(1), Cisco DCNM supports the ISO installation on a bare-metal server (no hypervisor) on
the following server platforms:
Server
Product ID (PID)
Recommended minimum
memory, drive capacity, and
CPU count 2
Cisco UCS C240M4
UCSC-C240-M4S
32G / 500G 16 vCPUs
Cisco UCS C240M4
UCSC-C240-M4L
32G / 500G 16 vCPUs
Cisco UCS C240 M5S
UCSC-C240-M5SX
32G / 500G 16 vCPUs
Cisco UCS C220 M5L
UCSC-C220-M5L
32G / 500G 16 vCPUs
2
Install the Cisco DCNM Compute node with 16vCPUs, 64G RAM, and 500GB hard disk. Ensure that
you do not install the Compute node on 32G RAM server.
If you are deploying Network Insights applications on the Cisco DCNM Compute cluster, refer to the
app-specific Release Notes for additional CPU/memory requirements for the Computes.
Note
Cisco DCNM can work on an alternative computing hardware as well, despite Cisco is only testing on Cisco
UCS.
Supported Hypervisors
From Release 11.3(1), Cisco DCNM supports the running of the Cisco DCNM Server on the following
hypervisors., for DCNM LAN Fabric and DCNM LAN Classic Deployments:
Hypervisor supported
Data Center Manager server
application
Supported deployments
ESXi 6.7 P01
vCenter 6.7 P01
All
ESXi 6.5
vCenter 6.5
All
ESXi 6.0
vCenter 6.0
All
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
4
Overview
System Requirements
Hypervisor supported
Data Center Manager server
application
RedHat 7.6 KVM
Virtual Machine Manager (comes
with RHEL 7.6)
Hyper-V on Windows Server 2019 Hyper-V Manager (comes with
Windows Server 2019)
3
Supported deployments
• LAN Fabric
• Classic LAN
• LAN Fabric3
• Classic LAN
This is supported with Native HA mode, and not in Cluster mode.
VMware Snapshot Support for Cisco DCNM
Snapshots capture the entire state of the virtual machine at the time you take the snapshot. You can take a
snapshot when a virtual machine is powered on, powered off.
Note
vCenter server is mandatory to deploy the Cisco DCNM OVA Installer.
To take a snapshot on the VM, perform the following steps:
1. Right-click the virtual machine the inventory and select Snapshots > Take Snapshot.
2. In the Take Snapshot dialog box, enter a Name and description for the snapshot.
3. Click OK to save the snapshot.
The following snapshots are available for VMs.
• When VM is powered off.
• When VM is powered on, and active.
Note
Cisco DCNM supports snapshots when VM is either powered on or powered off. DCNM doesn’t support
snapshots when the Virtual Machine memory option is selected.
Note that the Snapshot the Virtual Machine's memory check box must not be selected, as shown in the following
figure. However, it is grayed out when the VM is powered off.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
5
Overview
System Requirements
You can restore VM to the state in a Snapshot.
Right-click on the Virtual Machine and select Manage Snapshot. Select the snapshot to restore, and click
Done.
Table 2: Snapshot Support for Classic LAN, LAN Fabric, Media Controller, and SAN OVA Deployments
VMware vSphere
Hypervisor (ESXi)
6.0
6.5
6.7
6.7 P01
VMware vCenter
Server
6.0
6.5
6.7
6.7 P01
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
6
Overview
System Requirements
Server Resource Requirements
Note
Deployment
Deployment
Type
Small (Lab or
POC)
Large
(Production)
LAN Fabric
Huge
(Production)
Compute
• OVA
CPU: 8 vCPUs
CPU: 16 vCPUs CPU: 32vCPUs CPU: 16 vCPUs
• ISO
RAM: 24 GB
RAM: 32 GB
RAM: 128 GB
RAM: 64 GB
DISK: 500 GB
DISK: 500 GB
DISK: 500 GB
DISK: 500 GB
For Huge and Compute deployments, you can add extra disk. The size of the disk can range from a minimum
of 32GB to a maximum of 1.5TB.
You can add additional disk space to your DCNM set up. Logon to DCNM server using SSH. Extend the disk
file system using appmgr system scan-disks-and-extend-fs command.
Supported Web Browsers
Cisco DCNM supports the following web browsers:
• Google Chrome Version 79.0.3945.79
• Mozilla Firefox Version 71.0 (32/64 bit)
• Microsoft Internet Explorer Version 11.706 update version 11.0.120
Other Supported Software
The following table lists the other software that is supported by Cisco DCNM, Release 11.3(1).
Table 3: Other Supported Software
Component
Security
Features
• ACS versions 4.0, 5.1, 5.5, and 5.8
• ISE version 2.6
• Telnet Disabled: SSH Version 1, SSH Version 2, Global Enforce SNMP
Privacy Encryption.
• Web Client Encryption: HTTPS with TLS 1, 1.1 and 1.2
OVA\ISO Installers
CentOS 7.6/Linux Kernel 3.10.x
Also, Cisco DCNM supports call-home events, fabric change events, and events that are forwarded by traps
and email.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
7
Overview
System Requirements
Qualified Security Certifications
Security
Certifications
Date run on DCNM
11.4(1)
Nessus
6/29/2020
Appscan
6/29/2020
Qualsys
6/29/2020
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
8
CHAPTER
2
Guidelines and Limitations
• Guidelines and Limitations, on page 9
Guidelines and Limitations
The guidelines and limitations for installing and upgrading Cisco DCNM are as follows:
General Guidelines and Limitations
• Adhere to the following password requirements. If you do not comply with the requirements, the DCNM
application might not function properly:
• It must be at least 8 characters long and contain at least one alphabet and one numeral.
• It can contain a combination of alphabets, numerals, and special characters.
• Do not use any of these special characters in the DCNM password: <SPACE> " & $ % ' ^ = < > ;
: ` \ | / , .*
• From Cisco DCNM Release 11.0(1), the characters that are allowed in the Administrative password
is restricted for OVA and ISO installations. Therefore while upgrading, the old password used in
DCNM 11.0(1) or 11.1(1) is not valid. However, different passwords are allowed during Upgrade.
The new Administrative password that is entered is used in the following scenarios.
—accessing the DCNM appliance via its console.
—accessing the appliance via SSH
—for applications running on the appliance, e.g. Postgres DBMS
However, after the upgrade, since Postgres DBMS is restored from the backup that is taken on
DCNM 10.4(2), you must logon to the Cisco DCNM Web UI using the password used on DCNM
Release 10.4(2) appliance.
• Do not interrupt the boot process (such as pressing the Ctrl+ALT + DELETE keys) when installing
DCNM. If you interrupt, you must restart the installation process.
• Ensure that you configure the timezone after installation or upgrade, before performing any other operations
on the Cisco DCNM Appliance. Use the NTP server for configuring timezones.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
9
Guidelines and Limitations
Guidelines and Limitations
• To check the status of the running Postgres database in Native HA setup, use pg_ctl command. Do not
use the systemctl command.
• Do not begin the password with Hash (#) symbol. Cisco DCNM considers the password as an encrypted
text if it begins with # symbol.
• We recommend that you do not upgrade any underlying third-party software separately. All the necessary
software components will be updated during the inline upgrade procedure. Upgrading the components
outside of DCNM upgrade will cause performance issues.
Fresh Installation
• For Virtual Appliances (OVA/ISO), the installer installs the Operating system and Cisco DCNM
components.
• The DCNM OVA cannot be deployed by connecting the vSphere client directly to the ESXi server.
Upgrade
• Ensure that you do not perform inline upgrade from an SSH session. The session may timeout and result
in an incomplete upgrade.
• Disable Telemetry in the earlier release before you upgrade to Cisco DCNM Release .
• Disable Telemetry before you deploy Compute Nodes. You can enable Telemetry after deploying compute
nodes.
For DCNM in Native HA mode, Telemetry is supported with 3 compute nodes only.
• If you need to run Network Insights applications, you must install 3 compute nodes.
• Disable Telemetry before modifying Interface settings. You can enable Telemetry after modifying the
settings.
• During a backup and restore process, the compute nodes are also included in the backup. After you deploy
the new compute, you can restore the backup on the compute node.
If there was no backup, disconnect the 3 compute nodes, and erase the data on all the compute nodes.
On the Cisco DCNM Web Client UI, navigate to Application > Compute. Select the + icon to join the
compute nodes.
• To erase data on the compute node, logon to the compute node through an SSH session and erase the
data using the rm -rf /var/afw/vols/data command.
Note
You must run the above command separately on all compute nodes to erase data.
• Before starting NIR application after upgrade, on the DCNM Web UI, choose Application > Preferences.
Modify the network settings as required. If you do not modify the network settings after upgrade before
you enable the Telemetry on the Fabrics, the configuration will not complete. You must stop the NIR
app, modify the network settings and start the app again, to resolve the issue.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
10
CHAPTER
3
Prerequisites
This chapter provides release-specific prerequisites information for your deployment of Cisco Data Center
Network Manager.
• Prerequisites for DCNM Open Virtual Appliance, on page 11
• Prerequisites for DCNM ISO Virtual Appliance, on page 12
• Prerequisites for Cisco DCNM Virtual Appliance HA, on page 12
Prerequisites for DCNM Open Virtual Appliance
Before you install the Cisco DCNM Open Virtual Appliance, you will need to meet following software and
database requirements:
• VMware vCenter Server that is running on a Windows server (or alternatively, running as a virtual
appliance).
• VMware ESXi host imported into vCenter.
• Three port groups on the ESXi host─DCNM Management Network, Enhanced Fabric Management
Network, and InBand interface for EPL and Telemetry features.
• Determine the number of switches in your Cisco Programmable Fabric that will be managed by the Cisco
DCNM Open Virtual Appliance.
• Ensure that no anti-virus software (such as McAfee) is running on the host where the VMware vCenter
web client is launched for the DCNM OVA installation. If the anti-virus software is running, the DCNM
installation might fail.
• The DCNM Open Virtual Appliance is compatible to be deployed in ESXi host as well. For deploying
in the ESXi host, VMware vSphere Client application is mandatory.
Note
For more information about the CPU and memory requirements, see the Server Resource Requirements section
of the Cisco DCNM Release Notes, Release .
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
11
Prerequisites
Prerequisites for DCNM ISO Virtual Appliance
Prerequisites for DCNM ISO Virtual Appliance
Ensure that you do not add an additional Active or Standby node to an existing Active-Standby Native HA
DCNM Appliance. The installation fails.
You have to set up the host or the hypervisor before you install the Cisco DCNM ISO Virtual Appliance.
Based on the requirement, set up the setup Host machine or Hypervisor based on CPU and Memory requirement.
Note
For more information about the CPU and memory requirements, see the Server Resource Requirements section
of the Cisco DCNM Release Notes, Release .
You can set up one of the following hosts to install the DCNM ISO Virtual Appliance.
VMware ESXi
The host machine is installed with ESXi and two port groups are created—one for EFM network and the other
for DCNM Management network. Enhanced Fabric In-Band network is optional.
Kernel-based Virtual Machine (KVM)
The host machine is installed with Red Hat Enterprise Linux (RHEL) 5.x or 6.x or 7.x, with KVM libraries
and Graphical User Interface (GUI) access. The GUI allows you to access the Virtual Machine Manager, to
deploy and manage the Cisco DCNM Virtual Appliances. Two networks are created—EFM network and
DCNM Management network. Typically, the DCNM management network is bridged to gain access from
other subnets. Refer the KVM documentation on how to create different types of networks.
Note
KVM on other platforms like CentOS or Ubuntu will not be supported as it increases the compatibility matrix.
Prerequisites for Cisco DCNM Virtual Appliance HA
This section contains the following topics that describe the prerequisites for obtaining a high-availability (HA)
environment.
Deploying Cisco DCNM Virtual Appliances in HA mode
You must deploy two standalone Virtual Appliance (OVA and ISO). When you deploy both Virtual Appliances,
you must meet the following criteria:
• The eth0 of the active OVA must be in the same subnet as eth0 of the standby Virtual Appliance. The
eth1 of the active Virtual Appliance must be in the same subnet as eth1 of the standby OVA. The eth2
of the active virtual appliance must be in the same subnet as the eth2 of the standby appliance.
• Both Virtual Appliances must be deployed with the same administrative password. This process ensures
that both Virtual Appliances are duplicates of each other.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
12
Prerequisites
Availability of Virtual IP Addresses
• If you try to add an additional Active or Standby node to an existing Active-Standby Native HA DCNM
Appliance, the installation fails.
Availability of Virtual IP Addresses
Two free IP addresses are needed to set up the server eth0 and eth1 interfaces. However, eth2 IP address is
optional. The first IP address will be used in the management access network; it should be in the same subnet
as the management access (eth0) interface of the OVAs. The second IP address should be in the same subnet
as enhanced fabric management (eth1) interfaces (switch/POAP management network).
If you choose to configure inband management (eth2) for the DCNM Server, you must reserve another IP
Address. For Native HA setup, the eth2 interface on Primary and Secondary servers must be in same subnet.
Installing an NTP Server
For most of the HA functionality to work, you must synchronize the time on both OVAs by using an NTP
server. The installation would typically be in the management access network (eth0) interfaces.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
13
Prerequisites
Installing an NTP Server
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
14
CHAPTER
4
Installing the Cisco DCNM
This chapter contains the following sections:
• Installing DCNM on Open Virtual Appliance, on page 15
• Installing DCNM on ISO Virtual Appliance, on page 30
• Convert Standalone Setup to Native-HA Setup, on page 58
• Installing Cisco DCNM Compute Node, on page 59
Installing DCNM on Open Virtual Appliance
This chapter contains the following sections:
Downloading the Open Virtual Appliance File
The first step to install the Open Virtual Appliance is to download the dcnm.ova file. Point to that dcnm.ova
file on your computer when deploying the OVF template.
Note
If you plan to use HA application functions, you must deploy the dcnm.ova file twice.
Procedure
Step 1
Go to the following site: http://software.cisco.com/download/ .
Step 2
In the Select a Product search box, enter Cisco Data Center Network Manager.
Click Search icon.
Step 3
Click Data Center Network Manager from the search results.
A list of the latest release software for Cisco DCNM available for download is displayed.
Step 4
In the Latest Releases list, choose Release 11.3(1).
Step 5
Locate the DCNM Open Virtual Appliance Installer and click the Download icon.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
15
Installing the Cisco DCNM
Deploying the Open Virtual Appliance as an OVF Template
Step 6
Save the dcnm.ova file to your directory that is easy to find when you start to deploy the OVF template.
Deploying the Open Virtual Appliance as an OVF Template
After you download the Open Virtual Appliance file, you must deploy the OVF template from the vSphere
Client application or the vCenter Server.
Note
Deploy two OVAs for the HA setup.
Procedure
Step 1
Open the vCenter Server application and connect to the vCenter Server with your vCenter user credentials.
Note
ESXi host must be added to the vCenter Server application.
Depending on the version of the VMware vsphere web HTML5 interface may not work properly when
deploying Huge or Compute OVA, as it does not allow users to specify extra disk size. Therefore, we
recommend that you use Flex interface for deploying VMs.
If you're deploying OVF template using the ESXi 6.7, the installation fails if you use Internet Explorer browser
with HTML5. Ensure that you one of the following options to successfully deploy OVF template with ESXi
and 6.7:
• Mozilla Firefox browser, with HTML 5 support
Use flex interface if HTML 5 is not supported
• Mozilla Firefox browser, with flex\flash support
• Google Chrome browser, with HTML 5 support
Use flex interface if HTML 5 is not supported
Step 2
Navigate to Home > Inventory > Hosts and Clusters and choose the host on which the OVF template is
deployed.
Step 3
On the correct Host, right-click and select Deploy OVF Template.
You can also choose Actions > Deploy OVF Template.
Deploy OVF Template Wizard opens.
Step 4
On the Select template screen, navigate to the location where you have downloaded the OVA image.
You can choose the OVA file by one of the following methods:
• Select the URL radio button. Enter the path of the location of the image file.
• Select Local File radio button. Click Browse. Navigate to the directory where the image is stored. Click
OK.
Click Next.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
16
Installing the Cisco DCNM
Deploying the Open Virtual Appliance as an OVF Template
Step 5
Verify the OVA template details and click Next.
Step 6
On the End User License Agreement screen, read the license agreement.
Click Accept and click Next.
Step 7
On the Select name and location screen, enter the following information:
• In the Name field, enter an appropriate name for the OVF.
Note
Ensure that the VM name is unique within the Inventory.
• In the Browse tab, select Datacenter as the deployment location under the appropriate ESXi host.
Click Next.
Step 8
On the Select configuration screen, select the configuration from the drop-down list.
• Choose Small (Lab or POC) to configure the virtual machine with 8 vCPUs, 24GB RAM.
Choose Small for proof-of-concept and other small-scale environments with fewer than 50 switches that
are not expected to grow with time.
• Choose Large (Production) to configure the virtual machine with 16 vCPUs, 32GB RAM.
We recommend that you use a Large deployment configuration when you are managing more than 50
devices to leverage better RAM, heap memory, and CPUs. For setups that could grow, choose Large.
• Choose Compute to configure the virtual machine with 16 vCPUs, 64GB RAM.
You must have DCNM deployed in Compute mode to use applications in your deployment.
• Choose Huge to configure the virtual machine with 32 vCPUs, 128GB RAM.
This configuration is recommended if you deploy DCNM for SAN Management and use SAN Insights
feature.
Click Next.
Step 9
On Select a resource screen, select the host on which you want to deploy the OVA template.
Click Next.
Step 10
On Select storage screen, based on the Datastore and Available space choose the disk format and the destination
storage for the virtual machine file.
a) Select the virtual disk format from the drop-down list.
The available disk formats are:
Note
Choose one of the thick provision types if you have enough storage capacity as required by the
virtual appliance and want to set a specific allocation of space for the virtual disks.
• Thick Provision Lazy Zeroed: The space that is required for the virtual disk is allocated when the
virtual disk is created. The data that remains on the physical device is not erased when the virtual
disk is created but is zeroed out on demand later on first write from the virtual disk.
• Thin Provision: The disk space available is less than 100 GB. The initial disk consumption is 3GB
and increases as the size of the database increases with the number of devices being managed.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
17
Installing the Cisco DCNM
Deploying the Open Virtual Appliance as an OVF Template
• Thick Provision Eager Zeroed: The space that is required for the virtual disk is allocated when the
virtual disk is created. Unlike the Lazy Zeroed option, the data that remains on the physical device
is erased when the virtual disk is created.
Note
With 500G, the DCNM installation will appear to be stuck with option Thick Provision
Eager Zeroed. However, it takes longer time to complete.
b) Select the VM storage policy from the drop-down list.
By default, no policy is selected.
c) Check the Show datastores from Storage DRS clusters to view the clusters datastores.
d) Select the destination storage for the virtual machine, available in the datastore.
Click Next.
Step 11
On the Select Networks screen, map the networks that are used in the OVF template to networks in your
inventory.
• dcnm-mgmt network
This network provides connectivity (SSH, SCP, HTTP, HTTPS) to the Cisco DCNM Open Virtual
Appliance. Associate this network with the portgroup that corresponds to the subnet that is associated
with the DCNM Management network.
• enhanced-fabric-mgmt
This network provides enhanced fabric management of Nexus switches. You must associate this network
with the port group that corresponds to management network of leaf and spine switches.
• enhanced-fabric-inband
This network provides in-band connection to the fabric. You must associate this network with port group
that corresponds to a fabric in-band connection.
Note
If you do not configure enhanced-fabric-inband network, Endpoint Locator and Telemetry
features are not operational.
However, you can edit the network properties after installation, if required, using the appmgr update
network-properties command. For more information, see Editing Network Properties Post DCNM Installation,
on page 117.
From the Destination Network drop-down list, choose to associate the network mapping with the port group
that corresponds to the subnet that is associated with the corresponding network.
If you are deploying more than one DCNM Open Virtual Appliance for HA functionality, you must meet the
following criteria:
• Both OVAs must have their management access (eth0), enhanced fabric management (eth1) and inband
management (eth2) interfaces in the same subnet.
• Each OVA must have their eth0-eth1 and eth2 interfaces in different subnets.
• Both OVAs must be deployed with the same administrative password. This is to ensure that both OVAs
are duplicates of each other for application access.
Do not use the following characters in your password: <SPACE> " & $ % ' ^ = < > ; : ` \ | / , .*
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
18
Installing the Cisco DCNM
Deploying the Open Virtual Appliance as an OVF Template
Click Next.
Step 12
On Customize template screen, enter the Management Properties information.
Enter the IP Address (for the outside management address for DCNM), Subnet Mask, and Default Gateway.
Note
During Native HA installation and upgrade, ensure that you provide appropriate Management
Properties for both Active and Standby appliances.
Ensure that add valid values for the Management Network properties. Properties with invalid values will
not be assigned. The VM will not power on until you enter valid values.
From Release 11.3(1), for Huge and Compute configurations, you can add extra disk space on the VM. You
can add from 32GB up to 1.5TB of disk space. In the Extra Disk Size field, enter the extra disk size that will
be created on the VM.
Click Next.
Step 13
On Ready to Complete screen, review the deployment settings.
Click Back to go to the previous screens and modify the configuration.
Click Finish to deploy the OVF template.
You can see the deployment status in the Recent Tasks area on the vSphere Client.
Note
Step 14
If this deployment is a part of the upgrade process, do not Power on the VM. Edit and provide the
11.0(1) or 11.1(1) or 11.2(1) MAC address and power on the VM.
After the installation is complete, right click on the installed VM and select Power > Power On.
Note
Before you power on the VM, ensure that you have reserved appropriate resources for the VM, such
as CPU and memory, based on the chosen deployment configuration.
You can see the status in the Recent Tasks area.
Step 15
Navigate to the Summary tab and click Settings icon and select Launch Web Console.
A message indicating that the DCNM appliance is configuring appears on the screen.
***************************************************************
Please point your web browser to
https://<IP-address>:<port-number>
to complete the application
***************************************************************
Copy and paste the URL to the browser to complete the installation, using the Web Installer.
What to do next
The DCNM installer creates a _deviceImage-0.iso in the DCNM VM folder and mounts the ISO permanently
to the VM. If this ISO is removed or the CD/DVD is disconnected, the VM will not boot. The VM will enter
Emergency Mode and prompt you with the message:Give root password for maintenance. If the VM is down,
CD/DVD drive can be disconnected. However, after you power it up again, the VM will enter Emergency
Mode and provide a prompt.
You can choose to install DCNM in Standalone mode or Native HA mode. Refer to Installing Cisco DCNM
ISO in Standalone Mode, on page 47 or Installing the Cisco DCNM ISO in Native HA mode, on page 51
for more information.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
19
Installing the Cisco DCNM
Installing the Cisco DCNM OVA in Standalone Mode
Installing the Cisco DCNM OVA in Standalone Mode
Paste the URL displayed on the Console tab and hit Enter key. A welcome message appears.
To complete the installation of Cisco DCNM from the web installer, perform the following procedure.
Procedure
Step 1
On Welcome to Cisco DCNM screen, click Get Started.
Step 2
On Cisco DCNM Installer screen, select Fresh Installation – Standalone radio button.
Click Continue.
Step 3
On Administration tab, enter the password that is used to connect to all the applications in the Cisco DCNM
Open Virtual Appliance.
Adhere to the following password requirements. If you do not comply with the requirements, the DCNM
application may not function properly.
• It must be at least eight characters long and contain at least one alphabet and one numeral.
• It can contain a combination of alphabets, numerals, and special characters.
• Do not use any of these special characters in the DCNM password for all platforms:
<SPACE> " & $ % ' ^ = < > ; : ` \ | / , .*
Select the Show passwords in clear text checkbox to view the password you have typed.
Click Next.
Step 4
In Install Mode tab, from the drop-down list, choose LAN Fabric installation mode for the OVA DCNM
Appliance.
Check the Enable Clustered Mode checkbox, if you want to deploy Cisco DCNM in Cluster mode.
The Compute nodes will be displayed on the Cisco DCNM Web UI > Applications > Compute. You can
add the compute nodes to a Cluster, later.
Note
If Enable Clustered Mode is selected, applications such as, Config Compliance, EPL, and NIA,
and NIR won’t work until you install the compute nodes.
Click Next.
Step 5
On the System Settings tab, configure the settings for the DCNM Appliance.
• In the Fully Qualified Hostname field, enter the hostname that is a fully qualified domain name (FQDN)
as per RFC1123, section 2.1.
• In the DNS Server Address field, enter the DNS IP address.
Beginning with Release 11.2(1), you can also configure the DNS server using an IPv6 address.
• In the NTP Server field, enter the IP address of the NTP server.
The value must be an IP or IPv6 address or RFC 1123 compliant name.
From Release 11.3(1), you can configure more than one DNS server and NTP server.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
20
Installing the Cisco DCNM
Installing the Cisco DCNM OVA in Standalone Mode
Click Next.
Step 6
On Network Settings tab, configure the network parameters.
Figure 1: Cisco DCNM Management Network Interfaces
a) In Management Network area, verify if the auto-populated IP Address and Default Gateway address are
correct. Modify, if necessary.
Note
Beginning with Cisco DCNM Release 11.2(1), you can also use an IPv6 address for the
Management Network.
(Optional) Enter a valid IPv6 address along with the prefix to configure the Management address and
the Management Network Default IPv6 Gateway.
b) In Out-of-Band Network area, enter the IP address, gateway IP Address. If DCNM is on the IPv6 network,
configure the network with an IPv6 Address.
Out-of-band management provides a connection to the device management ports (Typically mgmt0).
Note
If the out-of-band network is not configured, you cannot configure Cisco DCNM in Cluster
mode.
c) In In-Band Network area, enter the IP Address and gateway IP Address for the in-band network.
The In-Band Network provides reachability to the devices via the front-panel ports.
Note
If you do not configure in-band network, Endpoint Locator and Telemetry features are not
operational.
However, you can edit the network properties after installation, if required, using the appmgr update
network-properties command. For more information, see Editing Network Properties Post DCNM Installation,
on page 117.
Click Next.
Step 7
On the Applications tab, in the IPv4 Subnet field, enter the IP subnet to access the applications that run
internally to DCNM.
All the applications use the IP Address from this subnet.
The Cluster Mode configuration area appears only if you have selected the Enable Clustered Mode checkbox
in Step Step 4, on page 20.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
21
Installing the Cisco DCNM
Installing the Cisco DCNM OVA in Standalone Mode
Note
In Clustered mode, the Cisco DCNM Applications run on separate DCNM Compute Nodes.
a. In the Out-of-Band IPv4 Network Address Pool, enter the address pool from the out-of-band
IPv4 network to be used in the Clustered Mode.
The address must be a smaller prefix of available IP addresses from the eth1 subnet. For example:
Use 10.1.1.240/28 if the eth1 subnet was configured as 10.1.1.0/24 during installation.
This subnet must be a minimum of /28 (16 addresses) and maximum of /24 (256 addresses). It
should also be longer than the east-west pool. This subnet is assigned to containers, to
communicate with the switches.
b. In the Out-of-Band IPv6 Network Address Pool, enter the address pool from the out-of-band
IPv6 network to be used in the Clustered Mode. The address pool must be an IPv6 subnet.
c. In the In-Band IPv4 Network Address Pool, enter the address pool from the out-of-band IPv4
network to be used in the Clustered Mode.
The address must be a smaller prefix of available IP addresses eth2 subnet. For example: Use
11.1.1.240/28 if the eth2 subnet was configured as 11.1.1.0/24 during installation.
This subnet must be a minimum of /28 (16 addresses) and maximum of /24 (256 addresses). It
should also be longer than the east-west pool. This subnet is assigned to containers, to
communicate with the switches.
d. In the In-Band IPv6 Network Address Pool, enter the address pool from the in-band IPv6 network
to be used in the Clustered Mode. The address pool must be an IPv6 subnet.
Click Next.
Step 8
On the Summary tab, review the configuration details.
Click Previous to go to the previous tabs and modify the configuration. Click Start Installation to complete
the Cisco DCNM Installation for the chosen deployment mode.
A progress bar appears showing the completed percentage, description of the operation, and the elapsed time
during the installation. After the progress bar shows 100%, click Continue.
A success message appears with the URL to access DCNM Web UI.
***************************************************************
Your Cisco Data Center Network Manager software has been installed.
DCNM Web UI is available at
https://<<IP Address>>:2443
You will be redirected there in 60 seconds.
Thank you
***************************************************************
Note
If the Cisco DCNM is running behind a firewall, ensure that you open the port 2443 to launch Cisco
DCNM Web UI.
Note
If you try to access the DCNM Web UI using the Management IP address while the installation is
still in progress, an error message appears on the console.
***************************************
*Preparing Appliance*
***************************************
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
22
Installing the Cisco DCNM
Installing the Cisco DCNM OVA in Native HA mode
What to do next
Log on to the DCNM Web UI with appropriate credentials.
Click the Settings icon and choose About DCNM. You can view and verify the Installation type that you
have deployed.
If you have configured inband management (eth2) IP addresses for device management, login to standalone
server and configure the inband network reachability from eth2 of the server to the switches by using the
following commands:
dcnm# appmgr setup inband-route --subnet switches-fabric-links-IP-subnet/mask
dcnm# appmgr setup inband-route --subnet switch-loopback-IP-subnet>/mask
For example: If you have four switches with all fabric links connected through 10.0.0.x/30 subnet, and if all
switches are configured with the loopback interface for inband reachability in subnet 40.1.1.0/24, use the
following commands:
dcnm# appmgr setup inband-route --subnet 10.0.0.0/24
dcnm# appmgr setup inband-route --subnet 40.1.1.0/24
Installing the Cisco DCNM OVA in Native HA mode
The native HA is supported on DCNM appliances with ISO or OVA installation only.
By default, an embedded PostgreSQL database engine with the Cisco DCNM. The native HA feature allows
two Cisco DCNM appliances to run as active and standby applications, with their embedded databases
synchronized in real time. Therefore, when the active DCNM is not functioning, the standby DCNM takes
over with the same database data and resume the operation.
Perform the following task to set up Native HA for DCNM.
Procedure
Step 1
Deploy two DCNM Virtual Appliances (either OVA or ISO).
For example, let us indicate them as dcnm1 and dcnm2.
Step 2
Configure dcnm1 as the Primary node. Paste the URL displayed on the Console tab of dcnm1 and press
Enter key.
A welcome message appears.
a) On the Welcome to Cisco DCNM screen, click Get Started.
b) On the Cisco DCNM Installer screen, select Fresh Installation - HA Primary radio button, to install
dcnm1 as Primary node.
Click Continue.
c) On the Administration tab, enter the password that is used to connect to all the applications in the Cisco
DCNM Open Virtual Appliance.
Adhere to the following password requirements. If you do not comply with the requirements, the DCNM
application may not function properly.
• It must be at least eight characters long and contain at least one alphabet and one numeral.
• It can contain a combination of alphabets, numerals, and special characters.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
23
Installing the Cisco DCNM
Installing the Cisco DCNM OVA in Native HA mode
• Do not use any of these special characters in the DCNM password for Linux, Windows, OVA, and
ISO platforms:
<SPACE> " & $ % ' ^ = < > ; : ` \ | / , .*
Select the Show passwords in clear text checkbox to view the password you have typed.
Click Next.
d) In the Install Mode tab, from the drop-down list, choose LAN Fabric installation mode for the DCNM
Appliance.
Check the Enable Clustered Mode checkbox, if you want to deploy Cisco DCNM in Cluster mode.
The Compute nodes will be displayed on the Cisco DCNM Web UI > Applications > Compute. You
can add the compute nodes to a Cluster, later.
Note
If Enable Clustered Mode is selected, applications such as, Config Compliance, EPL, and
NIA, and NIR won’t work until you install the compute nodes.
Click Next.
e) On the System Settings, configure the settings for the DCNM Appliance.
• In the Fully Qualified Hostname field, enter the hostname that is a fully qualified domain name
(FQDN) as per RFC1123, section 2.1.
• In the DNS Server Address field, enter the DNS IP address.
Beginning with Release 11.2(1), you can also configure the DNS server using an IPv6 address.
• In the NTP Server field, enter the IP address of the NTP server.
The value must be an IP or IPv6 address or RFC 1123 compliant name.
From Release 11.3(1), you can configure more than one DNS server and NTP server.
Click Next.
f) On the Network Settings tab, configure the network parameters.
Figure 2: Cisco DCNM Management Network Interfaces
• In the Management Network area, verify is the auto-populated IP Address and Default gateway
address are correct. Modify, if necessary.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
24
Installing the Cisco DCNM
Installing the Cisco DCNM OVA in Native HA mode
Note
Beginning with Cisco DCNM Release 11.2(1), you can also use an IPv6 address for the
Management Network.
(Optionally) Enter a valid IPv6 address along with the prefix to configure the Management address
and the Management Network Default IPv6 Gateway.
• In the Out-of-Band Network area, enter the IP address, gateway IP Address. If DCNM is on the IPv6
network, configure the network with an IPv6 Address.
Out-of-band management provides a connection to the device management ports (Typically mgmt0).
Note
If the out-of-band network is not configured, you cannot configure Cisco DCNM in Cluster
mode.
• In the In-Band Network area, enter the VIP Address and gateway IP Address for the in-band network.
The In-Band Network provides reachability to the devices via the front-panel ports.
Note
If you do not configure in-band network, Endpoint Locator and Telemetry features are not
operational.
• In the Internal Application Services Network area, enter the IP subnet to access the applications that
run internally to DCNM.
All the applications use the IP Address from this subnet.
Note
Ensure that you configure the same IP subnet on both the Primary HA and the Secondary
HA node.
However, you can edit the network properties after installation, if required, using the appmgr update
network-properties command. For more information, see Editing Network Properties Post DCNM
Installation, on page 117.
Click Next.
g) On the HA Settings tab, a confirmation message appears.
You are installing the primary DCNM HA node.
Please note that HA setup information will need to
be provided when the secondary DCNM HA node is
installed.
Click Next.
h) On the Applications tab, in the IPv4 Subnet field, enter the IP subnet to access the applications that run
internally to DCNM.
All the applications use the IP Address from this subnet.
The Cluster Mode configuration area appears only if you have selected the Enable Clustered Mode
checkbox in Step 2.d, on page 24.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
25
Installing the Cisco DCNM
Installing the Cisco DCNM OVA in Native HA mode
Note
In Clustered mode, the Cisco DCNM Applications run on separate DCNM Compute Nodes.
1. In the Out-of-Band IPv4 Network Address Pool, enter the address pool from the
out-of-band IPv4 network to be used in the Clustered Mode.
The address must be a smaller prefix of available IP addresses from the eth1 subnet. For
example: Use 10.1.1.240/28 if the eth1 subnet was configured as 10.1.1.0/24 during
installation.
This subnet must be a minimum of /28 (16 addresses) and maximum of /24 (256 addresses).
It should also be longer than the east-west pool. This subnet is assigned to containers, to
communicate with the switches.
2. In the Out-of-Band IPv6 Network Address Pool, enter the address pool from the
out-of-band IPv6 network to be used in the Clustered Mode. The address pool must be an
IPv6 subnet.
3. In the In-Band IPv4 Network Address Pool, enter the address pool from the out-of-band
IPv4 network to be used in the Clustered Mode.
The address must be a smaller prefix of available IP addresses eth2 subnet. For example:
Use 11.1.1.240/28 if the eth2 subnet was configured as 11.1.1.0/24 during installation.
This subnet must be a minimum of /28 (16 addresses) and maximum of /24 (256 addresses).
It should also be longer than the east-west pool. This subnet is assigned to containers, to
communicate with the switches.
4. In the In-Band IPv6 Network Address Pool, enter the address pool from the in-band IPv6
network to be used in the Clustered Mode. The address pool must be an IPv6 subnet.
Click Next.
i) On the Summary tab, review the configuration details.
Click Previous to go to the previous tabs and modify the configuration. Click Start Installation to
complete the Cisco DCNM Installation for the chosen deployment mode.
A progress bar appears to show the completed percentage, description of the operation, and the elapsed
time during the installation. After the progress bar shows 100%, click Continue.
A warning message appears stating that the setup is not complete until you install the Secondary node.
WARNING: DCNM HA SETUP IS NOT COMPLETE!
Your Cisco Data Center Network Manager software has been installed on
this HA primary node.
However, the system will be ready to be used only after installation
of the secondary node has been completed.
Thank you.
Step 3
Configure dcnm2 as the Secondary node. Paste the URL displayed on the Console tab of dcnm2 and hit Enter.
A welcome message appears.
a) On the Welcome to Cisco DCNM screen, click Get Started.
b) On the Cisco DCNM Installer screen, select Fresh Installation - HA Secondary radio button, to install
dcnm2 as Secondary node.
Click Continue.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
26
Installing the Cisco DCNM
Installing the Cisco DCNM OVA in Native HA mode
c) On the Administration tab, enter the password that is used to connect to all the applications in the Cisco
DCNM Open Virtual Appliance.
The password for the secondary node must be the same as the Administrative password for
primary, as entered in Step 2.c, on page 23.
Note
Click Next.
d) In the Install Mode tab, from the drop-down list, choose the same installation mode that you selected for
the Primary node.
The HA installation fails if you do not choose the same installation mode as Primary node.
Note
Click Next.
e) On the System Settings, configure the settings for the DCNM Appliance.
• In the Fully Qualified Hostname field, enter the hostname that is a fully qualified domain name
(FQDN) as per RFC1123, section 2.1.
• In the DNS Server Address field, enter the DNS IP address.
Beginning with Release 11.2(1), you can also configure the DNS server using an IPv6 address.
• In the NTP Server field, enter the IP address of the NTP server.
The value must be an IP or IPv6 address or RFC 1123 compliant name.
From Release 11.3(1), you can configure more than one DNS server and NTP server.
Click Next.
f) On the Network Settings tab, configure the network parameters.
Figure 3: Cisco DCNM Management Network Interfaces
• In the Management Network area, verify is the auto-populated IP Address and Default gateway
address are correct. Modify, if necessary.
Note
Ensure that the IP Address belongs to the same Management Network as configured on
the Primary node for HA setup to complete successfully.
Note
Beginning with Cisco DCNM Release 11.2(1), you can also use an IPv6 address for the
Management Network.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
27
Installing the Cisco DCNM
Installing the Cisco DCNM OVA in Native HA mode
(Optionally) Enter a valid IPv6 address along with the prefix to configure the Management address
and the Management Network Default IPv6 Gateway.
• In the Out-of-Band Network area, enter the IP address, gateway IP Address. If DCNM is on the IPv6
network, configure the network with an IPv6 Address.
Out-of-band management provides a connection to the device management ports (Typically mgmt0).
Note
Ensure that the IP Address, IP address gateway, and the IPv6 address belong to the same
Out-of-Band Network as configured on the Primary node for HA setup to complete
successfully.
Note
If the out-of-band network is not configured, you cannot configure Cisco DCNM in Cluster
mode.
You can also configure an IPv6 address for out-of-band management network.
• In the In-Band Network area, enter the IP Address and gateway IP Address for the in-band network.
The In-Band Network provides reachability to the devices via the front-panel ports.
If you do not configure in-band network, Endpoint Locator and Telemetry features are not
operational.
Note
However, you can edit the network properties after installation, if required, using the appmgr update
network-properties command. For more information, see Editing Network Properties Post DCNM
Installation, on page 117.
• In the Internal Application Services Network area, enter the IP subnet to access the applications that
run internally to DCNM.
All the applications use the IP Address from this subnet.
Ensure that you configure the same IP subnet on both the Primary HA and the Secondary
HA node.
Note
Click Next.
g) On the Applications tab, in the IPv4 Subnet field, enter the IP subnet to access the applications that run
internally to DCNM.
All the applications use the IP Address from this subnet.
Note
Ensure that you configure the same IP subnet on both the Primary HA and the Secondary HA
node.
Click Next.
h) On the HA Settings tab, configure the system settings..
• In the Management IP Address of primary DCNM node field, enter the appropriate IP Address to
access the DCNM UI.
• In the VIP Fully qualified Host Name field, enter hostname that is a fully qualified domain name
(FQDN) as per RFC1123, section 2.1.
• Enter the Management Network VIP address, VIPv6 address, and OOB Network VIP address
appropriately.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
28
Installing the Cisco DCNM
Installing the Cisco DCNM OVA in Native HA mode
If you have configured the Management network using IPv6 address, ensure that you
configure the Management Network VIPv6 Address.
Note
• Enter OOB Network VIPv6 Address to configure IPv6 address for VIP.
• In the In-Band Network area, enter the VIP Address for the in-band network.
This is the VIP address for the In-Band network. This field is mandatory if you have provided an IP
address for In-Band network in the Network Settings tab.
• Enter the HA ping IP address if necessary.
HA_PING_ADDRESS, must be different from the DCNM Active and Standby addresses.
You must configure the HA ping IP Address to avoid the Split Brain scenario. This address must
belong to Enhanced Fabric management network.
Click Next.
i) On the Summary tab, review the configuration details.
Click Previous to go to the previous tabs and modify the configuration. Click Start Installation to
complete the Cisco DCNM OVA Installation for the chosen deployment mode.
A progress bar appears to show the completed percentage, description of the operation, and the elapsed
time during the installation. After the progress bar shows 100%, click Continue.
A success message appears with the URL to access DCNM Web UI.
***************************************************************
Your Cisco Data Center Network Manager software has been installed.
DCNM Web UI is available at
https://<<IP Address>>:2443
You will be redirected there in 60 seconds.
Thank you
***************************************************************
Note
If the Cisco DCNM is running behind a firewall, ensure that you open the port 2443 to launch
Cisco DCNM Web UI.
What to do next
Log on to the DCNM Web UI with appropriate credentials.
Click the Settings icon and choose About DCNM. You can view and verify the Installation type that you
have deployed.
If you have configured inband management (eth2) IP addresses for device management, login to standalone
server and configure the inband network reachability from eth2 of the server to the switches by using the
following commands:
dcnm# appmgr setup inband-route --subnet switches-fabric-links-IP-subnet/mask
dcnm# appmgr setup inband-route --subnet switch-loopback-IP-subnet>/mask
For example: If you have four switches with all fabric links connected through 10.0.0.x/30 subnet, and if all
switches are configured with the loopback interface for inband reachability in subnet 40.1.1.0/24, use the
following commands:
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
29
Installing the Cisco DCNM
Installing DCNM on ISO Virtual Appliance
dcnm# appmgr setup inband-route --subnet 10.0.0.0/24
dcnm# appmgr setup inband-route --subnet 40.1.1.0/24
Installing DCNM on ISO Virtual Appliance
This chapter contains the following sections:
Note
The screenshots in this section may change in your setup based on how you are booting the ISO; you will
either see the blue (BIOS) screen or the black (UEFI) screen.
Downloading the ISO Virtual Appliance File
The first step to installing the ISO Virtual Appliance is to download the dcnm.iso file. You must point to
that dcnm.iso file on your computer when preparing the server for installing DCNM.
Note
If you plan to use HA application functions, you must deploy the dcnm.iso file twice.
Procedure
Step 1
Go to the following site: http://software.cisco.com/download/ .
Step 2
In the Select a Product search box, enter Cisco Data Center Network Manager.
Click on Search icon.
Step 3
Click on Data Center Network Manager from the search results.
A list of the latest release software for Cisco DCNM available for download is displayed.
Step 4
In the Latest Releases list, choose Release 11.3(1).
Step 5
Locate the DCNM ISO Virtual Appliance Installer and click the Download icon.
Step 6
Locate the DCNM VM templates at DCNM Virtual Appliance definition files for VMWare (.ovf) and KVM
(domain XMLs) environment and click Download.
Step 7
Save the dcnm.iso file to your directory that will be easy to find when you being the installation.
What to do next
You can choose to install DCNM On KVM or Baremetal servers. Refer to Installing the DCNM ISO Virtual
Appliance on KVM, on page 37 or Installing the DCNM ISO Virtual Appliance on UCS (Bare Metal), on
page 31 for more information.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
30
Installing the Cisco DCNM
Installing the DCNM ISO Virtual Appliance on UCS (Bare Metal)
Installing the DCNM ISO Virtual Appliance on UCS (Bare Metal)
From Release 11.3(1), you can install Cisco DCNM ISO using an additional mode where the physical interfaces
are bound together for a port channel or ethernet channel configured as a trunk with the management traffic,
out-of-band traffic, and in-band traffic separated in different VLANs.
Ensure that the switch is configured correctly for bundled interface mode. The following shows a sample
switch configuration for bundled interface mode:
vlan 100
vlan 101
vlan 102
interface port-channel1
switchport
switchport mode trunk
interface Ethernet101/1/1
switchport mode trunk
channel-group 1
no shutdown
interface Ethernet101/1/2
switchport mode trunk
channel-group 1
no shutdown
interface Ethernet101/1/3
switchport mode trunk
channel-group 1
no shutdown
interface Ethernet101/1/4
switchport mode trunk
channel-group 1
no shutdown
Perform the following tasks to install the DCNM ISO virtual appliance on UCS.
Procedure
Step 1
Launch Cisco Integrated Management Controller (CIMC).
Step 2
Click the Launch KVM button.
You can either launch Java-based KVM or HTML-based KVM.
Step 3
Click the URL displayed on the window to continue loading the KVM client application.
Step 4
On the Menu bar, click Virtual Media > Activate Virtual Devices.
Step 5
Click Virtual Media and choose one of the following mediums to browse and upload DCNM ISO images
from the following:
• Map CD/DVD
• Map Removable Disk
• Map Floppy Disk
Navigate to the location where the ISO image is located and load the ISO image.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
31
Installing the Cisco DCNM
Installing the DCNM ISO Virtual Appliance on UCS (Bare Metal)
Step 6
Select Power > Reset System (warm boot) and Ok to continue and restart the UCS box.
Step 7
Press F6 interrupt the reboot process when the server starts to select a boot device. The boot selection menu
appears.
For more information about using the UCS KVM Console window, see the Cisco UCS Server Configuration
Utility, Release 3.1 User Guide at the following URL:
https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/sw/ucsscu/user/guide/31/UCS_SCU/
booting.html#wp1078073
Step 8
Use the arrow keys to select Cisco Virtual CD/DVD and press Enter. The server boots with the DCNM ISO
image from the mapped location.
Note
The following image highlights UEFI installation. However, you can also choose Cisco
vKVM-Mapped vDVD1.22 for BIOS installation. ISO can be booted in both modes, BIOS, and
UEFI.
UEFI is mandatory for a system with minimum of 2TB disks.
For Cisco UCS with the disk size of 2TB or higher and with 4K sector size drivers, the UEFI boot option is
required. For more information, see UEFI Boot Mode.
Step 9
Select Install Cisco Data Center Network Manager using the up or down arrow keys. Press Enter.
The option shown in the following image appears when the ISO image is booted with UEFI.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
32
Installing the Cisco DCNM
Installing the DCNM ISO Virtual Appliance on UCS (Bare Metal)
Step 10
On the Cisco Management Network Management screen, select the mode to configure the network.
Enter 1 to configure the Cisco DCNM network interfaces from the available physical interfaces.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
33
Installing the Cisco DCNM
Installing the DCNM ISO Virtual Appliance on UCS (Bare Metal)
Enter 2 to configure the Cisco DCNM network interfaces from the available physical interfaces that are
bundled together to form a single port-channel, configured as a trunk.
Step 11
If you entered 1, to install Cisco DCNM ISO in un-bundled interface mode, select the interface for the networks.
The list of available interfaces is displayed on the screen.
Choose the Management Interface (eth0) and Out-of-Band interface (eth1) from the Network Interface List.
You can also configure the in-band interface (eth2) if necessary.
Note
If you do not configure In-Band interface, Endpoint Locator and Telemetry features are not
operational.
However, you can edit the network properties after installation, if required, using the appmgr update
network-properties command. For more information, see Editing Network Properties Post DCNM Installation,
on page 117.
Step 12
If you entered 2, to install Cisco DCNM ISO in bundled interface mode, perform the following tasks:
a) Select interface from the list to form a bundle.
Note
A minimum of one physical interface must be a part of the bundle.
Enter q after you enter all the interface that must be added to the bundle.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
34
Installing the Cisco DCNM
Installing the DCNM ISO Virtual Appliance on UCS (Bare Metal)
b) Enter the VLAN IDs to be used for Management Network, Out-Of-Band Network and In-band Network
Select interface from the list to form a bundle.
Verify and confirm if the correct VLAN IDs are assigned.
Note
The VLAN IDs for Management Network and Out-Of-Band Network can be the same when
Management Network and Out-Of-Band Network use the same subnet (that is, when eth0/eth1
are in the same subnet)
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
35
Installing the Cisco DCNM
Installing the DCNM ISO Virtual Appliance on UCS (Bare Metal)
Step 13
Review the selected interfaces. Press y to confirm and continue with the installation.
Step 14
Configure the Management Network for Cisco DCNM. Enter the IP address, Subnet Mask, and Gateway.
Press y to continue with the installation.
After the installation is complete, the system reboots and a message indicating that the DCNM appliance is
configuring appears on the screen.
***************************************************************
Please point your web browser to
http://<IP-address>:<port-number>
to complete the application
***************************************************************
Copy and paste the URL to the browser to complete the installation using the Web Installer.
What to do next
You can choose to install DCNM in Standalone mode or Native HA mode. Refer to Installing Cisco DCNM
ISO in Standalone Mode, on page 47 or Installing the Cisco DCNM ISO in Native HA mode, on page 51
for more information.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
36
Installing the Cisco DCNM
Installing the DCNM ISO Virtual Appliance on KVM
Installing the DCNM ISO Virtual Appliance on KVM
Perform the following tasks to install the ISO virtual appliance on KVM.
Procedure
Step 1
Unzip and extract dcnm-va-ovf-kvm-files.11.3.1.zip and locate the dcnm-kvm-vm.xml file.
Step 2
Upload this file on the RHEL server that is running KVM to the same location as the ISO.
Step 3
Connect to the RHEL server running KVM via SCP File transfer terminal.
Step 4
Upload the dcnm-va.11.3.1.iso and dcnm-kvm-vm.xml to the RHEL server.
Step 5
Close the file transfer session.
Step 6
Connect to the RHEL server running KVM via SSH terminal.
Step 7
Navigate to the location where both the ISO and domain XMLs is downloaded.
Step 8
Create the VM (or Domains, as they are known in the KVM terminology) using the virsh command.
need info on dcnm-kvm-vm-huge.xml
sudo virsh define [{dcnm-kvm-vm-huge.xml | dcnm-kvm-vm-compute.xml |
dcnm-kvm-vm-large.xml | dcnm-kvm-vm-small.xml}]
Step 9
Enable a VNC server and open the required firewall ports.
Step 10
Close the SSH session.
Step 11
Connect to the RHEL server running KVM via a VNC terminal.
Step 12
Navigate to Applications > System Tools > Virtual Machine Manager (VMM).
A VM is created in the Virtual Machine Manager.
Step 13
From Virtual Machine Manager, edit the VM by selecting the VM in the listing. Click Edit > Virtual Machine
Details > Show virtual hardware details.
Step 14
In the Virtual Hardware Details, navigate to Add Hardware > Storage.
Step 15
Create a hard disk with Device type withe the following specifications:
• device type: IDE disk
• cache-mode: default
• storage format: raw
We recommend that you use storage size of 500GB.
Step 16
Select IDE CDROM on the edit window of the Virtual Machine and click Connect.
Step 17
Navigate to dcnm-va.iso and click OK.
Step 18
Select both the NICs and assign appropriate networks that are created.
Step 19
Power on the Virtual Machine.
Note
Before you power on the VM, ensure that you have reserved appropriate resources for the VM, such
as CPU and memory, based on the chosen deployment configuration.
The operating system is installed.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
37
Installing the Cisco DCNM
Installing the DCNM ISO Virtual Appliance on Windows Hyper-V
Step 20
On the Cisco Management Network Management screen, select the interface for the networks. The list of
available interfaces is displayed on the screen.
Choose the Management Interface (eth0) and Out-of-Band interface (eth1) from the Network Interface List.
You can also configure in-band interface (eth2) if necessary.
Note
If you do not configure in-band interface (eth2), Endpoint Locator and Telemetry features are not
operational.
However, you can edit the network properties after installation, if required, using the appmgr update
network-properties command. For more information, see Editing Network Properties Post DCNM Installation,
on page 117.
Step 21
Press y to confirm and continue with the installation.
Step 22
Configure the Management Network. Enter the IP address, Subnet Mask, and Gateway. Press y to continue
with the installation.
After the installation is complete, the system reboots and a message indicating that the DCNM appliance is
configuring appears on the screen.
***************************************************************
Please point your web browser to
http://<IP-address>:<port-number>
to complete the application
***************************************************************
Copy and paste the URL to the browser to complete the installation using the Web Installer.
What to do next
You can choose to install DCNM in Standalone mode or Native HA mode. Refer to Installing Cisco DCNM
ISO in Standalone Mode, on page 47 or Installing the Cisco DCNM ISO in Native HA mode, on page 51
for more information.
Installing the DCNM ISO Virtual Appliance on Windows Hyper-V
Hyper-V Manager provides management access to your virtualization platform. You can install DCNM ISO
virtual appliance using Hyper-V manager.
Launch the Windows Server Manager using appropriate credentials. To launch the Hyper-V Manager, from
the Menu bar, choose Tools > Hyper-V Manager.
Note
DCNM ISO Virtual Appliance on Windows Hyper-V doesn’t support Clustered mode.
To install Cisco DCNM ISO Virtual Appliance on Windows Hyper-V, perform the following tasks:
Creating Virtual Switches
Cisco DCNM requires three virtual switches for network interfaces:
• dcnm-mgmt network (eth0) interface
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
38
Installing the Cisco DCNM
Creating Virtual Switches
• enhanced-fabric-mgmt (eth1) interface
• enhanced-fabric-inband (eth2) interface
To create Virtual Switches on the Hyper-V Manager, perform the following steps:
Procedure
Step 1
On the Action pane, click Virtual Switch Manager.
The Virtual Switch Manager for the Windows Hyper-V window appears.
Step 2
On the left pane, under Virtual Switches, click New virtual network switch to create a virtual switch.
Step 3
Create the virtual switch for DCNM Management network.
a) Select External and click Create Virtual Switch.
b) In the Name field, enter the enter an appropriate name for the eth0 interface.
Note
Ensure that the virtual switch name is unique within the Inventory.
c) From the External network drop-down list, select the appropriate physical interface available on the server.
d) Click Apply.
Step 4
Create the virtual switch for Enhanced Fabric Management interface.
a) Select External and click Create Virtual Switch.
b) In the Name field, enter the enter an appropriate name for the eth1 interface.
Note
Ensure that the virtual switch name is unique within the Inventory.
c) From the External network drop-down list, select the appropriate physical interface available on the server.
d) Click Apply.
Step 5
Create the virtual switch for Enhanced Fabric Inband interface.
a) Select External and click Create Virtual Switch.
b) In the Name field, enter the enter an appropriate name for the eth2 interface.
Note
Ensure that the virtual switch name is unique within the Inventory.
c) From the External network drop-down list, select the appropriate physical interface available on the server.
d) Click Apply.
All the interfaces appear under the Virtual Switches in the left pane, as shown in the following figure.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
39
Installing the Cisco DCNM
Creating Virtual Machines
What to do next
Create the Virtual Machines to mount the ISO. Refer to Creating Virtual Machines, on page 40 for more
information.
Creating Virtual Machines
To create virtual machines for either Standalone, or Primary and Secondary nodes for Native HA setup,
perform the following procedure:
Before you begin
If you’re installing Cisco DCNM in Native HA Mode, you must create two virtual machines; one for Primary
node, and one for Secondary node.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
40
Installing the Cisco DCNM
Creating Virtual Machines
Procedure
Step 1
In the Actions pane, from the New drop-down list, select Virtual Machine.
The New Virtual Machine Wizard appears.
Step 2
In the Before You Begin screen, click Next.
Step 3
In the Specify Name and Location screen, enter the name for the Active DCNM node.
Click Next.
Step 4
In the Specify Generation screen, select Generation 2.
This virtual machine supports new virtualization features, has UEFI-based firmware, and requires 64-bit
operating system.
Click Next.
Step 5
In the Assign Memory screen, in the Startup memory field, enter 32768 MB to configure the virtual machine
with 32GB memory.
To verify recommended configurations, refer to System Requirements.
Click Next.
Step 6
In the Configuration Networking screen, from the Connection drop-down list, select the interface for this
VM. Select eth0 (Management Network interface).
Click Next.
Step 7
In the Connect Virtual Hard Disk screen, create a virtual hard disk.
a) Select Create a virtual hard disk.
b) Enter appropriate Name, Location, and Size of the hard disk.
Note
The default name for the virtual hard disk is derived from the virtual machine name that you
provided in the Specify Name and Location screen.
The size of the hard disk must be minimum of 500GB.
Click Next.
Step 8
In the Installation Options screen, select Install as operating system from a bootable image file.
In the Image file (.iso) field, click Browse. Navigate to the directory and select the DCNM 11.3(1) ISO image.
Click Next.
Step 9
In the Summary screen, review the configuration details.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
41
Installing the Cisco DCNM
Creating Virtual Machines
Click Finish to create the DCNM Active node.
The newly created virtual machine appears in the Virtual Machines block on the Hyper-V Manager.
Step 10
Right click on the virtual machine and select Settings.
The Settings screen for DCNM node appears.
Step 11
On the left pane, in the Hardware block, click Add Hardware.
Step 12
In the main pane, select Network Adapter and click Add.
Step 13
In the Network Adapter screen, create network adapter for the virtual switch.
• From the Virtual Switch drop-down list, select the eth1 virtual switch. Click Apply.
• From the Virtual Switch drop-down list, select the eth2 virtual switch. Click Apply.
All the three Network Adapters are displayed in the left pane, under the Hardware section.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
42
Installing the Cisco DCNM
Creating Virtual Machines
Step 14
In the left pane, select Security.
In the main pane, from the template drop-down list, select Microsoft UEFI Certificate Authority.
Note
This template is a mandatory if you’ve selected the Generation 2 hyper-V virtual machines.
Click Apply.
Step 15
In the Settings screen, click Processor.
In the main pane, in the Number of virtual processors field, enter 32, to choose 32vCPUs. Click Apply.
Click OK to confirm the settings for the DCNM node.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
43
Installing the Cisco DCNM
Installing DCNM ISO Virtual Appliance
What to do next
Install the Cisco DCNM ISO on the Windows Hyper-V. Refer to Installing DCNM ISO Virtual Appliance,
on page 44 for more information.
Installing DCNM ISO Virtual Appliance
To configure the DCNM ISO virtual appliance for either Standalone, or Primary and Secondary nodes for
Native HA setup, perform the following procedure:
Before you begin
Ensure that the Virtual Machine is configured correctly with proper security settings.
Procedure
Step 1
From the Virtual Machines block, right click n the Active node and select Connect.
Step 2
In the Virtual Machine Connection screen, from the Menu bar, select Media > DVD Drive to verify the image
selected.
Click Start. The DCNM Server boots.
Step 3
Select Install Cisco Data Center Network Manager using the up or down arrow keys. Press Enter to install
the Cisco DCNM Active node.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
44
Installing the Cisco DCNM
Installing DCNM ISO Virtual Appliance
Step 4
On the Cisco Management Network Management screen, select the interface for the networks. The list of
available interfaces is displayed on the screen.
Choose the Management Interface (eth0) and Out-of-Band interface (eth1) from the Network Interface
List. You can also configure the In-band interface (eth2) if necessary.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
45
Installing the Cisco DCNM
Installing DCNM ISO Virtual Appliance
Review the selected interfaces. Press y to confirm and continue with the installation.
Step 5
Configure the Management Network for Cisco DCNM. Enter the IP address, Subnet Mask, and Gateway.
Verify the values and press y to continue with the installation.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
46
Installing the Cisco DCNM
Installing Cisco DCNM ISO in Standalone Mode
After the installation is complete, the system reboots and a message indicating that the DCNM appliance is
configuring appears on the screen.
***************************************************************
Please point your web browser to
http://<IP-address>:<port-number>
to complete the application
***************************************************************
Copy and paste the URL to the browser to complete the installation using the Web Installer.
What to do next
You can choose to install DCNM in Standalone mode or Native HA mode. Refer to Installing Cisco DCNM
ISO in Standalone Mode, on page 47 or Installing the Cisco DCNM ISO in Native HA mode, on page 51
for more information.
Installing Cisco DCNM ISO in Standalone Mode
Paste the URL displayed on the Console tab and hit Enter key. A welcome message appears.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
47
Installing the Cisco DCNM
Installing Cisco DCNM ISO in Standalone Mode
To complete the installation of Cisco DCNM from the web installer, perform the following procedure.
Procedure
Step 1
On Welcome to Cisco DCNM screen, click Get Started.
Step 2
On Cisco DCNM Installer screen, select Fresh Installation – Standalone radio button.
Click Continue.
Step 3
On Administration tab, enter the password that is used to connect to all the applications in the Cisco DCNM
Open Virtual Appliance.
Adhere to the following password requirements. If you do not comply with the requirements, the DCNM
application may not function properly.
• It must be at least eight characters long and contain at least one alphabet and one numeral.
• It can contain a combination of alphabets, numerals, and special characters.
• Do not use any of these special characters in the DCNM password for all platforms:
<SPACE> " & $ % ' ^ = < > ; : ` \ | / , .*
Select the Show passwords in clear text checkbox to view the password you have typed.
Click Next.
Step 4
In Install Mode tab, from the drop-down list, choose LAN Fabric installation mode for the OVA DCNM
Appliance.
Check the Enable Clustered Mode checkbox, if you want to deploy Cisco DCNM in Cluster mode.
The Compute nodes will be displayed on the Cisco DCNM Web UI > Applications > Compute. You can
add the compute nodes to a Cluster, later.
Note
If Enable Clustered Mode is selected, applications such as, Config Compliance, EPL, and NIA,
and NIR won’t work until you install the compute nodes.
Click Next.
Step 5
On the System Settings tab, configure the settings for the DCNM Appliance.
• In the Fully Qualified Hostname field, enter the hostname that is a fully qualified domain name (FQDN)
as per RFC1123, section 2.1.
• In the DNS Server Address field, enter the DNS IP address.
Beginning with Release 11.2(1), you can also configure the DNS server using an IPv6 address.
• In the NTP Server field, enter the IP address of the NTP server.
The value must be an IP or IPv6 address or RFC 1123 compliant name.
From Release 11.3(1), you can configure more than one DNS server and NTP server.
Click Next.
Step 6
On Network Settings tab, configure the network parameters.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
48
Installing the Cisco DCNM
Installing Cisco DCNM ISO in Standalone Mode
Figure 4: Cisco DCNM Management Network Interfaces
a) In Management Network area, verify if the auto-populated IP Address and Default Gateway address are
correct. Modify, if necessary.
Note
Beginning with Cisco DCNM Release 11.2(1), you can also use an IPv6 address for the
Management Network.
(Optional) Enter a valid IPv6 address along with the prefix to configure the Management address and
the Management Network Default IPv6 Gateway.
b) In Out-of-Band Network area, enter the IP address, gateway IP Address. If DCNM is on the IPv6 network,
configure the network with an IPv6 Address.
Out-of-band management provides a connection to the device management ports (Typically mgmt0).
Note
If the out-of-band network is not configured, you cannot configure Cisco DCNM in Cluster
mode.
c) In In-Band Network area, enter the IP Address and gateway IP Address for the in-band network.
The In-Band Network provides reachability to the devices via the front-panel ports.
Note
If you do not configure in-band network, Endpoint Locator and Telemetry features are not
operational.
However, you can edit the network properties after installation, if required, using the appmgr update
network-properties command. For more information, see Editing Network Properties Post DCNM Installation,
on page 117.
Click Next.
Step 7
On the Applications tab, in the IPv4 Subnet field, enter the IP subnet to access the applications that run
internally to DCNM.
All the applications use the IP Address from this subnet.
The Cluster Mode configuration area appears only if you have selected the Enable Clustered Mode checkbox
in Step Step 4, on page 48.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
49
Installing the Cisco DCNM
Installing Cisco DCNM ISO in Standalone Mode
Note
In Clustered mode, the Cisco DCNM Applications run on separate DCNM Compute Nodes.
a. In the Out-of-Band IPv4 Network Address Pool, enter the address pool from the out-of-band
IPv4 network to be used in the Clustered Mode.
The address must be a smaller prefix of available IP addresses from the eth1 subnet. For example:
Use 10.1.1.240/28 if the eth1 subnet was configured as 10.1.1.0/24 during installation.
This subnet must be a minimum of /28 (16 addresses) and maximum of /24 (256 addresses). It
should also be longer than the east-west pool. This subnet is assigned to containers, to
communicate with the switches.
b. In the Out-of-Band IPv6 Network Address Pool, enter the address pool from the out-of-band
IPv6 network to be used in the Clustered Mode. The address pool must be an IPv6 subnet.
c. In the In-Band IPv4 Network Address Pool, enter the address pool from the out-of-band IPv4
network to be used in the Clustered Mode.
The address must be a smaller prefix of available IP addresses eth2 subnet. For example: Use
11.1.1.240/28 if the eth2 subnet was configured as 11.1.1.0/24 during installation.
This subnet must be a minimum of /28 (16 addresses) and maximum of /24 (256 addresses). It
should also be longer than the east-west pool. This subnet is assigned to containers, to
communicate with the switches.
d. In the In-Band IPv6 Network Address Pool, enter the address pool from the in-band IPv6 network
to be used in the Clustered Mode. The address pool must be an IPv6 subnet.
Click Next.
Step 8
On the Summary tab, review the configuration details.
Click Previous to go to the previous tabs and modify the configuration. Click Start Installation to complete
the Cisco DCNM Installation for the chosen deployment mode.
A progress bar appears showing the completed percentage, description of the operation, and the elapsed time
during the installation. After the progress bar shows 100%, click Continue.
A success message appears with the URL to access DCNM Web UI.
***************************************************************
Your Cisco Data Center Network Manager software has been installed.
DCNM Web UI is available at
https://<<IP Address>>:2443
You will be redirected there in 60 seconds.
Thank you
***************************************************************
Note
If the Cisco DCNM is running behind a firewall, ensure that you open the port 2443 to launch Cisco
DCNM Web UI.
Note
If you try to access the DCNM Web UI using the Management IP address while the installation is
still in progress, an error message appears on the console.
***************************************
*Preparing Appliance*
***************************************
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
50
Installing the Cisco DCNM
Installing the Cisco DCNM ISO in Native HA mode
What to do next
Log on to the DCNM Web UI with appropriate credentials.
Click the Settings icon and choose About DCNM. You can view and verify the Installation type that you
have deployed.
If you have configured inband management (eth2) IP addresses for device management, login to standalone
server and configure the inband network reachability from eth2 of the server to the switches by using the
following commands:
dcnm# appmgr setup inband-route --subnet switches-fabric-links-IP-subnet/mask
dcnm# appmgr setup inband-route --subnet switch-loopback-IP-subnet>/mask
For example: If you have four switches with all fabric links connected through 10.0.0.x/30 subnet, and if all
switches are configured with the loopback interface for inband reachability in subnet 40.1.1.0/24, use the
following commands:
dcnm# appmgr setup inband-route --subnet 10.0.0.0/24
dcnm# appmgr setup inband-route --subnet 40.1.1.0/24
Installing the Cisco DCNM ISO in Native HA mode
The native HA is supported on DCNM appliances with ISO or OVA installation only.
By default, an embedded PostgreSQL database engine with the Cisco DCNM. The native HA feature allows
two Cisco DCNM appliances to run as active and standby applications, with their embedded databases
synchronized in real time. Therefore, when the active DCNM is not functioning, the standby DCNM takes
over with the same database data and resume the operation.
Perform the following task to set up Native HA for DCNM.
Procedure
Step 1
Deploy two DCNM Virtual Appliances (either OVA or ISO).
For example, let us indicate them as dcnm1 and dcnm2.
Step 2
Configure dcnm1 as the Primary node. Paste the URL displayed on the Console tab of dcnm1 and press
Enter key.
A welcome message appears.
a) On the Welcome to Cisco DCNM screen, click Get Started.
b) On the Cisco DCNM Installer screen, select Fresh Installation - HA Primary radio button, to install
dcnm1 as Primary node.
Click Continue.
c) On the Administration tab, enter the password that is used to connect to all the applications in the Cisco
DCNM Open Virtual Appliance.
Adhere to the following password requirements. If you do not comply with the requirements, the DCNM
application may not function properly.
• It must be at least eight characters long and contain at least one alphabet and one numeral.
• It can contain a combination of alphabets, numerals, and special characters.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
51
Installing the Cisco DCNM
Installing the Cisco DCNM ISO in Native HA mode
• Do not use any of these special characters in the DCNM password for Linux, Windows, OVA, and
ISO platforms:
<SPACE> " & $ % ' ^ = < > ; : ` \ | / , .*
Select the Show passwords in clear text checkbox to view the password you have typed.
Click Next.
d) In the Install Mode tab, from the drop-down list, choose LAN Fabric installation mode for the DCNM
Appliance.
Check the Enable Clustered Mode checkbox, if you want to deploy Cisco DCNM in Cluster mode.
The Compute nodes will be displayed on the Cisco DCNM Web UI > Applications > Compute. You
can add the compute nodes to a Cluster, later.
Note
If Enable Clustered Mode is selected, applications such as, Config Compliance, EPL, and
NIA, and NIR won’t work until you install the compute nodes.
Click Next.
e) On the System Settings, configure the settings for the DCNM Appliance.
• In the Fully Qualified Hostname field, enter the hostname that is a fully qualified domain name
(FQDN) as per RFC1123, section 2.1.
• In the DNS Server Address field, enter the DNS IP address.
Beginning with Release 11.2(1), you can also configure the DNS server using an IPv6 address.
• In the NTP Server field, enter the IP address of the NTP server.
The value must be an IP or IPv6 address or RFC 1123 compliant name.
From Release 11.3(1), you can configure more than one DNS server and NTP server.
Click Next.
f) On the Network Settings tab, configure the network parameters.
Figure 5: Cisco DCNM Management Network Interfaces
• In the Management Network area, verify is the auto-populated IP Address and Default gateway
address are correct. Modify, if necessary.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
52
Installing the Cisco DCNM
Installing the Cisco DCNM ISO in Native HA mode
Note
Beginning with Cisco DCNM Release 11.2(1), you can also use an IPv6 address for the
Management Network.
(Optionally) Enter a valid IPv6 address along with the prefix to configure the Management address
and the Management Network Default IPv6 Gateway.
• In the Out-of-Band Network area, enter the IP address, gateway IP Address. If DCNM is on the IPv6
network, configure the network with an IPv6 Address.
Out-of-band management provides a connection to the device management ports (Typically mgmt0).
Note
If the out-of-band network is not configured, you cannot configure Cisco DCNM in Cluster
mode.
• In the In-Band Network area, enter the VIP Address and gateway IP Address for the in-band network.
The In-Band Network provides reachability to the devices via the front-panel ports.
Note
If you do not configure in-band network, Endpoint Locator and Telemetry features are not
operational.
• In the Internal Application Services Network area, enter the IP subnet to access the applications that
run internally to DCNM.
All the applications use the IP Address from this subnet.
Note
Ensure that you configure the same IP subnet on both the Primary HA and the Secondary
HA node.
However, you can edit the network properties after installation, if required, using the appmgr update
network-properties command. For more information, see Editing Network Properties Post DCNM
Installation, on page 117.
Click Next.
g) On the HA Settings tab, a confirmation message appears.
You are installing the primary DCNM HA node.
Please note that HA setup information will need to
be provided when the secondary DCNM HA node is
installed.
Click Next.
h) On the Applications tab, in the IPv4 Subnet field, enter the IP subnet to access the applications that run
internally to DCNM.
All the applications use the IP Address from this subnet.
The Cluster Mode configuration area appears only if you have selected the Enable Clustered Mode
checkbox in Step 2.d, on page 52.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
53
Installing the Cisco DCNM
Installing the Cisco DCNM ISO in Native HA mode
Note
In Clustered mode, the Cisco DCNM Applications run on separate DCNM Compute Nodes.
1. In the Out-of-Band IPv4 Network Address Pool, enter the address pool from the
out-of-band IPv4 network to be used in the Clustered Mode.
The address must be a smaller prefix of available IP addresses from the eth1 subnet. For
example: Use 10.1.1.240/28 if the eth1 subnet was configured as 10.1.1.0/24 during
installation.
This subnet must be a minimum of /28 (16 addresses) and maximum of /24 (256 addresses).
It should also be longer than the east-west pool. This subnet is assigned to containers, to
communicate with the switches.
2. In the Out-of-Band IPv6 Network Address Pool, enter the address pool from the
out-of-band IPv6 network to be used in the Clustered Mode. The address pool must be an
IPv6 subnet.
3. In the In-Band IPv4 Network Address Pool, enter the address pool from the out-of-band
IPv4 network to be used in the Clustered Mode.
The address must be a smaller prefix of available IP addresses eth2 subnet. For example:
Use 11.1.1.240/28 if the eth2 subnet was configured as 11.1.1.0/24 during installation.
This subnet must be a minimum of /28 (16 addresses) and maximum of /24 (256 addresses).
It should also be longer than the east-west pool. This subnet is assigned to containers, to
communicate with the switches.
4. In the In-Band IPv6 Network Address Pool, enter the address pool from the in-band IPv6
network to be used in the Clustered Mode. The address pool must be an IPv6 subnet.
Click Next.
i) On the Summary tab, review the configuration details.
Click Previous to go to the previous tabs and modify the configuration. Click Start Installation to
complete the Cisco DCNM Installation for the chosen deployment mode.
A progress bar appears to show the completed percentage, description of the operation, and the elapsed
time during the installation. After the progress bar shows 100%, click Continue.
A warning message appears stating that the setup is not complete until you install the Secondary node.
WARNING: DCNM HA SETUP IS NOT COMPLETE!
Your Cisco Data Center Network Manager software has been installed on
this HA primary node.
However, the system will be ready to be used only after installation
of the secondary node has been completed.
Thank you.
Step 3
Configure dcnm2 as the Secondary node. Paste the URL displayed on the Console tab of dcnm2 and hit Enter.
A welcome message appears.
a) On the Welcome to Cisco DCNM screen, click Get Started.
b) On the Cisco DCNM Installer screen, select Fresh Installation - HA Secondary radio button, to install
dcnm2 as Secondary node.
Click Continue.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
54
Installing the Cisco DCNM
Installing the Cisco DCNM ISO in Native HA mode
c) On the Administration tab, enter the password that is used to connect to all the applications in the Cisco
DCNM Open Virtual Appliance.
The password for the secondary node must be the same as the Administrative password for
primary, as entered in Step 2.c, on page 51.
Note
Click Next.
d) In the Install Mode tab, from the drop-down list, choose the same installation mode that you selected for
the Primary node.
The HA installation fails if you do not choose the same installation mode as Primary node.
Note
Click Next.
e) On the System Settings, configure the settings for the DCNM Appliance.
• In the Fully Qualified Hostname field, enter the hostname that is a fully qualified domain name
(FQDN) as per RFC1123, section 2.1.
• In the DNS Server Address field, enter the DNS IP address.
Beginning with Release 11.2(1), you can also configure the DNS server using an IPv6 address.
• In the NTP Server field, enter the IP address of the NTP server.
The value must be an IP or IPv6 address or RFC 1123 compliant name.
From Release 11.3(1), you can configure more than one DNS server and NTP server.
Click Next.
f) On the Network Settings tab, configure the network parameters.
Figure 6: Cisco DCNM Management Network Interfaces
• In the Management Network area, verify is the auto-populated IP Address and Default gateway
address are correct. Modify, if necessary.
Note
Ensure that the IP Address belongs to the same Management Network as configured on
the Primary node for HA setup to complete successfully.
Note
Beginning with Cisco DCNM Release 11.2(1), you can also use an IPv6 address for the
Management Network.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
55
Installing the Cisco DCNM
Installing the Cisco DCNM ISO in Native HA mode
(Optionally) Enter a valid IPv6 address along with the prefix to configure the Management address
and the Management Network Default IPv6 Gateway.
• In the Out-of-Band Network area, enter the IP address, gateway IP Address. If DCNM is on the IPv6
network, configure the network with an IPv6 Address.
Out-of-band management provides a connection to the device management ports (Typically mgmt0).
Note
Ensure that the IP Address, IP address gateway, and the IPv6 address belong to the same
Out-of-Band Network as configured on the Primary node for HA setup to complete
successfully.
Note
If the out-of-band network is not configured, you cannot configure Cisco DCNM in Cluster
mode.
You can also configure an IPv6 address for out-of-band management network.
• In the In-Band Network area, enter the IP Address and gateway IP Address for the in-band network.
The In-Band Network provides reachability to the devices via the front-panel ports.
If you do not configure in-band network, Endpoint Locator and Telemetry features are not
operational.
Note
However, you can edit the network properties after installation, if required, using the appmgr update
network-properties command. For more information, see Editing Network Properties Post DCNM
Installation, on page 117.
• In the Internal Application Services Network area, enter the IP subnet to access the applications that
run internally to DCNM.
All the applications use the IP Address from this subnet.
Ensure that you configure the same IP subnet on both the Primary HA and the Secondary
HA node.
Note
Click Next.
g) On the Applications tab, in the IPv4 Subnet field, enter the IP subnet to access the applications that run
internally to DCNM.
All the applications use the IP Address from this subnet.
Note
Ensure that you configure the same IP subnet on both the Primary HA and the Secondary HA
node.
Click Next.
h) On the HA Settings tab, configure the system settings..
• In the Management IP Address of primary DCNM node field, enter the appropriate IP Address to
access the DCNM UI.
• In the VIP Fully qualified Host Name field, enter hostname that is a fully qualified domain name
(FQDN) as per RFC1123, section 2.1.
• Enter the Management Network VIP address, VIPv6 address, and OOB Network VIP address
appropriately.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
56
Installing the Cisco DCNM
Installing the Cisco DCNM ISO in Native HA mode
If you have configured the Management network using IPv6 address, ensure that you
configure the Management Network VIPv6 Address.
Note
• Enter OOB Network VIPv6 Address to configure IPv6 address for VIP.
• In the In-Band Network area, enter the VIP Address for the in-band network.
This is the VIP address for the In-Band network. This field is mandatory if you have provided an IP
address for In-Band network in the Network Settings tab.
• Enter the HA ping IP address if necessary.
HA_PING_ADDRESS, must be different from the DCNM Active and Standby addresses.
You must configure the HA ping IP Address to avoid the Split Brain scenario. This address must
belong to Enhanced Fabric management network.
Click Next.
i) On the Summary tab, review the configuration details.
Click Previous to go to the previous tabs and modify the configuration. Click Start Installation to
complete the Cisco DCNM OVA Installation for the chosen deployment mode.
A progress bar appears to show the completed percentage, description of the operation, and the elapsed
time during the installation. After the progress bar shows 100%, click Continue.
A success message appears with the URL to access DCNM Web UI.
***************************************************************
Your Cisco Data Center Network Manager software has been installed.
DCNM Web UI is available at
https://<<IP Address>>:2443
You will be redirected there in 60 seconds.
Thank you
***************************************************************
Note
If the Cisco DCNM is running behind a firewall, ensure that you open the port 2443 to launch
Cisco DCNM Web UI.
What to do next
Log on to the DCNM Web UI with appropriate credentials.
Click the Settings icon and choose About DCNM. You can view and verify the Installation type that you
have deployed.
If you have configured inband management (eth2) IP addresses for device management, login to standalone
server and configure the inband network reachability from eth2 of the server to the switches by using the
following commands:
dcnm# appmgr setup inband-route --subnet switches-fabric-links-IP-subnet/mask
dcnm# appmgr setup inband-route --subnet switch-loopback-IP-subnet>/mask
For example: If you have four switches with all fabric links connected through 10.0.0.x/30 subnet, and if all
switches are configured with the loopback interface for inband reachability in subnet 40.1.1.0/24, use the
following commands:
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
57
Installing the Cisco DCNM
Convert Standalone Setup to Native-HA Setup
dcnm# appmgr setup inband-route --subnet 10.0.0.0/24
dcnm# appmgr setup inband-route --subnet 40.1.1.0/24
Convert Standalone Setup to Native-HA Setup
To convert an existing Cisco DCNM Standalone setup to a Native HA setup, perform the following steps:
Before you begin
Ensure that the Standalone setup is active and operational, by using the appmgr show version command.
dcnm# appmgr show version
Cisco Data Center Network Manager
Version: 11.4(1)
Install mode: LAN Fabric
Standalone node. HA not enabled.
dcnm#
Procedure
Step 1
On the Standalone setup, launch SSH and enable root user access by using the appmgr root-access permit
command:
dcnm# appmgr root-access permit
Step 2
Deploy a new DCNM as secondary node. Choose Fresh installation - HA Secondary
Caution
If the system configuration does not meet minimum resource requirements, SYSTEM RESOURCE
ERROR is displayed on the Web Installer, and the installation will be aborted. Modify the system
requirements, and launch the Web Installer to complete the installation.
Note
Ensure that you provide the Standalone IP Address as the Primary node management IP address for
the secondary node.
Based on OVA or ISO, refer to Installing the Cisco DCNM OVA in Native HA mode, on page 23 or Installing
the Cisco DCNM ISO in Native HA mode, on page 51 for instructions about how to deploy Cisco DCNM
in Native HA Secondary mode.
Step 3
On the Summary tab, review the configuration details for the Secondary node.
Click Start Installation to complete the Cisco DCNM OVA Installation for the chosen deployment mode.
A progress bar appears to show the completed percentage, description of the operation, and the elapsed time
during the installation. After the progress bar shows 100%, click Continue.
A success message appears with the URL to access DCNM Web UI.
***************************************************************
Your Cisco Data Center Network Manager software has been installed.
DCNM Web UI is available at
https://<<IP Address>>:2443
You will be redirected there in 60 seconds.
Thank you
***************************************************************
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
58
Installing the Cisco DCNM
Installing Cisco DCNM Compute Node
Note
If the Cisco DCNM is running behind a firewall, ensure that you open the port "2443" to launch
Cisco DCNM Web UI.
What to do next
Verify the HA role by using the appmgr show ha-role command.
On the Active node (old standalone node):
dcnm1# appmgr show ha-role
Native HA enabled.
Deployed role: Active
Current role: Active
On the Standby node (newly deployed node):
dcnm2# appmgr show ha-role
Native HA enabled.
Deployed role: Standby
Current role: Standby
Installing Cisco DCNM Compute Node
Paste the URL displayed on the Console tab and hit Enter key. A welcome message appears. You can install
compute nodes on both Cisco DCNM OVA and ISO deployments.
Note
Compute nodes allows users to scale DCNM, as application load can be shared across all the compute nodes,
instead of the usual 1 or 2 (if you have HA) nodes.
Note
If Enable Clustered Mode was selected during DCNM installation, applications such as, Configuration
Compliance, EPL, NIA, and NIR won’t work until you install the compute nodes.
You can also watch the video that demonstrates how to how to configure Cisco DCNM in Clustered mode
from the Cisco DCNM Web Installer. See Video: Installing Cisco DCNM in Clustered Mode from Web
Installer.
To complete the installation of Cisco DCNM Compute Node from the web installer, perform the following
procedure.
Before you begin
Ensure that you have 16 vCPUs, 64GB RAM, and 500GB hard disc to install compute nodes.
Procedure
Step 1
On the Welcome to Cisco DCNM screen, click Get Started.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
59
Installing the Cisco DCNM
Installing Cisco DCNM Compute Node
Step 2
On the Cisco DCNM Installer screen, select the Fresh Installation – Standalone radio button.
Click Continue.
Step 3
On the Install Mode tab, choose Compute to deploy this DCNM instance as a compute node.
Compute option appears in the drop-down list only if you have chosen Compute while configuring
the OVF template or ISO hypervisors.
Note
Click Next.
Step 4
On the Administration tab, enter information about passwords.
• In the Administrator Password field, enter the password that is used to connect to the applications in
the Cisco DCNM.
All special characters, except %$^=;.*\'" <SPACE> is allowed in the password.
Enter the password again in the Repeat Administrator Password field.
• In the Database Password field, enter the password for the PostgreSQL database.
All special characters, except %$^=;.*\'" <SPACE> is allowed in the password.
Enter the password again in the Repeat Database Password field.
Note
If this field is left blank, it shall consider the Administrator password as the PostgreSQL
password.
Select the Show passwords in clear text check box to view the password that you have entered.
Click Next.
Step 5
On the System Settings, configure the settings for the DCNM Appliance.
• In the Fully Qualified Hostname field, enter the hostname that is a fully qualified domain name (FQDN)
as per RFC1123, section 2.1. Hostnames with only digits is not supported.
• In the DNS Server Address List field, enter the DNS IP address.
Beginning with Release 11.2(1), you can also configure the DNS server using an IPv6 address.
From Release 11.3(1), you can configure more than one DNS server.
Note
If you’re using Network Insights applications, ensure that the DNS server is valid and reachable.
• In the NTP Server Address List field, enter the IP address of the NTP server.
The value must be an IP or IPv6 address or RFC 1123 compliant name.
From Release 11.3(1), you can configure more than one NTP server.
• From the Timezone drop-down list, select the timezone in which you are deploying the DCNM.
Click Next.
Step 6
On the Network Settings tab, configure the network parameters used to reach the DCNM Web UI.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
60
Installing the Cisco DCNM
Installing Cisco DCNM Compute Node
Figure 7: Cisco DCNM Management Network Interfaces
a) In the Management Network area, verify if the auto-populated addresses for Management IPv4 Address
and Management Network Default IPv4 Gateway are correct. Modify, if necessary.
Note
Beginning with Cisco DCNM Release 11.2(1), you can also use an IPv6 address for the
Management Network.
(Optionally) Enter a valid IPv6 address along with the prefix to configure the Management IPv6 Address
and the Management Network Default IPv6 Gateway.
b) In the Out-of-Band Network area, enter the IPv4 address and Gateway IPv4 Address.
If DCNM is on the IPv6 network, configure the network by entering relevant IPv6 Address for IPv6
address and Gateway IPv6 Address.
Out-of-band management provides a connection to the device management ports (Typically mgmt0).
Note
If the out-of-band network is not configured, you cannot configure Cisco DCNM in Cluster
mode.
c) In the In-Band Network area, enter the IPv4 address and Gateway IPv4 Address for the in-band
network.
If DCNM is on the IPv6 network, configure the network by entering relevant IPv6 Address for IPv6
address and Gateway IPv6 Address.
The In-Band Network provides reachability to the devices via the front-panel ports.
Note
If you do not configure in-band network, Endpoint Locator and Telemetry features are not
operational.
However, you can edit the network properties after installation, if required, using the appmgr update
network-properties command. For more information, see Editing Network Properties Post DCNM Installation,
on page 117.
Click Next.
Step 7
In the Internal Application Services Network area, in the IPv4 Subnet field, enter the IP subnet to access
the applications that run internally to DCNM.
All the applications use the IP Address from this subnet.
Click Next.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
61
Installing the Cisco DCNM
Installing Cisco DCNM Compute Node
Step 8
On the Summary tab, review the configuration details.
Click Previous to go to the previous tabs and modify the configuration. Click Start Installation to complete
the Cisco DCNM Installation for the chosen deployment mode.
A progress bar appears to show the completed percentage, description of the operation, and the elapsed time
during the installation. After the progress bar shows 100%, click Continue.
A success message appears with the URL to access DCNM Compute Node.
***************************************************************
Your Cisco DCNM Compute Node has been installed.
Click on the following link to go to DCNM GUI's Application page:
DCNM GUI's Applications
You will be redirected there in 60 seconds.
Thank you
***************************************************************
Step 9
Logon to the compute node via SSH, using sysadmin@<dcnm-compute-eth0-ip-address>.
Step 10
Run the sudo reboot command to ensure that this compute node joins the Cluster in a fully initialized state.
dcnm-compute# sudo reboot
After reboot, verify if you can SSH into the compute node using sysadmin@<dcnm-compute-eth0-ip-address>.
What to do next
Log on to the DCNM Web UI with appropriate credentials.
The Applications tab displays all the services running on the DCNM deployment that you have installed.
Click Compute tab to view the new Compute in Discovered state on the Cisco DCNM Web UI.
To add the compute nodes to a cluster, see Adding Computes to a Cluster Node in your deployment-specific
Cisco DCNM Configuration Guide for more information.
Note
If you did not enable clustered mode while installing DCNM, use the appmgr afw config-clustercommand
to enable the compute cluster. For instructions, refer to the Enabling the Compute Cluster in the Cisco DCNM
LAN Fabric Configuration Guide.
When a compute node goes through a unscheduled powercycle and restarts, the Elasticsearch container will
not start. It is possible that some filesystems are corrupted. To resolve this issue. reboot the Compute node in
safe mode by using fsck -y command.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
62
CHAPTER
5
Upgrading Cisco DCNM
This chapter provides information about upgrading Cisco DCNM, and contains the following section:
• Upgrading Cisco DCNM, on page 63
• Upgrading ISO or OVA through Inline Upgrade, on page 64
Upgrading Cisco DCNM
Before Cisco DCNM Release 11.0(1), DCNM OVA, and ISO supported SAN functionality. From Cisco
DCNM Release 11.3(1), you can install Cisco DCNM for SAN Deployment on both OVA and ISO virtual
appliances. However, there is not upgrade path for SAN OVA\ISO.
From Release 11.3(1), Cisco DCNM OVA and ISO is supported for SAN functionality.
The following table summarizes the type of upgrade that you must follow to upgrade to Release 11.3(1).
Table 4: Type of Upgrade for Classic LAN, LAN Fabric, and IP for Media (IPFM) deployments
Current Release Number
Upgrade type to upgrade to Release 11.3(1)
11.2(1)
Inline Upgrade
11.1(1)
Inline Upgrade
11.0(1)
11.0(1) → 11.1(1) → 11.3(1)
1. Upgrade to 11.1(1) using Inline Upgrade
2. Upgrade from 11.1(1) to 11.3(1) using Inline Upgrade
10.4(2)
4
10.4(2) → 11.1(1) → 11.3(1)
1. Upgrade to 11.1(1) using the DCNMUpgradeTool
2. Upgrade from 11.1(1) to 11.3(1) using Inline Upgrade
4
(This upgrade path is not supported for Cisco DCNM Media Controller deployments)
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
63
Upgrading Cisco DCNM
Upgrading ISO or OVA through Inline Upgrade
Upgrading ISO or OVA through Inline Upgrade
Inline upgrade allows you to upgrade DCNM by imposing the new DCNM version to the existing DCNM.
After the inline upgrade, ensure that you clear your browser cache before launching the DCNM application.
When you install Cisco DCNM, a self-signed certificate is installed, by default. However, after upgrading to
the latest Cisco DCNM Release, you must restore the certificates.
Note
Restoring certificates is a disruptive mechanism; it requires you to stop and restart applications. Restore the
certificates only when the upgraded system is stable, that is, you must be able to login to Cisco DCNM Web
UI.
To restore certificates after upgrade, see Restoring the certificates after an upgrade, on page 96.
This section contains the procedure to upgrade the DCNM using the Inline Upgrade method.
Note
For Classic LAN Deployment upgrade, the deployment is automatically converted to LAN Fabric deployment
mode when you upgrade to DCNM Release 11.4(1).
Inline Upgrade for DCNM Virtual Appliance in Standalone Mode
Inline upgrade allows you to upgrade DCNM by imposing the new DCNM version to the existing DCNM.
After the inline upgrade, ensure that you clear your browser cache before launching the DCNM application.
Perform the following task to upgrade the DCNM virtual appliance in standalone mode.
Procedure
Step 1
Log on to the Cisco DCNM appliance console.
Caution
If the system requirements does not meet the minimum resource requirements, everytime you logon
to DCNM via the console or SSH, SYSTEM RESOURCE ERROR is displayed. Modify the
system requirements logon to DCNM via Console/SSH.
• For OVA Installation: On the OVF template deployed for the host, right click and select Settings >
Launch Web Console.
• For ISO Installation: Select the KVM console or UCS (Bare Metal) console.
Caution
Do not perform an Inline Upgrade from an SSH Session. The session may timeout and result in an
incomplete upgrade.
OR
Run the following command to create a screen session.
dcnm# screen
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
64
Upgrading Cisco DCNM
Inline Upgrade for DCNM Virtual Appliance in Standalone Mode
This creates a session which allows you to execute the commands. The commands continue to run even when
the window is not visible or if you get disconnected.
Step 2
Take a backup of the application data using the appmgr backup command.
dcnm# appmgr backup
Copy the backup file to a safe location outside the DCNM server.
Step 3
Unzip the dcnm-va.11.3.1.iso.zip file and upload the DCNM 11.3(1) ISO file to the /root/
folder in the DCNM setup that you want to upgrade.
Step 4
Create folder that is named iso using the mkdir /mnt/iso command.
dcnm# mkdir /mnt/iso
Step 5
Mount the DCNM 11.3(1) ISO file on the standalone setup in the /mnt/iso folder.
mount -o loop <DCNM 11.3(1) image> /mnt/iso
dcnm# mount -o loop dcnm-va.11.3.1.iso /mnt/iso
Step 6
Navigate to /mnt/iso/packaged-files/scripts/ and run the ./inline-upgrade.sh script.
dcnm# cd /mnt/iso/packaged-files/scripts/
dcnm# ./inline-upgrade.sh
Do you want to continue and perform the inline upgrade to 11.3(1)? [y/n]: y
Step 7
Provide the new sysadmin user password at the prompt:
Enter the password for the new sysadmin user: <<sysadmin_password>>
Enter it again for verification: <<sysadmin_password>>
After the upgrade is complete, the appliance reboots. After reboot, the SSH \root access is disabled by default.
Use sysadmin user.
Step 8
Ensure that the DCNM application is functional, by using the appmgr status all command.
dcnm# appmgr status all
Step 9
To verify that you have successfully installed the Cisco DCNM Release 11.3(1), use the appmgr show version
command.
dcnm# appmgr show version
Cisco Data Center Network Manager
Version: 11.3(1)
Install mode: LAN Fabric
Standalone node. HA not enabled.
What to do next
Logon to the DCNM Web UI with appropriate credentials.
Click Settings icon and choose About DCNM. You can view and verify the Installation type that you have
deployed.
To gracefully onboard Cisco DCNM Release 11.1(1), or Release 11.2(1) managed VXLAN BGP EVPN
fabric(s) comprising Cisco Nexus 9000 switches post upgrade to Cisco DCNM Release 11.3(1), see Post
DCNM 11.3(1) Upgrade for VXLAN BGP EVPN, External, and MSD Fabrics.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
65
Upgrading Cisco DCNM
Inline Upgrade for DCNM Virtual Appliance in Native HA Mode
Inline Upgrade for DCNM Virtual Appliance in Native HA Mode
Inline upgrade allows you to upgrade DCNM by imposing the new DCNM version to the existing DCNM.
After the inline upgrade, ensure that you clear your browser cache before launching the DCNM application.
Perform the following task to upgrade the DCNM virtual appliance in Native HA mode.
Before you begin
•
• Ensure that both the Cisco DCNM 11.1(1) or Cisco DCNM 11.2(1) Active and Standby peers are up and
running.
• If the Cisco DCNM setup is in clustered mode, ensure that you perform the following:
Note
Inline upgrade of Cisco DCNM in Clustered mode is supported from Release
11.2(1). Release 11.1(1) doesn’t support inline upgrade for DCNM in clustered
mode.
• Stop the Network Insights - Resources (NIR) 2.x application. On the Cisco DCNM Web UI, choose
Applications > Catalog. On the NIR app, click Stop icon to stop the application. Click Delete to
remove the application from the Catalog.
• Stop all the applications running on the Cisco DCNM Compute nodes using the appmgr stop afw
command.
dcnm-compute# appmgr stop afw
• Check and ensure that the Active and Standby servers are operational, using the appmgr show ha-role
command.
Example:
On the Active node:
dcnm1# appmgr show ha-role
Native HA enabled.
Deployed role: Active
Current role: Active
On the Standby node:
dcnm2# appmgr show ha-role
Native HA enabled.
Deployed role: Standby
Current role: Standby
Procedure
Step 1
Unzip the dcnm-va.11.3.1.iso.zip file and upload the DCNM 11.3(1) ISO file to the /root/
folder in both Active and Standby node of the DCNM setup that you want to upgrade.
Note
For example, let us indicate Active and Standby appliances as dcnm1 and dcnm2 respectively.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
66
Upgrading Cisco DCNM
Inline Upgrade for DCNM Virtual Appliance in Native HA Mode
Step 2
Log on to the Cisco DCNM appliance console.
Caution
If the system requirements does not meet the minimum resource requirements, everytime you logon
to DCNM via the console or SSH, SYSTEM RESOURCE ERROR is displayed. Modify the
system requirements logon to DCNM via Console/SSH.
• For OVA Installation: On the OVF template that is deployed for the host, right click and select Settings
> Launch Web Console.
• For ISO Installation: Select the KVM console or UCS (Bare Metal) console.
Caution
Do not perform an Inline Upgrade from an SSH Session. The session may timeout and result in an
incomplete upgrade.
OR
Run the following command to create a screen session.
dcnm1# screen
dcnm2# screen
This creates a session which allows you to execute the commands. The commands continue to run even when
the window is not visible or if you get disconnected.
Step 3
Take a backup of the application data using the appmgr backup command on both Active and Standby
appliances.
dcnm1# appmgr backup
dcnm2# appmgr backup
Copy the backup file to a safe location outside the DCNM server.
Step 4
On the Active node, perform the inline upgrade.
a) Create a folder named iso using the mkdir /mnt/iso command.
dcnm1# mkdir /mnt/iso
b) Mount the DCNM 11.3(1) ISO file on the Active node in the /mnt/iso folder.
dcnm1# mount -o loop dcnm-va.11.3.1.iso /mnt/iso
c) (Optional) Stop the HA applications on the Standby appliance using the appmgr stop ha-apps command.
dcnm2# appmgr stop ha-apps
d) Navigate to /mnt/iso/packaged-files/scripts/ location and run the ./inline-upgrade.sh script.
dcnm1# cd /mnt/iso/packaged-files/scripts/
dcnm1# ./inline-upgrade.sh
Note
If some services are still running, you will receive a prompt that the services will be stopped.
When prompted, press y to continue.
dcnm1# Do you want to continue and perform the inline upgrade to 11.3(1)? [y/n]: y
e) Provide the new sysadmin user password at the prompt:
Enter the password for the new sysadmin user: <<sysadmin_password>>
Enter it again for verification: <<sysadmin_password>>
After the upgrade is complete, the appliance reboots. After reboot, the SSH \root access is disabled by
default. Use sysadmin user.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
67
Upgrading Cisco DCNM
Inline Upgrade for DCNM Virtual Appliance in Native HA Mode
f) Ensure the DCNM application is functional, by using the appmgr status all command.
dcnm1# appmgr status all
Note
Ensure that all the services are up and running on the Cisco DCNM Active node before
proceeding to upgrade Standby node.
g) Verify the role of the Active node, by using appmgr show ha-role command. Current role must show as
Active.
dcnm1# appmgr show ha-role
Native HA enabled.
Deployed role: Active
Current role: Active
Warning We recommend that you do not continue to upgrade the Standby node, unless the Active node
Current role is Active.
Step 5
On the Standby node, perform the inline upgrade.
a) Create folder named iso using the mkdir /mnt/iso command.
dcnm2# mkdir /mnt/iso
b) Mount the DCNM 11.3(1) ISO file on the Standby node in the /mnt/iso folder.
dcnm2#
dcnm2# mount -o loop dcnm-va.11.3.1.iso /mnt/iso
c) Navigate to /mnt/iso/packaged-files/scripts/ location and run the ./inline-upgrade.sh script.
dcnm2# cd /mnt/iso/packaged-files/scripts/
dcnm2# ./inline-upgrade.sh --standby
Note
If some services are still running, you will receive a prompt that the services will be stopped.
When prompted, press y and continue.
dcnm2# Do you want to continue and perform the inline upgrade to 11.3(1)? [y/n]: y
d) Provide the new sysadmin user password at the prompt:
Enter the password for the new sysadmin user: <<sysadmin_password>>
Enter it again for verification: <<sysadmin_password>>
After the upgrade is complete, the appliance reboots. After reboot, the SSH \root access is disabled by
default. Use sysadmin user.
After the upgrade is complete, the appliance reboots. Verify the role of the appliance, using the following
command:
dcnm2# appmgr show ha-role
Native HA enabled.
Deployed role: Standby
Current role: Standby
What to do next
Log on to the DCNM Web UI with appropriate credentials.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
68
Upgrading Cisco DCNM
Inline Upgrade for DCNM Compute Nodes
Click Settings icon and choose About DCNM. You can view and verify the Installation type that you have
deployed.
Verify the role of both the appliances using the appmgr show ha-role
dcnm1# appmgr show ha-role
Native HA enabled.
Deployed role: Active
Current role: Active
dcnm2# appmgr show ha-role
Native HA enabled.
Deployed role: Standby
Current role: Standby
Verify the status of all applications using the appmgr status all command.
To gracefully onboard Cisco DCNM Release 11.1(1), or Release 11.2(1) managed VXLAN BGP EVPN
fabric(s) comprising Cisco Nexus 9000 switches post upgrade to Cisco DCNM Release 11.3(1), see Post
DCNM 11.3(1) Upgrade for VXLAN BGP EVPN, External, and MSD Fabrics.
Inline Upgrade for DCNM Compute Nodes
You can upgrade the DCNM compute nodes from Release 11.2(1) to Release 11.3(1) using the inline upgrade.
Inline upgrade allows you to upgrade the compute node by imposing the new DCNM version to the existing
compute node.
Perform the following task to upgrade the DCNM compute node in both Standalone and Native HA modes.
Before you begin
Cisco DCNM Servers in either Standalone node or Native HA mode must be upgraded to Release 11.3(1),
before upgrading the DCNM compute nodes.
Procedure
Step 1
Log on to the Cisco DCNM Compute console.
Caution
Don’t perform an Inline Upgrade from an SSH Session. The session may timeout and result in an
incomplete upgrade.
Caution
If the system requirements does not meet the minimum resource requirements, everytime you logon
to DCNM via the console or SSH, SYSTEM RESOURCE ERROR is displayed. Modify the
system requirements logon to DCNM via Console/SSH.
OR
Run the following command to create a screen session on the compute node.
dcnm-compute# screen
This creates a session which allows you to execute the commands. The commands continue to run even when
the window isn’t visible or if you get disconnected.
Step 2
Unzip the dcnm-va.11.3.1.iso.zip file and upload the DCNM 11.3(1) ISO file to the /root/
folder in all the compute nodes.
Step 3
Create folder that is named iso using the mkdir /mnt/iso command, on all the computes.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
69
Upgrading Cisco DCNM
Inline Upgrade for DCNM Compute Nodes
dcnm-compute# mkdir /mnt/iso
Step 4
Mount the DCNM 11.3(1) ISO file on the compute node in the /mnt/iso folder.
mount -o loop <DCNM 11.3(1) image> /mnt/iso
dcnm-compute# mount -o loop dcnm-va.11.3.1.iso /mnt/iso
Mount the ISO on all the compute nodes.
Step 5
Navigate to /mnt/iso/packaged-files/scripts/ and run the ./inline-upgrade.sh script.
dcnm-compute# cd /mnt/iso/packaged-files/scripts/
dcnm-compute# ./inline-upgrade.sh
Do you want to continue and perform the inline upgrade to 11.3(1)? [y/n]: y
Note
Step 6
If some services are still running, a prompt to stop the services appears. When prompted, press y
to continue.
Provide the new sysadmin user password at the prompt:
Enter the password for the new sysadmin user:<<sysadmin_password>>
Enter it again for verification:<<sysadmin_password>>
After the upgrade is complete, the compute node reboots. After reboot, the SSH \root access is disabled by
default. Use sysadmin user.
Step 7
Verify that you have successfully upgraded to Cisco DCNM Release 11.3(1), using the appmgr show version
command.
dcnm-compute# appmgr show version
Cisco Data Center Network Manager
Version: 11.3(1)
Install mode: Compute
What to do next
You must upgrade all the three compute nodes in the cluster.
After the Upgrade process is complete, each compute node will reboot and join the cluster automatically. On
the Cisco DCNM Web UI, choose Applications > Compute to verify if the compute node appears as Joined.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
70
CHAPTER
6
Deployment Best Practices
• Best Practices for Deploying Cisco DCNM and Computes, on page 71
Best Practices for Deploying Cisco DCNM and Computes
This chapter describes the document best practices to deploy Cisco DCNM OVA and ISO in clustered and
unclustered modes. The following sections explain the recommended design for configurations of IP addresses
and relevant IP pools during the Cisco DCNM installation.
The Cisco DCNM OVA or the ISO installation consists of 3 network interfaces:
• dcnm-mgmt network (eth0) interface
This network provides connectivity (SSH, SCP, HTTP, HTTPS) to the Cisco DCNM.
• enhanced-fabric-mgmt (eth1) interface
This network provides enhanced fabric management of Cisco Nexus switches through the out-of-band
or mgmt0 interface.
• enhanced-fabric-inband (eth2) interface
This network provides in-band connection to the fabric through the front-panel ports. This network
interface is used for applications such as Endpoint Locator (EPL) and Network Insights Resources (NIR).
The following figure shows the network diagram for the Cisco DCNM management interfaces.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
71
Deployment Best Practices
Guidelines to Use the Best Practices
Guidelines to Use the Best Practices
The following are the guidelines to remember while you use the best practices for deploying DCNM and
Computes.
• The IP addresses specified in this document are sample addresses. Ensure that your setup reflects the IP
addresses used in the production network.
• Ensure that the eth2 interface subnet is different from the subnet that is associated with the eth0 interface
and the eth1 interface.
• As eth0 and eth1 interfaces are both on the same subnet, the DHCP returns the same IP address, two
responses but same for both queries.
• Cisco DCNM Native HA consists of two Cisco DCNM appliances, that run as Active and Standby
applications. The embedded databases of both Active and Standby appliances are synchronized in real
time. The eth0, eth1, and eth2 interfaces of the Cisco DCNM and Compute nodes, in a clustered mode,
must be Layer-2 adjacent.
• For information about Cluster Mode in your Cisco DCNM Deployment, refer to Applications chapter in
the Cisco DCNM Configuration Guide for your deployment type.
Deployments for Redundancy in Cisco DCNM
This section describes the recommended deployments for redundancy of DCNM operations. As a general
assumption, the DCNM and the compute nodes are installed as Virtual Machines. During Cisco DCNM ISO
installation on Virtual Appliance on UCS (Bare Metal), all DCNMs and computes have their own individual
servers.
Deployment 1: Minimum Redundancy Configuration
The recommended configuration for minimum redundancy in a Cisco DCNM Cluster mode installation is as
follows:
• DCNM Active Node and Compute Node 1 in Server 1
• DCNM Standby Node and Compute Node 2 in Server 2
• Compute Node 3 in Server 3
• Compute VMs deployed on an exclusive disk
• No oversubscription of memory or CPU of the physical servers
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
72
Deployment Best Practices
IP Address Configurations in Cisco DCNM
Figure 8: Cisco DCNM Cluster Mode: Physical Server to VM Mapping
Deployment 2: Maximum Redundancy Configuration
The recommended configuration for maximum redundancy in a DCNM Cluster mode installation is as follows:
• DCNM Active Node(Active) in Server 1
• DCNM Standby Node in Server 2
• Compute Node 1 in Server 3
• Compute Node 2 in Server 4
• Compute Node 3 in Server 5
Figure 9: Cisco DCNM Cluster Mode: Physical Server to VM Mapping
IP Address Configurations in Cisco DCNM
This section describes the best practices and recommended deployments for IP address configurations of all
interfaces of the Cisco DCNM and Compute nodes.
Scenario 1: All 3 Ethernet Interfaces are in Different Subnets
In this scenario, consider all three Ethernet interfaces of DCNM on different subnets.
For example:
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
73
Deployment Best Practices
Scenario 1: All 3 Ethernet Interfaces are in Different Subnets
• eth0 – 172.28.8.0/24
• eth1 – 10.0.8.0/24
• eth2 – 192.168.8.0/24
The possible deployments are as follows:
• Cisco DCNM Unclustered mode, on page 74
• Cisco DCNM Clustered Mode, on page 75
Cisco DCNM Unclustered mode
Figure 10: Cisco DCNM Standalone Deployment without Compute Cluster
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
74
Deployment Best Practices
Scenario 1: All 3 Ethernet Interfaces are in Different Subnets
Figure 11: Cisco DCNM HA Deployment without Compute Cluster
Cisco DCNM Clustered Mode
Figure 12: Cisco DCNM Standalone Deployment with Compute Cluster
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
75
Deployment Best Practices
Scenario 2: eth2 Interface in Different Subnet
Figure 13: Cisco DCNM HA Deployment with Compute Cluster
Scenario 2: eth2 Interface in Different Subnet
In this scenario, consider that the eth0 and eth1 interfaces are in the same subnet, and eth2 interfaces of DCNMs
and Computes are in a different subnet.
For example:
• eth0 – 172.28.8.0/24
• eth1 – 172.28.8.0/24
• eth2 – 192.168.8.0/24
The possible deployments are as follows:
• Cisco DCNM Unclustered Mode, on page 77
• Cisco DCNM Clustered Mode, on page 78
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
76
Deployment Best Practices
Scenario 2: eth2 Interface in Different Subnet
Cisco DCNM Unclustered Mode
Figure 14: Cisco DCNM Standalone deployment (No HA) without Compute Cluster
Figure 15: Cisco DCNM Native HA deployment without Compute Cluster
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
77
Deployment Best Practices
Physical Connectivity of Cisco DCNM and Compute Nodes
Cisco DCNM Clustered Mode
Figure 16: Cisco DCNM Standalone Deployment with Compute Cluster
Figure 17: Cisco DCNM Native HA Deployment with Compute Cluster
Physical Connectivity of Cisco DCNM and Compute Nodes
This section describes the physical connectivity of the Cisco DCNM and Compute nodes in both Virtual
Machines and Bare Metal installations.
Virtual Machines
The following image shows the physical connectivity of DCNM and compute nodes supported in a 3 server
redundancy configuration. The physical servers must be connected to a vPC pair of switches via port-channels.
This provides adequate fault-tolerance, if a single link fails or a single switch fails. The vPC pair of switches
is considered as the infra vPC pair that provides management connectivity to the physical servers.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
78
Deployment Best Practices
Physical Connectivity of Cisco DCNM and Compute Nodes
Figure 18: Cisco DCNM VM Physical Connectivity with 3 servers
The following image shows the physical connectivity of Cisco DCNM and Compute nodes supported in an
VM installation in a 5 server redundancy configuration.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
79
Deployment Best Practices
Physical Connectivity of Cisco DCNM and Compute Nodes
Figure 19: Cisco DCNM VM Physical Connectivity with 5 servers
Bare Metal Installation
For installing Cisco DCNM on Bare Metal, 5 servers are required. The following image shows the physical
connectivity of Cisco DCNM and Compute nodes. Note that, there are 3 physical interfaces on each server
that map to the eth0, eth1, and eth2 interfaces, respectively. If the physical server consists of a managed
network adapter such as the Cisco UCS VIC 1455 Virtual Interface Card, you can have a port-channel
connectivity from the servers to the switches, similar to the Virtual Machines.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
80
Deployment Best Practices
Physical Connectivity of Cisco DCNM and Compute Nodes
Figure 20: Cisco DCNM and Compute Bare Metal Physical Connectivity
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
81
Deployment Best Practices
Physical Connectivity of Cisco DCNM and Compute Nodes
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
82
CHAPTER
7
Disaster Recovery (Backup and Restore)
This chapter contains the following sections:
• Backup and Restore Cisco DCNM Compute in a Clustered Mode of setup, on page 83
• Backup and Restore Cisco DCNM and Application Data on Standalone DCNM setup, on page 83
• Backup and Restore Cisco DCNM and Application Data on Native HA setup, on page 84
• Recovering Cisco DCNM Single HA Node, on page 85
Backup and Restore Cisco DCNM Compute in a Clustered Mode
of setup
Note
appmgr backup command is not supported on the Compute node.
When one compute node is lost due to a disaster, and you are unable to recover the node, deploy the node
again with the same parameters on the Cisco DCNM installer.
This will reflect as a reboot of the compute node with lost data. The node will join the cluster automatically.
After the node joins the cluster, all the data will synchronize from the other compute nodes.
Backup and Restore Cisco DCNM and Application Data on
Standalone DCNM setup
You can take a backup of Cisco DCNM application data for analytics and troubleshooting.
Perform the following task to take a backup of Cisco DCNM and Application data.
Procedure
Step 1
Logon to the Cisco DCNM appliance using SSH.
Step 2
Take a backup of the application data using the appmgr backup command.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
83
Disaster Recovery (Backup and Restore)
Backup and Restore Cisco DCNM and Application Data on Native HA setup
dcnm# appmgr backup
Copy the backup file to a safe location and shut down the DCNM Appliance.
Step 3
Right click on the installed VM and select Power > Power Off.
Step 4
Deploy the new DCNM appliance.
Step 5
After the VM is powered on, click on Console tab.
A message indicating that the DCNM appliance is configuring appears on the screen.
Copy and paste the URL to the browser to continue with restore process.
Step 6
On the DCNM Web Installer UI, click Get Started.
Step 7
On the Cisco DCNM Installer screen, select radio button.
Select the backup file that was generated in Step Step 2, on page 83.
Continue to deploy the DCNM.
Step 8
On the Summary tab, review the configuration details.
Click Previous to go to the previous tabs and modify the configuration. Click Start Installation complete
Cisco DCNM Virtual Appliance Installation for the chosen deployment mode.
A progress bar appears showing the completed percentage, description of the operation, and the elapsed time
during the installation.
After the progress bar shows 100%, click Continue.
Step 9
After the data is restored, check the status using the appmgr status all command.
Backup and Restore Cisco DCNM and Application Data on
Native HA setup
You can take a backup of Cisco DCNM application data for analytics and troubleshooting.
Perform the following task to take perform backup and restore of data in a Native HA setup.
Before you begin
Ensure that the Active node is operating and functional.
Procedure
Step 1
Check if the Active node is operational. Otherwise, trigger a failover.
Step 2
Logon to the Cisco DCNM appliance using SSH.
Step 3
Take a backup of the application data using the appmgr backup command on both Active and Standby
appliances.
dcnm1# appmgr backup
dcnm2 appmgr backup
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
84
Disaster Recovery (Backup and Restore)
Recovering Cisco DCNM Single HA Node
Copy the backup file of both active and standby appliances to a safe location and shut down the DCNM
Appliance.
Step 4
Right click on the installed VM and select Power > Power Off.
Step 5
Deploy the new DCNM appliance in Native HA mode.
Step 6
For both the Active and Standby appliances, after the VM is powered on, click on Console tab.
A message indicating that the DCNM appliance is configuring appears on the screen.
Copy and paste the URL to the browser to continue with restore process.
Step 7
On the DCNM Web Installer UI, click Get Started.
Step 8
On the Cisco DCNM Installer screen, select radio button.
Select the backup file that was generated in Step Step 3, on page 84.
The values for parameters are read from the backup file, and auto-populated. Modify the values, if required.
Continue to deploy the DCNM.
Step 9
On the Summary tab, review the configuration details.
Click Previous to go to the previous tabs and modify the configuration. Click Start Installation complete
Cisco DCNM Virtual Appliance Installation for the chosen deployment mode.
A progress bar appears showing the completed percentage, description of the operation, and the elapsed time
during the installation.
After the progress bar shows 100%, click Continue.
Step 10
After the data is restored, check the status using the appmr status all command.
Recovering Cisco DCNM Single HA Node
This section details the scenarios and provides instructions to recover Cisco DCNM Single HA node.
The following table details all the recovery procedures when one or both the nodes fail in a Cisco DCNM
Native HA set up.
Failure type
Node/Database Primary Secondary Recovery procedure
to recover
backup backup
available available
Primary node is lost.
Primary Node
—
—
Secondary node is now
Primary (due to fail over).
Primary and Secondary server Primary
database is lost. Secondary
database
node is now Primary (due to
fail over)
1. Convert Secondary node to
Primary node.
2. Configure new Secondary node.
—
—
The Active Secondary node will
restart and sync to the Standby
Primary node.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
85
Disaster Recovery (Backup and Restore)
Recovering Cisco DCNM Single HA Node
Failure type
Node/Database Primary Secondary Recovery procedure
to recover
backup backup
available available
Active Secondary node is lost. Secondary node —
Primary node is now active
due to fail over.
No
Configure new Secondary node.
Active Secondary node is lost. Secondary node —
Primary node is not active due
to fail over.
Yes
Configure new Secondary node, using
the Web Installer. Choose Fresh
installation with backup file for
restore. Select Restore secondary
DCNM node only in HA settings
screen.
Secondary standby node is
lost.
Secondary node —
No
Configure new Secondary node.
Secondary standby node lost
Secondary node —
Yes
Configure new Secondary node, using
the Web Installer. Choose Fresh
installation with backup file for
restore. Select Restore secondary
DCNM node only in HA settings
screen.
Primary node is active.
Secondary standby database
lost.
Secondary
database
—
Primary node will restart to sync with
Secondary node.
—
Converting Secondary node to Primary node
To convert the secondary node to Primary node, perform the following steps:
1. Log on to the DCNM server via SSH on the Secondary node.
2. Stop all the applications on the Secondary node by using the appmgr stop all command.
3. Navigate to the ha-setup.properties file.
4. Set the node ID to 1 to configure the secondary node as the primary node.
NODE_ID 1
After you change the node ID for the secondary node to 1, reboot the server. The old Secondary will restart
as the new Primary Node. Consider the lost Primary as lost secondary node, and configure the new secondary
node.
Configuring Secondary node
To configure the secondary node, perform the following steps:
1. Install a standalone Cisco DCNM. Use the same configuration settings as the lost secondary node.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
86
Disaster Recovery (Backup and Restore)
Recovering Cisco DCNM Single HA Node
Note
If the Primary node was lost, and the old secondary node was converted to primary node, configure the new
standalone node with the lost primary configuration.
2. Log on to the new DCNM standalone server via SSH, and stop all applications, using the appmgr stop
all command.
3. Provide access to the /root directory on the new node, using the appmgr root-access permit.
4. Log on to the primary node via SSH, and stop all applications, using the appmgr stop all command.
5. Provide access to the /root directory on the Primary node, using the appmgr root-access permit.
6. On the Primary node, edit the /root/.DO_NOT_DELETE file. Set the NATIVE_HA_STATUS
parameter to NOT_TRIGGERED on the primary node.
7. Configure the Primary node as Active, using the appmgr setup native-ha active command.
8. Configure the Secondary node as Standby, using the appmgr setup native-ha secondary command.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
87
Disaster Recovery (Backup and Restore)
Recovering Cisco DCNM Single HA Node
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
88
CHAPTER
8
Certificates
• Certificate Management, on page 89
Certificate Management
Note
This section to applicable only for DCNM OVA/ISO deployments.
From Release 11.2(1), Cisco DCNM allows new methods and new CLIs for installing, restoring after upgrade,
and verifying certificates on the system. You can export certificates from the Active node to the Standby node,
to ensure that both peers on the Native HA setup have the same certificates.
In a Cisco DCNM Native HA setup, after you install a CA certificate on the Active node and start the services,
the certificates are automatically synchronized with the Standby node. If you need the same internal certificate
on both Active and Standby nodes, you must export the certificate from the Active node to the Standby node.
This ensures that both the peers on the Cisco Native HA setup have the same certificates.
Note
From Release 11.3(1), you must use sysadmin role for certificate management.
Cisco DCNM stores two certificates:
• Self-signed certificate, for internal communication between the Cisco DCNM Server and various
applications
• CA (Certificate Authority) Signed certificate, for communicating with the external world, such as Web
UI.
Note
Until you install a CA Signed certificate, Cisco DCNM retains a self-signed certificate for the communicating
with the external network.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
89
Certificates
Best practices for Certificate Management
Best practices for Certificate Management
The following are the guidelines and best practices for Certificate Management in Cisco DCNM.
• Cisco DCNM provides CLI based utilities to display, install, restore, and export or import of certificates.
These CLIs are available through SSH console, and only a sysadmin user can accomplish these tasks.
• When you install Cisco DCNM, a self-signed certificate is installed, by default. This certificate is used
to communicate with the external world. After Cisco DCNM installation, you must install a CA-Signed
certificate on the system.
• On Cisco DCNM Native HA setup, we recommend that you install a CA-Signed certificate on the DCNM
Active Node. The CA-Signed certificate will synchronize with the Standby node automatically. However,
if you want to keep the same internal and CA-Signed certificate on both Active node and Standby node,
you must export the certificates from Active node and import it to the Standby node. Both the Active
node and Standby node will have the same set of certificates.
Note
Compute nodes in a cluster deployment do not require any action, as the compute
nodes use internally managed certificates.
• Generate a CSR on Cisco DCNM with a CN (common name). Provide a VIP FQDN (Virtual IP Address
FQDN) as CN to install a CA Signed certificate. The FQDN is the fully qualified domain name for the
management subnet VIP (VIP of eth0) interface that is used to access Cisco DCNM Web UI.
• If the CA Signed certificate was installed prior to upgrading the Cisco DCNM, then you must restore
the CA Signed certificate after you upgrade the Cisco DCNM.
Note
You need not take a backup of certificates when you perform inline upgrade or
backup and restore.
Display Installed Certificates
You can view the details of the installed certificate by using the following command:
appmgr afw show-cert-details
In the following sample output for the appmgr afw show-cert-details command, CERTIFICATE 1 represents
the certificate offered to the external network and to the Web browsers. CERTIFICATE 2 represents the
internally used certificate.
dcnm# appmgr afw show-cert-details
****CERTIFICATE 1****
[Certificate available to web gateway. This certificate is offered to webclients]:
--------------Web gateway certificate--------------------------------------Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4202 (0x106a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=IN, ST=KA, L=BGL, O=xyz, OU=ABC, CN=<FQDN/IP>
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
90
Certificates
Display Installed Certificates
Validity
Not Before: Jun 4 13:55:25 2019 GMT
Not After : Jun 3 13:55:25 2020 GMT
Subject: C=IN, ST=KA9, L=BGL9, O=XYZ123, OU=ABC123, CN=<FQDN/IP>
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bb:52:1e:7f:24:d7:2e:24:62:5a:83:cc:e4:88:
--------------Certificate output is truncated to first 15 lines-------------****CERTIFICATE 2****
[Certificate available in keystore(jks). CA signed certificate is installed here till DCNM
version 11.1.x]
If you have upgraded from DCNM version 11.1.x to later version please see installation guide
to restore
CA signed certificate to upgraded version.
--------------Keystore certificate------------------------------------------alias = sme, storepass = <<storepass-pwd>>
Alias name: sme
Creation date: Oct 14, 2018
Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=localhost, OU=Data Center, O=Cisco Systems Inc, L=San Jose, ST=CA, C=US
Issuer: CN=dcnmca, OU=Data Center, O=Cisco Systems Inc, L=San Jose, ST=CA, C=US
Serial number: 62044620
Valid from: Sun Oct 14 20:39:39 PDT 2018 until: Fri Oct 13 20:39:39 PDT 2023
Certificate fingerprints:
MD5: E5:F8:AD:17:4D:43:2A:C9:EE:35:5F:BE:D8:22:7D:9C
SHA1: 38:66:F1:CD:10:61:27:E7:43:85:10:41:3D:A3:4B:5C:C9:CC:17:5E
SHA256:
E0:87:D8:34:71:18:FE:8C:AB:18:0B:D7:85:B1:91:A8:4B:75:A3:91:BA:90:83:46:72:87:FE:FE:FE:04:F0:E1
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
--------------Certificate output is truncated to first 15 lines-------------dcnm#
The Web UI refers to the CERTIFICATE 1 after installation. If CERTIFICATE 1 is not available, you
must stop and restart all applications, using the following commands:
Note
Ensure that you follow the same sequence of commands on the Cisco DCNM to troubleshoot this scenario.
On the Cisco DCNM Standalone appliance, run the following commands to stop and start all Cisco DCNM
applications to troubleshoot CERTIFICATE 1:
dcnm# appmgr stop all /* stop all the applications running on Cisco DCNM */
dcnm# appmgr start all /* start all the applications running on Cisco DCNM */
On the Cisco DCNM Native HA appliance, run the following commands to stop and start all Cisco DCNM
applications to troubleshoot CERTIFICATE 1:
For example, let us indicate the Active node as dcnm1, and Standby node dcnm2.
Stop the applications running on the both the nodes.
dcnm2# appmgr stop all /* stop all the applications running on Cisco DCNM Standby Node */
dcnm1# appmgr stop all /* stop all the applications running on Cisco DCNM Active Node */
Start the applications on both nodes.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
91
Certificates
Installing a CA Signed Certificate
dcnm1# appmgr start all /* start all the applications running on Cisco DCNM Active Node*/
dcnm2# appmgr start all /* start all the applications running on Cisco DCNM Standby Node*/
Note
Ensure that you clear the browser cache before you launch the Cisco DCNM Web UI, using the Management
IP Address.
The CERTIFICATE 1 is displayed in the Security settings on the browser.
Installing a CA Signed Certificate
We recommend that you install a CA Signed certificate as a standard security practice. The CA Signed
certificates are recognized, and verified by the browser. You can also verify the CA Signed certificate manually.
Note
The Certificate Authority can be an Enterprise Signing Authority, also.
Installing a CA Signed Certificate on Cisco DCNM Standalone Setup
To install a CA Signed certificate on the Cisco DCNM, perform the following steps.
Procedure
Step 1
Logon to the DCNM server via SSH terminal.
Step 2
Generate a CSR on the Cisco DCNM server using the appmgr afw gen-csr command:
Note
CSR is unique to a Cisco DCNM, and only a corresponding CSR signed certificate must be installed
on a given Cisco DCNM.
dcnm# appmgr afw gen-csr
Generating CSR....
..
...
----Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:CA
Locality Name (eg, city) [Default City]:San Jose
Organization Name (eg, company) [Default Company Ltd]:Cisco
Organizational Unit Name (eg, section) []:DCBG
Common Name (eg, your name or your server's hostname) []:dcnmhost.cisco.com
Email Address []:[email protected]
Please enter the following 'extra' attributes to be sent with your certificate request
A challenge password []: /* This field is not mandatory */
An optional company name []: /* This field is not mandatory */
...
A CSR file dcnmweb.csr is created in the /var/tmp/ directory.
********** CA certificate installation not completed yet. Please do followings. **********
CSR is generated and placed at /var/tmp/dcnmweb.csr.
Please download or copy the content to your certificate signing server.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
92
Certificates
Installing a CA Signed Certificate on Cisco DCNM Native HA setup
Step 3
Send this CSR to your Certificate signing server.
Note
Step 4
The CA Signing server is local to your organization.
Get the certificate signed by your Certificate Authority.
The Certificate Authority (CA) returns 3 certificates, namely, Primary, Intermediate (also known as
Issuing/Subordinate), and Root certificates. Combine all the three certificates into one .pem file to import to
DCNM.
Step 5
Copy the new CA Signed certificate to Cisco DCNM server.
Ensure that the certificate is located at /var/tmp directory on the Cisco DCNM Server.
Step 6
Install the CA Signed certificate on the Cisco DCNM by using the following commands:
Note
We recommend that you run the following commands in the same sequence as shown below.
dcnm# appmgr stop all /* Stop all applications running on Cisco DCNM
dcnm# appmgr afw install-CA-signed-cert <CA-signed certificate directory>
/* CA-signed certificate with full or relative path */
Making the signed certificate available to web gateway....
CA signed certificate CA-signed-cert.pem is installed. Please start all applications as
followings:
On standalone setup execute: 'appmgr start all'
Step 7
Restart all applications with the new certificate on Cisco DCNM using the appmgr start all command.
dcnm# appmgr start all
Step 8
Verify the newly installed CA Signed certificate using the appmgr afw show-cert-details command.
The system is now armed with the CA Signed certificate, which is verified at the browser.
Note
CSR is unique to a Cisco DCNM, and only a corresponding CSR signed certificate must be installed
on a given Cisco DCNM.
Installing a CA Signed Certificate on Cisco DCNM Native HA setup
To install a CA Signed certificate on the Cisco DCNM, perform the following steps.
Note
We recommend that you run the following commands in the same sequence as shown below.
Procedure
Step 1
On the Active node, logon to the DCNM server via SSH terminal.
Note
For example, let us indicate the Cisco DCNM Active and Standby appliances as dcnm1 and dcnm2
respectively.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
93
Certificates
Installing a CA Signed Certificate on Cisco DCNM Native HA setup
Step 2
Generate a CSR on the Cisco DCNM server using the appmgr afw gen-csr command:
Note
CSR is unique to a Cisco DCNM, and only a corresponding CSR signed certificate must be installed
on a given Cisco DCNM.
dcnm1# appmgr afw gen-csr
Generating CSR....
..
...
----Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:CA
Locality Name (eg, city) [Default City]:San Jose
Organization Name (eg, company) [Default Company Ltd]:Cisco
Organizational Unit Name (eg, section) []:DCBG
Common Name (eg, your name or your server's hostname) []:dcnmhost.cisco.com
/* Provide a VIP FQDN name of the eth0 interface*/
Email Address []:[email protected]
Please enter the following 'extra' attributes to be sent with your certificate request
A challenge password []: /* This field is not mandatory */
An optional company name []: /* This field is not mandatory */
...
Note
For generating CSR on the Active node, we recommend that you provide a VIP FQDN name of
eth0 interface, when for prompted for Common Name.
This FQDN must be the web server address that you enter on the browser to launch the Cisco DCNM Web
UI.
A CSR file dcnmweb.csr is created in the /var/tmp/ directory.
********** CA certificate installation not completed yet. Please do followings. **********
CSR is generated and placed at /var/tmp/dcnmweb.csr.
Please download or copy the content to your certificate signing server.
Step 3
Send this CSR to your Certificate signing server.
Note
The CA Signing server is local to your organization.
The CA Signing server can be the CA certificate signing authority in your organizations, or your
local CA to your organization.
Step 4
Get the certificate signed by your Certificate Authority.
Step 5
Copy the new CA Signed certificate to Cisco DCNM server.
Ensure that the certificate is located at /var/tmp directory on the Cisco DCNM Server.
Step 6
On the Standby node, logon to the DCNM server via SSH terminal.
Step 7
Stop all the applications on the Standby node using the appmgr stop all command.
dcnm2# appmgr stop all /* Stop all applications running on Cisco DCNM Standby Node
dcnm2#
Step 8
On the Active node, stop all the applications by using the appmgr stop all command.
dcnm1# appmgr stop all /* Stop all applications running on Cisco DCNM Active Node
dcnm2#
Step 9
On the Active node, install the CA Signed certificate on the Cisco DCNM by using the appmgr afw
install-CA-signed-cert command.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
94
Certificates
Exporting certificate from Active Node to Standby Node
dcnm1# appmgr afw install-CA-signed-cert <CA-signed certificate directory>
/* CA-signed certificate with full or relative path */
Making the signed certificate available to web gateway....
CA signed certificate CA-signed-cert.pem is installed. Please start all applications as
followings:
On standalone setup execute: 'appmgr start all'
Step 10
On the Active node, restart all applications with the new certificate on Cisco DCNM using the appmgr start
all command.
dcnm1# appmgr start all
/* Start all applications running on Cisco DCNM Active Node
Ensure that all services on Cisco DCNM Active node is operational before you proceed further.
Note
Step 11
Logon to the Cisco DCNM Web UI and check if the Certificate details are correct.
On the Standby node, restart all applications with the new certificate on Cisco DCNM using the appmgr start
all command.
dcnm2# appmgr start all
/* Start all applications running on Cisco DCNM Standby Node
This will ensure that the Standby node makes a fresh peer relationship with the Active Node. Therefore, the
newly installed CA Signed certificate on the Active node will be synchronized on the Standby node.
Step 12
Verify the newly installed CA Signed certificate using the appmgr afw show-cert-details command, on both
Active and Standby nodes.
The system is now armed with the CA Signed certificate, which is verified at the browser.
Note
If the Certificates information is not displayed, we recommend that you wait for a few minutes. The
Secondary node takes a while to synchronize with the Active node.
If you want to retain the same internal and CA Signed certificate on both peers on a Native HA setup, first
install the certificates on the Active node. After installing certificates on the Active node, export the certificates
from Active node and import the same certificates to the Standby node.
Exporting certificate from Active Node to Standby Node
The following procedure applies to the Cisco DCNM Native HA setup only. The CA Signed certificate installed
on the Active node is always synced to the Standby node. However, the internal certificate differs on both
Active and Standby nodes. If you want to keep the same set of certificates on both peers, you must perform
the procedure described in this section.
Note
You may choose not to export any certificates, because the internal certificates are internal to the system.
These certificates can differ on Active and Standby nodes without having any functional impact.
To export the CA Signed certificate from Active node and import the certificate to the Standby node, perform
the following procedure.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
95
Certificates
Restoring the certificates after an upgrade
Procedure
Step 1
On the Active node, logon to the DCNM server via SSH terminal.
Step 2
Create a certificate bundle, by using the appmgr afw export-import-cert-ha-peer export command.
dcnm1# appmgr afw export-import-cert-ha-peer export
Step 3
Copy the certificate bundle to the Standby node.
Note
Step 4
Ensure that you copy the certificate on the Standby node to the location as specified on the SSH
terminal.
On the Standby node, stop all the applications by using the appmgr stop all command.
dcnm2# appmgr stop all /* Stop all applications running on Cisco DCNM Standby Node
dcnm2#
Step 5
Import the certificates to the Standby node by using the appmgr afw export-import-cert-ha-peer import
command.
The certificates bundle is imported and installed on the Standby node.
Step 6
Step 7
On the Standby node, restart all applications with the new certificate on Cisco DCNM using the appmgr start
all command.
dcnm2# appmgr start all
/* Start all applications running on Cisco DCNM Standby Node
This ensures that the new imported certificate are effective when applications are started on the Standby node.
Step 8
On the Standby node, verify the newly imported CA Signed certificate using the appmgr afw show-cert-details
command.
The system is now armed with same certificates on both Active and Standby nodes.
Restoring the certificates after an upgrade
This mechanism applies to Cisco DCNM Upgrade procedure using the inline upgrade process only. This
procedure is not required for the backup and restore of data on the same version of the Cisco DCNM appliance.
Note that certificate restore is a disruptive mechanism; it requires you to stop and restart applications. Restore
must performed only when the upgraded system is stable, that is, you must be able to login to Cisco DCNM
Web UI. On a Cisco DCNM Native HA setup, both the Active and Standby nodes must have established peer
relationship.
Note
A certificate needs to be restored only in following situations:
• if a CA signed certificate was installed on the system before upgrade, and,
• if you're upgrading from a version prior to 11.2(1) to version 11.2(1) or later.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
96
Certificates
Restoring Certificates on Cisco DCNM Standalone setup after Upgrade
After upgrading the Cisco DCNM, you must always verify the certificate before restoring to check if
CERTIFICATE 1 is the CA signed certificate. You must restore the certificates, if otherwise.
Verify the certificates using the appmgr afw show-cert-details as shown in the sample output below.
dcnm# appmgr afw show-cert-details
****CERTIFICATE 1****
[Certificate available to web gateway. This certificate is offered to webclients]:
--------------Web gateway certificate-------------------------------Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1575924977762797464 (0x15decf6aec378798)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=CA, L=San Jose, O=Enterprise CA inc, OU=Data Center, CN=dcnm1.ca.com
Validity
Not Before: Dec 9 20:56:17 2019 GMT
Not After : Dec 9 20:56:17 2024 GMT
Subject: C=US, ST=CA, L=San Jose, O= Enterprise CA inc, OU=Data Center,
CN=dcnm1.ca.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cf:6e:cd:c6:a9:30:08:df:92:98:38:49:9c:2a:
--------------Certificate output is truncated to first 15 lines-------------****CERTIFICATE 2****
[Certificate available in keystore(jks). CA signed certificate is installed here till DCNM
version 11.1.x]
If you have upgraded from DCNM version 11.1.x to later version please see installation guide
to restore
CA signed certificate to upgraded version.
--------------Keystore certificate------------------------------------------Alias name: sme
Creation date: Oct 14, 2018
Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=localhost, OU=Data Center, O=Cisco Systems Inc, L=San Jose, ST=CA, C=US
Issuer: CN=dcnmca, OU=Data Center, O=Cisco Systems Inc, L=San Jose, ST=CA, C=US
Serial number: 62044620
Valid from: Sun Oct 14 20:39:39 PDT 2018 until: Fri Oct 13 20:39:39 PDT 2023
Certificate fingerprints:
SHA1: 38:66:F1:CD:10:61:27:E7:43:85:10:41:3D:A3:4B:5C:C9:CC:17:5E
SHA256:
E0:87:D8:34:71:18:FE:8C:AB:18:0B:D7:85:B1:91:A8:4B:75:A3:91:BA:90:83:46:72:87:FE:FE:FE:04:F0:E1
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
--------------Certificate output is truncated to first 15 lines-----dcnm#
Restoring Certificates on Cisco DCNM Standalone setup after Upgrade
To restore the certificates after you upgrade the Cisco DCNM Standalone deployment to Release 11.3(1),
perform the following:
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
97
Certificates
Restoring Certificates on Cisco DCNM Native HA setup after Upgrade
Procedure
Step 1
Note
When you upgrade to Release 11.3(1), a backup of the CA Signed certificate is created.
After you have successfully upgraded the Cisco DCNM Standalone appliance, logon to the DCNM server via
SSH.
Step 2
Stop all the applications using the following command:
appmgr stop all
Step 3
Restore the certificate by using the following command:
appmgr afw restore-CA-signed-cert
Step 4
Enter yes to confirm to restore the previously installed certificate.
Step 5
Start all the applications using the following command:
appmgr start all
Step 6
Verify the newly installed CA Signed certificate using the appmgr afw show-cert-details command.
The system is now armed with the CA Signed certificate, which is verified at the browser.
Restoring Certificates on Cisco DCNM Native HA setup after Upgrade
In a Cisco DCNM Native HA setup, the certificate is installed on both the Active and Standby nodes. You
must restore the certificate only on the Active node. The certificate will synchronize with the Standby node
automatically.
To restore the certificates after you upgrade the Cisco DCNM Standalone deployment to Release 11.3(1),
perform the following:
Procedure
Step 1
Logon to the Cisco DCNM server via SSH.
Note
Step 2
For example, let us indicate Active and Standby appliances as dcnm1 and dcnm2 respectively.
On the Standby node, stop all the applications using the appmgr stop all command.
dcnm2# appmgr stop all /* Stop all applications running on Cisco DCNM Standby Node
Step 3
On the Active node, stop all the applications using the appmgr stop all command.
dcnm1# appmgr stop all /* Stop all applications running on Cisco DCNM Active Node
Step 4
Restore the certificate on the Active node by using the appmgr afw restore-CA-signed-cert command.
dcnm1# appmgr afw restore-CA-signed-cert
Step 5
Enter yes to confirm to restore the previously installed certificate.
Step 6
On the Active node, start all the applications using the appmgr start all command.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
98
Certificates
Recovering and Restoring Previously Installed CA Signed Certificates
dcnm1# appmgr start all /* Start all applications running on Cisco DCNM Active Node
Ensure that all services on Cisco DCNM Active node is operational before you proceed further.
Note
Step 7
Logon to the Cisco DCNM Web UI and check if the Certificate details are correct.
On the Standby node, start all the applications using the appmgr start all command.
dcnm2# appmgr start all
/* Start all applications running on Cisco DCNM Standby Node
Wait for some time, while the Standby node synchronizes with the Active node.
Step 8
Verify the newly installed CA Signed certificate using the appmgr afw show-cert-details command, on both
Active and Standby nodes.
The system is now armed with the CA Signed certificate, which is verified at the browser.
Recovering and Restoring Previously Installed CA Signed Certificates
Installing, restoring, managing CA signed certificate is a time-consuming process as a third-party signing
server is involved. This may also lead to omissions or mistakes which can result in installing wrong certificates.
In such a scenario, we recommend that you restore the certificates that were installed prior to the latest install
or upgrade.
To recover and restore the previously installed CA signed certificates, perform the following steps.
Procedure
Step 1
Logon to the DCNM server via SSH terminal.
Step 2
Navigate to the /var/lib/dcnm/afw/apigateway/ directory.
dcnm# cd /var/lib/dcnm/afw/apigateway/
dcnm# ls -ltr /* View the contents of the folder
total 128
-rw------- 1 root root 1844 Nov 18 13:14 dcnmweb.key.2019-11-20T132939-08:00
-rw-r--r-- 1 root root 1532 Nov 18 13:14 dcnmweb.crt.2019-11-20T132939-08:00
-rw------- 1 root root 1844 Nov 20 10:15 dcnmweb.key.2019-11-20T132950-08:00
-rw-r--r-- 1 root root 1532 Nov 20 10:15 dcnmweb.crt.2019-11-20T132950-08:00
-rw------- 1 root root 1844 Dec 22 13:59 dcnmweb.key
-rw-r--r-- 1 root root 1532 Dec 22 13:59 dcnmweb.crt
.
..
...
dcnmweb.key and dcnmweb.crt are the key and certificate files that are installed on the system, currently.
Similar filenames, with timestamp suffix, help you in identifying the key and certificate pairs installed prior
to the recent upgrade or restore.
Step 3
Stop all applications running on Cisco DCNM using appmgr stop all command.
Step 4
Take a backup of dcnmweb.key and dcnmweb.crt files.
Step 5
Identify the older key and certificate pair that you want to restore.
Step 6
Copy the key and certificate pair as dcnmweb.key and dcnmweb.crt (without timestamp suffix).
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
99
Certificates
Verifying the installed certificate
Step 7
Start all applications running on Cisco DCNM using appmgr start all command.
Step 8
Verify the details of the certificate using the appmgr afw show-cert-details command. CERTIFICATE 1 is
the CA signed certificate.
Note
If the CA signed certificate is not visible to Cisco DCNM Web UI, or if the DCNM Server sends
any failure message, you must reboot the system.
Verifying the installed certificate
While the installed certificate can be verified using the appmgr afw show-cert-details command, the web
browser verifies if the certificate is effective or not. Cisco DCNM supports all standard browsers (Chrome,
IE, Safari, Firefox). However, each browser display the certificate information differently.
We recommend that you refer to the browser specific information on that browser provider website.
The following snippet is a sample from the Chrome Browser, Version 74.0.3729.169, to verify the certificate.
1. Enter URL https://<dcnm-ip-address> or https://<FQDN> in the address bar on the browser.
Press the Return key.
2. Based on the type of certificate, the icon on the left of the URL field shows a lock icon [
icon [
].
Click on the icon.
3. On the card, click Certificate field.
The information in the certificate is displayed.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
100
] or an alert
Certificates
Verifying the installed certificate
The information that is displayed must match with the details as displayed on CERTIFICATE 1 when
you view the certificate details using the appmgr afw show-cert-details.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
101
Certificates
Verifying the installed certificate
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
102
CHAPTER
9
Running Cisco DCNM Behind a Firewall
This chapter provides information about running Cisco DCNM behind a firewall.
• Running Cisco DCNM Behind a Firewall, on page 103
• Configuring Custom Firewalls, on page 105
Running Cisco DCNM Behind a Firewall
Generally, an Enterprise (external world) and Data center is separated by a firewall, i.e., DCNM is configured
behind a firewall. The Cisco DCNM Web Client and SSH connectivity must pass-through that firewall. Also,
a firewall can be placed between the DCNM Server and DCNM-managed devices.
All Cisco DCNM Native HA nodes must be on the same side of the firewall. The internal DCNM Native HA
ports are not listed, as it is not recommended to configure a firewall in between the Native HA nodes.
Note
When you add or discover LAN devices in DCNM, java is used as a part of the discovery process. If firewall
blocks the process then it uses TCP connection port 7 as a discovery process. Ensure that the
cdp.discoverPingDisable server property is set to true. Choose Web UI > Administration > DCNM Server
> Server Properties to set the server property.
Any standard port where the Ingress traffic enters from clients cannot be modified unless you disable the local
firewall.
The following table lists all ports that are used for communication between Cisco DCNM Web Client, SSH
Client, and Cisco DCNM Server.
Port Number
Protocol
Service Name
Direction of
Communication
Remarks
22
TCP
SSH
Client to DCNM
Server
SSH access to
external world is
optional.
443
TCP
HTTPS
Client to DCNM
Server
This is needed to
reach DCNM Web
Server.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
103
Running Cisco DCNM Behind a Firewall
Running Cisco DCNM Behind a Firewall
Port Number
Protocol
Service Name
Direction of
Communication
Remarks
2443
TCP
HTTPS
Client to DCNM
Server
Required during
installation, to reach
the server. DCNM
closes this port after
installation
completes.
The following table lists all ports that are used for communication between Cisco DCNM Server and other
services.
Note
The services can be hosted on either side of the firewall.
Port Number
Protocol
Service Name
Direction of
Communication
Remarks
49
TCP/UDP
TACACS+
DCNM Server to
DNS Server
ACS Server can be
either side of the
firewall.
53
TCP/UDP
DNS
DCNM Server to
DNS Server
DNS Server can be
either side of the
firewall.
123
UDP
NTP
DCNM Server to
NTP Server
NTP Server can be
either side of the
firewall.
5000
TCP
Docker Registry
Incoming to DCNM Docker Registry
Server
Service on DCNM
Server listening to
requests from
DCNM compute
nodes.
5432
TCP
Postgres
DCNM Server to
Default installation
Postgres DB Server of DCNM does not
need this port.
This is needed only
when Postgres is
installed external to
the DCNM host
machine.
The following table lists all ports that are used for communication between DCNM Server and managed
devices:
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
104
Running Cisco DCNM Behind a Firewall
Configuring Custom Firewalls
Port Number
Protocol
Service Name
Direction of
Communication
Remarks
22
TCP
SSH
Both Direction
DCNM Server to
Device – To manage
devices.
Device to DCNM
Server – SCP
(POAP).
67
UDP
DHCP
Device to DCNM
Server
69
TCP
TFTP
Device to DCNM
Server
Required for POAP
161
TCP/UDP
SNMP
Server to DCNM
Device
DCNM configured
via
server.properties
to use TCP uses
TCP port 161,
instead of UDP port
161.
514
UDP
Syslog
Device to DCNM
Server
2162
UDP
SNMP_TRAP
Device to DCNM
Server
33000-33499
TCP
gRPC
Device to DCNM
Server
LAN Telemetry
Streaming
Configuring Custom Firewalls
Note
This is applicable for DCNM OVA/ISO deployments only.
Cisco DCNM Server deploys a set of IPTables rules, known as DCNM Local Firewall. These rules open
TCP/UDP ports that are required for Cisco DCNM operations. You can’t manipulate the built-in Local Firewall
without accessing the OS interface, through SSH, and change the rules. Don’t change the Firewall rules, as
it may become vulnerable to attacks, or impact the normal functioning of DCNM.
To cater to a given deployment or a network, Cisco DCNM allows you to configure your own firewall rules,
from Release 11.3(1), using CLIs.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
105
Running Cisco DCNM Behind a Firewall
Configuring Custom Firewalls
Note
These rules can be broad or granular, and supersedes the built-in Local Firewall rules. Therefore, configure
these rules carefully, during a maintenance period.
You don’t need to stop or restart DCNM server or applications to configure custom firewalls.
Caution
IPTable prioritizes the rules in the order that they are configured. Therefore, more granular rules must be
installed in the beginning. To ensure that the order of the rules is as required, you can create all rules in a text
editor, and then execute the CLIs in the desired order. If rules need to be adjusted, you can flush all rules and
configure the rules in the desired order.
You can perform the following operations on the Custom Firewalls.
Note
Run all the commands on the Cisco DCNM server using SSH.
Custom Firewall CLI
View the custom firewall CLI chain help and examples using the appmgr user-firewall command.
dcnm# appmgr user-firewall
dcnm# appmgr user-firewall – h
Configure Rules for Custom Firewall
Configure the custom firewall rules using the appmgr user-firewall {add | del} command.
appmgr user-firewall {add | del} proto {tcp | udp} port {<port><port range n1:n2>}
[{in | out} <interface name>] [srcip <ip-address> [/<mask>]] [dstip <ip-address> [/<mask>]]
action {permit | deny}
Note
The custom firewall rules supersede the local Firewall rules. Therefore, be cautious and ensure that the
functionalities aren’t broken.
Example: Sample Custom Firewall Rules
• dcnm#
appmgr user-firewall add proto tcp port 7777 action deny
This rule drops all TCP port 7777 traffic on all interfaces.
• dcnm#
appmgr user-firewall add proto tcp port 443 in eth1 action deny
This rule drops all TCP port 443 incoming traffic on interface eth1.
• dcnm#
appmgr user-firewall add proto tcp port 7000:7050 srcip 1.2.3.4 action deny
This rule drops TCP port range 10000-10099 traffic coming from IP address 1.2.3.4.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
106
Running Cisco DCNM Behind a Firewall
Configuring Custom Firewalls
Preserving Custom Firewall Rules
Preserve the custom firewall rules across reboots, using the appmgr user-firewall commit command.
Note
Each time you modify the rules, you must execute this command to preserve the rules across reboots.
Installing Custom Firewall Rules on Native HA Standby Node
In a Cisco DCNM Native HA setup, when you execute the appmgr user-firewall commit on the Active
node, the rules are synchronized to the Standby node automatically. However, the new rules are operational
only after a system reboot.
To apply the rules immediately, install the custom firewall rules on Standby node using the appmgr
user-firewall user-policy-install command.
Deleting Custom Firewalls
Delete all the custom firewalls using the appmgr user-firewall flush-all command.
To delete the custom firewalls permanently, use the appmgr user-firewall commit command.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
107
Running Cisco DCNM Behind a Firewall
Configuring Custom Firewalls
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
108
CHAPTER
10
Managing Applications in a High-Availability
Environment
This chapter describes how to configure a high-availability (HA) environment in your Cisco DCNM Open
Virtual Appliance deployment for your Cisco Programmable Fabric solution. It also includes details about
the HA functionality for each of the applications bundled within the Cisco DCNM Open Virtual Appliance.
Note
Ensure that the NTP server is synchronized between active and standby peers is essential for proper HA
functioning in DCNM
This chapter contains the following sections:
• Information About Application Level HA in the Cisco DCNM Open Virtual Appliance, on page 109
• Native HA Failover and Troubleshooting, on page 110
• Application High Availability Details, on page 112
Information About Application Level HA in the Cisco DCNM
Open Virtual Appliance
To achieve HA for applications that are run on the Cisco DCNM Open Virtual Appliance, you can run two
virtual appliances. You can run one in Active mode and the other in Standby mode.
Note
This document refers to these appliances as OVA-A and OVA-B, respectively.
In this scenario:
1. All applications run on both appliances.
The application data is either constantly synchronized or applications share a common database as
applicable.
2. Only one of the applications running on the two appliances serves the client requests. Initially this would
be the applications running on OVA-A. The application continues to do so until one of the following
happens:
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
109
Managing Applications in a High-Availability Environment
Automatic Failover
• The application on OVA-A crashes.
• The operating system on OVA-A crashes.
• OVA-A is powered off for some reason.
3. At this point, the application running on the other appliance (OVA-B) takes over.
For DHCP, when the first node fails, the second node starts serving the IP addresses.
4. The existing connections to OVA-A are dropped and the new connections are routed to OVA-B.
This scenario demonstrates why one of the nodes (OVA-A) is initially referred to as the Active node and
OVA-B is referred as the Standby node.
Automatic Failover
The application-level and virtual machine (VM)-level and switchover process is as follows.
• If any of the applications managed by the load-balancing software (DCNM/AMQP) goes down on
OVA-A, the Active node that handles the client requests detects the failure and redirects subsequent
requests to the Standby node (OVA-B). This process provides an application-level switchover.
• If the Active node (OVA-A) fails or is powered-off for some reason, the Standby node (OVA-B) detects
the failure and enables the VIP address for Cisco DCNM/AMQP on OVA-B. It also sends a gratuitous
ARP to the local switch to indicate the new MAC address that is associated with the IP address. For
applications not using VIP, the DHCPD running on OVA-B detects the failure of DHCPD on OVA-A
and activates itself; whereas LDAP running on OVA-B continues running as LDAP is deployed
Active-Active. Consequently, a VM-level failover is accomplished for all four applications
(DCNM/AMQP/DHCP/LDAP).
Manually Triggered Failovers
An application-level failover can also be triggered manually. For instance, you might want to run AMQP on
OVA-B and the rest of the applications on OVA-A. In that case, you can log in to the SSH terminal of OVA-A
and stop AMQP by using the appmgr stop amqp command.
This failover triggers the same process that is described in the Automatic Failover, on page 110; subsequent
requests to the AMQP Virtual IP address are redirected to OVA-B.
Native HA Failover and Troubleshooting
Due to the nature of Native HA, the role of the host might alternate from Active to Standby or from Standby
to Active.
The following sections provide information on troubleshooting in different use cases.
Native HA Failover from Active Host to Standby Host
Perform the following steps when the Native HA failover occurs from Active to Standby host:
1. Log on to DCNM Web UI, and navigate to Administrator > Native HA.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
110
Managing Applications in a High-Availability Environment
Native HA Failover and Troubleshooting
2. Verify the status of HA. If the DCNM HA status is not in OK mode, you cannot perform Failover operation.
Click Failover. The Cisco DCNM server will shutdown and the DCNM Standby appliance will be
operational.
3. Refresh the Cisco DCNM Web UI.
After the DCNM server is operational, you can log on to the DCNM Web UI.
Note
We recommend that you do not run appmgr stop all or appmgr stop ha-apps commands on the Active host
to trigger failover. If Cisco DCNM HA status is not in OK mode, a failover may cause loss of data, as the
Standby DCNM appliance is not synchronized with the Active appliance before failover.
Issue with DCNM Application Framework
If DCNM Web UI is not accessible, and a failover operation is necessary, execute one of the following
commands under Linux console:
appmgr failover—This command triggers the HA heartbeat failover.
Or
reboot -h now—This command triggers the Linux host to reboot, which causes a failover.
However, we recommend that you use DCNM Web UI to perform failover, as all other methods carry a risk
of data loss when both HA peers are not in sync.
Stop and Restart DCNM
To completely stop DCNM and restart it, perform the following:
1. On the Standby appliance, stop all the applications by using the appmgr stop all command.
2. Check if all the applications have stopped, using the appmgr status all command.
3. On the Active appliance, stop all the applications using the appmgr stop all command.
4. Verify if all the applications are stopped using the appmgr status all command.
5. On the deployed Active host, start all the applications using the appmgr start all command.
Verify if all the applications are running. Log on to the DCNM Web UI to check if it is operational.
6. On the deployed Standby host, start all the applications using the appmgr start all command.
On the Web UI, navigate to Administration > Native HA and ensure that the HA status displays OK.
Restart Standby Host
Perform this procedure to restart only the Standby host:
1. On the Standby host, stop all the applications using the appmgr stop all command.
2. Verify if all the applications have stopped using the appmgr status all command.
3. Start all the applications using the appmgr start all.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
111
Managing Applications in a High-Availability Environment
Application High Availability Details
On the Web UI, navigate to Administration > Native HA and ensure that the HA status displays OK.
Application High Availability Details
This section describes all of the Cisco Programmable Fabric HA applications.
Cisco DCNM Open Virtual Appliance has two interfaces: one that connects to the Open Virtual Appliance
management network and one that connects to the enhanced Programmable Fabric network. Virtual IP addresses
are defined for both interfaces.
• From the Open Virtual Appliance management network, the DCNM-REST API, DCNM interface, and
AMQP are accessed through the VIP address
• From the enhanced fabric management network, LDAP and DHCP are accessed directly.
Only three Virtual IPs are defined:
• DCNM REST API (on dcnm management network)
• DCNM REST API (on enhanced fabric management network
• AMQP (on dcnm management network)
Note
Although DCNM Open Virtual Appliance in HA sets up a VIP, the VIP is intended to be used for the access
of DCNM, REST API. For GUI access, we still recommend that you use the individual IP addresses of the
DCNM HA peers and use the same to launch DCNM SAN Java clients, etc.
See the following table for a complete list of Programmable Fabric applications and their corresponding HA
mechanisms.
Programmable Fabric
Application
HA Mechanism
Use of Virtual
IPs
Comments
Data Center Network
Manager
DCNM
Clustering/Federation
Yes
Two VIPs defined, one on each
network
RabbitMQ
RabbitMQ Mirrored
Queues
Yes
One VIP defined on the OVA
management network
Repositories
—
—
External repositories have to be
used
Data Center Network Management
The data center network management function is provided by the Cisco Data Center Network Manager
(DCNM) server. Cisco DCNM provides the setup, visualization, management, and monitoring of the data
center infrastructure. Cisco DCNM can be accessed from your browser at http://[host/ip].
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
112
Managing Applications in a High-Availability Environment
Data Center Network Management
Note
For more information about Cisco DCNM, see http://cisco.com/go/dcnm .
HA Implementation
Cisco DCNMs that run on both OVAs are configured in clustering and federated modes for HA. Cisco DCNM
federation is the HA mechanism for SAN devices. Groups of SAN devices can be managed by each node in
the DCNM federated setup. All the devices can be managed using a single client interface.
You can enable automatic failover in the Cisco DCNM UI by choosing: Admin > Federation. If you enable
an automatic failover and the Cisco DCNM that is running on OVA-A fails, the automatic failover moves
only the fabrics and shallow-discovered LANs that are managed by OVA-A to OVA-B automatically.
DCNM Virtual IP Usage
An Open Virtual Appliance HA setup has two VIP addresses (one for each network) for the Cisco DCNM at
the default HTTP port. These VIPs can be used for accessing the DCNM RESTful services on the Open Virtual
Appliance management network and the enhanced fabric management network. For example, external systems
such as Cisco UCS Director can point to the VIP in the Open Virtual Appliance management network and
the request gets directed to the active Cisco DCNM. Similarly, the switches in an enhanced fabric management
network access the VIP address on the enhanced fabric management network during the POAP process.
You can still directly connect to Cisco DCNM real IP addresses and use them as you would in a DCNM in a
cluster/federated set up.
Note
Cisco recommends that you must use VIP addresses only for accessing DCNM REST API. To access the
Cisco DCNM Web or SAN client, you must connect using the IP address of the server.
Licenses
For Cisco DCNM, we recommend that you have licenses on the first instance and a spare matching license
on the second instance.
Application Failovers
Enable an automatic failover option in the Cisco DCNM UI when an Open Virtual Appliance HA pair is set
up by choosing: Administration > DCNM Server > Native HA. This process ensures that if the DCNM that
is running on OVA-A fails, all the fabrics and shallow-discovered LANs managed by DCNM-A are managed
by DCNM-B automatically after a given time interval (usually about 5 minutes after the failure of DCNM on
OVA-A).
The Cisco DCNM VIP address still resides on OVA-A. The Representational State Transfer Web Services
(REST) calls initially hit the VIP addresses on OVA-A and get redirected to the Cisco DCNM that is running
on OVA-B.
Application Failbacks
When the Cisco DCNM on OVA-A comes up, the VIP address automatically redirects the REST requests to
DCNM-A.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
113
Managing Applications in a High-Availability Environment
RabbitMQ
Virtual-IP Failovers
The VIP address that is configured for Cisco DCNM REST API on OVA-A can fail due to two reasons:
• The load-balancing software running on OVA-A fails.
• OVA-A fails.
The VIP address of Cisco DCNM automatically migrates to OVA-B. The only difference is which DCNM
will be used after the failover.
• If a load-balancing software failure occurs, the VIP address on OVA-B directs the requests to DCNM-A.
• If an OVA-A failure occurs, the VIP address on OVA-B directs the requests to DCNM-B.
The automatic failover ensures that the ownership of all of the fabrics and shallow-discovered LANs managed
by DCNM-A automatically change to DCNM-B.
Virtual-IP Failbacks
When OVA-A is brought up and Cisco DCNM is running, the VIP addresses keep running on the Standby
node. The failback of Virtual IP addresses from OVA-B to OVA-A occurs only in the following sequence.
1. OVA-A comes up.
2. Cisco DCNM runs on OVA-A.
3. OVA-B goes down or the load-balancing software fails on OVA-B.
RabbitMQ
RabbitMQ is the message broker that provides the Advanced Messaging Queuing Protocol (AMQP).
Note
You need to stop and restart AMQP on both DCNM's server in HA within 30 seconds, otherwise AMQP may
not start.For more information about RabbitMQ, go to https://www.rabbitmq.com/documentation.html.
HA Implementation
Enabling the HA on the Open Virtual Appliance creates a VIP address in the Open Virtual Appliance
management network. Orchestration systems such as vCloud Director, set their AMQP broker to the VIP
address.
Enabling the HA on the Open Virtual Appliance also configures the RabbitMQ broker that runs on each node
to be a duplicate of the broker that is running on the other node. Both OVAs act as “disk nodes” of a RabbitMQ
cluster, which means that all the persistent messages stored in durable queues are replicated. The RabbitMQ
policy ensures that all the queues are automatically replicated to all the nodes.
Application Failovers
If RabbitMQ-A fails, the VIP address on OVA-A redirects the subsequent AMQP requests to RabbitMQ-B.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
114
Managing Applications in a High-Availability Environment
Repositories
Application Failbacks
When RabbitMQ-A comes up, the VIP address automatically starts directing the AMQP requests to
RabbitMQ-A.
Virtual-IP Failovers
The VIP address configured for the AMQP broker on OVA-A can fail due to two reasons:
• The load-balancing software running on OVA-A fails.
• OVA-A fails.
In both cases, the VIP address of the AMQP automatically migrates to OVA-B. The only difference is which
AMQP broker will be used after the failover.
• In a load-balancing software failure, the VIP address on OVA-B directs the requests to RabbitMQ-A.
• In an OVA-A failure, the VIP address on OVA-B directs the requests to RabbitMQ-B.
Virtual-IP Failbacks
When OVA-A is brought up and AMQP-A is running, the VIP addresses keep running on the OVA-B (directing
the requests to AMQP-A). The failback of the RabbitMQ VIP from OVA-B to OVA-A occurs only in the
following sequence.
1. OVA-A comes up.
2. RabbitMQ runs on OVA-A.
3. OVA-B goes down or the load-balancing software fails on OVA-B.
Repositories
All repositories must be remote.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
115
Managing Applications in a High-Availability Environment
Repositories
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
116
CHAPTER
11
Managing Utility Services After DCNM
Deployment
This chapter describes how to verify and manage all of the utility services that provide DC3 (Programmable
Fabric) central point of management functions after the DCNM is deployed.
Table 5: Cisco DCNM Utility Services
Category
Application
Username
Password
Protocol
Implemented
Network
Management
Data Center
Network Manager
admin
User choice 5
Network
Management
5
User choice refers to the administration password entered by the user during the deployment.
This chapter contains the following sections:
• Editing Network Properties Post DCNM Installation, on page 117
• Convert Standalone Setup to Native-HA Setup, on page 129
• Utility Services Details, on page 131
• Managing Applications and Utility Services , on page 132
• Updating the SFTP Server Address for IPv6, on page 134
Editing Network Properties Post DCNM Installation
The Cisco DCNM OVA or the ISO installation consists of 3 network interfaces:
• dcnm-mgmt network (eth0) interface
This network provides connectivity (SSH, SCP, HTTP, HTTPS) to the Cisco DCNM Open Virtual
Appliance. Associate this network with the port group that corresponds to the subnet that is associated
with the DCNM Management network.
• enhanced-fabric-mgmt (eth1) interface
This network provides enhanced fabric management of Nexus switches. Associate this network with the
port group that corresponds to management network of leaf and spine switches.
• enhanced-fabric-inband (eth2) interface
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
117
Managing Utility Services After DCNM Deployment
Modifying Network Properties on DCNM in Standalone Mode
This network provides in-band connection to fabric. Associate this network with the port group that
corresponds to a fabric in-band connection.
The following figure shows the network diagram for the Cisco DCNM Management interfaces.
During Cisco DCNM installation for your deployment type, you can configure these interfaces. However,
from Cisco DCNM Release 11.2(1), you can edit and modify the network settings post installation.
Note
We recommend that you use appmgr commands to update network properties. Do not restart network interfaces
manually.
You can modify the parameters as explained in the following sections:
Modifying Network Properties on DCNM in Standalone Mode
Note
Execute the following commands on the DCNM Appliance console to avoid a premature session timeout.
To change the Network Properties on Cisco DCNM Standalone setup, perform the following steps:
Procedure
Step 1
Initiate a session on the console, using the following command:
appmgr update network-properties session start
Step 2
Update the Network Properties using the following command:
appmgr update network-properties set ipv4 {eth0|eth1|eth2}<ipv4-address> <network-mask> <gateway>
Step 3
View and verify the changes by using the following command:
appmgr update network-properties session show {config | changes | diffs}
Step 4
After you validate the changes, apply the configuration using the following command:
appmgr update network-properties session apply
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
118
Managing Utility Services After DCNM Deployment
Modifying Network Properties on DCNM in Standalone Mode
Wait for a few minutes before you can logon to the Cisco DCNM Web UI using the eth0 Management Network
IP address.
Sample Command Output for Modifying Network Parameters in the Cisco DCNM Standalone Setup
The following sample example shows how to modify the network parameters post installation for a
Cisco DCNM Standalone setup.
dcnm# appmgr update network-properties session start
dcnm# appmgr update network-properties set ipv4 eth0 172.28.10.244 255.255.255.0 172.28.10.1
dcnm# appmgr update network-properties set ipv4 eth1 100.0.0.244 255.0.0.0
dcnm# appmgr update network-properties set ipv4 eth2 2.0.0.251 255.0.0.0 2.0.0.1
*****************************************************************
WARNING: fabric/poap configuration may need to be changed
manually after changes are applied.
*****************************************************************
dcnm# appmgr update network-properties session show changes
eth0 IPv4 addr 172.28.10.246/255.255.255.0 -> 172.28.10.244/255.255.255.0
eth1 IPv4 addr 1.0.0.246/255.0.0.0
-> 100.0.0.244/255.0.0.0
eth2 IPv4 addr 10.0.0.246/255.0.0.0
-> 2.0.0.251/255.0.0.0 2.0.0.1
dcnm# appmgr update network-properties session apply
*********************************************************************
WARNING
Applications of both nodes of the DCNM HA system need to be stopped
for the changes to be applied properly.
PLEASE STOP ALL APPLICATIONS MANUALLY
*********************************************************************
Have applications been stopped? [y/n]: y
Applying changes
DELETE 1
Node left the swarm.
Server configuration file loaded: /usr/local/cisco/dcm/fm//conf/server.properties
log4j:WARN No appenders could be found for logger (fms.db).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
UPDATE 1
UPDATE 1
DELETE 1
server signaled
INFO
: [ipv6_wait_tentative] Waiting for interface eth0 IPv6 address(es) to leave the
'tentative' state
INFO
: [ipv6_wait_tentative] Waiting for interface eth0 IPv6 address(es) to leave the
'tentative' state
**********************************************************************
Please run 'appmgr start afw; appmgr start all' to restart your nodes.
**********************************************************************
dcnm# appmgr start afw; appmgr start all
Started AFW Server Processes
Started AFW Agent Processes
Started AFW Server Processes
Started AFW Agent Processes
Started applications managed by heartbeat..
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
119
Managing Utility Services After DCNM Deployment
Modifying Network Properties on DCNM in Native HA Mode
Check the status using 'appmgr status all'
Starting High-Availability services: INFO:
Done.
Resource is stopped
Warning: PID file not written; -detached was passed.
AMQP User Check
Started AFW Server Processes
Started AFW Agent Processes
dcnm#
Modifying Network Properties on DCNM in Native HA Mode
Note
Execute the following commands on the DCNM Appliance console to avoid a premature session timeout.
Ensure that you execute the commands in the same order as mentioned in the following steps.
Note
Native HA nodes must be considered as a single entity. When you change the Active node eth1 IP address,
you must also change the Standby node eth1 IP address.
When you change the eth0 IP address in any node, you must change the eth2 IP address for that node.
To change the Network Properties on Cisco DCNM Native HA setup, perform the following steps:
Procedure
Step 1
Stop the DCNM Applications on the Standby node by using the following command:
appmgr stop all
Wait until all the applications stop on the Standby node before you go proceed.
Step 2
Stop the DCNM Applications on the Active node by using the following command:
appmgr stop all
Step 3
Initiate a session on the Cisco DCNM console of both the Active and Standby nodes by using the following
command:
appmgr update network-properties session start
Step 4
On the Active node, modify the network interface parameters by using the following commands:
a) Configure the IP address for eth0, eth1, and eth2 address by using the following command:
appmgr update network-properties set ipv4 {eth0|eth1|eth2}<ipv4-address> <network-mask>
<gateway>
Enter the new IPv4 or IPv6 address for the interface, along with the subnet mask and gateway IP addresses.
b) Configure the VIP IP address by using the following command:
appmgr update network-properties set ipv4 {vip0|vip1|vip2}<ipv4-address> <network-mask>
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
120
Managing Utility Services After DCNM Deployment
Modifying Network Properties on DCNM in Native HA Mode
Enter the vip0 address for eth0 interface. Enter the vip1 address for eth1 interface. Enter the vip2 address
for eth2 interface.
c) Configure the peer IP address by using the following command:
appmgr update network-properties set ipv4 {peer0|peer1|peer2}<ipv4-address>
Enter the eth0 address of the Standby node as peer0 address for Active node. Enter the eth1 address of
the Standby node as peer1 address for Active node. Enter the eth2 address of the Standby node as peer2
address for Active node.
d) View and validate the changes that you have made to the network parameters by using the following
command:
appmgr update network-properties session show{config | changes | diffs}
Step 5
On the Standby node, modify the network interface parameters using the commands described in procedure
in Step Step 4, on page 120.
Step 6
After you validate the changes, apply the configuration on the Active node by using the following command:
appmgr update network-properties session apply
Wait until the prompt returns, to confirm that the network parameters are updated.
Step 7
After you validate the changes, apply the configuration on the Standby node by using the following command:
appmgr update network-properties session apply
Step 8
Start all the applications on the Active node by using the following command:
appmgr start all
Note
Step 9
Wait until all the applications are running successfully on the Active node, before proceeding to
the next step.
Start all the applications on the Standby node by using the following command:
appmgr start all
Step 10
Establish peer trust key on the Active node by using the following command:
appmgr update ssh-peer-trust
Step 11
Establish peer trust key on the Standby node by using the following command:
appmgr update ssh-peer-trust
Sample Command Output for Modifying Network Parameters in the Cisco DCNM Native HA Setup
The following sample example shows how to modify the network parameters post installation for a
Cisco DCNM Native HA setup.
Note
For example, let us indicate Active and Standby appliances as dcnm1 and dcnm2 respectively.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
121
Managing Utility Services After DCNM Deployment
Modifying Network Properties on DCNM in Native HA Mode
[root@dcnm2 ~]# appmgr stop all
Stopping AFW Applications...
Stopping AFW Server Processes
Stopping AFW Agent Processes
Stopped Application Framework...
Stopping High-Availability services: Done.
Stopping and halting node rabbit@dcnm-dcnm2 ...
Note: Forwarding request to 'systemctl enable rabbitmq-server.service'.
Stopping AFW Applications...
Stopping AFW Server Processes
Stopping AFW Agent Processes
Stopped Application Framework...
[root@dcnm2 ~]#
[root@dcnm1 ~]# appmgr stop all
Stopping AFW Applications...
Stopping AFW Server Processes
Stopping AFW Agent Processes
Stopped Application Framework...
Stopping High-Availability services: Done.
Stopping and halting node rabbit@dcnm1 ...
Note: Forwarding request to 'systemctl enable rabbitmq-server.service'.
Stopping AFW Applications...
Stopping AFW Server Processes
Stopping AFW Agent Processes
Stopped Application Framework...
[root@dcnm-1 ~]#
[root@dcnm1 ~]# appmgr update network-properties session start
[root@dcnm1 ~]#
[root@dcnm2 ~]# appmgr update network-properties session start
[root@dcnm2 ~]#
[root@dcnm1 ~]# appmgr update network-properties set ipv4 eth0 172.28.10.244 255.255.255.0
172.28.10.1
[root@dcnm1 ~]# appmgr update network-properties set ipv4 eth1 1.0.0.244 255.0.0.0 1.0.0.1
*****************************************************************
WARNING: fabric/poap configuration may need to be changed
manually after changes are applied.
*****************************************************************
[root@dcnm1 ~]# appmgr update network-properties set ipv4 eth2 2.0.0.244 255.0.0.0 2.0.0.1
[root@dcnm1 ~]# appmgr update network-properties set ipv4 peer0 172.29.10.238
[root@dcnm1 ~]# appmgr update network-properties set ipv4 peer1 1.0.0.238
[root@dcnm1 ~]# appmgr update network-properties set ipv4 peer2 2.0.0.238
[root@dcnm1 ~]# appmgr update network-properties set ipv4 vip0 172.28.10.239 255.255.255.0
[root@dcnm1 ~]# appmgr update network-properties set ipv4 vip1 1.0.0.239 255.0.0.0
[root@dcnm1 ~]# appmgr update network-properties set ipv4 vip2 2.0.0.239 255.0.0.0
[root@dcnm1 ~]# appmgr update network-properties set hostname local dcnm3.cisco.com
[root@dcnm1 ~]# appmgr update network-properties set hostname peer dcnm4.cisco.com
[root@dcnm1 ~]# appmgr update network-properties set hostname vip dcnm5.cisco.com
[root@dcnm1 ~]#
[root@dcnm2 ~]# appmgr update network-properties set ipv4 eth0 172.28.10.238 255.255.255.0
172.28.10.1
[root@dcnm2 ~]# appmgr update network-properties set ipv4 eth1 1.0.0.238 255.0.0.0 1.0.0.1
*****************************************************************
WARNING: fabric/poap configuration may need to be changed
manually after changes are applied.
*****************************************************************
[root@dcnm2 ~]# appmgr update network-properties set ipv4 eth2 2.0.0.238 255.0.0.0 2.0.0.1
[root@dcnm2 ~]# appmgr update network-properties set ipv4 peer0 172.29.10.244
[root@dcnm2 ~]# appmgr update network-properties set ipv4 peer1 1.0.0.244
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
122
Managing Utility Services After DCNM Deployment
Modifying Network Properties on DCNM in Native HA Mode
[root@dcnm2
[root@dcnm2
[root@dcnm2
[root@dcnm2
[root@dcnm2
[root@dcnm2
[root@dcnm2
[root@dcnm2
~]#
~]#
~]#
~]#
~]#
~]#
~]#
~]#
appmgr
appmgr
appmgr
appmgr
appmgr
appmgr
appmgr
update
update
update
update
update
update
update
network-properties
network-properties
network-properties
network-properties
network-properties
network-properties
network-properties
set
set
set
set
set
set
set
ipv4 peer2 2.0.0.244
ipv4 vip0 172.28.10.239 255.255.255.0
ipv4 vip1 1.0.0.239 255.0.0.0
ipv4 vip2 2.0.0.239 255.0.0.0
hostname local dcnm3.cisco.com
hostname peer dcnm4.cisco.com
hostname vip dcnm5.cisco.com
[root@dcnm2 ~]#
[root@dcnm1 ~]# appmgr update network-properties session show changes
eth0 IPv4 addr
172.28.10.246/255.255.255.0
->
172.28.10.244/255.255.255.0
eth1 IPv4 addr
1.0.0.246/255.0.0.0
->
1.0.0.244/255.0.0.0
eth1 IPv4 GW
->
1.0.0.1
eth2 IPv4 addr
/
->
2.0.0.244/255.0.0.0
eth2 IPv4 GW
->
2.0.0.1
Hostname
dcnm1.cisco.com
->
dcnm3.cisco.com
eth0 VIP
172.28.10.248/24
->
172.28.10.239/24
eth1 VIP
1.0.0.248/8
->
1.0.0.239/8
eth2 VIP
/
->
2.0.0.239/8
Peer eth0 IP
172.28.10.247
->
172.29.10.238
Peer eth1 IP
1.0.0.247
->
1.0.0.238
Peer eth2 IP
->
2.0.0.238
Peer hostname
dcnm2.cisco.com
->
dcnm4.cisco.com
VIP hostname
dcnm6.cisco.com
->
dcnm5.cisco.com
[root@dcnm1 ~]# appmgr update network-properties session show config
======= Current configuration ======
Hostname dcnm1.cisco.com
NTP Server
1.ntp.esl.cisco.com
DNS Server
171.70.168.183,1.0.0.246
eth0 IPv4 addr
172.28.10.246/255.255.255.0
eth0 IPv4 GW
172.28.10.1
eth0 IPv6 addr
eth0 IPv6 GW
eth1 IPv4 addr
1.0.0.246/255.0.0.0
eth1 IPv4 GW
eth1 IPv6 addr
eth1 IPv6 GW
eth2 IPv4 addr
/
eth2 IPv4 GW
eth2 IPv6 addr
eth2 IPv6 GW
Peer hostname dcnm2.cisco.com
Peer eth0 IP
172.28.10.247
Peer eth1 IP
1.0.0.247
Peer eth2 IP
Peer eth0 IPv6
Peer eth1 IPv6
eth0 VIP
172.28.10.248/24
eth1 VIP
1.0.0.248/8
eth2 VIP
/
eth0 VIPv6
/
eth1 VIPv6
/
VIP hostname dcnm6.cisco.com
====== Session configuration ======
Hostname dcnm3.cisco.com
NTP Server
1.ntp.esl.cisco.com
DNS Server
171.70.168.183,1.0.0.246
eth0 IPv4 addr
172.28.10.244/255.255.255.0
eth0 IPv4 GW
172.28.10.1
eth0 IPv6 addr
eth0 IPv6 GW
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
123
Managing Utility Services After DCNM Deployment
Modifying Network Properties on DCNM in Native HA Mode
eth1 IPv4 addr
1.0.0.244/255.0.0.0
eth1 IPv4 GW
1.0.0.1
eth1 IPv6 addr
eth1 IPv6 GW
eth2 IPv4 addr
2.0.0.244/255.0.0.0
eth2 IPv4 GW
2.0.0.1
eth2 IPv6 addr
eth2 IPv6 GW
Peer hostname
dcnm4.cisco.com
Peer eth0 IP
172.29.10.238
Peer eth1 IP
1.0.0.238
Peer eth2 IP
2.0.0.238
Peer eth0 IPv6
Peer eth1 IPv6
eth0 VIP
172.28.10.239/24
eth1 VIP
1.0.0.239/8
eth2 VIP
2.0.0.239/8
eth0 VIPv6 /
eth1 VIPv6 /
VIP hostname dcnm5.cisco.com
[root@dcnm1 ~]#
[root@dcnm2 ~]# appmgr update network-properties session show changes
eth0 IPv4 addr
172.28.10.247/255.255.255.0
->
172.28.10.238/255.255.255.0
eth1 IPv4 addr
1.0.0.247/255.0.0.0
->
1.0.0.238/255.0.0.0
eth1 IPv4 GW
->
1.0.0.1
eth2 IPv4 addr
/
->
2.0.0.238/255.0.0.0
eth2 IPv4 GW
->
2.0.0.1
Hostname
dcnm2.cisco.com
->
dcnm4.cisco.com
eth0 VIP
172.28.10.248/24
->
172.28.10.239/24
eth1 VIP
1.0.0.248/8
->
1.0.0.239/8
eth2 VIP
/
->
2.0.0.239/8
Peer eth0 IP
172.28.10.246
->
172.29.10.244
Peer eth1 IP
1.0.0.246
->
1.0.0.244
Peer eth2 IP
->
2.0.0.244
Peer hostname
dcnm1.cisco.com
->
dcnm3.cisco.com
VIP hostname
dcnm6.cisco.com
->
dcnm5.cisco.com
[root@dcnm2 ~]# appmgr update network-properties session show configuration
======= Current configuration ======
Hostname dcnm2.cisco.com
NTP Server
1.ntp.esl.cisco.com
DNS Server
171.70.168.183,1.0.0.247
eth0 IPv4 addr
172.28.10.247/255.255.255.0
eth0 IPv4 GW
172.28.10.1
eth0 IPv6 addr
eth0 IPv6 GW
eth1 IPv4 addr
1.0.0.247/255.0.0.0
eth1 IPv4 GW
eth1 IPv6 addr
eth1 IPv6 GW
eth2 IPv4 addr
/
eth2 IPv4 GW
eth2 IPv6 addr
eth2 IPv6 GW
Peer hostname
dcnm1.cisco.com
Peer eth0 IP
172.28.10.246
Peer eth1 IP
1.0.0.246
Peer eth2 IP
Peer eth0 IPv6
Peer eth1 IPv6
eth0 VIP
172.28.10.248/24
eth1 VIP
1.0.0.248/8
eth2 VIP
/
eth0 VIPv6
/
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
124
Managing Utility Services After DCNM Deployment
Modifying Network Properties on DCNM in Native HA Mode
eth1 VIPv6
/
VIP hostname dcnm6.cisco.com
====== Session configuration ======
Hostname dcnm4.cisco.com
NTP Server
1.ntp.esl.cisco.com
DNS Server
171.70.168.183,1.0.0.247
eth0 IPv4 addr
172.28.10.238/255.255.255.0
eth0 IPv4 GW
172.28.10.1
eth0 IPv6 addr
eth0 IPv6 GW
eth1 IPv4 addr
1.0.0.238/255.0.0.0
eth1 IPv4 GW
1.0.0.1
eth1 IPv6 addr
eth1 IPv6 GW
eth2 IPv4 addr
2.0.0.238/255.0.0.0
eth2 IPv4 GW
2.0.0.1
eth2 IPv6 addr
eth2 IPv6 GW
Peer hostname dcnm3.cisco.com
Peer eth0 IP
172.29.10.244
Peer eth1 IP
1.0.0.244
Peer eth2 IP
2.0.0.244
Peer eth0 IPv6
Peer eth1 IPv6
eth0 VIP
172.28.10.239/24
eth1 VIP
1.0.0.239/8
eth2 VIP
2.0.0.239/8
eth0 VIPv6
/
eth1 VIPv6
/
VIP hostname dcnm5.cisco.com
[root@dcnm2 ~]#
[root@dcnm1 ~]# appmgr update network-properties session apply
*********************************************************************
WARNING
Applications of both nodes of the DCNM HA system need to be stopped
for the changes to be applied properly.
PLEASE STOP ALL APPLICATIONS MANUALLY
*********************************************************************
Have applications been stopped? [y/n]: y
Applying changes
DELETE 1
Node left the swarm.
Server configuration file loaded: /usr/local/cisco/dcm/fm//conf/server.properties
log4j:WARN No appenders could be found for logger (fms.db).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
UPDATE 1
UPDATE 1
DELETE 1
server signaled
INFO
: [ipv6_wait_tentative] Waiting for interface eth0 IPv6 address(es) to leave the
'tentative' state
INFO
: [ipv6_wait_tentative] Waiting for interface eth0 IPv6 address(es) to leave the
'tentative' state
**********************************************************************
Please run 'appmgr start afw; appmgr start all' to restart your nodes.
**********************************************************************
*********************************************************************
Please run 'appmgr update ssh-peer-trust' on the peer node.
*********************************************************************
[root@dcnm1 ~]#
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
125
Managing Utility Services After DCNM Deployment
Modifying Network Properties on DCNM in Native HA Mode
[root@dcnm2 ~]# appmgr update network-properties session apply
*********************************************************************
WARNING
Applications of both nodes of the DCNM HA system need to be stopped
for the changes to be applied properly.
PLEASE STOP ALL APPLICATIONS MANUALLY
*********************************************************************
Have applications been stopped? [y/n]: y
Applying changes
DELETE 1
Node left the swarm.
Server configuration file loaded: /usr/local/cisco/dcm/fm//conf/server.properties
log4j:WARN No appenders could be found for logger (fms.db).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
UPDATE 1
UPDATE 1
DELETE 1
afwnetplugin:0.1
server signaled
**********************************************************************
Please run 'appmgr start afw; appmgr start all' to restart your nodes.
**********************************************************************
*********************************************************************
Please run 'appmgr update ssh-peer-trust' on the peer node.
*********************************************************************
[root@dcnm2 ~]#
Step 7
[root@dcnm1 ~]# appmgr start afw; appmgr start all
Started AFW Server Processes
Started AFW Agent Processes
Started AFW Server Processes
Started AFW Agent Processes
Started applications managed by heartbeat..
Check the status using 'appmgr status all'
Starting High-Availability services: INFO: Resource is stopped
Done.
Warning: PID file not written; -detached was passed.
AMQP User Check
Started AFW Server Processes
Started AFW Agent Processes
[root@dcnm1 ~]#
Waiting for dcnm1 to become active again.
[root@dcnm2 ~]# appmgr start afw; appmgr start all
Started AFW Server Processes
Started AFW Agent Processes
Started AFW Server Processes
Started AFW Agent Processes
Started applications managed by heartbeat..
Check the status using 'appmgr status all'
Starting High-Availability services: INFO: Resource is stopped
Done.
Warning: PID file not written; -detached was passed.
AMQP User Check
Started AFW Server Processes
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
126
Managing Utility Services After DCNM Deployment
Changing the DCNM Server Password Post DCNM Installation
Started AFW Agent Processes
[root@dcnm2 ~]#
[root@dcnm1 ~]# appmgr update ssh-peer-trust
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
Number of key(s) added: 1
Now try logging into the machine, with:
"ssh -o 'StrictHostKeyChecking=no' '172.28.10.245'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
Number of key(s) added: 1
Now try logging into the machine, with:
"ssh -o 'StrictHostKeyChecking=no' '100.0.0.245'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
Number of key(s) added: 1
Now try logging into the machine, with:
"ssh -o 'StrictHostKeyChecking=no'
'dcnm2.cisco.com'"
and check to make sure that only the key(s) you wanted were added.
[root@dcnm1 ~]#
[root@dcnm2 ~]# appmgr update ssh-peer-trust
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
Number of key(s) added: 1
Now try logging into the machine, with:
"ssh -o 'StrictHostKeyChecking=no' '172.28.10.244'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
Number of key(s) added: 1
Now try logging into the machine, with:
"ssh -o 'StrictHostKeyChecking=no' '100.0.0.244'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
Number of key(s) added: 1
Now try logging into the machine, with:
"ssh -o 'StrictHostKeyChecking=no'
'dcnm1.cisco.com'"
and check to make sure that only the key(s) you wanted were added.
[root@dcnm2 ~]#
Changing the DCNM Server Password Post DCNM Installation
The password to access Cisco DCNM Web UI is configured while installing the Cisco DCNM for your
deployment type. However, you can modify this password post installation also, if required.
To change the password post installation, perform the following steps:
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
127
Managing Utility Services After DCNM Deployment
Changing the DCNM Database Password on Standalone Setup
Procedure
Step 1
Stop the applications using the appmgr stop all command.
Wait until all the applications stop running.
Step 2
Change the password for the management interface by using the appmgr change_pwd ssh
{root|poap|sysadmin}[password command.
Ensure that the new password adheres to the following password requirements. If you do not comply with the
requirements, the DCNM application might not function properly:
• It must be at least 8 characters long and contain at least one alphabet and one numeral.
• It can contain a combination of alphabets, numerals, and special characters.
• Do not use any of these special characters in the DCNM password: <SPACE> " & $ % ' ^ = < > ; : ` \ |
/ , .*
Step 3
Start the application using the appmgr start all command.
Changing the DCNM Database Password on Standalone Setup
To change the Postgres database password on Cisco DCNM Standalone setup, perform the following steps:
Procedure
Step 1
Stop all the applications using the appmgr stop all command.
Ensure that all the applications have stopped using the appmgr status all command.
Step 2
Change the Postgres password by using the appmgr change_pwd db command.
Provide the new password at the prompt.
Step 3
Start the application using the appmgr start all command.
Ensure that all the applications have started using the appmgr status all command.
Example
dcnm# appmgr stop all
dcnm# appmgr change_pwd db <<new-password>>
dcnm# appmgr start all
Changing the DCNM Database Password on Native HA Setup
To change the Postgres database password on Cisco DCNM Native HA setup, perform the following steps:
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
128
Managing Utility Services After DCNM Deployment
Convert Standalone Setup to Native-HA Setup
Procedure
Step 1
Stop all the applications on the Standby appliance using the appmgr stop all command.
Ensure that all the applications have stopped using the appmgr status all command.
Step 2
Stop all the applications on the Active appliance using the appmgr stop all command.
Ensure that all the applications have stopped using the appmgr status all command.
Step 3
Change the Postgres password by using the appmgr change_pwd db command on both Active and Standby
nodes.
Ensure that you provide the same password at the prompt.
Step 4
Start the applications on the Active appliance, using the appmgr start all command.
Ensure that all the applications have stopped using the appmgr status all command.
Step 5
Start the applications on the Standby appliance, using the appmgr start all command.
Ensure that all the applications have stopped using the appmgr status all command.
Example
Let us consider Active and standby as dcnm1 and dcnm2, respectively.
dcnm1# appmgr stop all
dcnm2# appmgr stop all
dcnm1# appmgr change_pwd db <<new-password>>
dcnm2# appmgr change_pwd db <<new-password>>
dcnm1# appmgr start all
dcnm2# appmgr start all
Convert Standalone Setup to Native-HA Setup
To convert an existing Cisco DCNM Standalone setup to a Native HA setup, perform the following steps:
Before you begin
Ensure that the Standalone setup is active and operational, by using the appmgr show version command.
dcnm# appmgr show version
Cisco Data Center Network Manager
Version: 11.4(1)
Install mode: LAN Fabric
Standalone node. HA not enabled.
dcnm#
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
129
Managing Utility Services After DCNM Deployment
Convert Standalone Setup to Native-HA Setup
Procedure
Step 1
On the Standalone setup, launch SSH and enable root user access by using the appmgr root-access permit
command:
dcnm# appmgr root-access permit
Step 2
Deploy a new DCNM as secondary node. Choose Fresh installation - HA Secondary
Caution
If the system configuration does not meet minimum resource requirements, SYSTEM RESOURCE
ERROR is displayed on the Web Installer, and the installation will be aborted. Modify the system
requirements, and launch the Web Installer to complete the installation.
Note
Ensure that you provide the Standalone IP Address as the Primary node management IP address for
the secondary node.
Based on OVA or ISO, refer to Installing the Cisco DCNM OVA in Native HA mode, on page 23 or Installing
the Cisco DCNM ISO in Native HA mode, on page 51 for instructions about how to deploy Cisco DCNM
in Native HA Secondary mode.
Step 3
On the Summary tab, review the configuration details for the Secondary node.
Click Start Installation to complete the Cisco DCNM OVA Installation for the chosen deployment mode.
A progress bar appears to show the completed percentage, description of the operation, and the elapsed time
during the installation. After the progress bar shows 100%, click Continue.
A success message appears with the URL to access DCNM Web UI.
***************************************************************
Your Cisco Data Center Network Manager software has been installed.
DCNM Web UI is available at
https://<<IP Address>>:2443
You will be redirected there in 60 seconds.
Thank you
***************************************************************
Note
If the Cisco DCNM is running behind a firewall, ensure that you open the port "2443" to launch
Cisco DCNM Web UI.
What to do next
Verify the HA role by using the appmgr show ha-role command.
On the Active node (old standalone node):
dcnm1# appmgr show ha-role
Native HA enabled.
Deployed role: Active
Current role: Active
On the Standby node (newly deployed node):
dcnm2# appmgr show ha-role
Native HA enabled.
Deployed role: Standby
Current role: Standby
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
130
Managing Utility Services After DCNM Deployment
Utility Services Details
Utility Services Details
This section describes the details of all the utility services within the functions they provide in Cisco DCNM.
The functions are as follows:
Network Management
The data center network management function is provided by the Cisco Data Center Network Manager
(DCNM) server. Cisco DCNM provides the setup, visualization, management, and monitoring of the data
center infrastructure. Cisco DCNM can be accessed from your browser: http://<<hostname/IP
address>>.
Note
For more information about Cisco DCNM, see http://cisco.com/go/dcnm.
Orchestration
RabbitMQ
Rabbit MQ is the message broker that provides the Advanced Messaging Queuing Protocol (AMQP). The
RabbitMQ message broker sends events from the vCloud Director/vShield Manager to the Python script for
parsing. You can configure this protocol by using certain CLI commands from the Secure Shell (SSH) console
of the firmware.
Note
You need to stop and restart AMQP on both DCNM's server in HA within 30 seconds, otherwise AMQP may
not start. For more information about RabbitMQ, go to https://www.rabbitmq.com/documentation.html.
After upgrade, enable RabbitMQ management service stop the service and start the services using the following
commands:
dcnm# appmgr stop amqp
dcnm# appmgr start amqp
If AMQP is not running. the memory space must be exhausted that is indicated in the file
/var/log/rabbitmq/erl_crash.dump.
Device Power On Auto Provisioning
Power On Auto Provisioning (POAP) occurs when a switch boots without any startup configuration. It is
accomplished by two components that were installed:
• DHCP Server
The DHCP server parcels out IP addresses to switches in the fabric and points to the location of the POAP
database, which provides the Python script and associates the devices with images and configurations.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
131
Managing Utility Services After DCNM Deployment
Managing Applications and Utility Services
During the Cisco DCNM installation, you define the IP Address for the inside fabric management address
or OOB management network and the subnets associated with the Cisco Programmable Fabric
management.
• Repositories
The TFTP server hosts boot scripts that are used for POAP.
The SCP server downloads the database files, configuration files, and the software images.
Managing Applications and Utility Services
You can manage the applications and utility services for Cisco Programmable Fabric in the Cisco DCNM
through commands in an SSH terminal.
Enter the appmgr command from the SSH terminal by using the following credentials:
• Username: root
• Password: Administrative password provided during deployment
Note
For your reference, context sensitive help is available for the appmgr command. Use the appmgr command
to display help.
Use the appmgr tech_support command to produce a dump of the log files. You can then provide this
information to the TAC team for troubleshooting and analysis of your setup.
Note
This section does not describe commands for Network Services using Cisco Prime Network Services Controller.
This section includes the following:
Verifying the Application and Utility Services Status after Deployment
After you deploy the OVA/ISO file, you can determine the status of various applications and utility services
that were deployed in the file. You can use the appmgr status command in an SSH session to perform this
procedure.
Note
Context-sensitive help is available for the appmgr status command. Use the appmgr status ? command to
display help.
Procedure
Step 1
Open up an SSH session:
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
132
Managing Utility Services After DCNM Deployment
Stopping, Starting, and Resetting Utility Services
a) Enter the ssh root DCNM network IP address command.
b) Enter the administrative password to login.
Step 2
Check the status by using the following command:
appmgr status all
Example:
DCNM Status
PID USER
PR
NI VIRT RES
=== =====
===
== ==== ===
1891 root 20 02635m 815m 15m S
LDAP Status
PID USER
=== =====
1470 ldap
PR
===
20
AMQP Status
PID USER
=== =====
1504 root
PR
===
20
TFTP Status
PID USER
=== =====
1493 root
PR
===
20
SHR S %CPU %MEM TIME+
=== = ==== ===== ======
0.0 21.3
1:32.09 java
NI VIRT RES SHR S
== ==== === === =
0 692m 12m 4508 S
NI VIRT RES
== ==== ===
0 52068 772
COMMAND
=======
%CPU %MEM TIME+
COMMAND
==== ===== ====== =======
0.0 0.3
0:00.02 slapd
SHR S %CPU %MEM TIME+
COMMAND
=== = ==== ===== ====== =======
268 S 0.0 0.0
0:00.00 rabbitmq
NI VIRT RES SHR S
== ==== === === =
0 22088 1012 780 S
%CPU %MEM TIME+
COMMAND
==== ===== ====== =======
0.0 0.0
0:00.00 xinetd
DHCP Status
PID USER
PR
NI VIRT RES SHR S
=== =====
===
== ==== === === =
1668 dhcpd 20
0 46356 3724 408 S 0.0
%CPU %MEM TIME+
COMMAND
==== ===== ====== =======
0.0
0:05.23 dhcp
Stopping, Starting, and Resetting Utility Services
Use the following CLI commands for stopping, starting, and resetting utility services:
• To stop an application, use the appmgr stop command.
dcnm# appmgr stop dhcp
Shutting down dhcpd:
[
OK
]
• To start an application, use the appmgr start command.
dcnm# appmgr start amqp
Starting vsftpd for amqp:
[
OK
]
• To restart an application use the appmgr restart command.
# appmgr restart tftp
Restarting TFTP...
Stopping xinetd:
[
Starting xinetd:
[
OK
OK
]
]
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
133
Managing Utility Services After DCNM Deployment
Updating the SFTP Server Address for IPv6
Note
From Cisco DCNM Release 7.1.x, when you stop an application by using the appmgr stop app_name
command, the application will not start during successive reboots.
For example, if DHCP is stopped by using the appmgr stop dhcp command, and the OS is rebooted, the
DHCP application will still be down after the OS is up and running.
To start again, use the command appmgr start dhcp. The DHCP application will be started after reboots
also. This is to ensure that when an environment uses an application that is not packaged as part of the virtual
appliance (like CPNR instead of DHCP), the application locally packaged with the virtual appliance will not
interfere with its function after any OS reboots.
Note
When a DCNM appliance (ISO/OVA) is deployed, the Cisco SMIS component will not get started by default.
However, this component can be managed using the appmgr CLI: appmgr start/stop dcnm-smis
appmgr start/stop dcnm will start or stop only the DCNM web component.
Updating the SFTP Server Address for IPv6
After deploying the DCNM OVA/ISO successfully with EFM IPv4 and IPv6, by default the SFTP address is
pointed to IPv4 only. You need to change the IPv6 address manually in the following two places:
• In the DCNM Web Client, choose Administration > Server Properties and then update the below fields
to IPv6 and click the Apply Changes button.
#_____________________________________________________________________
# GENERAL>xFTP CREDENTIAL
#
# xFTP server's ip address for copying switch files:
server.FileServerAddress
• Log in to the DCNM through ssh and update the SFTP address with IPv6 manually in the server.properties
file (/usr/local/cisco/dcm/fm/conf/server.properties).
# xFTP server's ip address for copying switch files:
server.FileServerAddress=2001:420:5446:2006::224:19
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.3(1)
134

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project