Cisco Data Center Network Manager Guide

Cisco DCNM Installation and Upgrade Guide for LAN Fabric
Deployment, Release 11.4(1)
First Published: 2020-07-02
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of
the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL:
https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (1721R)
© 2020
Cisco Systems, Inc. All rights reserved.
CONTENTS
CHAPTER 1
Overview
1
Introduction 1
Installation Options 2
Deployment Options 2
Upgrading Cisco DCNM 3
System Requirements 3
CHAPTER 2
Guidelines and Limitations
11
Guidelines and Limitations 11
CHAPTER 3
Prerequisites
13
Prerequisites for DCNM Open Virtual Appliance 13
Prerequisites for DCNM ISO Virtual Appliance 14
Prerequisites for Cisco DCNM Virtual Appliance HA 14
Deploying Cisco DCNM Virtual Appliances in HA mode 14
Availability of Virtual IP Addresses 15
Installing an NTP Server 15
CHAPTER 4
Installing the Cisco DCNM
17
Installing DCNM on Open Virtual Appliance 17
Downloading the Open Virtual Appliance File 17
Deploying the Open Virtual Appliance as an OVF Template 18
Installing the Cisco DCNM OVA in Standalone Mode 22
Installing the Cisco DCNM OVA in Native HA mode 26
Installing DCNM on ISO Virtual Appliance 33
Downloading the ISO Virtual Appliance File 33
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
iii
Contents
Installing the DCNM ISO Virtual Appliance on UCS (Bare Metal) 34
Installing the DCNM ISO Virtual Appliance on KVM 41
Installing the DCNM ISO Virtual Appliance on Windows Hyper-V 42
Creating Virtual Switches 42
Creating Virtual Machines 44
Installing DCNM ISO Virtual Appliance 48
Installing Cisco DCNM ISO in Standalone Mode 51
Installing the Cisco DCNM ISO in Native HA mode 55
Convert Standalone Setup to Native-HA Setup 63
Installing Cisco DCNM Compute Node 67
CHAPTER 5
Upgrading Cisco DCNM
73
Upgrading Cisco DCNM 73
Performance Manager Data Management before Upgrading to Release 11.4(1) 73
Dropping Performance Manager Data in Cisco DCNM SAN OVA/ISO Deployment 74
Upgrading ISO or OVA through Inline Upgrade 77
Inline Upgrade for DCNM Virtual Appliance in Standalone Mode 77
Inline Upgrade for DCNM Virtual Appliance in Native HA Mode 79
Inline Upgrade for DCNM Compute Nodes 83
CHAPTER 6
Upgrading the Cisco DCNM Classic LAN Deployment
85
Overview 85
Migration of Fabrics 86
Supported Switch Roles in LAN Fabric Post Upgrade 88
Classic LAN Templates in LAN Fabric 88
Upgrading from the Classic LAN Deployment to the LAN Fabric Deployment 92
LAN Classic Fabric Template Functionalities 95
CHAPTER 7
Deployment Best Practices
97
Best Practices for Deploying Cisco DCNM and Computes 97
Guidelines to Use the Best Practices 98
Deployments for Redundancy in Cisco DCNM 98
IP Address Configurations in Cisco DCNM 99
Scenario 1: All 3 Ethernet Interfaces are in Different Subnets 99
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
iv
Contents
Scenario 2: eth2 Interface in Different Subnet 102
Physical Connectivity of Cisco DCNM and Compute Nodes 104
CHAPTER 8
Disaster Recovery (Backup and Restore) 109
Backup and Restore Cisco DCNM and Application Data on Standalone DCNM setup 109
Backup and Restore Cisco DCNM and Application Data on Native HA setup 110
Recovering Cisco DCNM Single HA Node 111
CHAPTER 9
Certificates
115
Certificate Management 115
Best practices for Certificate Management 116
Display Installed Certificates
116
Installing a CA Signed Certificate 118
Installing a CA Signed Certificate on Cisco DCNM Standalone Setup 118
Installing a CA Signed Certificate on Cisco DCNM Native HA setup 119
Exporting certificate from Active Node to Standby Node 121
Restoring the certificates after an upgrade 122
Restoring Certificates on Cisco DCNM Standalone setup after Upgrade 124
Restoring Certificates on Cisco DCNM Native HA setup after Upgrade 124
Recovering and Restoring Previously Installed CA Signed Certificates 125
Verifying the installed certificate 126
CHAPTER 10
Running Cisco DCNM Behind a Firewall
129
Running Cisco DCNM Behind a Firewall 129
Configuring Custom Firewalls 131
CHAPTER 11
Secure Client Communications for Cisco DCNM Servers
135
Secure Client Communications for Cisco DCNM Servers 135
Enabling SSL/HTTPS on Cisco DCNM in HA Environment on Virtual Appliance 135
CHAPTER 12
Managing Applications in a High-Availability Environment
137
Information About Application Level HA in the Cisco DCNM Open Virtual Appliance 137
Automatic Failover 138
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
v
Contents
Manually Triggered Failovers 138
Native HA Failover and Troubleshooting 138
Application High Availability Details 140
Data Center Network Management
140
RabbitMQ 142
Repositories 143
CHAPTER 13
Managing Utility Services After DCNM Deployment
145
Editing Network Properties Post DCNM Installation 145
Modifying Network Properties on DCNM in Standalone Mode 146
Modifying Network Properties on DCNM in Native HA Mode 148
Changing the DCNM Server Password Post DCNM Installation 155
Changing the DCNM Database Password on Standalone Setup 156
Changing the DCNM Database Password on Native HA Setup 156
Convert Standalone Setup to Native-HA Setup 157
Utility Services Details 161
Network Management 162
Orchestration 162
Device Power On Auto Provisioning
162
Managing Applications and Utility Services
163
Verifying the Application and Utility Services Status after Deployment 163
Stopping, Starting, and Resetting Utility Services 164
Updating the SFTP Server Address for IPv6 165
CHAPTER 14
Tetration Agent With DCNM Validation
167
Tetration Agent With DCNM Validation 167
CHAPTER 15
Installing Software Maintenance Update 171
Installing Software Maintenance Update on Cisco DCNM 11.4(1) to use Network Insights for Resources
Application 171
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
vi
CHAPTER
1
Overview
Cisco Data Center Network Manager (DCNM) is a management system for Cisco NXOS-based storage fabrics.
In addition to provisioning, monitoring, and troubleshooting the data center network infrastructure, the Cisco
DCNM provides a comprehensive feature-set that meets the routing, switching, and storage administration
needs of data centers. It streamlines the provisioning for the Programmable Fabric and monitors the SAN
components.
Cisco DCNM provides a high level of visibility and control through a single web-based management console
for Cisco Nexus Series Switches, Cisco MDS, and Cisco Unified Computing System (UCS) products. Cisco
DCNM also includes Cisco DCNM-SAN client and Device Manager functionality.
This section contains the following sections:
• Introduction, on page 1
• Installation Options, on page 2
• Deployment Options, on page 2
• Upgrading Cisco DCNM, on page 3
• System Requirements, on page 3
Introduction
Cisco DCNM provides an alternative to the command-line interface (CLI) for switch configuration commands.
Cisco DCNM includes these management applications:
Cisco DCNM Web UI
Cisco DCNM Web UI allows operators to monitor and obtain reports for Cisco MDS and Nexus events,
performance, and inventory from a remote location using a web browser. Licensing and discovery are part of
the Cisco DCNM Web UI.
Performance Manager
Performance Manager presents detailed traffic analysis by capturing data with SNMP. This data is compiled
into various graphs and charts that can be viewed on the Cisco DCNM Web UI.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
1
Overview
Installation Options
Installation Options
Cisco DCNM software images are packaged with the Cisco DCNM installer, signature certificate, and signature
verification script. Unzip the desired Cisco DCNM installer image ZIP file to a directory. Verify the image
signature by following the steps in the README file. The installer from this package installs the Cisco DCNM
software.
DCNM Open Virtual Appliance (OVA) Installer
This installer is available as an Open Virtual Appliance file (.ova). The installer contains a pre-installed OS,
DCNM, and other applications needed for programmable fabric.
DCNM ISO Virtual Appliance (ISO) Installer
This installer is available as an ISO image file (.iso). The installer is a bundle of OS, DCNM, and other
applications needed for dynamic fabric automation.
Deployment Options
You can deploy the Cisco DCNM installer in one of the following modes:
Standalone Server
All types of installers are packaged along with PostgreSQL database. The default installation steps for the
respective installers result in this mode of deployment.
Note
We recommend that you deploy Cisco DCNM in Native HA Mode.
High Availability for Virtual Appliances
You can deploy the DCNM Virtual appliances, both OVA and ISO, in High Availability mode to have resilience
in case of application or OS failures.
DCNM Computes
Compute nodes are scale out application hosting nodes that run resource-intensive services to provide services
to the larger Fabric. When compute nodes are added, all services that are containers, run only on these nodes.
This includes Config Compliance, Endpoint Locator, and Virtual Machine Manager.
DCNM in Clustered Mode
In a clustered mode, the Cisco DCNM Server with more compute nodes provides an architecture to expand
resources, as you deploy more applications. The DCNM Servers do not run containerized applications. All
applications that work in unclustered mode works in the clustered mode, also.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
2
Overview
Upgrading Cisco DCNM
DCNM in Unclustered Mode
In unclustered mode, the Cisco DCNM runs some of its internal services as containers. Cisco DCNM leverages
resources from the Standby node for running some containers applications. The Cisco DCNM Active and
Standby nodes work together to extend resources to the overall functionality and deployment of DCNM and
its applications. However, it has limited resources to run some of the advanced applications and to extend the
system to deploy more applications delivered through the Cisco AppCenter.
Upgrading Cisco DCNM
Before Cisco DCNM Release 11.0(1), DCNM OVA, and ISO supported SAN functionality. From Cisco
DCNM Release 11.3(1), you can install Cisco DCNM for SAN Deployment on both OVA and ISO virtual
appliances.
The following table summarizes the type of upgrade that you must follow to upgrade to Release 11.4(1).
Table 1: Type of Upgrade for LAN Fabric, and IP for Media (IPFM) deployments
Current Release Number
Upgrade type to upgrade to Release 11.4(1)
11.3(1)
Inline Upgrade
11.2(1)
Inline Upgrade
11.1(1)
Inline Upgrade
11.0(1)
11.0(1) → 11.2(1) → 11.4(1)
11.0(1) → 11.1(1) → 11.4(1)
→ represents an Inline Upgrade
System Requirements
Note
We recommend that you do not upgrade any underlying third-party software separately. All the necessary
software components will be updated during the inline upgrade procedure. Upgrading the components outside
of DCNM upgrade will cause performance issues.
This section describes the various system requirements for proper functioning of your Cisco DCNM, Release
11.4(1).
Note
If you are deploying Network Insights applications on the Cisco DCNM Compute cluster, refer to the
app-specific Release Notes for additional CPU/memory requirements for the Computes.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
3
Overview
System Requirements
Java Requirements
The Cisco DCNM Server is distributed with JRE 11.0.6 into the following directory:
DCNM_root_directory/java/jdk11
Server Requirements
Cisco DCNM, Release 11.4(1), supports the Cisco DCNM Server on these 64-bit operating systems:
• IP for Media, and LAN Fabric Deployments:
• Open Virtual Appliance (OVA) with an integrated CentOS Linux release 7.8
• ISO Virtual Appliance (ISO) with an integrated CentOS Linux release 7.8
Database Requirements
Cisco DCNM Release 11.4(1) supports the following databases:
• PostgreSQL 9.6.16 - For OVA/ISO deployments
Note
The ISO/OVA installation only supports the embedded PostgreSQL database.
Hypervisors
Cisco DCNM supports the ISO installation on a bare-metal server (no hypervisor) on the following server
platforms:
Server
Product ID (PID)
Recommended minimum
memory, drive capacity, and
CPU count 12
Cisco UCS C240M4
UCSC-C240-M4S
32G / 500G 16 vCPUs
Cisco UCS C240M4
UCSC-C240-M4L
32G / 500G 16 vCPUs
Cisco UCS C240 M5S
UCSC-C240-M5SX
32G / 500G 16 vCPUs
Cisco UCS C220 M5L
UCSC-C220-M5L
32G / 500G 16 vCPUs
1
2
Note
Install the Cisco DCNM Compute node with 16 vCPUs, 64G RAM, and 500GB hard disk.
If you are deploying Network Insights applications on the Cisco DCNM Compute cluster, refer to the
app-specific Release Notes for additional CPU/memory requirements for the Computes.
Cisco DCNM can work on an alternative computing hardware with appropriate specifications, despite Cisco
is only testing on Cisco UCS.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
4
Overview
System Requirements
Supported Hypervisors
From Release 11.4(1), Cisco DCNM supports the running of the Cisco DCNM Server on the following
hypervisors:
Hypervisor supported
Data Center Manager server
application
Supported deployments
ESXi 7.0
vCenter 7.0
All
Note
VMM visualization on
vCenter 7.0 is not
supported with Cisco
DCNM 11.4(1).
ESXi 6.7 P01
vCenter 6.7 P01
All
ESXi 6.5
vCenter 6.5
All
ESXi 6.0
vCenter 6.0
All
RedHat 7.6 KVM with QEMU
version 1.5.3
Virtual Machine Manager (comes LAN Fabric
with RHEL 7.6)
Hyper-V on Windows Server 2019 Hyper-V Manager (comes with
Windows Server 2019)
LAN Fabric
This is supported with Native HA
mode, and not in Cluster mode.
VMware Snapshot Support for Cisco DCNM
Snapshots capture the entire state of the virtual machine at the time you take the snapshot. You can take a
snapshot when a virtual machine is powered on, powered off. The following table shows snapshot support
for your deployment.
VMware
vSphere
Hypervisor
(ESXi)
6.0
6.5
6.7
6.7 P01
7.0
VMware
vCenter Server
6.0
6.5
6.7
6.7 P01
For DCNM3
3
Note
Virtual Machine Manager import for compute visibility with vCenter 7.0 is not supported
vCenter server is mandatory to deploy the Cisco DCNM OVA Installer.
To take a snapshot on the VM, perform the following steps:
1. Right-click the virtual machine the inventory and select Snapshots > Take Snapshot.
2. In the Take Snapshot dialog box, enter a Name and description for the snapshot.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
5
Overview
System Requirements
3. Click OK to save the snapshot.
The following snapshots are available for VMs.
• When VM is powered off.
• When VM is powered on, and active.
Note
Cisco DCNM supports snapshots when VM is either powered on or powered off. DCNM doesn’t support
snapshots when the Virtual Machine memory option is selected.
Note that the Snapshot the Virtual Machine's memory check box must not be selected, as shown in the following
figure. However, it is grayed out when the VM is powered off.
You can restore VM to the state in a Snapshot.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
6
Overview
System Requirements
Right-click on the Virtual Machine and select Manage Snapshot. Select the snapshot to restore, and click
Done.
Server Resource (CPU/Memory) Requirements
Note
If you install Cisco DCNM on a virtual machine, you must reserve resources equal to the server resource
requirements to ensure a baseline with the physical machines.
Deployment Deployment
Type
LAN
Fabric
Note
• OVA
Small (Lab or
POC)
Large
(Production)
Huge
(Production)
CPU: 8 vCPUs CPU: 16
Not
vCPUs
Applicable
RAM: 24 GB
• ISO
RAM: 32 GB
• Hyper-V DISK: 500 GB
DISK: 500 GB
on
Windows
Compute
ComputeHuge
CPU: 16
vCPUs
CPU:
32vCPUs
RAM: 64 GB RAM: 128GB
DISK: 500 GB DISK: 2TB
for Network
Insights
Applications
For Huge and Compute deployments, you can add extra disk. The size of the disk can range from a minimum
of 32GB to a maximum of 1.5TB.
Allocate sufficient disk space to the root partition to complete DCNM installation and for stable continuous
operation of the DCNM applications. Refer to the applications’ User guides for disk space requirements. You
can mount another disk where the /tmp directory can be mounted during the installation or upgrade. You
can also add additional disk space and the disk file system using appmgr system scan-disks-and-extend-fs
command.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
7
Overview
System Requirements
Cisco DCNM LAN Fabric Deployment Without Network Insights (NI)
Note
For information about various system requirements for proper functioning of Cisco DCNM LAN Fabric
deployment, see System Requirements.
Refer to Network Insights User guide for sizing information for Cisco DCNM LAN Deployment with Network
Insights (NI).
To see the verified scale limits for Cisco DCNM 11.4(1) for managing LAN Fabric deployments, see Verified
Scale Limits for Cisco DCNM LAN Fabric Deployment.
Table 2: Upto 80 Switches
Node
CPU Deployment
Mode
CPU
Memory Storage
Network
DCNM
OVA/ISO
16
vCPUs
32G
500G
HDD
3xNIC
—
—
—
—
Computes NA
Table 3: 81–350 Switches
Node
CPU Deployment
Mode
CPU
Memory Storage
Network
DCNM
OVA/ISO
16
vCPUs
32G
500G
HDD
3xNIC
Computes x
34
OVA/ISO
16
vCPUs
64G
500G
HDD
3xNIC
4
Cisco DCNM must be deployed with Compute cluster nodes to use NI applications.
Supported Web Browsers
Cisco DCNM supports the following web browsers:
• Google Chrome Version 83.0.4103.97
• Mozilla Firefox Version 77.0.1 (64-bit)
• Microsoft Edge Version 83.0.478.45
Other Supported Software
The following table lists the other software that is supported by Cisco DCNM, Release 11.4(1).
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
8
Overview
System Requirements
Table 4: Other Supported Software
Component
Security
Features
• ACS versions 4.0, 5.1, 5.5, and 5.8
• ISE version 2.6
• Telnet Disabled: SSH Version 1, SSH Version 2, Global Enforce
SNMP Privacy Encryption.
• Web Client Encryption: HTTPS with TLS 1, 1.1 and 1.2
OVA\ISO Installers
CentOS 7.8/Linux Kernel 3.10.x
Also, Cisco DCNM supports call-home events, fabric change events, and events that are forwarded by traps
and email.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
9
Overview
System Requirements
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
10
CHAPTER
2
Guidelines and Limitations
• Guidelines and Limitations, on page 11
Guidelines and Limitations
The guidelines and limitations for installing and upgrading Cisco DCNM are as follows:
General Guidelines and Limitations
• Adhere to the following password requirements. If you do not comply with the requirements, the DCNM
application might not function properly:
• It must be at least 8 characters long and contain at least one alphabet and one numeral.
• It can contain a combination of alphabets, numerals, and special characters.
• All special characters, except %$^=;.*\'" <SPACE> is allowed in the password.
• After upgrade, you can login to the DCNM server using the new sysadmin password. However, you
must use the old DCNM password to login to the Web UI.
• The new Administrative password that is entered is used in the following scenarios.
• —accessing the DCNM appliance via its console.
• —accessing the appliance via SSH
• —for applications running on the appliance, for example, Postgres DBMS
• Do not interrupt the boot process (such as pressing the Ctrl+ALT + DELETE keys) when installing
DCNM. If you interrupt, you must restart the installation process.
• Ensure that you configure the timezone after installation or upgrade, before performing any other operations
on the Cisco DCNM Appliance. Use the NTP server for configuring timezones.
• To check the status of the running Postgres database in Native HA setup, use following command:
dcnm# su - postgres -c
dcnm# pg_ctl -D /usr/local/cisco/dcm/db/data status
Do not use the systemctl command.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
11
Guidelines and Limitations
Guidelines and Limitations
• Do not begin the password with Hash (#) symbol. Cisco DCNM considers the password as an encrypted
text if it begins with # symbol.
Fresh Installation
• For Virtual Appliances (OVA/ISO), the installer installs the Operating system and Cisco DCNM
components.
• The DCNM OVA cannot be deployed by connecting the vSphere client directly to the ESXi server.
Upgrade
• You can choose to discard the old performance manager (PM) data and continue to upgrade to DCNM
Release 11.4(1). For instructions about how to drop performance manager data, see Performance Manager
Data Management before Upgrading to Release 11.4(1), on page 73. If you choose to retain the old PM
data while you upgrade to Release 11.4(1), we recommend that you contact Cisco TAC for further
assistance.
• Ensure that you do not perform inline upgrade from an SSH session. The session may timeout and result
in an incomplete upgrade.
• Disable Telemetry in the earlier release before you upgrade.
• Disable Telemetry before you deploy Compute Nodes. You can enable Telemetry after deploying compute
nodes.
For DCNM in Native HA mode, Telemetry is supported with 3 compute nodes only.
• If you need to run Network Insights applications, you must install 3 compute nodes.
• Disable Telemetry before modifying Interface settings. You can enable Telemetry after modifying the
settings.
• During a backup and restore process, the compute nodes are also included in the backup. After you deploy
the new compute, you can restore the backup on the compute node.
If there was no backup, disconnect the 3 compute nodes, and erase the data on all the compute nodes.
On the Cisco DCNM Web Client UI, navigate to Application > Compute. Select the + icon to join the
compute nodes.
• To erase data on the compute node, logon to the compute node through an SSH session and erase the
data using the rm -rf /var/afw/vols/data command.
Note
You must run the above command separately on all compute nodes to erase data.
• Before starting NIR application after upgrade, on the DCNM Web UI, choose Application > Preferences.
Modify the network settings as required. If you do not modify the network settings after upgrade before
you enable the Telemetry on the Fabrics, the configuration will not complete. You must stop the NIR
app, modify the network settings and start the app again, to resolve the issue.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
12
CHAPTER
3
Prerequisites
This chapter provides release-specific prerequisites information for your deployment of Cisco Data Center
Network Manager.
• Prerequisites for DCNM Open Virtual Appliance, on page 13
• Prerequisites for DCNM ISO Virtual Appliance, on page 14
• Prerequisites for Cisco DCNM Virtual Appliance HA, on page 14
Prerequisites for DCNM Open Virtual Appliance
Before you install the Cisco DCNM Open Virtual Appliance, you will need to meet following software and
database requirements:
• Ensure that you've installed Visual C++ Redistributable Packages for Visual Studio 2013 64 bit before
installing or upgrading to Cisco DCNM Release 11.4(1).
• VMware vCenter Server that is running on a Windows server (or alternatively, running as a virtual
appliance).
• VMware ESXi host imported into vCenter.
• Three port groups on the ESXi host─DCNM Management Network, Enhanced Fabric Management
Network, and InBand interface for EPL and Telemetry features.
• Determine the number of switches in your Cisco Programmable Fabric that will be managed by the Cisco
DCNM Open Virtual Appliance.
• Ensure that no anti-virus software (such as McAfee) is running on the host where the VMware vCenter
web client is launched for the DCNM OVA installation. If the anti-virus software is running, the DCNM
installation might fail.
• The DCNM Open Virtual Appliance is compatible to be deployed in ESXi host as well. For deploying
in the ESXi host, VMware vSphere Client application is mandatory.
Note
For more information about the CPU and memory requirements, see the Server Resource Requirements section
of the Cisco DCNM Release Notes, Release .
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
13
Prerequisites
Prerequisites for DCNM ISO Virtual Appliance
Prerequisites for DCNM ISO Virtual Appliance
Ensure that you do not add an additional Active or Standby node to an existing Active-Standby Native HA
DCNM Appliance. The installation fails.
Ensure that you've installed Visual C++ Redistributable Packages for Visual Studio 2013 64 bit before installing
or upgrading to Cisco DCNM Release 11.4(1).
You have to set up the host or the hypervisor before you install the Cisco DCNM ISO Virtual Appliance.
Based on the requirement, set up the setup Host machine or Hypervisor based on CPU and Memory requirement.
Note
For more information about the CPU and memory requirements, see the Server Resource Requirements section
of the Cisco DCNM Release Notes, Release .
You can set up one of the following hosts to install the DCNM ISO Virtual Appliance.
VMware ESXi
The host machine is installed with ESXi and two port groups are created—one for EFM network and the other
for DCNM Management network. Enhanced Fabric In-Band network is optional.
Kernel-based Virtual Machine (KVM)
The host machine is installed with Red Hat Enterprise Linux (RHEL) 5.x or 6.x or 7.x, with KVM libraries
and Graphical User Interface (GUI) access. The GUI allows you to access the Virtual Machine Manager, to
deploy and manage the Cisco DCNM Virtual Appliances. Two networks are created—EFM network and
DCNM Management network. Typically, the DCNM management network is bridged to gain access from
other subnets. Refer the KVM documentation on how to create different types of networks.
Note
KVM on other platforms like CentOS or Ubuntu will not be supported as it increases the compatibility matrix.
Prerequisites for Cisco DCNM Virtual Appliance HA
This section contains the following topics that describe the prerequisites for obtaining a high-availability (HA)
environment.
Deploying Cisco DCNM Virtual Appliances in HA mode
You must deploy two standalone Virtual Appliance (OVA and ISO). When you deploy both Virtual Appliances,
you must meet the following criteria:
• The eth0 of the active OVA must be in the same subnet as eth0 of the standby Virtual Appliance. The
eth1 of the active Virtual Appliance must be in the same subnet as eth1 of the standby OVA. The eth2
of the active virtual appliance must be in the same subnet as the eth2 of the standby appliance.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
14
Prerequisites
Availability of Virtual IP Addresses
• Both Virtual Appliances must be deployed with the same administrative password. This process ensures
that both Virtual Appliances are duplicates of each other.
• If you try to add an additional Active or Standby node to an existing Active-Standby Native HA DCNM
Appliance, the installation fails.
Availability of Virtual IP Addresses
Two free IP addresses are needed to set up the server eth0 and eth1 interfaces. However, eth2 IP address is
optional. The first IP address will be used in the management access network; it should be in the same subnet
as the management access (eth0) interface of the OVAs. The second IP address should be in the same subnet
as enhanced fabric management (eth1) interfaces (switch/POAP management network).
If you choose to configure inband management (eth2) for the DCNM Server, you must reserve another IP
Address. For Native HA setup, the eth2 interface on Primary and Secondary servers must be in same subnet.
Installing an NTP Server
For most of the HA functionality to work, you must synchronize the time on both OVAs by using an NTP
server. The installation would typically be in the management access network (eth0) interfaces.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
15
Prerequisites
Installing an NTP Server
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
16
CHAPTER
4
Installing the Cisco DCNM
This chapter contains the following sections:
Note
Beginning with Release 11.4(1), along with Computes, you can install Cisco DCNM in Standalone and Native
HA mode on Cisco Applications Services Engine. For more information, see Cisco Application Services
Engine Installation Guide For Cisco DCNM.
• Installing DCNM on Open Virtual Appliance, on page 17
• Installing DCNM on ISO Virtual Appliance, on page 33
• Convert Standalone Setup to Native-HA Setup, on page 63
• Installing Cisco DCNM Compute Node, on page 67
Installing DCNM on Open Virtual Appliance
This chapter contains the following sections:
Downloading the Open Virtual Appliance File
The first step to install the Open Virtual Appliance is to download the dcnm.ova file. Point to that dcnm.ova
file on your computer when deploying the OVF template.
Note
If you plan to use HA application functions, you must deploy the dcnm.ova file twice.
Procedure
Step 1
Go to the following site: http://software.cisco.com/download/ .
A list of the latest release software for Cisco DCNM available for download is displayed.
Step 2
In the Latest Releases list, choose Release 11.4(1).
Step 3
Locate the DCNM Open Virtual Appliance Installer and click the Download icon.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
17
Installing the Cisco DCNM
Deploying the Open Virtual Appliance as an OVF Template
Step 4
Save the dcnm.ova file to your directory that is easy to find when you start to deploy the OVF template.
Deploying the Open Virtual Appliance as an OVF Template
After you download the Open Virtual Appliance file, you must deploy the OVF template from the vSphere
Client application or the vCenter Server.
Note
Deploy two OVAs for the HA setup.
Procedure
Step 1
Open the vCenter Server application and connect to the vCenter Server with your vCenter user credentials.
Note
ESXi host must be added to the vCenter Server application.
Depending on the version of the VMware vsphere web HTML5 interface may not work properly when
deploying Huge or Compute OVA, as it does not allow users to specify extra disk size. Therefore, we
recommend that you use Flex interface for deploying VMs.
If you're deploying OVF template using the ESXi 6.7, the installation fails if you use Internet Explorer browser
with HTML5. Ensure that you one of the following options to successfully deploy OVF template with ESXi
and 6.7:
• Mozilla Firefox browser, with HTML 5 support
Use flex interface if HTML 5 is not supported
• Mozilla Firefox browser, with flex\flash support
• Google Chrome browser, with HTML 5 support
Use flex interface if HTML 5 is not supported
Step 2
Navigate to Home > Inventory > Hosts and Clusters and choose the host on which the OVF template is
deployed.
Step 3
On the correct Host, right-click and select Deploy OVF Template.
You can also choose Actions > Deploy OVF Template.
Deploy OVF Template Wizard opens.
Step 4
On the Select template screen, navigate to the location where you have downloaded the OVA image.
You can choose the OVA file by one of the following methods:
• Select the URL radio button. Enter the path of the location of the image file.
• Select Local File radio button. Click Browse. Navigate to the directory where the image is stored. Click
OK.
Click Next.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
18
Installing the Cisco DCNM
Deploying the Open Virtual Appliance as an OVF Template
Step 5
Verify the OVA template details and click Next.
Step 6
On the End User License Agreement screen, read the license agreement.
Click Accept and click Next.
Step 7
On the Select name and location screen, enter the following information:
• In the Name field, enter an appropriate name for the OVF.
Note
Ensure that the VM name is unique within the Inventory.
• In the Browse tab, select Datacenter as the deployment location under the appropriate ESXi host.
Click Next.
Step 8
On the Select configuration screen, select the configuration from the drop-down list.
• Choose Small (Lab or POC) to configure the virtual machine with 8 vCPUs, 24GB RAM.
Choose Small for proof-of-concept and other small-scale environments with fewer than 50 switches that
are not expected to grow with time.
• Choose Large (Production) to configure the virtual machine with 16 vCPUs, 32GB RAM.
We recommend that you use a Large deployment configuration when you are managing more than 50
devices to leverage better RAM, heap memory, and CPUs. For setups that could grow, choose Large.
• Choose Compute to configure the virtual machine with 16 vCPUs, 64GB RAM.
You must have DCNM deployed in Compute mode to use applications in your deployment.
• Choose Huge to configure the virtual machine with 32 vCPUs, 128GB RAM.
This configuration is recommended if you deploy DCNM for SAN Management and use SAN Insights
feature.
• Choose ComputeHuge to configure the virtual machine with 32vCPUs and 128GB RAM with 2TB
disk.
This configuration is recommended if you use Cisco Network Insights applications.
Click Next.
Step 9
On Select a resource screen, select the host on which you want to deploy the OVA template.
Click Next.
Step 10
On Select storage screen, based on the Datastore and Available space choose the disk format and the destination
storage for the virtual machine file.
a) Select the virtual disk format from the drop-down list.
The available disk formats are:
Note
Choose one of the thick provision types if you have enough storage capacity as required by the
virtual appliance and want to set a specific allocation of space for the virtual disks.
• Thick Provision Lazy Zeroed: The space that is required for the virtual disk is allocated when the
virtual disk is created. The data that remains on the physical device is not erased when the virtual
disk is created but is zeroed out on demand later on first write from the virtual disk.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
19
Installing the Cisco DCNM
Deploying the Open Virtual Appliance as an OVF Template
• Thin Provision: The disk space available is less than 100 GB. The initial disk consumption is 3GB
and increases as the size of the database increases with the number of devices being managed.
• Thick Provision Eager Zeroed: The space that is required for the virtual disk is allocated when the
virtual disk is created. Unlike the Lazy Zeroed option, the data that remains on the physical device
is erased when the virtual disk is created.
Note
With 500G, the DCNM installation will appear to be stuck with option Thick Provision
Eager Zeroed. However, it takes longer time to complete.
b) Select the VM storage policy from the drop-down list.
By default, no policy is selected.
c) Check the Show datastores from Storage DRS clusters to view the clusters datastores.
d) Select the destination storage for the virtual machine, available in the datastore.
Click Next.
Step 11
On the Select Networks screen, map the networks that are used in the OVF template to networks in your
inventory.
• dcnm-mgmt network
This network provides connectivity (SSH, SCP, HTTP, HTTPS) to the Cisco DCNM Open Virtual
Appliance. Associate this network with the portgroup that corresponds to the subnet that is associated
with the DCNM Management network.
• enhanced-fabric-mgmt
This network provides enhanced fabric management of Nexus switches. You must associate this network
with the port group that corresponds to management network of leaf and spine switches.
• enhanced-fabric-inband
This network provides in-band connection to the fabric. You must associate this network with port group
that corresponds to a fabric in-band connection.
Note
If you do not configure enhanced-fabric-inband network, Endpoint Locator and Telemetry
features are not operational.
However, you can edit the network properties after installation, if required, using the appmgr update
network-properties command. For more information, see Editing Network Properties Post DCNM Installation,
on page 145.
From the Destination Network drop-down list, choose to associate the network mapping with the port group
that corresponds to the subnet that is associated with the corresponding network.
If you are deploying more than one DCNM Open Virtual Appliance for HA functionality, you must meet the
following criteria:
• Both OVAs must have their management access (eth0), enhanced fabric management (eth1) and inband
management (eth2) interfaces in the same subnet.
• Each OVA must have their eth0-eth1 and eth2 interfaces in different subnets.
• Both OVAs must be deployed with the same administrative password. This is to ensure that both OVAs
are duplicates of each other for application access.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
20
Installing the Cisco DCNM
Deploying the Open Virtual Appliance as an OVF Template
All special characters, except %$^=;.*\'" <SPACE> is allowed in the password.
Click Next.
Step 12
On Customize template screen, enter the Management Properties information.
Enter the IP Address (for the outside management address for DCNM), Subnet Mask, and Default Gateway.
Note
During Native HA installation and upgrade, ensure that you provide appropriate Management
Properties for both Active and Standby appliances.
Ensure that add valid values for the Management Network properties. Properties with invalid values will
not be assigned. The VM will not power on until you enter valid values.
From Release 11.3(1), for Huge and Compute configurations, you can add extra disk space on the VM. You
can add from 32GB up to 1.5TB of disk space. In the Extra Disk Size field, enter the extra disk size that will
be created on the VM.
Click Next.
Step 13
On Ready to Complete screen, review the deployment settings.
Click Back to go to the previous screens and modify the configuration.
Click Finish to deploy the OVF template.
You can see the deployment status in the Recent Tasks area on the vSphere Client.
Note
Step 14
If this deployment is a part of the upgrade process, do not Power on the VM. Edit and provide the
11.0(1) or 11.1(1) or 11.2(1) MAC address and power on the VM.
After the installation is complete, right click on the installed VM and select Power > Power On.
Note
Before you power on the VM, ensure that you have reserved appropriate resources for the VM, such
as CPU and memory, based on the chosen deployment configuration.
You can see the status in the Recent Tasks area.
Step 15
Navigate to the Summary tab and click Settings icon and select Launch Web Console.
A message indicating that the DCNM appliance is configuring appears on the screen.
***************************************************************
Please point your web browser to
https://<IP-address>:<port-number>
to complete the application
***************************************************************
Copy and paste the URL to the browser to complete the installation, using the Web Installer.
What to do next
You can choose to install DCNM in Standalone mode or Native HA mode. For more information, see Installing
the Cisco DCNM OVA in Standalone Mode, on page 22 or Installing the Cisco DCNM OVA in Native HA
mode, on page 26.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
21
Installing the Cisco DCNM
Installing the Cisco DCNM OVA in Standalone Mode
Installing the Cisco DCNM OVA in Standalone Mode
Paste the URL displayed on the Console tab and hit Enter key. A welcome message appears.
To complete the installation of Cisco DCNM from the web installer, perform the following procedure.
Procedure
Step 1
On the Welcome to Cisco DCNM screen, click Get Started.
Caution
Step 2
If the system configuration does not meet minimum resource requirements, SYSTEM RESOURCE
ERROR is displayed on the Web Installer, and the installation will be aborted. Modify the system
requirements, and launch the Web Installer to complete the installation.
On the Cisco DCNM Installer tab, select Fresh Installation – Standalone radio button.
Click Next.
Step 3
On the Install Mode tab, choose your DCNM deployment type.
From the Installation mode drop-down list, choose LAN Fabric installation mode for the DCNM Appliance.
Check the Enable Clustered Mode check box, if you want to deploy Cisco DCNM in Cluster mode. The
Compute nodes will be displayed on the Cisco DCNM Web UI > Applications > Compute. The applications
will run on the Compute nodes. You can add the compute nodes to a Cluster, later.
If Enable Clustered Mode is selected, applications such as, Config Compliance, EPL, and NIA,
and NIR won’t work until you install the compute nodes.
Note
Click Next.
Step 4
On the Administration tab, enter information about passwords.
• In the Administrator Password field, enter the password that is used to connect to the applications in
the Cisco DCNM.
All special characters, except %$^=;.*\'" <SPACE> is allowed in the password.
Enter the password again in the Repeat Administrator Password field.
• In the Database Password field, enter the password for the PostgreSQL database.
All special characters, except %$^=;.*\'" <SPACE> is allowed in the password.
Enter the password again in the Repeat Database Password field.
Note
If Database Password field is left blank, it shall consider the Administrator password as the
PostgreSQL password.
Select the Show passwords in clear text check box to view the password that you have entered.
Click Next.
Step 5
On the System Settings, configure the settings for the DCNM Appliance.
• In the Fully Qualified Hostname field, enter the hostname that is a fully qualified domain name (FQDN)
as per RFC1123, section 2.1. Hostnames with only digits is not supported.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
22
Installing the Cisco DCNM
Installing the Cisco DCNM OVA in Standalone Mode
• In the DNS Server Address List field, enter the DNS IP address.
You can also configure the DNS server using an IPv6 address.
From Release 11.3(1), you can configure more than one DNS server.
Note
If you’re using Network Insights applications, ensure that the DNS server is valid and reachable.
• In the NTP Server Address List field, enter the IP address of the NTP server.
The value must be an IP or IPv6 address or RFC 1123 compliant name.
From Release 11.3(1), you can configure more than one NTP server.
• From the Timezone drop-down list, select the timezone in which you are deploying the DCNM.
Click Next.
Step 6
On the Network Settings tab, configure the network parameters used to reach the DCNM Web UI.
Figure 1: Cisco DCNM Management Network Interfaces
a) In the Management Network area, verify if the auto-populated addresses for Management IPv4 Address
and Management Network Default IPv4 Gateway are correct. Modify, if necessary.
Note
Beginning with Cisco DCNM Release 11.2(1), you can also use an IPv6 address for the
Management Network.
(Optional) Enter a valid IPv6 address along with the prefix to configure the Management IPv6 Address
and the Management Network Default IPv6 Gateway.
b) In the Out-of-Band Network area, enter the IPv4 address and Gateway IPv4 Address.
If DCNM is on the IPv6 network, configure the network by entering relevant IPv6 Address for IPv6
address and Gateway IPv6 Address.
Out-of-band management provides a connection to the device management ports (Typically mgmt0).
Note
If the out-of-band network is not configured, you cannot configure Cisco DCNM in Cluster
mode.
c) (Optional) In the In-Band Network area, enter the IPv4 address and Gateway IPv4 Address for the
in-band network.
This field is mandatory if you have selected the Enable Cluster mode in Step Step 3, on page 22.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
23
Installing the Cisco DCNM
Installing the Cisco DCNM OVA in Standalone Mode
If DCNM is on the IPv6 network, configure the network by entering relevant IPv6 Address for IPv6
address and Gateway IPv6 Address.
The In-Band Network provides reachability to the devices via the front-panel ports.
If you do not configure in-band network, Endpoint Locator and Telemetry features are not
operational.
Note
However, you can edit the network properties after installation, if required, using the appmgr update
network-properties command. For more information, see Editing Network Properties Post DCNM Installation,
on page 145.
Click Next.
Step 7
On the Applications tab, configure the Device Connector and Internal Applications Services Network, and
Cluster mode settings.
Device Connector is enabled by default.
Note
The Device connector is an embedded management controller that enables the capabilities of Cisco Intersight,
a cloud-based management platform.
a) (Optional) In the Proxy Server field, enter the IP address for the proxy server.
The proxy server must be of RFC1123-compliant name.
Note
By default, port 80 is used for proxy server. Use <proxy-server-ip>:<port> to use proxy server
is a different port.
If the proxy server must require authentication, enter relevant username and password in the Proxy Server
Username and Proxy Server Password fields.
b) In the Internal Application Services Network area, in the IPv4 Subnet field, enter the IP subnet to
access the applications that run internally to DCNM.
All the applications use the IP Address from this subnet.
c) In the Clustered mode configuration area, configure the network settings to deploy the DCNM instance
in Clustered mode. In Clustered mode, applications run on separate compute nodes.
The Cluster Mode configuration area appears only if you have selected the Enable Clustered Mode check
box in Step Step 3, on page 22.
Note
In Clustered mode, the Cisco DCNM Applications run on separate DCNM Compute Nodes.
• In the Out-of-Band IPv4 Network Address Pool, enter the address pool from the Out-of-Band IPv4
network to be used in the Clustered Mode.
Optionally, you can also enter an IPv6 address pool in the Out-of-Band IPv6 Network Address
Pool field.
• In the In-Band IPv4 Network Address Pool, enter the address pool from the In-Band IPv4 network
to be used in the Clustered Mode.
Optionally, you can also enter an IPv6 address pool in the In-Band IPv6 Network Address Pool
field.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
24
Installing the Cisco DCNM
Installing the Cisco DCNM OVA in Standalone Mode
The address must be a smaller prefix of available IP addresses from the eth1 subnet. For example: Use
10.1.1.240/28 if the eth1 subnet was configured as 10.1.1.0/24 during installation. This subnet must be a
minimum of /28 (16 addresses) and maximum of /24 (256 addresses). It should also be longer than the
east-west pool. This subnet is assigned to containers, to communicate with the switches.
Click Next.
Step 8
On the Summary tab, review the configuration details.
Click Previous to go to the previous tabs and modify the configuration. Click Start Installation to complete
the Cisco DCNM Installation for the chosen deployment mode.
A progress bar appears showing the completed percentage, description of the operation, and the elapsed time
during the installation. After the progress bar shows 100%, click Continue.
A success message appears with the URL to access DCNM Web UI.
***************************************************************
Your Cisco Data Center Network Manager software has been installed.
DCNM Web UI is available at
https://<<IP Address>>
You will be redirected there in 60 seconds.
Thank you
***************************************************************
Note
If the Cisco DCNM is running behind a firewall, ensure that you open the port 2443 to launch Cisco
DCNM Web UI.
Note
If you try to access the DCNM Web UI using the Management IP address while the installation is
still in progress, an error message appears on the console.
***************************************
*Preparing Appliance*
***************************************
What to do next
Log on to the DCNM Web UI with appropriate credentials.
Click the Settings icon and choose About DCNM. You can view and verify the Installation type that you
have deployed.
If you have configured inband management (eth2) IP addresses for device management, login to standalone
server and configure the inband network reachability from eth2 of the server to the switches by using the
following commands:
dcnm# appmgr update network-properties add route ipv4 eth2 <ipv4-network-ip-address/prefix>
For example: If you have four switches with all fabric links connected through 10.0.0.x/30 subnet, and if all
switches are configured with the loopback interface for inband reachability in subnet 40.1.1.0/24, use the
following commands:
dcnm#
dcnm#
dcnm#
dcnm#
appmgr
appmgr
appmgr
appmgr
update
update
update
update
network-properties
network-properties
network-properties
network-properties
session start
add route ipv4 eth2 10.0.0.0/24
add route ipv4 eth2 40.1.1.0/24
session apply
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
25
Installing the Cisco DCNM
Installing the Cisco DCNM OVA in Native HA mode
Installing the Cisco DCNM OVA in Native HA mode
The native HA is supported on DCNM appliances with ISO or OVA installation only.
By default, an embedded PostgreSQL database engine with the Cisco DCNM. The native HA feature allows
two Cisco DCNM appliances to run as active and standby applications, with their embedded databases
synchronized in real time. Therefore, when the active DCNM is not functioning, the standby DCNM takes
over with the same database data and resume the operation.
Perform the following task to set up Native HA for DCNM.
Procedure
Step 1
Deploy two DCNM Virtual Appliances (either OVA or ISO).
For example, let us indicate them as dcnm1 and dcnm2.
Step 2
Configure dcnm1 as the Primary node. Paste the URL displayed on the Console tab of dcnm1 and press
Enter key.
A welcome message appears.
a) On the Welcome to Cisco DCNM screen, click Get Started.
Caution
If the system configuration does not meet minimum resource requirements, SYSTEM
RESOURCE ERROR is displayed on the Web Installer, and the installation will be aborted.
Modify the system requirements, and launch the Web Installer to complete the installation.
b) On the Cisco DCNM Installer tab, select Fresh Installation - HA Primary radio button, to install dcnm1
as Primary node.
Click Next.
c) On the Install Mode tab, choose your DCNM deployment type.
From the Installation mode drop-down list, choose LAN Fabric installation mode for the DCNM
Appliance.
Check the Enable Clustered Mode check box, if you want to deploy Cisco DCNM in Cluster mode. The
Compute nodes will be displayed on the Cisco DCNM Web UI > Applications > Compute. The
applications will run on the Compute nodes. You can add the compute nodes to a Cluster, later.
Note
If Enable Clustered Mode is selected, applications such as, Config Compliance, EPL, and
NIA, and NIR won’t work until you install the compute nodes.
Click Next.
d) On the Administration tab, enter information about passwords.
• In the Administrator Password field, enter the password that is used to connect to the applications
in the Cisco DCNM.
All special characters, except %$^=;.*\'" <SPACE> is allowed in the password.
Enter the password again in the Repeat Administrator Password field.
• In the Database Password field, enter the password for the PostgreSQL database.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
26
Installing the Cisco DCNM
Installing the Cisco DCNM OVA in Native HA mode
All special characters, except %$^=;.*\'" <SPACE> is allowed in the password.
Enter the password again in the Repeat Database Password field.
Note
If the Database Password field is left blank, it shall consider the Administrator password
as the PostgreSQL password.
Select the Show passwords in clear text check box to view the password that you have entered.
Click Next.
e) On the System Settings, configure the settings for the DCNM Appliance.
• In the Fully Qualified Hostname field, enter the hostname that is a fully qualified domain name
(FQDN) as per RFC1123, section 2.1. Hostnames with only digits is not supported.
• In the DNS Server Address List field, enter the DNS IP address.
Beginning with Release 11.2(1), you can also configure the DNS server using an IPv6 address.
From Release 11.3(1), you can configure more than one DNS server.
Note
If you’re using Network Insights applications, ensure that the DNS server is valid and
reachable.
• In the NTP Server Address List field, enter the IP address of the NTP server.
The value must be an IP or IPv6 address or RFC 1123 compliant name.
From Release 11.3(1), you can configure more than one NTP server.
• From the Timezone drop-down list, select the timezone in which you are deploying the DCNM.
Click Next.
f) On the Network Settings tab, configure the network parameters used to reach the DCNM Web UI.
Figure 2: Cisco DCNM Management Network Interfaces
1. In the Management Network area, verify if the auto-populated addresses for Management IPv4
Address and Management Network Default IPv4 Gateway are correct. Modify, if necessary.
Note
Beginning with Cisco DCNM Release 11.2(1), you can also use an IPv6 address for the
Management Network.
(Optionally) Enter a valid IPv6 address along with the prefix to configure the Management IPv6
Address and the Management Network Default IPv6 Gateway.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
27
Installing the Cisco DCNM
Installing the Cisco DCNM OVA in Native HA mode
2. In the Out-of-Band Network area, enter the IPv4 address and Gateway IPv4 Address.
If DCNM is on the IPv6 network, configure the network by entering relevant IPv6 Address for IPv6
address and Gateway IPv6 Address.
Out-of-band management provides a connection to the device management ports (Typically mgmt0).
If the out-of-band network is not configured, you cannot configure Cisco DCNM in Cluster
mode.
Note
3. In the In-Band Network area, enter the IPv4 address and Gateway IPv4 Address for the in-band
network.
If DCNM is on the IPv6 network, configure the network by entering relevant IPv6 Address for IPv6
address and Gateway IPv6 Address.
The In-Band Network provides reachability to the devices via the front-panel ports.
If you do not configure in-band network, Endpoint Locator and Telemetry features are not
operational.
Note
However, you can edit the network properties after installation, if required, using the appmgr update
network-properties command. For more information, see Editing Network Properties Post DCNM
Installation, on page 145.
Click Next.
g) On the Applications tab, configure the Device Connector and Internal Applications Services Network.
Device Connector is enabled by default.
Note
The Device connector is an embedded management controller that enables the capabilities of Cisco
Intersight, a cloud-based management platform.
1. In the Proxy Server field, enter the IP address for the proxy server.
The proxy server must be of RFC1123-compliant name.
Note
By default, port 80 is used for proxy server. Use <proxy-server-ip>:<port> to use proxy
server is a different port.
If the proxy server must require authentication, enter relevant username and password in the Proxy
Server Username and Proxy Server Password fields.
2. In the Internal Application Services Network area, in the IPv4 Subnet field, enter the IP subnet to
access the applications that run internally to DCNM.
All the applications use the IP Address from this subnet. By default, the
The Cluster Mode configuration area appears only if you have selected the Enable Clustered Mode
check box in Step 2.c, on page 26.
Note
In Clustered mode, the Cisco DCNM Applications run on separate DCNM Compute Nodes.
3. In the Clustered mode configuration area, configure the network settings to deploy the DCNM
instance in Clustered mode. In Clustered mode, applications run on separate compute nodes.
• In the Out-of-Band IPv4 Network Address Pool, enter the address pool from the Out-of-Band
IPv4 network to be used in the Clustered Mode.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
28
Installing the Cisco DCNM
Installing the Cisco DCNM OVA in Native HA mode
Optionally, you can also enter an IPv6 address pool in the Out-of-Band IPv6 Network Address
Pool field.
• In the In-Band IPv4 Network Address Pool, enter the address pool from the In-Band IPv4
network to be used in the Clustered Mode.
Optionally, you can also enter an IPv6 address pool in the In-Band IPv6 Network Address
Pool field.
The address must be a smaller prefix of available IP addresses from the eth1 subnet. For example:
Use 10.1.1.240/28 if the eth1 subnet was configured as 10.1.1.0/24 during installation. This subnet
must be a minimum of /28 (16 addresses) and maximum of /24 (256 addresses). It should also be
longer than the east-west pool. This subnet is assigned to containers, to communicate with the switches.
h) On the HA Settings tab, a confirmation message appears.
You are installing the primary DCNM HA node.
Please note that HA setup information will need to
be provided when the secondary DCNM HA node is
installed.
Click Next.
i) On the Summary tab, review the configuration details.
Click Previous to go to the previous tabs and modify the configuration. Click Start Installation to
complete the Cisco DCNM Installation for the chosen deployment mode.
A progress bar appears to show the completed percentage, description of the operation, and the elapsed
time during the installation. After the progress bar shows 100%, click Continue.
A warning message appears stating that the setup is not complete until you install the Secondary node.
WARNING: DCNM HA SETUP IS NOT COMPLETE!
Your Cisco Data Center Network Manager software has been installed on
this HA primary node.
However, the system will be ready to be used only after installation
of the secondary node has been completed.
Thank you.
Step 3
Configure dcnm2 as the Secondary node. Paste the URL displayed on the Console tab of dcnm2 and hit Enter.
A welcome message appears.
a) On the Welcome to Cisco DCNM screen, click Get Started.
Caution
If the system configuration does not meet minimum resource requirements, SYSTEM
RESOURCE ERROR is displayed on the Web Installer, and the installation will be aborted.
Modify the system requirements, and launch the Web Installer to complete the installation.
b) On the Cisco DCNM Installer screen, select Fresh Installation - HA Secondary radio button, to install
dcnm2 as Secondary node.
Click Continue.
c) On the Install Mode tab, from the drop-down list, choose the same installation mode that you selected
for the Primary node.
Note
The HA installation fails if you do not choose the same installation mode as Primary node.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
29
Installing the Cisco DCNM
Installing the Cisco DCNM OVA in Native HA mode
Check the Enable Clustered Mode check box, if you have configured the Cisco DCNM Primary in
Clustered mode.
Click Next.
d) On the Administration tab, enter information about passwords.
All the passwords must be same as the passwords that you provided while configuring the
Primary node.
Note
e) On the System Settings, configure the settings for the DCNM Appliance.
• In the Fully Qualified Hostname field, enter the hostname that is a fully qualified domain name
(FQDN) as per RFC1123, section 2.1. Hostnames with only digits is not supported.
• In the DNS Server Address List field, enter the DNS IP address.
Beginning with Release 11.2(1), you can also configure the DNS server using an IPv6 address.
From Release 11.3(1), you can configure more than one DNS server.
Note
If you’re using Network Insights applications, ensure that the DNS server is valid and
reachable.
• In the NTP Server Address List field, enter the IP address of the NTP server.
The value must be an IP or IPv6 address or RFC 1123 compliant name.
From Release 11.3(1), you can configure more than one NTP server.
• From the Timezone drop-down list, select the timezone in which you are deploying the DCNM.
Click Next.
f) On the Network Settings tab, configure the network parameters used to reach the DCNM Web UI.
Figure 3: Cisco DCNM Management Network Interfaces
1. In the Management Network area, verify if the auto-populated addresses for Management IPv4
Address and Management Network Default IPv4 Gateway are correct. Modify, if necessary.
Note
Ensure that the IP address belongs to the same Management Network configured on the
Primary node.
(Optionally) Enter a valid IPv6 address along with the prefix to configure the Management IPv6
Address and the Management Network Default IPv6 Gateway.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
30
Installing the Cisco DCNM
Installing the Cisco DCNM OVA in Native HA mode
2. In the Out-of-Band Network area, enter the IPv4 address and Gateway IPv4 Address.
If DCNM is on the IPv6 network, configure the network by entering relevant IPv6 Address for IPv6
address and Gateway IPv6 Address.
Ensure that the IP addresses belong to the same Out-of-Band network configured on the
Primary node.
Note
Out-of-band management provides a connection to the device management ports (Typically mgmt0).
If the out-of-band network is not configured, you cannot configure Cisco DCNM in Cluster
mode.
Note
3. In the In-Band Network area, enter the IPv4 address and Gateway IPv4 Address for the in-band
network.
If DCNM is on the IPv6 network, configure the network by entering relevant IPv6 Address for IPv6
address and Gateway IPv6 Address.
Ensure that the IP addresses belong to the same In-Band network configured on the Primary
node.
Note
The In-Band Network provides reachability to the devices via the front-panel ports.
If you do not configure in-band network, Endpoint Locator and Telemetry features are not
operational.
Note
Click Next.
g) On the Applications tab, configure the Internal Applications Services Network, and Cluster mode settings.
1. In the Internal Application Services Network area, in the IPv4 Subnet field, enter the IP subnet to
access the applications that run internally to DCNM.
2. In the Clustered mode configuration area, configure the network settings to deploy the DCNM
instance in Clustered mode. In Clustered mode, applications run on separate compute nodes.
• In the Out-of-Band IPv4 Network Address Pool, enter the address pool from the Out-of-Band
IPv4 network to be used in the Clustered Mode.
Optionally, you can also enter an IPv6 address pool in the Out-of-Band IPv6 Network Address
Pool field.
• In the In-Band IPv4 Network Address Pool, enter the address pool from the In-Band IPv4
network to be used in the Clustered Mode.
Optionally, you can also enter an IPv6 address pool in the In-Band IPv6 Network Address
Pool field.
Ensure that the IP addresses belong to the same pool as configured on the Primary node.
h) On the HA Settings tab, configure the system settings for the Secondary node.
• In the Management IPv4 Address of Primary DCNM node field, enter the appropriate IP Address
to access the DCNM UI.
• In the VIP Fully qualified Host Name field, enter hostname that is a fully qualified domain name
(FQDN) as per RFC1123, section 2.1. Host names with only digits is not supported.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
31
Installing the Cisco DCNM
Installing the Cisco DCNM OVA in Native HA mode
• In the Management Network VIP address field, enter the IP address used as VIP in the management
network.
Optionally, you can also enter an IPv6 VIP address in the Management Network VIPv6 address
field.
If you have configured the Management network using IPv6 address, ensure that you
configure the Management Network VIPv6 Address.
Note
• In the Out-of-Band Network VIP Address field, enter the IP address used as VIP in the Out-of-Band
network.
Optionally, you can also enter an IPv6 VIP address in the Out-of-Band Network VIPv6 Address
field.
• In the In-Band Network VIP Address field, enter the IP address used as VIP in the Out-of-Band
network.
Optionally, you can also enter an IPv6 VIP address in the In-Band Network VIPv6 Address field.
This field is mandatory if you have provided an IP address for In-Band network in the
Network Settings tab.
Note
• In the HA Ping Feature IPv4 Address field, enter the HA ping IP address and enable this feature,
if necessary.
The configured IPv4 address must respond to the ICMP echo pings.
Note
HA_PING_ADDRESS, must be different from the DCNM Active and Standby addresses.
You must configure the HA ping IPv4 Address to avoid the Split Brain scenario. This IP address
must belong to Enhanced Fabric management network.
Click Next.
i) On the Summary tab, review the configuration details.
Click Previous to go to the previous tabs and modify the configuration. Click Start Installation to
complete the Cisco DCNM OVA Installation for the chosen deployment mode.
A progress bar appears to show the completed percentage, description of the operation, and the elapsed
time during the installation. After the progress bar shows 100%, click Continue.
A success message appears with the URL to access DCNM Web UI.
***************************************************************
Your Cisco Data Center Network Manager software has been installed.
DCNM Web UI is available at
https://<<IP Address>>
You will be redirected there in 60 seconds.
Thank you
***************************************************************
Note
If the Cisco DCNM is running behind a firewall, ensure that you open the port 2443 to launch
Cisco DCNM Web UI.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
32
Installing the Cisco DCNM
Installing DCNM on ISO Virtual Appliance
What to do next
Log on to the DCNM Web UI with appropriate credentials.
Click the Settings icon and choose About DCNM. You can view and verify the Installation type that you
have deployed.
If you have configured inband management (eth2) IP addresses for device management, login to standalone
server and configure the inband network reachability from eth2 of the server to the switches by using the
following commands:
dcnm# appmgr update network-properties add route ipv4 eth2 <ipv4-network-ip-address/prefix>
For example: If you have four switches with all fabric links connected through 10.0.0.x/30 subnet, and if all
switches are configured with the loopback interface for inband reachability in subnet 40.1.1.0/24, use the
following commands:
dcnm#
dcnm#
dcnm#
dcnm#
appmgr
appmgr
appmgr
appmgr
update
update
update
update
network-properties
network-properties
network-properties
network-properties
session start
add route ipv4 eth2 10.0.0.0/24
add route ipv4 eth2 40.1.1.0/24
session apply
Installing DCNM on ISO Virtual Appliance
This chapter contains the following sections:
Note
The screenshots in this section may change in your setup based on how you are booting the ISO; you will
either see the blue (BIOS) screen or the black (UEFI) screen.
Downloading the ISO Virtual Appliance File
The first step to installing the ISO Virtual Appliance is to download the dcnm.iso file. You must point to
that dcnm.iso file on your computer when preparing the server for installing DCNM.
Note
If you plan to use HA application functions, you must deploy the dcnm.iso file twice.
Procedure
Step 1
Go to the following site: http://software.cisco.com/download/ .
Step 2
In the Select a Product search box, enter Cisco Data Center Network Manager.
Click on Search icon.
Step 3
Click on Data Center Network Manager from the search results.
A list of the latest release software for Cisco DCNM available for download is displayed.
Step 4
In the Latest Releases list, choose Release .
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
33
Installing the Cisco DCNM
Installing the DCNM ISO Virtual Appliance on UCS (Bare Metal)
Step 5
Locate the DCNM ISO Virtual Appliance Installer and click the Download icon.
Step 6
Locate the DCNM VM templates at DCNM Virtual Appliance definition files for VMWare (.ovf) and KVM
(domain XMLs) environment and click Download.
Step 7
Save the dcnm.iso file to your directory that will be easy to find when you being the installation.
What to do next
You can choose to install DCNM On KVM or Baremetal servers. Refer to Installing the DCNM ISO Virtual
Appliance on KVM, on page 41 or Installing the DCNM ISO Virtual Appliance on UCS (Bare Metal), on
page 34 for more information.
Installing the DCNM ISO Virtual Appliance on UCS (Bare Metal)
From Release 11.3(1), you can install Cisco DCNM ISO using an additional mode where the physical interfaces
are bound together for a port channel or ethernet channel configured as a trunk with the management traffic,
out-of-band traffic, and in-band traffic separated in different VLANs.
Ensure that the switch is configured correctly for bundled interface mode. The following shows a sample
switch configuration for bundled interface mode:
vlan 100
vlan 101
vlan 102
interface port-channel1
switchport
switchport mode trunk
interface Ethernet101/1/1
switchport mode trunk
channel-group 1
no shutdown
interface Ethernet101/1/2
switchport mode trunk
channel-group 1
no shutdown
interface Ethernet101/1/3
switchport mode trunk
channel-group 1
no shutdown
interface Ethernet101/1/4
switchport mode trunk
channel-group 1
no shutdown
Perform the following tasks to install the DCNM ISO virtual appliance on UCS.
Procedure
Step 1
Step 2
Launch Cisco Integrated Management Controller (CIMC).
Click the Launch KVM button.
You can either launch Java-based KVM or HTML-based KVM.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
34
Installing the Cisco DCNM
Installing the DCNM ISO Virtual Appliance on UCS (Bare Metal)
Step 3
Click the URL displayed on the window to continue loading the KVM client application.
Step 4
On the Menu bar, click Virtual Media > Activate Virtual Devices.
Step 5
Click Virtual Media and choose one of the following mediums to browse and upload DCNM ISO images
from the following:
• Map CD/DVD
• Map Removable Disk
• Map Floppy Disk
Navigate to the location where the ISO image is located and load the ISO image.
Step 6
Select Power > Reset System (warm boot) and Ok to continue and restart the UCS box.
Step 7
Press F6 interrupt the reboot process when the server starts to select a boot device. The boot selection menu
appears.
For more information about using the UCS KVM Console window, see the Cisco UCS Server Configuration
Utility, Release 3.1 User Guide at the following URL:
https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/sw/ucsscu/user/guide/31/UCS_SCU/
booting.html#wp1078073
Step 8
Use the arrow keys to select Cisco Virtual CD/DVD and press Enter. The server boots with the DCNM ISO
image from the mapped location.
Note
The following image highlights UEFI installation. However, you can also choose Cisco
vKVM-Mapped vDVD1.22 for BIOS installation. ISO can be booted in both modes, BIOS, and
UEFI.
UEFI is mandatory for a system with minimum of 2TB disks.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
35
Installing the Cisco DCNM
Installing the DCNM ISO Virtual Appliance on UCS (Bare Metal)
For Cisco UCS with the disk size of 2TB or higher and with 4K sector size drivers, the UEFI boot option is
required. For more information, see UEFI Boot Mode.
Step 9
Select Install Cisco Data Center Network Manager using the up or down arrow keys. Press Enter.
The option shown in the following image appears when the ISO image is booted with UEFI.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
36
Installing the Cisco DCNM
Installing the DCNM ISO Virtual Appliance on UCS (Bare Metal)
Step 10
On the Cisco Management Network Management screen, select the mode to configure the network.
Enter 1 to configure the Cisco DCNM network interfaces from the available physical interfaces.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
37
Installing the Cisco DCNM
Installing the DCNM ISO Virtual Appliance on UCS (Bare Metal)
Enter 2 to configure the Cisco DCNM network interfaces from the available physical interfaces that are
bundled together to form a single port-channel, configured as a trunk.
Step 11
If you entered 1, to install Cisco DCNM ISO in un-bundled interface mode, select the interface for the networks.
The list of available interfaces is displayed on the screen.
Choose the Management Interface (eth0) and Out-of-Band interface (eth1) from the Network Interface List.
You can also configure the in-band interface (eth2) if necessary.
Note
If you do not configure In-Band interface, Endpoint Locator and Telemetry features are not
operational.
However, you can edit the network properties after installation, if required, using the appmgr update
network-properties command. For more information, see Editing Network Properties Post DCNM Installation,
on page 145.
Step 12
If you entered 2, to install Cisco DCNM ISO in bundled interface mode, perform the following tasks:
a) Select interface from the list to form a bundle.
Note
A minimum of one physical interface must be a part of the bundle.
Enter q after you enter all the interface that must be added to the bundle.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
38
Installing the Cisco DCNM
Installing the DCNM ISO Virtual Appliance on UCS (Bare Metal)
b) Enter the VLAN IDs to be used for Management Network, Out-Of-Band Network and In-band Network
Select interface from the list to form a bundle.
Verify and confirm if the correct VLAN IDs are assigned.
Note
The VLAN IDs for Management Network and Out-Of-Band Network can be the same when
Management Network and Out-Of-Band Network use the same subnet (that is, when eth0/eth1
are in the same subnet)
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
39
Installing the Cisco DCNM
Installing the DCNM ISO Virtual Appliance on UCS (Bare Metal)
Step 13
Review the selected interfaces. Press y to confirm and continue with the installation.
Step 14
Configure the Management Network for Cisco DCNM. Enter the IP address, Subnet Mask, and Gateway.
Press y to continue with the installation.
After the installation is complete, the system reboots and a message indicating that the DCNM appliance is
configuring appears on the screen.
***************************************************************
Please point your web browser to
http://<IP-address>:<port-number>
to complete the application
***************************************************************
Copy and paste the URL to the browser to complete the installation using the Web Installer.
What to do next
You can choose to install DCNM in Standalone mode or Native HA mode. For more information, see Installing
Cisco DCNM ISO in Standalone Mode, on page 51 or Installing the Cisco DCNM ISO in Native HA mode,
on page 55.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
40
Installing the Cisco DCNM
Installing the DCNM ISO Virtual Appliance on KVM
Installing the DCNM ISO Virtual Appliance on KVM
Perform the following tasks to install the ISO virtual appliance on KVM.
Procedure
Step 1
Unzip and extract and locate the dcnm-kvm-vm.xml file.
Step 2
Upload this file on the RHEL server that is running KVM to the same location as the ISO.
Step 3
Connect to the RHEL server running KVM via SCP File transfer terminal.
Step 4
Upload the and dcnm-kvm-vm.xml to the RHEL server.
Step 5
Close the file transfer session.
Step 6
Connect to the RHEL server running KVM via SSH terminal.
Step 7
Navigate to the location where both the ISO and domain XMLs is downloaded.
Step 8
Create the VM (or Domains, as they are known in the KVM terminology) using the virsh command.
need info on dcnm-kvm-vm-huge.xml
sudo virsh define [{dcnm-kvm-vm-huge.xml | dcnm-kvm-vm-compute.xml |
dcnm-kvm-vm-large.xml | dcnm-kvm-vm-small.xml}]
Step 9
Enable a VNC server and open the required firewall ports.
Step 10
Close the SSH session.
Step 11
Connect to the RHEL server running KVM via a VNC terminal.
Step 12
Navigate to Applications > System Tools > Virtual Machine Manager (VMM).
A VM is created in the Virtual Machine Manager.
Step 13
From Virtual Machine Manager, edit the VM by selecting the VM in the listing. Click Edit > Virtual Machine
Details > Show virtual hardware details.
Step 14
In the Virtual Hardware Details, navigate to Add Hardware > Storage.
Step 15
Create a hard disk with Device type withe the following specifications:
• device type: IDE disk
• cache-mode: default
• storage format: raw
We recommend that you use storage size of 500GB.
Step 16
Select IDE CDROM on the edit window of the Virtual Machine and click Connect.
Step 17
Navigate to dcnm-va.iso and click OK.
Step 18
Select both the NICs and assign appropriate networks that are created.
Step 19
Power on the Virtual Machine.
Note
Before you power on the VM, ensure that you have reserved appropriate resources for the VM, such
as CPU and memory, based on the chosen deployment configuration.
The operating system is installed.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
41
Installing the Cisco DCNM
Installing the DCNM ISO Virtual Appliance on Windows Hyper-V
Step 20
On the Cisco Management Network Management screen, select the interface for the networks. The list of
available interfaces is displayed on the screen.
Choose the Management Interface (eth0) and Out-of-Band interface (eth1) from the Network Interface List.
You can also configure in-band interface (eth2) if necessary.
Note
If you do not configure in-band interface (eth2), Endpoint Locator and Telemetry features are not
operational.
However, you can edit the network properties after installation, if required, using the appmgr update
network-properties command. For more information, see Editing Network Properties Post DCNM Installation,
on page 145.
Step 21
Press y to confirm and continue with the installation.
Step 22
Configure the Management Network. Enter the IP address, Subnet Mask, and Gateway. Press y to continue
with the installation.
After the installation is complete, the system reboots and a message indicating that the DCNM appliance is
configuring appears on the screen.
***************************************************************
Please point your web browser to
http://<IP-address>:<port-number>
to complete the application
***************************************************************
Copy and paste the URL to the browser to complete the installation using the Web Installer.
What to do next
You can choose to install DCNM in Standalone mode or Native HA mode. Refer to Installing Cisco DCNM
ISO in Standalone Mode, on page 51 or Installing the Cisco DCNM ISO in Native HA mode, on page 55
for more information.
Installing the DCNM ISO Virtual Appliance on Windows Hyper-V
Hyper-V Manager provides management access to your virtualization platform. You can install DCNM ISO
virtual appliance using Hyper-V manager.
Launch the Windows Server Manager using appropriate credentials. To launch the Hyper-V Manager, from
the Menu bar, choose Tools > Hyper-V Manager.
Note
DCNM ISO Virtual Appliance on Windows Hyper-V doesn’t support Clustered mode.
To install Cisco DCNM ISO Virtual Appliance on Windows Hyper-V, perform the following tasks:
Creating Virtual Switches
Cisco DCNM requires three virtual switches for network interfaces:
• dcnm-mgmt network (eth0) interface
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
42
Installing the Cisco DCNM
Creating Virtual Switches
• enhanced-fabric-mgmt (eth1) interface
• enhanced-fabric-inband (eth2) interface
To create Virtual Switches on the Hyper-V Manager, perform the following steps:
Procedure
Step 1
On the Action pane, click Virtual Switch Manager.
The Virtual Switch Manager for the Windows Hyper-V window appears.
Step 2
On the left pane, under Virtual Switches, click New virtual network switch to create a virtual switch.
Step 3
Create the virtual switch for DCNM Management network.
a) Select External and click Create Virtual Switch.
b) In the Name field, enter the enter an appropriate name for the eth0 interface.
Note
Ensure that the virtual switch name is unique within the Inventory.
c) From the External network drop-down list, select the appropriate physical interface available on the server.
d) Click Apply.
Step 4
Create the virtual switch for Enhanced Fabric Management interface.
a) Select External and click Create Virtual Switch.
b) In the Name field, enter the enter an appropriate name for the eth1 interface.
Note
Ensure that the virtual switch name is unique within the Inventory.
c) From the External network drop-down list, select the appropriate physical interface available on the server.
d) Click Apply.
Step 5
Create the virtual switch for Enhanced Fabric Inband interface.
a) Select External and click Create Virtual Switch.
b) In the Name field, enter the enter an appropriate name for the eth2 interface.
Note
Ensure that the virtual switch name is unique within the Inventory.
c) From the External network drop-down list, select the appropriate physical interface available on the server.
d) Click Apply.
All the interfaces appear under the Virtual Switches in the left pane, as shown in the following figure.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
43
Installing the Cisco DCNM
Creating Virtual Machines
What to do next
Create the Virtual Machines to mount the ISO. Refer to Creating Virtual Machines, on page 44 for more
information.
Creating Virtual Machines
To create virtual machines for either Standalone, or Primary and Secondary nodes for Native HA setup,
perform the following procedure:
Before you begin
If you’re installing Cisco DCNM in Native HA Mode, you must create two virtual machines; one for Primary
node, and one for Secondary node.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
44
Installing the Cisco DCNM
Creating Virtual Machines
Procedure
Step 1
In the Actions pane, from the New drop-down list, select Virtual Machine.
The New Virtual Machine Wizard appears.
Step 2
In the Before You Begin screen, click Next.
Step 3
In the Specify Name and Location screen, enter the name for the Active DCNM node.
Click Next.
Step 4
In the Specify Generation screen, select Generation 2.
This virtual machine supports new virtualization features, has UEFI-based firmware, and requires 64-bit
operating system.
Click Next.
Step 5
In the Assign Memory screen, in the Startup memory field, enter 32768 MB to configure the virtual machine
with 32GB memory.
To verify recommended configurations, refer to System Requirements.
Click Next.
Step 6
In the Configuration Networking screen, from the Connection drop-down list, select the interface for this
VM. Select eth0 (Management Network interface).
Click Next.
Step 7
In the Connect Virtual Hard Disk screen, create a virtual hard disk.
a) Select Create a virtual hard disk.
b) Enter appropriate Name, Location, and Size of the hard disk.
Note
The default name for the virtual hard disk is derived from the virtual machine name that you
provided in the Specify Name and Location screen.
The size of the hard disk must be minimum of 500GB.
Click Next.
Step 8
In the Installation Options screen, select Install as operating system from a bootable image file.
In the Image file (.iso) field, click Browse. Navigate to the directory and select the DCNM 11.4(1) ISO image.
Click Next.
Step 9
In the Summary screen, review the configuration details.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
45
Installing the Cisco DCNM
Creating Virtual Machines
Click Finish to create the DCNM Active node.
The newly created virtual machine appears in the Virtual Machines block on the Hyper-V Manager.
Step 10
Right click on the virtual machine and select Settings.
The Settings screen for DCNM node appears.
Step 11
On the left pane, in the Hardware block, click Add Hardware.
Step 12
In the main pane, select Network Adapter and click Add.
Step 13
In the Network Adapter screen, create network adapter for the virtual switch.
• From the Virtual Switch drop-down list, select the eth1 virtual switch. Click Apply.
• From the Virtual Switch drop-down list, select the eth2 virtual switch. Click Apply.
All the three Network Adapters are displayed in the left pane, under the Hardware section.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
46
Installing the Cisco DCNM
Creating Virtual Machines
Step 14
In the left pane, select Security.
In the main pane, from the template drop-down list, select Microsoft UEFI Certificate Authority.
Note
This template is a mandatory if you’ve selected the Generation 2 hyper-V virtual machines.
Click Apply.
Step 15
In the Settings screen, click Processor.
In the main pane, in the Number of virtual processors field, enter 32, to choose 32vCPUs. Click Apply.
Click OK to confirm the settings for the DCNM node.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
47
Installing the Cisco DCNM
Installing DCNM ISO Virtual Appliance
What to do next
Install the Cisco DCNM ISO on the Windows Hyper-V. Refer to Installing DCNM ISO Virtual Appliance,
on page 48 for more information.
Installing DCNM ISO Virtual Appliance
To configure the DCNM ISO virtual appliance for either Standalone, or Primary and Secondary nodes for
Native HA setup, perform the following procedure:
Before you begin
Ensure that the Virtual Machine is configured correctly with proper security settings.
Procedure
Step 1
From the Virtual Machines block, right click n the Active node and select Connect.
Step 2
In the Virtual Machine Connection screen, from the Menu bar, select Media > DVD Drive to verify the image
selected.
Click Start. The DCNM Server boots.
Step 3
Select Install Cisco Data Center Network Manager using the up or down arrow keys. Press Enter to install
the Cisco DCNM Active node.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
48
Installing the Cisco DCNM
Installing DCNM ISO Virtual Appliance
Step 4
On the Cisco Management Network Management screen, select the interface for the networks. The list of
available interfaces is displayed on the screen.
Choose the Management Interface (eth0) and Out-of-Band interface (eth1) from the Network Interface
List. You can also configure the In-band interface (eth2) if necessary.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
49
Installing the Cisco DCNM
Installing DCNM ISO Virtual Appliance
Review the selected interfaces. Press y to confirm and continue with the installation.
Step 5
Configure the Management Network for Cisco DCNM. Enter the IP address, Subnet Mask, and Gateway.
Verify the values and press y to continue with the installation.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
50
Installing the Cisco DCNM
Installing Cisco DCNM ISO in Standalone Mode
After the installation is complete, the system reboots and a message indicating that the DCNM appliance is
configuring appears on the screen.
***************************************************************
Please point your web browser to
http://<IP-address>:<port-number>
to complete the application
***************************************************************
Copy and paste the URL to the browser to complete the installation using the Web Installer.
What to do next
You can choose to install DCNM in Standalone mode or Native HA mode. For more information, see Installing
Cisco DCNM ISO in Standalone Mode, on page 51 or Installing the Cisco DCNM ISO in Native HA mode,
on page 55.
Installing Cisco DCNM ISO in Standalone Mode
Paste the URL displayed on the Console tab and hit Enter key. A welcome message appears.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
51
Installing the Cisco DCNM
Installing Cisco DCNM ISO in Standalone Mode
To complete the installation of Cisco DCNM from the web installer, perform the following procedure.
Procedure
Step 1
On the Welcome to Cisco DCNM screen, click Get Started.
Caution
Step 2
If the system configuration does not meet minimum resource requirements, SYSTEM RESOURCE
ERROR is displayed on the Web Installer, and the installation will be aborted. Modify the system
requirements, and launch the Web Installer to complete the installation.
On the Cisco DCNM Installer tab, select Fresh Installation – Standalone radio button.
Click Next.
Step 3
On the Install Mode tab, choose your DCNM deployment type.
From the Installation mode drop-down list, choose LAN Fabric installation mode for the DCNM Appliance.
Check the Enable Clustered Mode check box, if you want to deploy Cisco DCNM in Cluster mode. The
Compute nodes will be displayed on the Cisco DCNM Web UI > Applications > Compute. The applications
will run on the Compute nodes. You can add the compute nodes to a Cluster, later.
If Enable Clustered Mode is selected, applications such as, Config Compliance, EPL, and NIA,
and NIR won’t work until you install the compute nodes.
Note
Click Next.
Step 4
On the Administration tab, enter information about passwords.
• In the Administrator Password field, enter the password that is used to connect to the applications in
the Cisco DCNM.
All special characters, except %$^=;.*\'" <SPACE> is allowed in the password.
Enter the password again in the Repeat Administrator Password field.
• In the Database Password field, enter the password for the PostgreSQL database.
All special characters, except %$^=;.*\'" <SPACE> is allowed in the password.
Enter the password again in the Repeat Database Password field.
Note
If Database Password field is left blank, it shall consider the Administrator password as the
PostgreSQL password.
Select the Show passwords in clear text check box to view the password that you have entered.
Click Next.
Step 5
On the System Settings, configure the settings for the DCNM Appliance.
• In the Fully Qualified Hostname field, enter the hostname that is a fully qualified domain name (FQDN)
as per RFC1123, section 2.1. Hostnames with only digits is not supported.
• In the DNS Server Address List field, enter the DNS IP address.
You can also configure the DNS server using an IPv6 address.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
52
Installing the Cisco DCNM
Installing Cisco DCNM ISO in Standalone Mode
From Release 11.3(1), you can configure more than one DNS server.
Note
If you’re using Network Insights applications, ensure that the DNS server is valid and reachable.
• In the NTP Server Address List field, enter the IP address of the NTP server.
The value must be an IP or IPv6 address or RFC 1123 compliant name.
From Release 11.3(1), you can configure more than one NTP server.
• From the Timezone drop-down list, select the timezone in which you are deploying the DCNM.
Click Next.
Step 6
On the Network Settings tab, configure the network parameters used to reach the DCNM Web UI.
Figure 4: Cisco DCNM Management Network Interfaces
a) In the Management Network area, verify if the auto-populated addresses for Management IPv4 Address
and Management Network Default IPv4 Gateway are correct. Modify, if necessary.
Note
Beginning with Cisco DCNM Release 11.2(1), you can also use an IPv6 address for the
Management Network.
(Optional) Enter a valid IPv6 address along with the prefix to configure the Management IPv6 Address
and the Management Network Default IPv6 Gateway.
b) In the Out-of-Band Network area, enter the IPv4 address and Gateway IPv4 Address.
If DCNM is on the IPv6 network, configure the network by entering relevant IPv6 Address for IPv6
address and Gateway IPv6 Address.
Out-of-band management provides a connection to the device management ports (Typically mgmt0).
Note
If the out-of-band network is not configured, you cannot configure Cisco DCNM in Cluster
mode.
c) (Optional) In the In-Band Network area, enter the IPv4 address and Gateway IPv4 Address for the
in-band network.
This field is mandatory if you have selected the Enable Cluster mode in Step Step 3, on page 52.
If DCNM is on the IPv6 network, configure the network by entering relevant IPv6 Address for IPv6
address and Gateway IPv6 Address.
The In-Band Network provides reachability to the devices via the front-panel ports.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
53
Installing the Cisco DCNM
Installing Cisco DCNM ISO in Standalone Mode
If you do not configure in-band network, Endpoint Locator and Telemetry features are not
operational.
Note
However, you can edit the network properties after installation, if required, using the appmgr update
network-properties command. For more information, see Editing Network Properties Post DCNM Installation,
on page 145.
Click Next.
Step 7
On the Applications tab, configure the Device Connector and Internal Applications Services Network, and
Cluster mode settings.
Device Connector is enabled by default.
Note
The Device connector is an embedded management controller that enables the capabilities of Cisco Intersight,
a cloud-based management platform.
a) (Optional) In the Proxy Server field, enter the IP address for the proxy server.
The proxy server must be of RFC1123-compliant name.
Note
By default, port 80 is used for proxy server. Use <proxy-server-ip>:<port> to use proxy server
is a different port.
If the proxy server must require authentication, enter relevant username and password in the Proxy Server
Username and Proxy Server Password fields.
b) In the Internal Application Services Network area, in the IPv4 Subnet field, enter the IP subnet to
access the applications that run internally to DCNM.
All the applications use the IP Address from this subnet.
c) In the Clustered mode configuration area, configure the network settings to deploy the DCNM instance
in Clustered mode. In Clustered mode, applications run on separate compute nodes.
The Cluster Mode configuration area appears only if you have selected the Enable Clustered Mode check
box in Step Step 3, on page 52.
Note
In Clustered mode, the Cisco DCNM Applications run on separate DCNM Compute Nodes.
• In the Out-of-Band IPv4 Network Address Pool, enter the address pool from the Out-of-Band IPv4
network to be used in the Clustered Mode.
Optionally, you can also enter an IPv6 address pool in the Out-of-Band IPv6 Network Address
Pool field.
• In the In-Band IPv4 Network Address Pool, enter the address pool from the In-Band IPv4 network
to be used in the Clustered Mode.
Optionally, you can also enter an IPv6 address pool in the In-Band IPv6 Network Address Pool
field.
The address must be a smaller prefix of available IP addresses from the eth1 subnet. For example: Use
10.1.1.240/28 if the eth1 subnet was configured as 10.1.1.0/24 during installation. This subnet must be a
minimum of /28 (16 addresses) and maximum of /24 (256 addresses). It should also be longer than the
east-west pool. This subnet is assigned to containers, to communicate with the switches.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
54
Installing the Cisco DCNM
Installing the Cisco DCNM ISO in Native HA mode
Click Next.
Step 8
On the Summary tab, review the configuration details.
Click Previous to go to the previous tabs and modify the configuration. Click Start Installation to complete
the Cisco DCNM Installation for the chosen deployment mode.
A progress bar appears showing the completed percentage, description of the operation, and the elapsed time
during the installation. After the progress bar shows 100%, click Continue.
A success message appears with the URL to access DCNM Web UI.
***************************************************************
Your Cisco Data Center Network Manager software has been installed.
DCNM Web UI is available at
https://<<IP Address>>
You will be redirected there in 60 seconds.
Thank you
***************************************************************
Note
If the Cisco DCNM is running behind a firewall, ensure that you open the port 2443 to launch Cisco
DCNM Web UI.
Note
If you try to access the DCNM Web UI using the Management IP address while the installation is
still in progress, an error message appears on the console.
***************************************
*Preparing Appliance*
***************************************
What to do next
Log on to the DCNM Web UI with appropriate credentials.
Click the Settings icon and choose About DCNM. You can view and verify the Installation type that you
have deployed.
If you have configured inband management (eth2) IP addresses for device management, login to standalone
server and configure the inband network reachability from eth2 of the server to the switches by using the
following commands:
dcnm# appmgr update network-properties add route ipv4 eth2 <ipv4-network-ip-address/prefix>
For example: If you have four switches with all fabric links connected through 10.0.0.x/30 subnet, and if all
switches are configured with the loopback interface for inband reachability in subnet 40.1.1.0/24, use the
following commands:
dcnm#
dcnm#
dcnm#
dcnm#
appmgr
appmgr
appmgr
appmgr
update
update
update
update
network-properties
network-properties
network-properties
network-properties
session start
add route ipv4 eth2 10.0.0.0/24
add route ipv4 eth2 40.1.1.0/24
session apply
Installing the Cisco DCNM ISO in Native HA mode
The native HA is supported on DCNM appliances with ISO or OVA installation only.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
55
Installing the Cisco DCNM
Installing the Cisco DCNM ISO in Native HA mode
By default, an embedded PostgreSQL database engine with the Cisco DCNM. The native HA feature allows
two Cisco DCNM appliances to run as active and standby applications, with their embedded databases
synchronized in real time. Therefore, when the active DCNM is not functioning, the standby DCNM takes
over with the same database data and resume the operation.
Perform the following task to set up Native HA for DCNM.
Procedure
Step 1
Deploy two DCNM Virtual Appliances (either OVA or ISO).
For example, let us indicate them as dcnm1 and dcnm2.
Step 2
Configure dcnm1 as the Primary node. Paste the URL displayed on the Console tab of dcnm1 and press
Enter key.
A welcome message appears.
a) On the Welcome to Cisco DCNM screen, click Get Started.
Caution
If the system configuration does not meet minimum resource requirements, SYSTEM
RESOURCE ERROR is displayed on the Web Installer, and the installation will be aborted.
Modify the system requirements, and launch the Web Installer to complete the installation.
b) On the Cisco DCNM Installer tab, select Fresh Installation - HA Primary radio button, to install dcnm1
as Primary node.
Click Next.
c) On the Install Mode tab, choose your DCNM deployment type.
From the Installation mode drop-down list, choose LAN Fabric installation mode for the DCNM
Appliance.
Check the Enable Clustered Mode check box, if you want to deploy Cisco DCNM in Cluster mode. The
Compute nodes will be displayed on the Cisco DCNM Web UI > Applications > Compute. The
applications will run on the Compute nodes. You can add the compute nodes to a Cluster, later.
Note
If Enable Clustered Mode is selected, applications such as, Config Compliance, EPL, and
NIA, and NIR won’t work until you install the compute nodes.
Click Next.
d) On the Administration tab, enter information about passwords.
• In the Administrator Password field, enter the password that is used to connect to the applications
in the Cisco DCNM.
All special characters, except %$^=;.*\'" <SPACE> is allowed in the password.
Enter the password again in the Repeat Administrator Password field.
• In the Database Password field, enter the password for the PostgreSQL database.
All special characters, except %$^=;.*\'" <SPACE> is allowed in the password.
Enter the password again in the Repeat Database Password field.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
56
Installing the Cisco DCNM
Installing the Cisco DCNM ISO in Native HA mode
Note
If the Database Password field is left blank, it shall consider the Administrator password
as the PostgreSQL password.
Select the Show passwords in clear text check box to view the password that you have entered.
Click Next.
e) On the System Settings, configure the settings for the DCNM Appliance.
• In the Fully Qualified Hostname field, enter the hostname that is a fully qualified domain name
(FQDN) as per RFC1123, section 2.1. Hostnames with only digits is not supported.
• In the DNS Server Address List field, enter the DNS IP address.
Beginning with Release 11.2(1), you can also configure the DNS server using an IPv6 address.
From Release 11.3(1), you can configure more than one DNS server.
Note
If you’re using Network Insights applications, ensure that the DNS server is valid and
reachable.
• In the NTP Server Address List field, enter the IP address of the NTP server.
The value must be an IP or IPv6 address or RFC 1123 compliant name.
From Release 11.3(1), you can configure more than one NTP server.
• From the Timezone drop-down list, select the timezone in which you are deploying the DCNM.
Click Next.
f) On the Network Settings tab, configure the network parameters used to reach the DCNM Web UI.
Figure 5: Cisco DCNM Management Network Interfaces
1. In the Management Network area, verify if the auto-populated addresses for Management IPv4
Address and Management Network Default IPv4 Gateway are correct. Modify, if necessary.
Note
Beginning with Cisco DCNM Release 11.2(1), you can also use an IPv6 address for the
Management Network.
(Optionally) Enter a valid IPv6 address along with the prefix to configure the Management IPv6
Address and the Management Network Default IPv6 Gateway.
2. In the Out-of-Band Network area, enter the IPv4 address and Gateway IPv4 Address.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
57
Installing the Cisco DCNM
Installing the Cisco DCNM ISO in Native HA mode
If DCNM is on the IPv6 network, configure the network by entering relevant IPv6 Address for IPv6
address and Gateway IPv6 Address.
Out-of-band management provides a connection to the device management ports (Typically mgmt0).
If the out-of-band network is not configured, you cannot configure Cisco DCNM in Cluster
mode.
Note
3. In the In-Band Network area, enter the IPv4 address and Gateway IPv4 Address for the in-band
network.
If DCNM is on the IPv6 network, configure the network by entering relevant IPv6 Address for IPv6
address and Gateway IPv6 Address.
The In-Band Network provides reachability to the devices via the front-panel ports.
If you do not configure in-band network, Endpoint Locator and Telemetry features are not
operational.
Note
However, you can edit the network properties after installation, if required, using the appmgr update
network-properties command. For more information, see Editing Network Properties Post DCNM
Installation, on page 145.
Click Next.
g) On the Applications tab, configure the Device Connector and Internal Applications Services Network.
Device Connector is enabled by default.
Note
The Device connector is an embedded management controller that enables the capabilities of Cisco
Intersight, a cloud-based management platform.
1. In the Proxy Server field, enter the IP address for the proxy server.
The proxy server must be of RFC1123-compliant name.
Note
By default, port 80 is used for proxy server. Use <proxy-server-ip>:<port> to use proxy
server is a different port.
If the proxy server must require authentication, enter relevant username and password in the Proxy
Server Username and Proxy Server Password fields.
2. In the Internal Application Services Network area, in the IPv4 Subnet field, enter the IP subnet to
access the applications that run internally to DCNM.
All the applications use the IP Address from this subnet. By default, the
The Cluster Mode configuration area appears only if you have selected the Enable Clustered Mode
check box in Step 2.c, on page 56.
Note
In Clustered mode, the Cisco DCNM Applications run on separate DCNM Compute Nodes.
3. In the Clustered mode configuration area, configure the network settings to deploy the DCNM
instance in Clustered mode. In Clustered mode, applications run on separate compute nodes.
• In the Out-of-Band IPv4 Network Address Pool, enter the address pool from the Out-of-Band
IPv4 network to be used in the Clustered Mode.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
58
Installing the Cisco DCNM
Installing the Cisco DCNM ISO in Native HA mode
Optionally, you can also enter an IPv6 address pool in the Out-of-Band IPv6 Network Address
Pool field.
• In the In-Band IPv4 Network Address Pool, enter the address pool from the In-Band IPv4
network to be used in the Clustered Mode.
Optionally, you can also enter an IPv6 address pool in the In-Band IPv6 Network Address
Pool field.
The address must be a smaller prefix of available IP addresses from the eth1 subnet. For example:
Use 10.1.1.240/28 if the eth1 subnet was configured as 10.1.1.0/24 during installation. This subnet
must be a minimum of /28 (16 addresses) and maximum of /24 (256 addresses). It should also be
longer than the east-west pool. This subnet is assigned to containers, to communicate with the switches.
h) On the HA Settings tab, a confirmation message appears.
You are installing the primary DCNM HA node.
Please note that HA setup information will need to
be provided when the secondary DCNM HA node is
installed.
Click Next.
i) On the Summary tab, review the configuration details.
Click Previous to go to the previous tabs and modify the configuration. Click Start Installation to
complete the Cisco DCNM Installation for the chosen deployment mode.
A progress bar appears to show the completed percentage, description of the operation, and the elapsed
time during the installation. After the progress bar shows 100%, click Continue.
A warning message appears stating that the setup is not complete until you install the Secondary node.
WARNING: DCNM HA SETUP IS NOT COMPLETE!
Your Cisco Data Center Network Manager software has been installed on
this HA primary node.
However, the system will be ready to be used only after installation
of the secondary node has been completed.
Thank you.
Step 3
Configure dcnm2 as the Secondary node. Paste the URL displayed on the Console tab of dcnm2 and hit Enter.
A welcome message appears.
a) On the Welcome to Cisco DCNM screen, click Get Started.
Caution
If the system configuration does not meet minimum resource requirements, SYSTEM
RESOURCE ERROR is displayed on the Web Installer, and the installation will be aborted.
Modify the system requirements, and launch the Web Installer to complete the installation.
b) On the Cisco DCNM Installer screen, select Fresh Installation - HA Secondary radio button, to install
dcnm2 as Secondary node.
Click Continue.
c) On the Install Mode tab, from the drop-down list, choose the same installation mode that you selected
for the Primary node.
Note
The HA installation fails if you do not choose the same installation mode as Primary node.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
59
Installing the Cisco DCNM
Installing the Cisco DCNM ISO in Native HA mode
Check the Enable Clustered Mode check box, if you have configured the Cisco DCNM Primary in
Clustered mode.
Click Next.
d) On the Administration tab, enter information about passwords.
All the passwords must be same as the passwords that you provided while configuring the
Primary node.
Note
e) On the System Settings, configure the settings for the DCNM Appliance.
• In the Fully Qualified Hostname field, enter the hostname that is a fully qualified domain name
(FQDN) as per RFC1123, section 2.1. Hostnames with only digits is not supported.
• In the DNS Server Address List field, enter the DNS IP address.
Beginning with Release 11.2(1), you can also configure the DNS server using an IPv6 address.
From Release 11.3(1), you can configure more than one DNS server.
Note
If you’re using Network Insights applications, ensure that the DNS server is valid and
reachable.
• In the NTP Server Address List field, enter the IP address of the NTP server.
The value must be an IP or IPv6 address or RFC 1123 compliant name.
From Release 11.3(1), you can configure more than one NTP server.
• From the Timezone drop-down list, select the timezone in which you are deploying the DCNM.
Click Next.
f) On the Network Settings tab, configure the network parameters used to reach the DCNM Web UI.
Figure 6: Cisco DCNM Management Network Interfaces
1. In the Management Network area, verify if the auto-populated addresses for Management IPv4
Address and Management Network Default IPv4 Gateway are correct. Modify, if necessary.
Note
Ensure that the IP address belongs to the same Management Network configured on the
Primary node.
(Optionally) Enter a valid IPv6 address along with the prefix to configure the Management IPv6
Address and the Management Network Default IPv6 Gateway.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
60
Installing the Cisco DCNM
Installing the Cisco DCNM ISO in Native HA mode
2. In the Out-of-Band Network area, enter the IPv4 address and Gateway IPv4 Address.
If DCNM is on the IPv6 network, configure the network by entering relevant IPv6 Address for IPv6
address and Gateway IPv6 Address.
Ensure that the IP addresses belong to the same Out-of-Band network configured on the
Primary node.
Note
Out-of-band management provides a connection to the device management ports (Typically mgmt0).
If the out-of-band network is not configured, you cannot configure Cisco DCNM in Cluster
mode.
Note
3. In the In-Band Network area, enter the IPv4 address and Gateway IPv4 Address for the in-band
network.
If DCNM is on the IPv6 network, configure the network by entering relevant IPv6 Address for IPv6
address and Gateway IPv6 Address.
Ensure that the IP addresses belong to the same In-Band network configured on the Primary
node.
Note
The In-Band Network provides reachability to the devices via the front-panel ports.
If you do not configure in-band network, Endpoint Locator and Telemetry features are not
operational.
Note
Click Next.
g) On the Applications tab, configure the Internal Applications Services Network, and Cluster mode settings.
1. In the Internal Application Services Network area, in the IPv4 Subnet field, enter the IP subnet to
access the applications that run internally to DCNM.
2. In the Clustered mode configuration area, configure the network settings to deploy the DCNM
instance in Clustered mode. In Clustered mode, applications run on separate compute nodes.
• In the Out-of-Band IPv4 Network Address Pool, enter the address pool from the Out-of-Band
IPv4 network to be used in the Clustered Mode.
Optionally, you can also enter an IPv6 address pool in the Out-of-Band IPv6 Network Address
Pool field.
• In the In-Band IPv4 Network Address Pool, enter the address pool from the In-Band IPv4
network to be used in the Clustered Mode.
Optionally, you can also enter an IPv6 address pool in the In-Band IPv6 Network Address
Pool field.
Ensure that the IP addresses belong to the same pool as configured on the Primary node.
h) On the HA Settings tab, configure the system settings for the Secondary node.
• In the Management IPv4 Address of Primary DCNM node field, enter the appropriate IP Address
to access the DCNM UI.
• In the VIP Fully qualified Host Name field, enter hostname that is a fully qualified domain name
(FQDN) as per RFC1123, section 2.1. Host names with only digits is not supported.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
61
Installing the Cisco DCNM
Installing the Cisco DCNM ISO in Native HA mode
• In the Management Network VIP address field, enter the IP address used as VIP in the management
network.
Optionally, you can also enter an IPv6 VIP address in the Management Network VIPv6 address
field.
If you have configured the Management network using IPv6 address, ensure that you
configure the Management Network VIPv6 Address.
Note
• In the Out-of-Band Network VIP Address field, enter the IP address used as VIP in the Out-of-Band
network.
Optionally, you can also enter an IPv6 VIP address in the Out-of-Band Network VIPv6 Address
field.
• In the In-Band Network VIP Address field, enter the IP address used as VIP in the Out-of-Band
network.
Optionally, you can also enter an IPv6 VIP address in the In-Band Network VIPv6 Address field.
This field is mandatory if you have provided an IP address for In-Band network in the
Network Settings tab.
Note
• In the HA Ping Feature IPv4 Address field, enter the HA ping IP address and enable this feature,
if necessary.
The configured IPv4 address must respond to the ICMP echo pings.
Note
HA_PING_ADDRESS, must be different from the DCNM Active and Standby addresses.
You must configure the HA ping IPv4 Address to avoid the Split Brain scenario. This IP address
must belong to Enhanced Fabric management network.
Click Next.
i) On the Summary tab, review the configuration details.
Click Previous to go to the previous tabs and modify the configuration. Click Start Installation to
complete the Cisco DCNM OVA Installation for the chosen deployment mode.
A progress bar appears to show the completed percentage, description of the operation, and the elapsed
time during the installation. After the progress bar shows 100%, click Continue.
A success message appears with the URL to access DCNM Web UI.
***************************************************************
Your Cisco Data Center Network Manager software has been installed.
DCNM Web UI is available at
https://<<IP Address>>
You will be redirected there in 60 seconds.
Thank you
***************************************************************
Note
If the Cisco DCNM is running behind a firewall, ensure that you open the port 2443 to launch
Cisco DCNM Web UI.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
62
Installing the Cisco DCNM
Convert Standalone Setup to Native-HA Setup
What to do next
Log on to the DCNM Web UI with appropriate credentials.
Click the Settings icon and choose About DCNM. You can view and verify the Installation type that you
have deployed.
If you have configured inband management (eth2) IP addresses for device management, login to standalone
server and configure the inband network reachability from eth2 of the server to the switches by using the
following commands:
dcnm# appmgr update network-properties add route ipv4 eth2 <ipv4-network-ip-address/prefix>
For example: If you have four switches with all fabric links connected through 10.0.0.x/30 subnet, and if all
switches are configured with the loopback interface for inband reachability in subnet 40.1.1.0/24, use the
following commands:
dcnm#
dcnm#
dcnm#
dcnm#
appmgr
appmgr
appmgr
appmgr
update
update
update
update
network-properties
network-properties
network-properties
network-properties
session start
add route ipv4 eth2 10.0.0.0/24
add route ipv4 eth2 40.1.1.0/24
session apply
Convert Standalone Setup to Native-HA Setup
To convert an existing Cisco DCNM Standalone setup to a Native HA setup, perform the following steps:
Before you begin
Ensure that the Standalone setup is active and operational, by using the appmgr show version command.
dcnm# appmgr show version
Cisco Data Center Network Manager
Version: 11.4(1)
Install mode: LAN Fabric
Standalone node. HA not enabled.
dcnm#
Procedure
Step 1
On the Standalone setup, launch SSH and enable root user access by using the appmgr root-access permit
command:
dcnm# appmgr root-access permit
Step 2
Deploy a new DCNM as secondary node. Choose Fresh installation - HA Secondary
For example, let us indicate the existing setup as dcnm1 and the new DCNM as secondary node as dcnm2.
Caution
Step 3
If the system configuration does not meet minimum resource requirements, SYSTEM RESOURCE
ERROR is displayed on the Web Installer, and the installation will be aborted. Modify the system
requirements, and launch the Web Installer to complete the installation.
Configure dcnm2 as the Secondary node. Paste the URL displayed on the Console tab of dcnm2 and hit Enter.
A welcome message appears.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
63
Installing the Cisco DCNM
Convert Standalone Setup to Native-HA Setup
a) On the Welcome to Cisco DCNM screen, click Get Started.
Caution
If the system configuration does not meet minimum resource requirements, SYSTEM
RESOURCE ERROR is displayed on the Web Installer, and the installation will be aborted.
Modify the system requirements, and launch the Web Installer to complete the installation.
b) On the Cisco DCNM Installer screen, select Fresh Installation - HA Secondary radio button, to install
dcnm2 as Secondary node.
Click Continue.
c) On the Install Mode tab, from the drop-down list, choose the same installation mode that you selected
for the Primary node.
The HA installation fails if you do not choose the same installation mode as Primary node.
Note
Check the Enable Clustered Mode check box, if you have configured the Cisco DCNM Primary in
Clustered mode.
Click Next.
d) On the Administration tab, enter information about passwords.
All the passwords must be same as the passwords that you provided while configuring the
Primary node.
Note
e) On the System Settings, configure the settings for the DCNM Appliance.
• In the Fully Qualified Hostname field, enter the hostname that is a fully qualified domain name
(FQDN) as per RFC1123, section 2.1. Hostnames with only digits is not supported.
• In the DNS Server Address List field, enter the DNS IP address.
Beginning with Release 11.2(1), you can also configure the DNS server using an IPv6 address.
From Release 11.3(1), you can configure more than one DNS server.
Note
If you’re using Network Insights applications, ensure that the DNS server is valid and
reachable.
• In the NTP Server Address List field, enter the IP address of the NTP server.
The value must be an IP or IPv6 address or RFC 1123 compliant name.
From Release 11.3(1), you can configure more than one NTP server.
• From the Timezone drop-down list, select the timezone in which you are deploying the DCNM.
Click Next.
f) On the Network Settings tab, configure the network parameters used to reach the DCNM Web UI.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
64
Installing the Cisco DCNM
Convert Standalone Setup to Native-HA Setup
Figure 7: Cisco DCNM Management Network Interfaces
1. In the Management Network area, verify if the auto-populated addresses for Management IPv4
Address and Management Network Default IPv4 Gateway are correct. Modify, if necessary.
Note
Ensure that the IP address belongs to the same Management Network configured on the
Primary node.
(Optionally) Enter a valid IPv6 address along with the prefix to configure the Management IPv6
Address and the Management Network Default IPv6 Gateway.
2. In the Out-of-Band Network area, enter the IPv4 address and Gateway IPv4 Address.
If DCNM is on the IPv6 network, configure the network by entering relevant IPv6 Address for IPv6
address and Gateway IPv6 Address.
Note
Ensure that the IP addresses belong to the same Out-of-Band network configured on the
Primary node.
Out-of-band management provides a connection to the device management ports (Typically mgmt0).
Note
If the out-of-band network is not configured, you cannot configure Cisco DCNM in Cluster
mode.
3. In the In-Band Network area, enter the IPv4 address and Gateway IPv4 Address for the in-band
network.
If DCNM is on the IPv6 network, configure the network by entering relevant IPv6 Address for IPv6
address and Gateway IPv6 Address.
Note
Ensure that the IP addresses belong to the same In-Band network configured on the Primary
node.
The In-Band Network provides reachability to the devices via the front-panel ports.
Note
If you do not configure in-band network, Endpoint Locator and Telemetry features are not
operational.
Click Next.
g) On the Applications tab, configure the Internal Applications Services Network, and Cluster mode settings.
1. In the Internal Application Services Network area, in the IPv4 Subnet field, enter the IP subnet to
access the applications that run internally to DCNM.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
65
Installing the Cisco DCNM
Convert Standalone Setup to Native-HA Setup
2. In the Clustered mode configuration area, configure the network settings to deploy the DCNM
instance in Clustered mode. In Clustered mode, applications run on separate compute nodes.
• In the Out-of-Band IPv4 Network Address Pool, enter the address pool from the Out-of-Band
IPv4 network to be used in the Clustered Mode.
Optionally, you can also enter an IPv6 address pool in the Out-of-Band IPv6 Network Address
Pool field.
• In the In-Band IPv4 Network Address Pool, enter the address pool from the In-Band IPv4
network to be used in the Clustered Mode.
Optionally, you can also enter an IPv6 address pool in the In-Band IPv6 Network Address
Pool field.
Ensure that the IP addresses belong to the same pool as configured on the Primary node.
h) On the HA Settings tab, configure the system settings for the Secondary node.
• In the Management IPv4 Address of Primary DCNM node field, enter the appropriate IP Address
to access the DCNM UI.
• In the VIP Fully qualified Host Name field, enter hostname that is a fully qualified domain name
(FQDN) as per RFC1123, section 2.1. Host names with only digits is not supported.
• In the Management Network VIP address field, enter the IP address used as VIP in the management
network.
Optionally, you can also enter an IPv6 VIP address in the Management Network VIPv6 address
field.
Note
If you have configured the Management network using IPv6 address, ensure that you
configure the Management Network VIPv6 Address.
• In the Out-of-Band Network VIP Address field, enter the IP address used as VIP in the Out-of-Band
network.
Optionally, you can also enter an IPv6 VIP address in the Out-of-Band Network VIPv6 Address
field.
• In the In-Band Network VIP Address field, enter the IP address used as VIP in the Out-of-Band
network.
Optionally, you can also enter an IPv6 VIP address in the In-Band Network VIPv6 Address field.
Note
This field is mandatory if you have provided an IP address for In-Band network in the
Network Settings tab.
• In the HA Ping Feature IPv4 Address field, enter the HA ping IP address and enable this feature,
if necessary.
Note
The configured IPv4 address must respond to the ICMP echo pings.
HA_PING_ADDRESS, must be different from the DCNM Active and Standby addresses.
You must configure the HA ping IPv4 Address to avoid the Split Brain scenario. This IP address
must belong to Enhanced Fabric management network.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
66
Installing the Cisco DCNM
Installing Cisco DCNM Compute Node
Click Next.
i) On the Summary tab, review the configuration details.
Click Previous to go to the previous tabs and modify the configuration. Click Start Installation to
complete the Cisco DCNM OVA Installation for the chosen deployment mode.
A progress bar appears to show the completed percentage, description of the operation, and the elapsed
time during the installation. After the progress bar shows 100%, click Continue.
A success message appears with the URL to access DCNM Web UI.
***************************************************************
Your Cisco Data Center Network Manager software has been installed.
DCNM Web UI is available at
https://<<IP Address>>
You will be redirected there in 60 seconds.
Thank you
***************************************************************
Note
If the Cisco DCNM is running behind a firewall, ensure that you open the port 2443 to launch
Cisco DCNM Web UI.
What to do next
Verify the HA role by using the appmgr show ha-role command.
On the Active node (old standalone node):
dcnm1# appmgr show ha-role
Native HA enabled.
Deployed role: Active
Current role: Active
On the Standby node (newly deployed node):
dcnm2# appmgr show ha-role
Native HA enabled.
Deployed role: Standby
Current role: Standby
Installing Cisco DCNM Compute Node
Paste the URL displayed on the Console tab and hit Enter key. A welcome message appears. You can install
compute nodes on both Cisco DCNM OVA and ISO deployments.
Note
Compute nodes allows users to scale DCNM, as application load can be shared across all the compute nodes,
instead of the usual 1 or 2 (if you have HA) nodes.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
67
Installing the Cisco DCNM
Installing Cisco DCNM Compute Node
Note
If Enable Clustered Mode was selected during DCNM installation, applications such as, Configuration
Compliance, EPL, NIA, and NIR won’t work until you install the compute nodes.
When NIR/NIA applications is enabled at higher scale, that is, with 250 switches and 10000 Hardware telemetry
flows, DCNM Computes nodes must be connected on all eth0, eth1, and eth2 interfaces using a 10Gig link.
To complete the installation of Cisco DCNM Compute Node from the web installer, perform the following
procedure.
Before you begin
Ensure that you have 16 vCPUs, 64GB RAM, and 500GB hard disc to install compute nodes.
By default, the ComputeHuge configuration has 32vCPUs and 128GB RAM with 2TB disk. This configuration
is recommended if you use Cisco Network Insights applications.
Procedure
Step 1
On the Welcome to Cisco DCNM screen, click Get Started.
Step 2
On the Cisco DCNM Installer screen, select the Fresh Installation – Standalone radio button.
Click Continue.
Step 3
On the Install Mode tab, choose Compute to deploy this DCNM instance as a compute node.
Compute option appears in the drop-down list only if you have chosen Compute or ComputeHuge
while configuring the OVF template or ISO hypervisors.
Note
Click Next.
Step 4
On the Administration tab, enter information about passwords.
• In the Administrator Password field, enter the password that is used to connect to the applications in
the Cisco DCNM.
All special characters, except %$^=;.*\'" <SPACE> is allowed in the password.
Enter the password again in the Repeat Administrator Password field.
Select the Show passwords in clear text check box to view the password that you have entered.
Click Next.
Step 5
On the System Settings, configure the settings for the DCNM Appliance.
• In the Fully Qualified Hostname field, enter the hostname that is a fully qualified domain name (FQDN)
as per RFC1123, section 2.1. Hostnames with only digits is not supported.
• In the DNS Server Address List field, enter the DNS IP address.
Beginning with Release 11.2(1), you can also configure the DNS server using an IPv6 address.
From Release 11.3(1), you can configure more than one DNS server.
Note
If you’re using Network Insights applications, ensure that the DNS server is valid and reachable.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
68
Installing the Cisco DCNM
Installing Cisco DCNM Compute Node
• In the NTP Server Address List field, enter the IP address of the NTP server.
The value must be an IP or IPv6 address or RFC 1123 compliant name.
From Release 11.3(1), you can configure more than one NTP server.
• From the Timezone drop-down list, select the timezone in which you are deploying the DCNM.
Click Next.
Step 6
On the Network Settings tab, configure the network parameters used to reach the DCNM Web UI.
Figure 8: Cisco DCNM Management Network Interfaces
a) In the Management Network area, verify if the auto-populated addresses for Management IPv4 Address
and Management Network Default IPv4 Gateway are correct. Modify, if necessary.
Note
Beginning with Cisco DCNM Release 11.2(1), you can also use an IPv6 address for the
Management Network.
(Optionally) Enter a valid IPv6 address along with the prefix to configure the Management IPv6 Address
and the Management Network Default IPv6 Gateway.
b) In the Out-of-Band Network area, enter the IPv4 address and Gateway IPv4 Address.
If DCNM is on the IPv6 network, configure the network by entering relevant IPv6 Address for IPv6
address and Gateway IPv6 Address.
Out-of-band management provides a connection to the device management ports (Typically mgmt0).
Note
If the out-of-band network is not configured, you cannot configure Cisco DCNM in Cluster
mode.
c) In the In-Band Network area, enter the IPv4 address and Gateway IPv4 Address for the in-band
network.
If DCNM is on the IPv6 network, configure the network by entering relevant IPv6 Address for IPv6
address and Gateway IPv6 Address.
The In-Band Network provides reachability to the devices via the front-panel ports.
Note
If you do not configure in-band network, Endpoint Locator and Telemetry features are not
operational.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
69
Installing the Cisco DCNM
Installing Cisco DCNM Compute Node
However, you can edit the network properties after installation, if required, using the appmgr update
network-properties command. For more information, see Editing Network Properties Post DCNM Installation,
on page 145.
Click Next.
Step 7
In the Internal Application Services Network area, in the IPv4 Subnet field, enter the IP subnet to access
the applications that run internally to DCNM.
All the applications use the IP Address from this subnet.
Click Next.
Step 8
On the Summary tab, review the configuration details.
Click Previous to go to the previous tabs and modify the configuration. Click Start Installation to complete
the Cisco DCNM Installation for the chosen deployment mode.
A progress bar appears to show the completed percentage, description of the operation, and the elapsed time
during the installation. After the progress bar shows 100%, click Continue.
A success message appears with the URL to access DCNM Compute Node.
***************************************************************
Your Cisco DCNM Compute Node has been installed.
Click on the following link to go to DCNM GUI's Application page:
DCNM GUI's Applications
You will be redirected there in 60 seconds.
Thank you
***************************************************************
What to do next
Log on to the DCNM Web UI with appropriate credentials.
The Applications tab displays all the services running on the DCNM deployment that you have installed.
Click Compute tab to view the new Compute in Discovered state on the Cisco DCNM Web UI.
To add the compute nodes to a cluster, see Adding Computes to a Cluster Node in your deployment-specific
Cisco DCNM Configuration Guide for more information.
Note
If you did not enable clustered mode while installing DCNM, use the appmgr afw config-cluster command
to enable the compute cluster. For instructions, refer to Enabling the Compute Cluster in the Cisco DCNM
LAN Fabric Configuration Guide.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
70
Installing the Cisco DCNM
Installing Cisco DCNM Compute Node
When a compute node goes through a unscheduled powercycle and restarts, the Elasticsearch container will
not start. It is possible that some filesystems are corrupted. To resolve this issue. reboot the Compute node in
safe mode by using fsck -y command.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
71
Installing the Cisco DCNM
Installing Cisco DCNM Compute Node
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
72
CHAPTER
5
Upgrading Cisco DCNM
This chapter provides information about upgrading Cisco DCNM, and contains the following section:
• Upgrading Cisco DCNM, on page 73
• Performance Manager Data Management before Upgrading to Release 11.4(1), on page 73
• Upgrading ISO or OVA through Inline Upgrade, on page 77
Upgrading Cisco DCNM
Before Cisco DCNM Release 11.0(1), DCNM OVA, and ISO supported SAN functionality. From Cisco
DCNM Release 11.3(1), you can install Cisco DCNM for SAN Deployment on both OVA and ISO virtual
appliances.
The following table summarizes the type of upgrade that you must follow to upgrade to Release 11.4(1).
Table 5: Type of Upgrade for LAN Fabric, and IP for Media (IPFM) deployments
Current Release Number
Upgrade type to upgrade to Release 11.4(1)
11.3(1)
Inline Upgrade
11.2(1)
Inline Upgrade
11.1(1)
Inline Upgrade
11.0(1)
11.0(1) → 11.2(1) → 11.4(1)
11.0(1) → 11.1(1) → 11.4(1)
→ represents an Inline Upgrade
Performance Manager Data Management before Upgrading to
Release 11.4(1)
While you upgrade Cisco DCNM to Release 11.4(1), all the necessary software components are upgraded
when you upgrade the Cisco DCNM. However, the Elasticsearch versions in the previous releases is not
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
73
Upgrading Cisco DCNM
Dropping Performance Manager Data in Cisco DCNM SAN OVA/ISO Deployment
compatible with Elasticsearch version in Release 11.4(1), and therefore, the upgrade will not succeed without
additional actions.
You can choose to discard the old performance manager (PM) data and continue to upgrade to DCNM Release
11.4(1). For instructions about how to drop performance manager data, see Dropping Performance Manager
Data. If you choose to retain the old PM data while you upgrade to Release 11.4(1), we recommend that you
contact Cisco TAC for further assistance.
DroppingPerformanceManagerDatainCiscoDCNMSANOVA/ISODeployment
This section provides instructions about how to drop the performance manager data in from DCNM Release
11.3(1) or earlier, as a pre-requisite to upgrade to DCNM 11.4(1).
Note
If you choose to conserve the Performance Manager data when you upgrade to Release 11.4(1), we recommend
that you contact Cisco TAC for further assistance.
To drop the Performance Manager (PM) data, perform the following steps:
Before you begin
• Ensure that the DCNM appliance is operational. (for standalone upgrade)
• If you have a Federation setup, ensure that all the nodes in the DCNM Federation setup are operational.
(for Federation setup)
Procedure
Step 1
Launch the SSH session and run the following command to view the PMDB indices.
Identify the PMDB indices in the performance manager database.
For example:
dcnm-root-11-3# curl http://127.0.0.1:33500/_cat/indices?pretty | grep pmdb
% Total
% Received % Xferd
100 2448 100 2448
0
0
green open pmdb_cpumemdata
1.4mb 760.2kb
green open pmdb_ethintfratedata
2.4mb
1.2mb
Average Speed
Time
Time
Time Current
Dload
Upload
Total
Spent
Left Speed
4523
0 --:--:-- --:--:-- --:--:-- 4524
rb-CJf-NR0my8M3mO-7QkA 5 1 7286
P18gMKdPTkCODv0TomYAdw 5 1
9283
You will see indices prefixed with "pmdb_"
Step 2
On the Cisco DCNM Web UI, choose Administration > Performance Setup > LAN Collections.
Uncheck all the check boxes and click Apply to disable all switches and collections.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
74
0
0
Upgrading Cisco DCNM
Dropping Performance Manager Data in Cisco DCNM SAN OVA/ISO Deployment
Step 3
Choose Administration > DCNM Server > Server Status.
Step 4
Against the Performance Collector service, click the stop icon in the Actions column to stop the data
collection.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
75
Upgrading Cisco DCNM
Dropping Performance Manager Data in Cisco DCNM SAN OVA/ISO Deployment
Step 5
Click the delete icon to clean the Performance Manager database.
This action deletes the stale entries in the performance manager database.
Step 6
Click on the reinitialize icon to reindex the Elasticsearch database schema.
This operation cleans the performance manager data in the Elasticsearch database and restarts the performance
manager. It may take a few minutes to complete.
Step 7
Click Continue.
The status of the Performance Collector service shows Stopped.
Step 8
Ensure that you’ve deleted all the PMDB entries using the following command:
• For upgrading from Release 11.1(1)
curl https://127.0.0.1:33500/_cat/indices?pretty | grep pmdb
• For upgrading from Release 11.2(1)
curl https://127.0.0.1:33500/_cat/indices?pretty | grep pmdb
• For upgrading from Release 11.3(1)
curl http://127.0.0.1:33500/_cat/indices?pretty | grep pmdb
For example:
dcnm-root-11-3# curl http://127.0.0.1:33500/_cat/indices?pretty | grep pmdb
% Total
100
Step 9
2244
% Received % Xferd
100
2244
0
0
Average
Dload
3638
Speed
Time
Time
Time Current
Upload Total
Spent
Left Speed
0 --:--:-- --:--:-- --:--:-- 3636
Proceed to upgrade the DCNM to Release 11.4(1).
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
76
Upgrading Cisco DCNM
Upgrading ISO or OVA through Inline Upgrade
Upgrading ISO or OVA through Inline Upgrade
Inline upgrade allows you to upgrade DCNM by imposing the new DCNM version to the existing DCNM.
After the inline upgrade, ensure that you clear your browser cache before launching the DCNM application.
When you install Cisco DCNM, a self-signed certificate is installed, by default. However, after upgrading to
the latest Cisco DCNM Release, you must restore the certificates.
Note
Restoring certificates is a disruptive mechanism; it requires you to stop and restart applications. Restore the
certificates only when the upgraded system is stable, that is, you must be able to login to Cisco DCNM Web
UI.
To restore certificates after upgrade, see Restoring the certificates after an upgrade, on page 122.
This section contains the procedure to upgrade the DCNM using the Inline Upgrade method.
Note
For Classic LAN Deployment upgrade, the deployment is automatically converted to LAN Fabric deployment
mode when you upgrade to DCNM Release 11.4(1).
Inline Upgrade for DCNM Virtual Appliance in Standalone Mode
Inline upgrade allows you to upgrade DCNM by imposing the new DCNM version to the existing DCNM.
After the inline upgrade, ensure that you clear your browser cache before launching the DCNM application.
Perform the following task to upgrade the DCNM virtual appliance in standalone mode.
Before you begin
If the Cisco DCNM setup is in clustered mode, ensure that you stop the Network Insights - Resources (NIR)
2.x application. On the Cisco DCNM Web UI, choose Applications > Catalog. On the NIR app, click Stop
icon to stop the application. Click Delete to remove the application from the Catalog.
Procedure
Step 1
Log on to the Cisco DCNM appliance console.
Caution
If the system requirements does not meet the minimum resource requirements, everytime you logon
to DCNM via the console or SSH, SYSTEM RESOURCE ERROR is displayed. Modify the
system requirements logon to DCNM via Console/SSH.
• For OVA Installation: On the OVF template deployed for the host, right click and select Settings >
Launch Web Console.
• For ISO Installation: Select the KVM console or UCS (Bare Metal) console.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
77
Upgrading Cisco DCNM
Inline Upgrade for DCNM Virtual Appliance in Standalone Mode
Caution
Do not perform an Inline Upgrade from an SSH Session. The session may timeout and result in an
incomplete upgrade.
OR
Run the following command to create a screen session.
dcnm# screen
This creates a session which allows you to execute the commands. The commands continue to run even when
the window is not visible or if you get disconnected.
Step 2
Take a backup of the application data using the appmgr backup command.
dcnm# appmgr backup
Copy the backup file to a safe location outside the DCNM server.
Step 3
Logon to the /root/ directory, by using the su command.
dcnm# su
Enter password: <<enter-password>>
Note
Ensure that you have access to the /root/ folder before you mount the ISO to the directory.
Step 4
Unzip the dcnm-va.11.4.1.iso.zip file and upload the DCNM 11.4(1) ISO file to the /root/
folder in the DCNM setup that you want to upgrade.
Step 5
Create folder that is named iso using the mkdir /mnt/iso command.
dcnm# mkdir /mnt/iso
Step 6
Mount the DCNM 11.4(1) ISO file on the standalone setup in the /mnt/iso folder.
mount -o loop <DCNM 11.4(1) image> /mnt/iso
dcnm# mount -o loop dcnm-va.11.4.1.iso /mnt/iso
Step 7
Navigate to /mnt/iso/packaged-files/scripts/ and run the ./inline-upgrade.sh script.
dcnm# cd /mnt/iso/packaged-files/scripts/
dcnm# ./inline-upgrade.sh
Do you want to continue and perform the inline upgrade to 11.4(1)? [y/n]: y
Note
Step 8
The prompt to enter a new sysadmin password appears while you’re upgrading from Cisco DCNM
Release 11.1(1) or Release 11.2(1) only.
Provide the new sysadmin user password at the prompt:
Note
The prompt to enter a new sysadmin password appears while you’re upgrading from Cisco DCNM
Release 11.1(1) or Release 11.2(1) only.
Enter the password for the new sysadmin user: <<sysadmin_password>>
Enter it again for verification: <<sysadmin_password>>
After the upgrade is complete, the appliance reboots. After reboot, the SSH \root access is disabled by default.
Use sysadmin user.
Step 9
Ensure that the DCNM application is functional, by using the appmgr status all command.
dcnm# appmgr status all
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
78
Upgrading Cisco DCNM
Inline Upgrade for DCNM Virtual Appliance in Native HA Mode
Step 10
To verify that you have successfully installed the Cisco DCNM Release 11.4(1), use the appmgr show version
command.
dcnm# appmgr show version
Cisco Data Center Network Manager
Version: 11.4(1)
Install mode: LAN Fabric
Standalone node. HA not enabled.
What to do next
Logon to the DCNM Web UI with appropriate credentials.
Note
In Release 11.3(1), the sysadmin and the root user's password are not identical. When you upgrade to 11.4(1),
the sysadmin and root user passwords are preserved.
However, when you perform backup and restore on DCNM Release 11.4(1) after upgrade, the sysadmin user
inherits the password from the root user, and therefore both the users will have the same password. You can
change the password for both the users after restore is complete.
Click Settings icon and choose About DCNM. You can view and verify the Installation type that you have
deployed.
To gracefully onboard Cisco DCNM Release 11.1(1), Release 11.2(1), Release 11.3(1) managed VXLAN
BGP EVPN fabric(s) comprising Cisco Nexus 9000 switches post upgrade to Cisco DCNM Release 11.4(1),
see Post DCNM 11.4(1) Upgrade for VXLAN BGP EVPN, External, and MSD Fabrics.
Inline Upgrade for DCNM Virtual Appliance in Native HA Mode
Inline upgrade allows you to upgrade DCNM by imposing the new DCNM version to the existing DCNM.
After the inline upgrade, ensure that you clear your browser cache before launching the DCNM application.
Perform the following task to upgrade the DCNM virtual appliance in Native HA mode.
Before you begin
• Ensure that both the Cisco DCNM 11.1(1), Cisco DCNM 11.2(1), or Cisco DCNM 11.3(1) Active and
Standby peers are up and running.
• Before upgrading Cisco DCNM in Clustered mode, stop the Network Insights - Resources (NIR) 2.x
application. On the Cisco DCNM Web UI, choose Applications > Catalog. On the NIR app, click Stop
icon to stop the application. Click Delete to remove the application from the Catalog.
Note
Inline upgrade of Cisco DCNM in Clustered mode is supported from Release
11.2(1). Release 11.1(1) doesn’t support inline upgrade for DCNM in clustered
mode.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
79
Upgrading Cisco DCNM
Inline Upgrade for DCNM Virtual Appliance in Native HA Mode
• Check and ensure that the Active and Standby servers are operational, using the appmgr show ha-role
command.
Example:
On the Active node:
dcnm1# appmgr show ha-role
Native HA enabled.
Deployed role: Active
Current role: Active
On the Standby node:
dcnm2# appmgr show ha-role
Native HA enabled.
Deployed role: Standby
Current role: Standby
Procedure
Step 1
Unzip the dcnm-va.11.4.1.iso.zip file and upload the DCNM 11.4(1) ISO file to the /root/
folder in both Active and Standby node of the DCNM setup that you want to upgrade.
Note
Step 2
For example, let us indicate Active and Standby appliances as dcnm1 and dcnm2 respectively.
Log on to the Cisco DCNM appliance console.
Caution
If the system requirements does not meet the minimum resource requirements, everytime you logon
to DCNM via the console or SSH, SYSTEM RESOURCE ERROR is displayed. Modify the
system requirements logon to DCNM via Console/SSH.
• For OVA Installation: On the OVF template that is deployed for the host, right click and select Settings
> Launch Web Console.
• For ISO Installation: Select the KVM console or UCS (Bare Metal) console.
Caution
Do not perform an Inline Upgrade from an SSH Session. The session may timeout and result in an
incomplete upgrade.
OR
Run the following command to create a screen session.
dcnm1# screen
dcnm2# screen
This creates a session which allows you to execute the commands. The commands continue to run even when
the window is not visible or if you get disconnected.
Step 3
Take a backup of the application data using the appmgr backup command on both Active and Standby
appliances.
dcnm1# appmgr backup
dcnm2# appmgr backup
Copy the backup file to a safe location outside the DCNM server.
Step 4
On the Active node, perform the inline upgrade.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
80
Upgrading Cisco DCNM
Inline Upgrade for DCNM Virtual Appliance in Native HA Mode
a) Create a folder named iso using the mkdir /mnt/iso command.
dcnm1# mkdir /mnt/iso
b) Mount the DCNM 11.4(1) ISO file on the Active node in the /mnt/iso folder.
dcnm1# mount -o loop dcnm-va.11.4.1.iso /mnt/iso
c) Navigate to /mnt/iso/packaged-files/scripts/ location and run the ./inline-upgrade.sh script.
dcnm1# cd /mnt/iso/packaged-files/scripts/
dcnm1# ./inline-upgrade.sh
Note
If some services are still running, you will receive a prompt that the services will be stopped.
When prompted, press y to continue.
dcnm1# Do you want to continue and perform the inline upgrade to 11.4(1)? [y/n]: y
Note
The prompt to enter a new sysadmin password appears while you’re upgrading from Cisco
DCNM Release 11.1(1) or Release 11.2(1) only.
d) Provide the new sysadmin user password at the prompt:
Note
The prompt to enter a new sysadmin password appears while you’re upgrading from Cisco
DCNM Release 11.1(1) or Release 11.2(1) only.
Enter the password for the new sysadmin user: <<sysadmin_password>>
Enter it again for verification: <<sysadmin_password>>
After the upgrade is complete, the appliance reboots. After reboot, the SSH \root access is disabled by
default. Use sysadmin user.
e) Ensure the DCNM application is functional, by using the appmgr status all command.
dcnm1# appmgr status all
Note
Ensure that all the services are up and running on the Cisco DCNM Active node before
proceeding to upgrade Standby node.
f) Verify the role of the Active node, by using appmgr show ha-role command. Current role must show as
Active.
dcnm1# appmgr show ha-role
Native HA enabled.
Deployed role: Active
Current role: Active
Warning We recommend that you do not continue to upgrade the Standby node, unless the Active node
Current role is Active.
Step 5
On the Standby node, perform the inline upgrade.
a) Create folder named iso using the mkdir /mnt/iso command.
dcnm2# mkdir /mnt/iso
b) Mount the DCNM 11.4(1) ISO file on the Standby node in the /mnt/iso folder.
dcnm2#
dcnm2# mount -o loop dcnm-va.11.4.1.iso /mnt/iso
c) Navigate to /mnt/iso/packaged-files/scripts/ location and run the ./inline-upgrade.sh script.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
81
Upgrading Cisco DCNM
Inline Upgrade for DCNM Virtual Appliance in Native HA Mode
dcnm2# cd /mnt/iso/packaged-files/scripts/
dcnm2# ./inline-upgrade.sh --standby
Note
If some services are still running, you will receive a prompt that the services will be stopped.
When prompted, press y and continue.
dcnm2# Do you want to continue and perform the inline upgrade to 11.4(1)? [y/n]: y
Note
The prompt to enter a new sysadmin password appears while you’re upgrading from Cisco
DCNM Release 11.1(1) or Release 11.2(1) only.
d) Provide the new sysadmin user password at the prompt:
Note
The prompt to enter a new sysadmin password appears while you’re upgrading from Cisco
DCNM Release 11.1(1) or Release 11.2(1) only.
Enter the password for the new sysadmin user: <<sysadmin_password>>
Enter it again for verification: <<sysadmin_password>>
After the upgrade is complete, the appliance reboots. After reboot, the SSH \root access is disabled by
default. Use sysadmin user.
After the upgrade is complete, the appliance reboots. Verify the role of the appliance, using the following
command:
dcnm2# appmgr show ha-role
Native HA enabled.
Deployed role: Standby
Current role: Standby
What to do next
Log on to the DCNM Web UI with appropriate credentials.
Note
In Release 11.3(1), the sysadmin and the root user's password are not identical. When you upgrade to 11.4(1),
the sysadmin and root user passwords are preserved.
However, when you perform backup and restore on DCNM Release 11.4(1) after upgrade, the sysadmin user
inherits the password from the root user, and therefore both the users will have the same password. You can
change the password for both the users after restore is complete.
Click Settings icon and choose About DCNM. You can view and verify the Installation type that you have
deployed.
Verify the role of both the appliances using the appmgr show ha-role
dcnm1# appmgr show ha-role
Native HA enabled.
Deployed role: Active
Current role: Active
dcnm2# appmgr show ha-role
Native HA enabled.
Deployed role: Standby
Current role: Standby
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
82
Upgrading Cisco DCNM
Inline Upgrade for DCNM Compute Nodes
Verify the status of all applications using the appmgr status all command.
To gracefully onboard Cisco DCNM Release 11.1(1), Release 11.2(1), or Release 11.3(1) managed VXLAN
BGP EVPN fabric(s) comprising Cisco Nexus 9000 switches post upgrade to Cisco DCNM Release 11.4(1),
see Post DCNM 11.4(1) Upgrade for VXLAN BGP EVPN, External, and MSD Fabrics.
Inline Upgrade for DCNM Compute Nodes
You can upgrade the DCNM compute nodes from Release 11.2(1) or Release 11.3(1) to Release 11.4(1) using
the inline upgrade. Inline upgrade allows you to upgrade the compute node by imposing the new DCNM
version to the existing compute node.
Note
You can upgrade the Compute nodes on Cisco Application Services Engine for Cisco DCNM Release 11.3(1)
to Release 11.4(1) using the inline upgrade procedure. For more information, refer to Cisco Application
Services Engine Installation Guide For Cisco DCNM.
Perform the following task to upgrade the DCNM compute node in both Standalone and Native HA modes.
Before you begin
Cisco DCNM Servers in either Standalone node or Native HA mode must be upgraded to Release 11.4(1),
before upgrading the DCNM compute nodes.
Procedure
Step 1
Log on to the Cisco DCNM Compute console.
Caution
Don’t perform an Inline Upgrade from an SSH Session. The session may timeout and result in an
incomplete upgrade.
Caution
If the system requirements does not meet the minimum resource requirements, everytime you logon
to DCNM via the console or SSH, SYSTEM RESOURCE ERROR is displayed. Modify the
system requirements logon to DCNM via Console/SSH.
OR
Run the following command to create a screen session on the compute node.
dcnm-compute# screen
This creates a session which allows you to execute the commands. The commands continue to run even when
the window isn’t visible or if you get disconnected.
Step 2
Unzip the dcnm-va.11.4.1.iso.zip file and upload the DCNM 11.4(1) ISO file to the /root/
folder in all the compute nodes.
Step 3
Create folder that is named iso using the mkdir /mnt/iso command, on all the computes.
dcnm-compute# mkdir /mnt/iso
Step 4
Mount the DCNM 11.4(1) ISO file on the compute node in the /mnt/iso folder.
mount -o loop <DCNM 11.4(1) image> /mnt/iso
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
83
Upgrading Cisco DCNM
Inline Upgrade for DCNM Compute Nodes
dcnm-compute# mount -o loop dcnm-va.11.4.1.iso /mnt/iso
Mount the ISO on all the compute nodes.
Step 5
Navigate to /mnt/iso/packaged-files/scripts/ and run the ./inline-upgrade.sh script.
dcnm-compute# cd /mnt/iso/packaged-files/scripts/
dcnm-compute# ./inline-upgrade.sh
Do you want to continue and perform the inline upgrade to 11.4(1)? [y/n]: y
Step 6
Note
If some services are still running, a prompt to stop the services appears. When prompted, press y
to continue.
Note
The prompt to enter a new sysadmin password appears while you’re upgrading from Cisco DCNM
Release 11.1(1) or Release 11.2(1) only.
Provide the new sysadmin user password at the prompt:
Enter the password for the new sysadmin user:<<sysadmin_password>>
Enter it again for verification:<<sysadmin_password>>
After the upgrade is complete, the compute node reboots. After reboot, the SSH \root access is disabled by
default. Use sysadmin user.
Step 7
Verify that you have successfully upgraded to Cisco DCNM Release 11.4(1), using the appmgr show version
command.
dcnm-compute# appmgr show version
Cisco Data Center Network Manager
Version: 11.4(1)
Install mode: Compute
What to do next
You must upgrade all the three compute nodes in the cluster.
After the Upgrade process is complete, each compute node will reboot and join the cluster automatically. On
the Cisco DCNM Web UI, choose Applications > Compute to verify if the compute node appears as Joined.
To gracefully onboard Cisco DCNM Release 11.1(1), Release 11.2(1), Release 11.3(1) managed VXLAN
BGP EVPN fabric(s) comprising Cisco Nexus 9000 switches post upgrade to Cisco DCNM Release 11.4(1),
see Post DCNM 11.4(1) Upgrade for VXLAN BGP EVPN, External, and MSD Fabrics .
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
84
CHAPTER
6
Upgrading the Cisco DCNM Classic LAN
Deployment
• Overview, on page 85
• Migration of Fabrics, on page 86
• Supported Switch Roles in LAN Fabric Post Upgrade, on page 88
• Classic LAN Templates in LAN Fabric, on page 88
• Upgrading from the Classic LAN Deployment to the LAN Fabric Deployment, on page 92
• LAN Classic Fabric Template Functionalities, on page 95
Overview
From Cisco DCNM Release 11.4(1), the Classic LAN deployment is unsupported. If you are planning to
upgrade your Classic LAN deployment to DCNM Release 11.4(1), the only available upgrade option is to the
DCNM Release 11.4(1) LAN Fabric deployment, and it is done automatically during the DCNM inline upgrade
process.
In the LAN Fabric deployment, there are two new fabric templates that you can use to manage your switches.
For more information, see Managing Switches Using Classic LAN Templates.
The following table summarizes upgrades for your Classic LAN deployment to the Cisco DCNM Release
11.4(1):
Table 6: Classic LAN Upgrade
From Classic LAN deployment in DCNM Release To LAN Fabric deployment in DCNM Release Upgrade
11.3(1)
11.4(1)
Inline
upgrade
11.2(1)
11.4(1)
Inline
upgrade
11.1(1)
11.4(1)
Inline
upgrade
When you perform the inline upgrade from older releases to Cisco DCNM Release 11.4(1), automatic
conversion to LAN Fabric mode using LAN_Classic and Fabric_Group fabric templates is done.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
85
Upgrading the Cisco DCNM Classic LAN Deployment
Migration of Fabrics
Note
We recommend that you to familiarize yourself with the Cisco DCNM LAN Fabric functionalities before
proceeding with the upgrade. For information, see Cisco DCNM LAN Fabric Configuration Guide, Release
11.4(1).
Prerequisites
• Review the Cisco DCNM 11.4(1) LAN Fabric System Requirements to ensure that your existing
deployment meets those criteria. See System Requirements.
• Review the Cisco DCNM LAN Fabric Verified Scalability section to ensure your existing deployment
needs are met. See Verified Scalability Guide for Cisco DCNM.
Guidelines and Limitations
• In the Classic LAN deployment, if you are managing switches using the in-band interfaces, upgrading
to the LAN Fabric deployment is not supported. You need to change to managing switches using the
management (mgmt0) interfaces, and then upgrade.
The support for in-band interface management is expected to be available in a future release.
• VDC Auto-Provisioning (VOAP) for Cisco Nexus 7000 Series switches is not supported in the LAN
Fabric installation mode.
• The following configurations are not migrated from Classic LAN to the LAN Fabric Deployment:
• Config archive jobs.
Post upgrade, you should configure the fabric backups from the fabric settings.
• CLI jobs.
• POAP DHCP configuration.
Post upgrade, you should configure the Fabric Settings for POAP.
Migration of Fabrics
The DCNM upgrade from Classic LAN automatically creates fabric instances in LAN Fabric to match the
Classic LAN switch and container groups. The inline upgrade to the LAN Fabric mode preserves only two
levels of hierarchy if nested grouping is present. All intermediate and/or empty groups are automatically
removed. For reference, see the following image:
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
86
Upgrading the Cisco DCNM Classic LAN Deployment
Migration of Fabrics
The summary of the migration behavior is as follows:
• Only switch groups that hold switches will be migrated over to a fabric instance using the LAN_Classic
fabric template. In this example, SG1, LAB1, LAB2, and Default_LAN are migrated.
• Only two levels of hierarchy is maintained during the upgrade. Any intermediate groups are deleted, and
the lowest level switch groups are promoted to the top of the hierarchy.
In this example:
• SJC_Bldg1 is the top-level container group that has valid switch groups in Classic LAN. Therefore,
a fabric instance for SJC_Bldg1 is created in LAN Fabric, and it uses the Fabric_Group template.
• Fabric instances for LAB1 and LAB2are created using the LAN_Classic fabric template in LAN
Fabric. These fabric instances are made member fabrics of SJC_Bldg1.
• The intermediate SJCFloor1 and SJCFloor2 containers are not carried over to LAN Fabric.
• Container groups that do not have any valid switch groups are not migrated. In this example, Floor1 and
SJC_Bldg2 are not migrated.
• Switch groups will be migrated to standalone fabric instances using the LAN_Classic fabric template.
In this example, Default_LAN is migrated to LAN Fabric with the LAN_Classic fabric template.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
87
Upgrading the Cisco DCNM Classic LAN Deployment
Supported Switch Roles in LAN Fabric Post Upgrade
• After migration, the devices will be placed in the Migration Mode in fabrics associated with the
LAN_Classic fabric template. The fabric will be in the Fabric Monitor Mode.
For more information about the next steps, see Upgrading from the Classic LAN Deployment to the LAN
FabricDeployment
Supported Switch Roles in LAN Fabric Post Upgrade
Some of the switch roles supported in the Classic LAN installation mode are not available in LAN Fabric.
The following table shows the switch roles in Classic LAN and their equivalents in LAN Fabric:
Classic LAN
(Pre-Upgrade)
LAN Fabric (Post
Upgrade)
Border PE
Border
Edge
Edge Router
FEX
Access
Host
Admin VDC
Note that these roles are automatically mapped to their equivalent roles in LAN Fabric after the upgrade.
The following switch roles remain the same in LAN Fabric after the upgrade:
• Spine
• Leaf
• Border Spine
• Border
• Border Gateway
• Edge Router
• Core Router
• Access
• Aggregation
Classic LAN Templates in LAN Fabric
The templates of templateType = CLI are converted to templateType = POLICY. These templates are
displayed in Control > Template Library. If needed, PTIs can be created from the View/Edit Policies
window.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
88
Upgrading the Cisco DCNM Classic LAN Deployment
Classic LAN Templates in LAN Fabric
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
89
Upgrading the Cisco DCNM Classic LAN Deployment
Classic LAN Templates in LAN Fabric
Note
If policies that are updated automatically need to be reviewed, a backup of the original file is saved with a
.bak extension in the following directory on DCNM:
/usr/local/cisco/dcm/dcnm/data/templates/.
Some of the template language constructs that are available in Classic LAN are not supported in LAN Fabric
installation. For example:
• Custom prompt handling
• Command execution logic
• Derived/Inherited templates
Note
The templates need to be edited appropriately to work with LAN Fabric.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
90
Upgrading the Cisco DCNM Classic LAN Deployment
Classic LAN Templates in LAN Fabric
Unsupported Template Language Content
The following Classic LAN template language features are not supported in the LAN Fabric installation mode.
Note that the existing templates using this content are not supported. They need to be reviewed and/or edited
to create compatible templates.
1. Interactive command handling:
Include prompt and response as part of the template content for handling interactive commands.
For example:
##template variables
string srcFile;
string srcDir;
string password;
string vrf;
##
##template content
copy scp://[email protected]/$$srcFile$$ bootflash: vrf $$vrf$$ <prompt:'(yes/no)?',
response:'yes'> <prompt:'(y/n)?[n]',
response:'y'> <prompt:'password:',
response:'$$password$$'>
2. Dynamic decision
Config template provides a special internal variable LAST_CMD_RESPONSE.
For example:
##template content
show vlan id $$vlan_id$$
if($$LAST_CMD_RESPONSE$$ contains
"not found"){
vlan $$vlan_id$$
}
else{
}
3. Template referencing
In this case, templates are referenced from another template.
Derived Template:
##template properties
[snip]
imports = baseTemplate1,baseTemplate2;
##
For more information about templates, see Cisco DCNM Classic LAN Configuration Guide, Release 11.3(1)
and Cisco DCNM LAN Fabric Configuration Guide, Release 11.4(1).
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
91
Upgrading the Cisco DCNM Classic LAN Deployment
Upgrading from the Classic LAN Deployment to the LAN Fabric Deployment
Upgrading from the Classic LAN Deployment to the LAN Fabric
Deployment
Procedure
Step 1
Make sure that all switches are reachable from Cisco DCNM before the upgrade.
Note
Step 2
If nested switch groups are in DCNM 11.3(1) and telemetry is enabled on them, you need to disable
telemetry on those switch groups before upgrade.
Follow the inline upgrade procedure to upgrade to the LAN Fabric deployment.
For information, see Upgrading ISO or OVA through Inline Upgrade.
Step 3
Post upgrade, the DCNM installation type will be automatically changed to LAN Fabric and appropriate fabric
instances are created. For information about the fabric, see Migration of Fabrics.
Step 4
The switches are placed in the Migration Mode. Navigate to each LAN_Classic fabric and click Save &
Deploy.
Note
The fabrics are in the Monitor Mode by default. An error message is seen because of this mode,
and it can be ignored.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
92
Upgrading the Cisco DCNM Classic LAN Deployment
Upgrading from the Classic LAN Deployment to the LAN Fabric Deployment
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
93
Upgrading the Cisco DCNM Classic LAN Deployment
Upgrading from the Classic LAN Deployment to the LAN Fabric Deployment
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
94
Upgrading the Cisco DCNM Classic LAN Deployment
LAN Classic Fabric Template Functionalities
This step ensures that the minimum configuration intent is captured for the switches. The switches continue
to remain in the Migration Mode till any connectivity issue and errors are resolved. To move the switches
out of this mode, subsequent Save & Deploy operations are needed.
LAN Classic Fabric Template Functionalities
The following features in the LAN_Classic template provide the same support as they do for the
External_Fabric_11_1 template:
The following features are supported:
• Configuration compliance
• Backup or restore of fabric/switch
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
95
Upgrading the Cisco DCNM Classic LAN Deployment
LAN Classic Fabric Template Functionalities
• Network Insights
• Performance monitoring
• VMM
• Topology view
• Kubernetes visualization
• RBAC
For more information, refer to the feature specific sections.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
96
CHAPTER
7
Deployment Best Practices
• Best Practices for Deploying Cisco DCNM and Computes, on page 97
Best Practices for Deploying Cisco DCNM and Computes
This chapter describes the document best practices to deploy Cisco DCNM OVA and ISO in clustered and
unclustered modes. The following sections explain the recommended design for configurations of IP addresses
and relevant IP pools during the Cisco DCNM installation.
The Cisco DCNM OVA or the ISO installation consists of 3 network interfaces:
• dcnm-mgmt network (eth0) interface
This network provides connectivity (SSH, SCP, HTTP, HTTPS) to the Cisco DCNM.
• enhanced-fabric-mgmt (eth1) interface
This network provides enhanced fabric management of Cisco Nexus switches through the out-of-band
or mgmt0 interface.
• enhanced-fabric-inband (eth2) interface
This network provides in-band connection to the fabric through the front-panel ports. This network
interface is used for applications such as Endpoint Locator (EPL) and Network Insights Resources (NIR).
The following figure shows the network diagram for the Cisco DCNM management interfaces.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
97
Deployment Best Practices
Guidelines to Use the Best Practices
Guidelines to Use the Best Practices
The following are the guidelines to remember while you use the best practices for deploying DCNM and
Computes.
• The IP addresses specified in this document are sample addresses. Ensure that your setup reflects the IP
addresses used in the production network.
• Ensure that the eth2 interface subnet is different from the subnet that is associated with the eth0 interface
and the eth1 interface.
• As eth0 and eth1 interfaces are both on the same subnet, the DHCP returns the same IP address, two
responses but same for both queries.
• Cisco DCNM Native HA consists of two Cisco DCNM appliances, that run as Active and Standby
applications. The embedded databases of both Active and Standby appliances are synchronized in real
time. The eth0, eth1, and eth2 interfaces of the Cisco DCNM and Compute nodes, in a clustered mode,
must be Layer-2 adjacent.
• For information about Cluster Mode in your Cisco DCNM Deployment, refer to Applications chapter in
the Cisco DCNM Configuration Guide for your deployment type.
Deployments for Redundancy in Cisco DCNM
This section describes the recommended deployments for redundancy of DCNM operations. As a general
assumption, the DCNM and the compute nodes are installed as Virtual Machines. During Cisco DCNM ISO
installation on Virtual Appliance on UCS (Bare Metal), all DCNMs and computes have their own individual
servers.
Deployment 1: Minimum Redundancy Configuration
The recommended configuration for minimum redundancy in a Cisco DCNM Cluster mode installation is as
follows:
• DCNM Active Node and Compute Node 1 in Server 1
• DCNM Standby Node and Compute Node 2 in Server 2
• Compute Node 3 in Server 3
• Compute VMs deployed on an exclusive disk
• No oversubscription of memory or CPU of the physical servers
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
98
Deployment Best Practices
IP Address Configurations in Cisco DCNM
Figure 9: Cisco DCNM Cluster Mode: Physical Server to VM Mapping
Deployment 2: Maximum Redundancy Configuration
The recommended configuration for maximum redundancy in a DCNM Cluster mode installation is as follows:
• DCNM Active Node(Active) in Server 1
• DCNM Standby Node in Server 2
• Compute Node 1 in Server 3
• Compute Node 2 in Server 4
• Compute Node 3 in Server 5
Figure 10: Cisco DCNM Cluster Mode: Physical Server to VM Mapping
IP Address Configurations in Cisco DCNM
This section describes the best practices and recommended deployments for IP address configurations of all
interfaces of the Cisco DCNM and Compute nodes.
Scenario 1: All 3 Ethernet Interfaces are in Different Subnets
In this scenario, consider all three Ethernet interfaces of DCNM on different subnets.
For example:
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
99
Deployment Best Practices
Scenario 1: All 3 Ethernet Interfaces are in Different Subnets
• eth0 – 172.28.8.0/24
• eth1 – 10.0.8.0/24
• eth2 – 192.168.8.0/24
The possible deployments are as follows:
• Cisco DCNM Unclustered mode, on page 100
• Cisco DCNM Clustered Mode, on page 101
Cisco DCNM Unclustered mode
Figure 11: Cisco DCNM Standalone Deployment without Compute Cluster
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
100
Deployment Best Practices
Scenario 1: All 3 Ethernet Interfaces are in Different Subnets
Figure 12: Cisco DCNM HA Deployment without Compute Cluster
Cisco DCNM Clustered Mode
Figure 13: Cisco DCNM Standalone Deployment with Compute Cluster
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
101
Deployment Best Practices
Scenario 2: eth2 Interface in Different Subnet
Figure 14: Cisco DCNM HA Deployment with Compute Cluster
Scenario 2: eth2 Interface in Different Subnet
In this scenario, consider that the eth0 and eth1 interfaces are in the same subnet, and eth2 interfaces of DCNMs
and Computes are in a different subnet.
For example:
• eth0 – 172.28.8.0/24
• eth1 – 172.28.8.0/24
• eth2 – 192.168.8.0/24
The possible deployments are as follows:
• Cisco DCNM Unclustered Mode, on page 103
• Cisco DCNM Clustered Mode, on page 104
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
102
Deployment Best Practices
Scenario 2: eth2 Interface in Different Subnet
Cisco DCNM Unclustered Mode
Figure 15: Cisco DCNM Standalone deployment (No HA) without Compute Cluster
Figure 16: Cisco DCNM Native HA deployment without Compute Cluster
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
103
Deployment Best Practices
Physical Connectivity of Cisco DCNM and Compute Nodes
Cisco DCNM Clustered Mode
Figure 17: Cisco DCNM Standalone Deployment with Compute Cluster
Figure 18: Cisco DCNM Native HA Deployment with Compute Cluster
Physical Connectivity of Cisco DCNM and Compute Nodes
This section describes the physical connectivity of the Cisco DCNM and Compute nodes in both Virtual
Machines and Bare Metal installations.
Virtual Machines
The following image shows the physical connectivity of DCNM and compute nodes supported in a 3 server
redundancy configuration. The physical servers must be connected to a vPC pair of switches via port-channels.
This provides adequate fault-tolerance, if a single link fails or a single switch fails. The vPC pair of switches
is considered as the infra vPC pair that provides management connectivity to the physical servers.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
104
Deployment Best Practices
Physical Connectivity of Cisco DCNM and Compute Nodes
Figure 19: Cisco DCNM VM Physical Connectivity with 3 servers
The following image shows the physical connectivity of Cisco DCNM and Compute nodes supported in an
VM installation in a 5 server redundancy configuration.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
105
Deployment Best Practices
Physical Connectivity of Cisco DCNM and Compute Nodes
Figure 20: Cisco DCNM VM Physical Connectivity with 5 servers
Bare Metal Installation
For installing Cisco DCNM on Bare Metal, 5 servers are required. The following image shows the physical
connectivity of Cisco DCNM and Compute nodes. Note that, there are 3 physical interfaces on each server
that map to the eth0, eth1, and eth2 interfaces, respectively. If the physical server consists of a managed
network adapter such as the Cisco UCS VIC 1455 Virtual Interface Card, you can have a port-channel
connectivity from the servers to the switches, similar to the Virtual Machines.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
106
Deployment Best Practices
Physical Connectivity of Cisco DCNM and Compute Nodes
Figure 21: Cisco DCNM and Compute Bare Metal Physical Connectivity
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
107
Deployment Best Practices
Physical Connectivity of Cisco DCNM and Compute Nodes
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
108
CHAPTER
8
Disaster Recovery (Backup and Restore)
This chapter contains the following sections:
• Backup and Restore Cisco DCNM and Application Data on Standalone DCNM setup, on page 109
• Backup and Restore Cisco DCNM and Application Data on Native HA setup, on page 110
• Recovering Cisco DCNM Single HA Node, on page 111
Backup and Restore Cisco DCNM and Application Data on
Standalone DCNM setup
You can take a backup of Cisco DCNM application data for analytics and troubleshooting.
Note
In Release 11.3(1), the sysadmin and the root user's password are not identical. When you upgrade to 11.4(1),
the sysadmin and root user passwords are preserved.
However, when you perform backup and restore on DCNM Release 11.4(1) after upgrade, the sysadmin user
inherits the password from the root user, and therefore both the users will have the same password. You can
change the password for both the users after restore is complete.
Perform the following task to take a backup of Cisco DCNM and Application data.
Procedure
Step 1
Logon to the Cisco DCNM appliance using SSH.
Step 2
Take a backup of the application data using the appmgr backup command.
dcnm# appmgr backup
From Release 11.4(1), Cisco DCNM allows you to configure a cron job that allows saves the backup to a
remote scp server. Use appmgr backup schedule command to configure a scheduled backup.
dcnm# appmgr backup schedule [day] <hh<hh>:<mm>
[destination <user>@<host>:[<dir>]]
Copy the backup file to a safe location and shut down the DCNM Appliance.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
109
Disaster Recovery (Backup and Restore)
Backup and Restore Cisco DCNM and Application Data on Native HA setup
Step 3
Right click on the installed VM and select Power > Power Off.
Step 4
Deploy the new DCNM appliance.
Step 5
After the VM is powered on, click on Console tab.
A message indicating that the DCNM appliance is configuring appears on the screen.
Copy and paste the URL to the browser to continue with restore process.
Step 6
On the DCNM Web Installer UI, click Get Started.
Step 7
On the Cisco DCNM Installer screen, select radio button.
Select the backup file that was generated in Step Step 2, on page 109.
Continue to deploy the DCNM.
Step 8
On the Summary tab, review the configuration details.
Click Previous to go to the previous tabs and modify the configuration. Click Start Installation complete
Cisco DCNM Virtual Appliance Installation for the chosen deployment mode.
A progress bar appears showing the completed percentage, description of the operation, and the elapsed time
during the installation.
After the progress bar shows 100%, click Continue.
Step 9
After the data is restored, check the status using the appmgr status all command.
Backup and Restore Cisco DCNM and Application Data on
Native HA setup
You can take a backup of Cisco DCNM application data for analytics and troubleshooting.
Note
In Release 11.3(1), the sysadmin and the root user's password are not identical. When you upgrade to 11.4(1),
the sysadmin and root user passwords are preserved.
However, when you perform backup and restore on DCNM Release 11.4(1) after upgrade, the sysadmin user
inherits the password from the root user, and therefore both the users will have the same password. You can
change the password for both the users after restore is complete.
Perform the following task to take perform backup and restore of data in a Native HA setup.
Before you begin
Ensure that the Active node is operating and functional.
Procedure
Step 1
Check if the Active node is operational. Otherwise, trigger a failover.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
110
Disaster Recovery (Backup and Restore)
Recovering Cisco DCNM Single HA Node
Step 2
Logon to the Cisco DCNM appliance using SSH.
Step 3
Take a backup of the application data using the appmgr backup command on both Active and Standby
appliances.
dcnm1# appmgr backup
dcnm2 appmgr backup
From Release 11.4(1), Cisco DCNM allows you to configure a cron job that allows saves the backup to a
remote scp server. Use appmgr backup schedule command to configure a scheduled backup.
dcnm# appmgr backup schedule [day] <hh<hh>:<mm>
[destination <user>@<host>:[<dir>]]
Copy the backup file of both active and standby appliances to a safe location and shut down the DCNM
Appliance.
Step 4
Right click on the installed VM and select Power > Power Off.
Step 5
Deploy the new DCNM appliance in Native HA mode.
Step 6
For both the Active and Standby appliances, after the VM is powered on, click on Console tab.
A message indicating that the DCNM appliance is configuring appears on the screen.
Copy and paste the URL to the browser to continue with restore process.
Step 7
On the DCNM Web Installer UI, click Get Started.
Step 8
On the Cisco DCNM Installer screen, select radio button.
Select the backup file that was generated in Step Step 3, on page 111.
The values for parameters are read from the backup file, and auto-populated. Modify the values, if required.
Continue to deploy the DCNM.
Step 9
On the Summary tab, review the configuration details.
Click Previous to go to the previous tabs and modify the configuration. Click Start Installation complete
Cisco DCNM Virtual Appliance Installation for the chosen deployment mode.
A progress bar appears showing the completed percentage, description of the operation, and the elapsed time
during the installation.
After the progress bar shows 100%, click Continue.
Step 10
After the data is restored, check the status using the appmgr status all command.
Recovering Cisco DCNM Single HA Node
This section details the scenarios and provides instructions to recover Cisco DCNM Single HA node.
The following table details all the recovery procedures when one or both the nodes fail in a Cisco DCNM
Native HA set up.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
111
Disaster Recovery (Backup and Restore)
Recovering Cisco DCNM Single HA Node
Failure type
Node/Database Primary Secondary Recovery procedure
to recover
backup backup
available available
Primary node is lost.
Primary Node
—
—
Secondary node is now
Primary (due to fail over).
1. Convert Secondary node to
Primary node.
2. Configure new Secondary node.
Primary and Secondary server Primary
database is lost. Secondary
database
node is now Primary (due to
fail over)
—
—
The Active Secondary node will
restart and sync to the Standby
Primary node.
Active Secondary node is lost. Secondary node —
Primary node is now active
due to fail over.
No
Configure new Secondary node.
Active Secondary node is lost. Secondary node —
Primary node is not active due
to fail over.
Yes
Configure new Secondary node, using
the Web Installer. Choose Fresh
installation with backup file for
restore. Select Restore secondary
DCNM node only in HA settings
screen.
Secondary standby node is
lost.
Secondary node —
No
Configure new Secondary node.
Secondary standby node lost
Secondary node —
Yes
Configure new Secondary node, using
the Web Installer. Choose Fresh
installation with backup file for
restore. Select Restore secondary
DCNM node only in HA settings
screen.
Primary node is active.
Secondary standby database
lost.
Secondary
database
—
Primary node will restart to sync with
Secondary node.
—
Converting Secondary node to Primary node
To convert the secondary node to Primary node, perform the following steps:
1. Log on to the DCNM server via SSH on the Secondary node.
2. Stop all the applications on the Secondary node by using the appmgr stop all command.
3. Navigate to the ha-setup.properties file.
4. Set the node ID to 1 to configure the secondary node as the primary node.
NODE_ID 1
After you change the node ID for the secondary node to 1, reboot the server. The old Secondary will restart
as the new Primary Node. Consider the lost Primary as lost secondary node, and configure the new secondary
node.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
112
Disaster Recovery (Backup and Restore)
Recovering Cisco DCNM Single HA Node
Configuring Secondary node
To configure the secondary node, perform the following steps:
1. Install a standalone Cisco DCNM. Use the same configuration settings as the lost secondary node.
Note
If the Primary node was lost, and the old secondary node was converted to primary node, configure the new
standalone node with the lost primary configuration.
2. Log on to the new DCNM standalone server via SSH, and stop all applications, using the appmgr stop
all command.
3. Provide access to the /root directory on the new node, using the appmgr root-access permit.
4. Log on to the primary node via SSH, and stop all applications, using the appmgr stop all command.
5. Provide access to the /root directory on the Primary node, using the appmgr root-access permit.
6. On the Primary node, edit the /root/.DO_NOT_DELETE file. Set the NATIVE_HA_STATUS
parameter to NOT_TRIGGERED on the primary node.
7. Configure the Primary node as Active, using the appmgr setup native-ha active command.
8. Configure the Secondary node as Standby, using the appmgr setup native-ha secondary command.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
113
Disaster Recovery (Backup and Restore)
Recovering Cisco DCNM Single HA Node
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
114
CHAPTER
9
Certificates
• Certificate Management, on page 115
Certificate Management
Note
This section to applicable only for DCNM OVA/ISO deployments.
From Release 11.2(1), Cisco DCNM allows new methods and new CLIs for installing, restoring after upgrade,
and verifying certificates on the system. You can export certificates from the Active node to the Standby node,
to ensure that both peers on the Native HA setup have the same certificates.
In a Cisco DCNM Native HA setup, after you install a CA certificate on the Active node and start the services,
the certificates are automatically synchronized with the Standby node. If you need the same internal certificate
on both Active and Standby nodes, you must export the certificate from the Active node to the Standby node.
This ensures that both the peers on the Cisco Native HA setup have the same certificates.
Note
From Release 11.3(1), you must use sysadmin role for certificate management.
Cisco DCNM stores two certificates:
• Self-signed certificate, for internal communication between the Cisco DCNM Server and various
applications
• CA (Certificate Authority) Signed certificate, for communicating with the external world, such as Web
UI.
Note
Until you install a CA Signed certificate, Cisco DCNM retains a self-signed certificate for the communicating
with the external network.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
115
Certificates
Best practices for Certificate Management
Best practices for Certificate Management
The following are the guidelines and best practices for Certificate Management in Cisco DCNM.
• Cisco DCNM provides CLI based utilities to display, install, restore, and export or import of certificates.
These CLIs are available through SSH console, and only a sysadmin user can accomplish these tasks.
• When you install Cisco DCNM, a self-signed certificate is installed, by default. This certificate is used
to communicate with the external world. After Cisco DCNM installation, you must install a CA-Signed
certificate on the system.
• On Cisco DCNM Native HA setup, we recommend that you install a CA-Signed certificate on the DCNM
Active Node. The CA-Signed certificate will synchronize with the Standby node automatically. However,
if you want to keep the same internal and CA-Signed certificate on both Active node and Standby node,
you must export the certificates from Active node and import it to the Standby node. Both the Active
node and Standby node will have the same set of certificates.
Note
Compute nodes in a cluster deployment do not require any action, as the compute
nodes use internally managed certificates.
• Generate a CSR on Cisco DCNM with a CN (common name). Provide a VIP FQDN (Virtual IP Address
FQDN) as CN to install a CA Signed certificate. The FQDN is the fully qualified domain name for the
management subnet VIP (VIP of eth0) interface that is used to access Cisco DCNM Web UI.
• If the CA Signed certificate was installed prior to upgrading the Cisco DCNM, then you must restore
the CA Signed certificate after you upgrade the Cisco DCNM.
Note
You need not take a backup of certificates when you perform inline upgrade or
backup and restore.
Display Installed Certificates
You can view the details of the installed certificate by using the following command:
appmgr afw show-cert-details
In the following sample output for the appmgr afw show-cert-details command, CERTIFICATE 1 represents
the certificate offered to the external network and to the Web browsers. CERTIFICATE 2 represents the
internally used certificate.
dcnm# appmgr afw show-cert-details
****CERTIFICATE 1****
[Certificate available to web gateway. This certificate is offered to webclients]:
--------------Web gateway certificate--------------------------------------Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4202 (0x106a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=IN, ST=KA, L=BGL, O=xyz, OU=ABC, CN=<FQDN/IP>
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
116
Certificates
Display Installed Certificates
Validity
Not Before: Jun 4 13:55:25 2019 GMT
Not After : Jun 3 13:55:25 2020 GMT
Subject: C=IN, ST=KA9, L=BGL9, O=XYZ123, OU=ABC123, CN=<FQDN/IP>
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bb:52:1e:7f:24:d7:2e:24:62:5a:83:cc:e4:88:
--------------Certificate output is truncated to first 15 lines-------------****CERTIFICATE 2****
[Certificate available in keystore(jks). CA signed certificate is installed here till DCNM
version 11.1.x]
If you have upgraded from DCNM version 11.1.x to later version please see installation guide
to restore
CA signed certificate to upgraded version.
--------------Keystore certificate------------------------------------------alias = sme, storepass = <<storepass-pwd>>
Alias name: sme
Creation date: Oct 14, 2018
Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=localhost, OU=Data Center, O=Cisco Systems Inc, L=San Jose, ST=CA, C=US
Issuer: CN=dcnmca, OU=Data Center, O=Cisco Systems Inc, L=San Jose, ST=CA, C=US
Serial number: 62044620
Valid from: Sun Oct 14 20:39:39 PDT 2018 until: Fri Oct 13 20:39:39 PDT 2023
Certificate fingerprints:
MD5: E5:F8:AD:17:4D:43:2A:C9:EE:35:5F:BE:D8:22:7D:9C
SHA1: 38:66:F1:CD:10:61:27:E7:43:85:10:41:3D:A3:4B:5C:C9:CC:17:5E
SHA256:
E0:87:D8:34:71:18:FE:8C:AB:18:0B:D7:85:B1:91:A8:4B:75:A3:91:BA:90:83:46:72:87:FE:FE:FE:04:F0:E1
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
--------------Certificate output is truncated to first 15 lines-------------dcnm#
Note
<<storepass-pwd>> is the password string generated while installing DCNM Server. This string is located
in the <install dir>/dcm/fm/conf/serverstore.properties directory. Fetch the
dcnm.fmserver.token value for the storepass-pwd.
The Web UI refers to the CERTIFICATE 1 after installation. If CERTIFICATE 1 is not available, you
must stop and restart all applications, using the following commands:
Note
Ensure that you follow the same sequence of commands on the Cisco DCNM to troubleshoot this scenario.
On the Cisco DCNM Standalone appliance, run the following commands to stop and start all Cisco DCNM
applications to troubleshoot CERTIFICATE 1:
dcnm# appmgr stop all /* stop all the applications running on Cisco DCNM */
dcnm# appmgr start all /* start all the applications running on Cisco DCNM */
On the Cisco DCNM Native HA appliance, run the following commands to stop and start all Cisco DCNM
applications to troubleshoot CERTIFICATE 1:
For example, let us indicate the Active node as dcnm1, and Standby node dcnm2.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
117
Certificates
Installing a CA Signed Certificate
Stop the applications running on the both the nodes.
dcnm2# appmgr stop all /* stop all the applications running on Cisco DCNM Standby Node */
dcnm1# appmgr stop all /* stop all the applications running on Cisco DCNM Active Node */
Start the applications on both nodes.
dcnm1# appmgr start all /* start all the applications running on Cisco DCNM Active Node*/
dcnm2# appmgr start all /* start all the applications running on Cisco DCNM Standby Node*/
Note
Ensure that you clear the browser cache before you launch the Cisco DCNM Web UI, using the Management
IP Address.
The CERTIFICATE 1 is displayed in the Security settings on the browser.
Installing a CA Signed Certificate
We recommend that you install a CA Signed certificate as a standard security practice. The CA Signed
certificates are recognized, and verified by the browser. You can also verify the CA Signed certificate manually.
Note
The Certificate Authority can be an Enterprise Signing Authority, also.
Installing a CA Signed Certificate on Cisco DCNM Standalone Setup
To install a CA Signed certificate on the Cisco DCNM, perform the following steps.
Procedure
Step 1
Step 2
Logon to the DCNM server via SSH terminal.
Generate a CSR on the Cisco DCNM server using the appmgr afw gen-csr command:
Note
CSR is unique to a Cisco DCNM, and only a corresponding CSR signed certificate must be installed
on a given Cisco DCNM.
dcnm# appmgr afw gen-csr
Generating CSR....
..
...
----Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:CA
Locality Name (eg, city) [Default City]:San Jose
Organization Name (eg, company) [Default Company Ltd]:Cisco
Organizational Unit Name (eg, section) []:DCBG
Common Name (eg, your name or your server's hostname) []:dcnmhost.cisco.com
Email Address []:[email protected]
Please enter the following 'extra' attributes to be sent with your certificate request
A challenge password []: /* This field is not mandatory */
An optional company name []: /* This field is not mandatory */
...
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
118
Certificates
Installing a CA Signed Certificate on Cisco DCNM Native HA setup
A CSR file dcnmweb.csr is created in the /var/tmp/ directory.
********** CA certificate installation not completed yet. Please do followings. **********
CSR is generated and placed at /var/tmp/dcnmweb.csr.
Please download or copy the content to your certificate signing server.
Step 3
Send this CSR to your Certificate signing server.
Note
Step 4
The CA Signing server is local to your organization.
Get the certificate signed by your Certificate Authority.
The Certificate Authority (CA) returns 3 certificates, namely, Primary, Intermediate (also known as
Issuing/Subordinate), and Root certificates. Combine all the three certificates into one .pem file to import to
DCNM.
Step 5
Copy the new CA Signed certificate to Cisco DCNM server.
Ensure that the certificate is located at /var/tmp directory on the Cisco DCNM Server.
Step 6
Install the CA Signed certificate on the Cisco DCNM by using the following commands:
Note
We recommend that you run the following commands in the same sequence as shown below.
dcnm# appmgr stop all /* Stop all applications running on Cisco DCNM
dcnm# appmgr afw install-CA-signed-cert <CA-signed certificate directory>
/* CA-signed certificate with full or relative path */
Making the signed certificate available to web gateway....
CA signed certificate CA-signed-cert.pem is installed. Please start all applications as
followings:
On standalone setup execute: 'appmgr start all'
Step 7
Restart all applications with the new certificate on Cisco DCNM using the appmgr start all command.
dcnm# appmgr start all
Step 8
Verify the newly installed CA Signed certificate using the appmgr afw show-cert-details command.
The system is now armed with the CA Signed certificate, which is verified at the browser.
Note
CSR is unique to a Cisco DCNM, and only a corresponding CSR signed certificate must be installed
on a given Cisco DCNM.
Installing a CA Signed Certificate on Cisco DCNM Native HA setup
To install a CA Signed certificate on the Cisco DCNM, perform the following steps.
Note
We recommend that you run the following commands in the same sequence as shown below.
Procedure
Step 1
On the Active node, logon to the DCNM server via SSH terminal.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
119
Certificates
Installing a CA Signed Certificate on Cisco DCNM Native HA setup
Note
Step 2
For example, let us indicate the Cisco DCNM Active and Standby appliances as dcnm1 and dcnm2
respectively.
Generate a CSR on the Cisco DCNM server using the appmgr afw gen-csr command:
Note
CSR is unique to a Cisco DCNM, and only a corresponding CSR signed certificate must be installed
on a given Cisco DCNM.
dcnm1# appmgr afw gen-csr
Generating CSR....
..
...
----Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:CA
Locality Name (eg, city) [Default City]:San Jose
Organization Name (eg, company) [Default Company Ltd]:Cisco
Organizational Unit Name (eg, section) []:DCBG
Common Name (eg, your name or your server's hostname) []:dcnmhost.cisco.com
/* Provide a VIP FQDN name of the eth0 interface*/
Email Address []:[email protected]
Please enter the following 'extra' attributes to be sent with your certificate request
A challenge password []: /* This field is not mandatory */
An optional company name []: /* This field is not mandatory */
...
Note
For generating CSR on the Active node, we recommend that you provide a VIP FQDN name of
eth0 interface, when for prompted for Common Name.
This FQDN must be the web server address that you enter on the browser to launch the Cisco DCNM Web
UI.
A CSR file dcnmweb.csr is created in the /var/tmp/ directory.
********** CA certificate installation not completed yet. Please do followings. **********
CSR is generated and placed at /var/tmp/dcnmweb.csr.
Please download or copy the content to your certificate signing server.
Step 3
Send this CSR to your Certificate signing server.
Note
The CA Signing server is local to your organization.
The CA Signing server can be the CA certificate signing authority in your organizations, or your
local CA to your organization.
Step 4
Get the certificate signed by your Certificate Authority.
Step 5
Copy the new CA Signed certificate to Cisco DCNM server.
Ensure that the certificate is located at /var/tmp directory on the Cisco DCNM Server.
Step 6
On the Standby node, logon to the DCNM server via SSH terminal.
Step 7
Stop all the applications on the Standby node using the appmgr stop all command.
dcnm2# appmgr stop all /* Stop all applications running on Cisco DCNM Standby Node
dcnm2#
Step 8
On the Active node, stop all the applications by using the appmgr stop all command.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
120
Certificates
Exporting certificate from Active Node to Standby Node
dcnm1# appmgr stop all /* Stop all applications running on Cisco DCNM Active Node
dcnm2#
Step 9
On the Active node, install the CA Signed certificate on the Cisco DCNM by using the appmgr afw
install-CA-signed-cert command.
dcnm1# appmgr afw install-CA-signed-cert <CA-signed certificate directory>
/* CA-signed certificate with full or relative path */
Making the signed certificate available to web gateway....
CA signed certificate CA-signed-cert.pem is installed. Please start all applications as
followings:
On standalone setup execute: 'appmgr start all'
Step 10
On the Active node, restart all applications with the new certificate on Cisco DCNM using the appmgr start
all command.
dcnm1# appmgr start all
/* Start all applications running on Cisco DCNM Active Node
Ensure that all services on Cisco DCNM Active node is operational before you proceed further.
Note
Step 11
Logon to the Cisco DCNM Web UI and check if the Certificate details are correct.
On the Standby node, restart all applications with the new certificate on Cisco DCNM using the appmgr start
all command.
dcnm2# appmgr start all
/* Start all applications running on Cisco DCNM Standby Node
This will ensure that the Standby node makes a fresh peer relationship with the Active Node. Therefore, the
newly installed CA Signed certificate on the Active node will be synchronized on the Standby node.
Step 12
Verify the newly installed CA Signed certificate using the appmgr afw show-cert-details command, on both
Active and Standby nodes.
The system is now armed with the CA Signed certificate, which is verified at the browser.
Note
If the Certificates information is not displayed, we recommend that you wait for a few minutes. The
Secondary node takes a while to synchronize with the Active node.
If you want to retain the same internal and CA Signed certificate on both peers on a Native HA setup, first
install the certificates on the Active node. After installing certificates on the Active node, export the certificates
from Active node and import the same certificates to the Standby node.
Exporting certificate from Active Node to Standby Node
The following procedure applies to the Cisco DCNM Native HA setup only. The CA Signed certificate installed
on the Active node is always synced to the Standby node. However, the internal certificate differs on both
Active and Standby nodes. If you want to keep the same set of certificates on both peers, you must perform
the procedure described in this section.
Note
You may choose not to export any certificates, because the internal certificates are internal to the system.
These certificates can differ on Active and Standby nodes without having any functional impact.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
121
Certificates
Restoring the certificates after an upgrade
To export the CA Signed certificate from Active node and import the certificate to the Standby node, perform
the following procedure.
Procedure
Step 1
On the Active node, logon to the DCNM server via SSH terminal.
Step 2
Create a certificate bundle, by using the appmgr afw export-import-cert-ha-peer export command.
dcnm1# appmgr afw export-import-cert-ha-peer export
Step 3
Copy the certificate bundle to the Standby node.
Note
Step 4
Ensure that you copy the certificate on the Standby node to the location as specified on the SSH
terminal.
On the Standby node, stop all the applications by using the appmgr stop all command.
dcnm2# appmgr stop all /* Stop all applications running on Cisco DCNM Standby Node
dcnm2#
Step 5
Import the certificates to the Standby node by using the appmgr afw export-import-cert-ha-peer import
command.
The certificates bundle is imported and installed on the Standby node.
Step 6
Step 7
On the Standby node, restart all applications with the new certificate on Cisco DCNM using the appmgr start
all command.
dcnm2# appmgr start all
/* Start all applications running on Cisco DCNM Standby Node
This ensures that the new imported certificate are effective when applications are started on the Standby node.
Step 8
On the Standby node, verify the newly imported CA Signed certificate using the appmgr afw show-cert-details
command.
The system is now armed with same certificates on both Active and Standby nodes.
Restoring the certificates after an upgrade
This mechanism applies to Cisco DCNM Upgrade procedure using the inline upgrade process only. This
procedure is not required for the backup and restore of data on the same version of the Cisco DCNM appliance.
Note that certificate restore is a disruptive mechanism; it requires you to stop and restart applications. Restore
must performed only when the upgraded system is stable, that is, you must be able to login to Cisco DCNM
Web UI. On a Cisco DCNM Native HA setup, both the Active and Standby nodes must have established peer
relationship.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
122
Certificates
Restoring the certificates after an upgrade
Note
A certificate needs to be restored only in following situations:
• if a CA signed certificate was installed on the system before upgrade, and,
• if you're upgrading from a version prior to 11.2(1) to version 11.2(1) or later.
After upgrading the Cisco DCNM, you must always verify the certificate before restoring to check if
CERTIFICATE 1 is the CA signed certificate. You must restore the certificates, if otherwise.
Verify the certificates using the appmgr afw show-cert-details as shown in the sample output below.
dcnm# appmgr afw show-cert-details
****CERTIFICATE 1****
[Certificate available to web gateway. This certificate is offered to webclients]:
--------------Web gateway certificate-------------------------------Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1575924977762797464 (0x15decf6aec378798)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=CA, L=San Jose, O=Enterprise CA inc, OU=Data Center, CN=dcnm1.ca.com
Validity
Not Before: Dec 9 20:56:17 2019 GMT
Not After : Dec 9 20:56:17 2024 GMT
Subject: C=US, ST=CA, L=San Jose, O= Enterprise CA inc, OU=Data Center,
CN=dcnm1.ca.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cf:6e:cd:c6:a9:30:08:df:92:98:38:49:9c:2a:
--------------Certificate output is truncated to first 15 lines-------------****CERTIFICATE 2****
[Certificate available in keystore(jks). CA signed certificate is installed here till DCNM
version 11.1.x]
If you have upgraded from DCNM version 11.1.x to later version please see installation guide
to restore
CA signed certificate to upgraded version.
--------------Keystore certificate------------------------------------------Alias name: sme
Creation date: Oct 14, 2018
Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=localhost, OU=Data Center, O=Cisco Systems Inc, L=San Jose, ST=CA, C=US
Issuer: CN=dcnmca, OU=Data Center, O=Cisco Systems Inc, L=San Jose, ST=CA, C=US
Serial number: 62044620
Valid from: Sun Oct 14 20:39:39 PDT 2018 until: Fri Oct 13 20:39:39 PDT 2023
Certificate fingerprints:
SHA1: 38:66:F1:CD:10:61:27:E7:43:85:10:41:3D:A3:4B:5C:C9:CC:17:5E
SHA256:
E0:87:D8:34:71:18:FE:8C:AB:18:0B:D7:85:B1:91:A8:4B:75:A3:91:BA:90:83:46:72:87:FE:FE:FE:04:F0:E1
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
--------------Certificate output is truncated to first 15 lines-----dcnm#
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
123
Certificates
Restoring Certificates on Cisco DCNM Standalone setup after Upgrade
Restoring Certificates on Cisco DCNM Standalone setup after Upgrade
To restore the certificates after you upgrade the Cisco DCNM Standalone deployment to Release , perform
the following:
Procedure
Step 1
Note
When you upgrade to Release , a backup of the CA Signed certificate is created.
After you have successfully upgraded the Cisco DCNM Standalone appliance, logon to the DCNM server via
SSH.
Step 2
Stop all the applications using the following command:
appmgr stop all
Step 3
Restore the certificate by using the following command:
appmgr afw restore-CA-signed-cert
Step 4
Enter yes to confirm to restore the previously installed certificate.
Step 5
Start all the applications using the following command:
appmgr start all
Step 6
Verify the newly installed CA Signed certificate using the appmgr afw show-cert-details command.
The system is now armed with the CA Signed certificate, which is verified at the browser.
Restoring Certificates on Cisco DCNM Native HA setup after Upgrade
In a Cisco DCNM Native HA setup, the certificate is installed on both the Active and Standby nodes. You
must restore the certificate only on the Active node. The certificate will synchronize with the Standby node
automatically.
To restore the certificates after you upgrade the Cisco DCNM Standalone deployment to Release , perform
the following:
Procedure
Step 1
Logon to the Cisco DCNM server via SSH.
Note
Step 2
For example, let us indicate Active and Standby appliances as dcnm1 and dcnm2 respectively.
On the Standby node, stop all the applications using the appmgr stop all command.
dcnm2# appmgr stop all /* Stop all applications running on Cisco DCNM Standby Node
Step 3
On the Active node, stop all the applications using the appmgr stop all command.
dcnm1# appmgr stop all /* Stop all applications running on Cisco DCNM Active Node
Step 4
Restore the certificate on the Active node by using the appmgr afw restore-CA-signed-cert command.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
124
Certificates
Recovering and Restoring Previously Installed CA Signed Certificates
dcnm1# appmgr afw restore-CA-signed-cert
Step 5
Enter yes to confirm to restore the previously installed certificate.
Step 6
On the Active node, start all the applications using the appmgr start all command.
dcnm1# appmgr start all /* Start all applications running on Cisco DCNM Active Node
Ensure that all services on Cisco DCNM Active node is operational before you proceed further.
Note
Step 7
Logon to the Cisco DCNM Web UI and check if the Certificate details are correct.
On the Standby node, start all the applications using the appmgr start all command.
dcnm2# appmgr start all
/* Start all applications running on Cisco DCNM Standby Node
Wait for some time, while the Standby node synchronizes with the Active node.
Step 8
Verify the newly installed CA Signed certificate using the appmgr afw show-cert-details command, on both
Active and Standby nodes.
The system is now armed with the CA Signed certificate, which is verified at the browser.
Recovering and Restoring Previously Installed CA Signed Certificates
Installing, restoring, managing CA signed certificate is a time-consuming process as a third-party signing
server is involved. This may also lead to omissions or mistakes which can result in installing wrong certificates.
In such a scenario, we recommend that you restore the certificates that were installed prior to the latest install
or upgrade.
To recover and restore the previously installed CA signed certificates, perform the following steps.
Procedure
Step 1
Logon to the DCNM server via SSH terminal.
Step 2
Navigate to the /var/lib/dcnm/afw/apigateway/ directory.
dcnm# cd /var/lib/dcnm/afw/apigateway/
dcnm# ls -ltr /* View the contents of the folder
total 128
-rw------- 1 root root 1844 Nov 18 13:14 dcnmweb.key.2019-11-20T132939-08:00
-rw-r--r-- 1 root root 1532 Nov 18 13:14 dcnmweb.crt.2019-11-20T132939-08:00
-rw------- 1 root root 1844 Nov 20 10:15 dcnmweb.key.2019-11-20T132950-08:00
-rw-r--r-- 1 root root 1532 Nov 20 10:15 dcnmweb.crt.2019-11-20T132950-08:00
-rw------- 1 root root 1844 Dec 22 13:59 dcnmweb.key
-rw-r--r-- 1 root root 1532 Dec 22 13:59 dcnmweb.crt
.
..
...
dcnmweb.key and dcnmweb.crt are the key and certificate files that are installed on the system, currently.
Similar filenames, with timestamp suffix, help you in identifying the key and certificate pairs installed prior
to the recent upgrade or restore.
Step 3
Stop all applications running on Cisco DCNM using appmgr stop all command.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
125
Certificates
Verifying the installed certificate
Step 4
Take a backup of dcnmweb.key and dcnmweb.crt files.
Step 5
Identify the older key and certificate pair that you want to restore.
Step 6
Copy the key and certificate pair as dcnmweb.key and dcnmweb.crt (without timestamp suffix).
Step 7
Start all applications running on Cisco DCNM using appmgr start all command.
Step 8
Verify the details of the certificate using the appmgr afw show-cert-details command. CERTIFICATE 1 is
the CA signed certificate.
Note
If the CA signed certificate is not visible to Cisco DCNM Web UI, or if the DCNM Server sends
any failure message, you must reboot the system.
Verifying the installed certificate
While the installed certificate can be verified using the appmgr afw show-cert-details command, the web
browser verifies if the certificate is effective or not. Cisco DCNM supports all standard browsers (Chrome,
IE, Safari, Firefox). However, each browser display the certificate information differently.
We recommend that you refer to the browser specific information on that browser provider website.
The following snippet is a sample from the Chrome Browser, Version 74.0.3729.169, to verify the certificate.
1. Enter URL https://<dcnm-ip-address> or https://<FQDN> in the address bar on the browser.
Press the Return key.
2. Based on the type of certificate, the icon on the left of the URL field shows a lock icon [
icon [
].
Click on the icon.
3. On the card, click Certificate field.
The information in the certificate is displayed.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
126
] or an alert
Certificates
Verifying the installed certificate
The information that is displayed must match with the details as displayed on CERTIFICATE 1 when
you view the certificate details using the appmgr afw show-cert-details.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
127
Certificates
Verifying the installed certificate
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
128
CHAPTER
10
Running Cisco DCNM Behind a Firewall
This chapter provides information about running Cisco DCNM behind a firewall.
• Running Cisco DCNM Behind a Firewall, on page 129
• Configuring Custom Firewalls, on page 131
Running Cisco DCNM Behind a Firewall
Generally, an Enterprise (external world) and Data center is separated by a firewall, i.e., DCNM is configured
behind a firewall. The Cisco DCNM Web Client and SSH connectivity must pass-through that firewall. Also,
a firewall can be placed between the DCNM Server and DCNM-managed devices.
All Cisco DCNM Native HA nodes must be on the same side of the firewall. The internal DCNM Native HA
ports are not listed, as it is not recommended to configure a firewall in between the Native HA nodes.
Note
When you add or discover LAN devices in DCNM, java is used as a part of the discovery process. If firewall
blocks the process then it uses TCP connection port 7 as a discovery process. Ensure that the
cdp.discoverPingDisable server property is set to true. Choose Web UI > Administration > DCNM Server
> Server Properties to set the server property.
Any standard port where the Ingress traffic enters from clients cannot be modified unless you disable the local
firewall.
The following table lists all ports that are used for communication between Cisco DCNM Web Client, SSH
Client, and Cisco DCNM Server.
Port Number
Protocol
Service Name
Direction of
Communication
Remarks
22
TCP
SSH
Client to DCNM
Server
SSH access to
external world is
optional.
443
TCP
HTTPS
Client to DCNM
Server
This is needed to
reach DCNM Web
Server.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
129
Running Cisco DCNM Behind a Firewall
Running Cisco DCNM Behind a Firewall
Port Number
Protocol
Service Name
Direction of
Communication
Remarks
2443
TCP
HTTPS
Client to DCNM
Server
Required during
installation, to reach
the server. DCNM
closes this port after
installation
completes.
The following table lists all ports that are used for communication between Cisco DCNM Server and other
services.
Note
The services can be hosted on either side of the firewall.
Port Number
Protocol
Service Name
Direction of
Communication
Remarks
49
TCP/UDP
TACACS+
DCNM Server to
DNS Server
ACS Server can be
either side of the
firewall.
53
TCP/UDP
DNS
DCNM Server to
DNS Server
DNS Server can be
either side of the
firewall.
123
UDP
NTP
DCNM Server to
NTP Server
NTP Server can be
either side of the
firewall.
5000
TCP
Docker Registry
Incoming to DCNM Docker Registry
Server
Service on DCNM
Server listening to
requests from
DCNM compute
nodes.
5432
TCP
Postgres
DCNM Server to
Default installation
Postgres DB Server of DCNM does not
need this port.
This is needed only
when Postgres is
installed external to
the DCNM host
machine.
The following table lists all ports that are used for communication between DCNM Server and managed
devices:
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
130
Running Cisco DCNM Behind a Firewall
Configuring Custom Firewalls
Port Number
Protocol
Service Name
Direction of
Communication
Remarks
22
TCP
SSH
Both Direction
DCNM Server to
Device – To manage
devices.
Device to DCNM
Server – SCP
(POAP).
67
UDP
DHCP
Device to DCNM
Server
69
TCP
TFTP
Device to DCNM
Server
Required for POAP
161
TCP/UDP
SNMP
Server to DCNM
Device
DCNM configured
via
server.properties
to use TCP uses
TCP port 161,
instead of UDP port
161.
514
UDP
Syslog
Device to DCNM
Server
2162
UDP
SNMP_TRAP
Device to DCNM
Server
33000-33499
TCP
gRPC
Device to DCNM
Server
LAN Telemetry
Streaming
Configuring Custom Firewalls
Note
This is applicable for DCNM OVA/ISO deployments only.
Cisco DCNM Server deploys a set of IPTables rules, known as DCNM Local Firewall. These rules open
TCP/UDP ports that are required for Cisco DCNM operations. You can’t manipulate the built-in Local Firewall
without accessing the OS interface, through SSH, and change the rules. Don’t change the Firewall rules, as
it may become vulnerable to attacks, or impact the normal functioning of DCNM.
To cater to a given deployment or a network, Cisco DCNM allows you to configure your own firewall rules,
from Release 11.3(1), using CLIs.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
131
Running Cisco DCNM Behind a Firewall
Configuring Custom Firewalls
Note
These rules can be broad or granular, and supersedes the built-in Local Firewall rules. Therefore, configure
these rules carefully, during a maintenance period.
You don’t need to stop or restart DCNM server or applications to configure custom firewalls.
Caution
IPTable prioritizes the rules in the order that they are configured. Therefore, more granular rules must be
installed in the beginning. To ensure that the order of the rules is as required, you can create all rules in a text
editor, and then execute the CLIs in the desired order. If rules need to be adjusted, you can flush all rules and
configure the rules in the desired order.
You can perform the following operations on the Custom Firewalls.
Note
Run all the commands on the Cisco DCNM server using SSH.
Custom Firewall CLI
View the custom firewall CLI chain help and examples using the appmgr user-firewall command.
dcnm# appmgr user-firewall
dcnm# appmgr user-firewall – h
Configure Rules for Custom Firewall
Configure the custom firewall rules using the appmgr user-firewall {add | del} command.
appmgr user-firewall {add | del} proto {tcp | udp} port {<port><port range n1:n2>}
[{in | out} <interface name>] [srcip <ip-address> [/<mask>]] [dstip <ip-address> [/<mask>]]
action {permit | deny}
Note
The custom firewall rules supersede the local Firewall rules. Therefore, be cautious and ensure that the
functionalities aren’t broken.
Example: Sample Custom Firewall Rules
• dcnm#
appmgr user-firewall add proto tcp port 7777 action deny
This rule drops all TCP port 7777 traffic on all interfaces.
• dcnm#
appmgr user-firewall add proto tcp port 443 in eth1 action deny
This rule drops all TCP port 443 incoming traffic on interface eth1.
• dcnm#
appmgr user-firewall add proto tcp port 7000:7050 srcip 1.2.3.4 action deny
This rule drops TCP port range 10000-10099 traffic coming from IP address 1.2.3.4.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
132
Running Cisco DCNM Behind a Firewall
Configuring Custom Firewalls
Preserving Custom Firewall Rules
Preserve the custom firewall rules across reboots, using the appmgr user-firewall commit command.
Note
Each time you modify the rules, you must execute this command to preserve the rules across reboots.
Installing Custom Firewall Rules on Native HA Standby Node
In a Cisco DCNM Native HA setup, when you execute the appmgr user-firewall commit on the Active
node, the rules are synchronized to the Standby node automatically. However, the new rules are operational
only after a system reboot.
To apply the rules immediately, install the custom firewall rules on Standby node using the appmgr
user-firewall user-policy-install command.
Deleting Custom Firewalls
Delete all the custom firewalls using the appmgr user-firewall flush-all command.
To delete the custom firewalls permanently, use the appmgr user-firewall commit command.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
133
Running Cisco DCNM Behind a Firewall
Configuring Custom Firewalls
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
134
CHAPTER
11
Secure Client Communications for Cisco DCNM
Servers
• Secure Client Communications for Cisco DCNM Servers, on page 135
Secure Client Communications for Cisco DCNM Servers
This section describes how to configure HTTPS on Cisco Data Center Network Manager Servers.
Note
You must enable SSL/HTTPS on the Cisco DCNM before you add a CA signed SSL certificate. Therefore,
perform the procedure in the below mentioned order.
This section includes the following topics:
Enabling SSL/HTTPS on Cisco DCNM in HA Environment on Virtual Appliance
To enable SSL/HTTPS on a Virtual Appliance for Cisco DCNM in HA mode, perform the following:
Procedure
Step 1
Configure the primary server with a self signed SSL certificate.
Note
In a CA signed certificate, each server has their own certificate generated. Ensure that the certificate
is signed by the signing certificate chain which is common for both the servers.
Step 2
On the secondary server, locate the keystore.
Step 3
Rename the keystore located at
<DCNM_install_root>/dcm/wildfly-10.1.0.Final/standalone/configuration/fmserver.jks
to
<DCNM_install_root>/dcm/wildfly-10.1.0.Final/standalone/configuration/fmserver.jks.old
Step 4
Copy the file fmserver.jks generated in primary server to secondary server into folders
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
135
Secure Client Communications for Cisco DCNM Servers
Enabling SSL/HTTPS on Cisco DCNM in HA Environment on Virtual Appliance
<dcnm-home> /dcm/wildfly-10.1.0.Final/standalone/configuration/
<dcnm-home>/dcm/fm/conf/cert/
What to do next
If you have created a self-signed certificate or imported an SSL certificate to the keystore, you must copy the
new fmserver.jks located at
/usr/local/cisco/dcm/wildfly-10.1.0.Final/standalone/configuration to
/etc/elasticsearch. If you do not copy the fmserver.jks file to the elasticsearch directory, you will
not be able to get the Alarms and Policies. As the elasticsearch database will be stabilizing, you cannot
configure any Alarm Policy on the Cisco DCNM Web UI Monitor > Alarms > Alarm Policies.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
136
CHAPTER
12
Managing Applications in a High-Availability
Environment
This chapter describes how to configure a high-availability (HA) environment in your Cisco DCNM Open
Virtual Appliance deployment for your Cisco Programmable Fabric solution. It also includes details about
the HA functionality for each of the applications bundled within the Cisco DCNM Open Virtual Appliance.
Note
Ensure that the NTP server is synchronized between active and standby peers is essential for proper HA
functioning in DCNM
This chapter contains the following sections:
• Information About Application Level HA in the Cisco DCNM Open Virtual Appliance, on page 137
• Native HA Failover and Troubleshooting, on page 138
• Application High Availability Details, on page 140
Information About Application Level HA in the Cisco DCNM
Open Virtual Appliance
To achieve HA for applications that are run on the Cisco DCNM Open Virtual Appliance, you can run two
virtual appliances. You can run one in Active mode and the other in Standby mode.
Note
This document refers to these appliances as OVA-A and OVA-B, respectively.
In this scenario:
1. All applications run on both appliances.
The application data is either constantly synchronized or applications share a common database as
applicable.
2. Only one of the applications running on the two appliances serves the client requests. Initially this would
be the applications running on OVA-A. The application continues to do so until one of the following
happens:
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
137
Managing Applications in a High-Availability Environment
Automatic Failover
• The application on OVA-A crashes.
• The operating system on OVA-A crashes.
• OVA-A is powered off for some reason.
3. At this point, the application running on the other appliance (OVA-B) takes over.
For DHCP, when the first node fails, the second node starts serving the IP addresses.
4. The existing connections to OVA-A are dropped and the new connections are routed to OVA-B.
This scenario demonstrates why one of the nodes (OVA-A) is initially referred to as the Active node and
OVA-B is referred as the Standby node.
Automatic Failover
The application-level and virtual machine (VM)-level and switchover process is as follows.
• If any of the applications managed by the load-balancing software (DCNM/AMQP) goes down on
OVA-A, the Active node that handles the client requests detects the failure and redirects subsequent
requests to the Standby node (OVA-B). This process provides an application-level switchover.
• If the Active node (OVA-A) fails or is powered-off for some reason, the Standby node (OVA-B) detects
the failure and enables the VIP address for Cisco DCNM/AMQP on OVA-B. It also sends a gratuitous
ARP to the local switch to indicate the new MAC address that is associated with the IP address. For
applications not using VIP, the DHCPD running on OVA-B detects the failure of DHCPD on OVA-A
and activates itself; whereas LDAP running on OVA-B continues running as LDAP is deployed
Active-Active. Consequently, a VM-level failover is accomplished for all four applications
(DCNM/AMQP/DHCP/LDAP).
Manually Triggered Failovers
An application-level failover can also be triggered manually. For instance, you might want to run AMQP on
OVA-B and the rest of the applications on OVA-A. In that case, you can log in to the SSH terminal of OVA-A
and stop AMQP by using the appmgr stop amqp command.
This failover triggers the same process that is described in the Automatic Failover, on page 138; subsequent
requests to the AMQP Virtual IP address are redirected to OVA-B.
Native HA Failover and Troubleshooting
Due to the nature of Native HA, the role of the host might alternate from Active to Standby or from Standby
to Active.
The following sections provide information on troubleshooting in different use cases.
Native HA Failover from Active Host to Standby Host
Perform the following steps when the Native HA failover occurs from Active to Standby host:
1. Log on to DCNM Web UI, and navigate to Administrator > Native HA.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
138
Managing Applications in a High-Availability Environment
Native HA Failover and Troubleshooting
2. Verify the status of HA. If the DCNM HA status is not in OK mode, you cannot perform Failover operation.
Click Failover. The Cisco DCNM server will shutdown and the DCNM Standby appliance will be
operational.
3. Refresh the Cisco DCNM Web UI.
After the DCNM server is operational, you can log on to the DCNM Web UI.
Note
We recommend that you do not run appmgr stop all or appmgr stop ha-apps commands on the Active host
to trigger failover. If Cisco DCNM HA status is not in OK mode, a failover may cause loss of data, as the
Standby DCNM appliance is not synchronized with the Active appliance before failover.
Issue with DCNM Application Framework
If DCNM Web UI is not accessible, and a failover operation is necessary, execute one of the following
commands under Linux console:
appmgr failover—This command triggers the HA heartbeat failover.
Or
reboot -h now—This command triggers the Linux host to reboot, which causes a failover.
However, we recommend that you use DCNM Web UI to perform failover, as all other methods carry a risk
of data loss when both HA peers are not in sync.
Stop and Restart DCNM
To completely stop DCNM and restart it, perform the following:
1. On the Standby appliance, stop all the applications by using the appmgr stop all command.
2. Check if all the applications have stopped, using the appmgr status all command.
3. On the Active appliance, stop all the applications using the appmgr stop all command.
4. Verify if all the applications are stopped using the appmgr status all command.
5. On the deployed Active host, start all the applications using the appmgr start all command.
Verify if all the applications are running. Log on to the DCNM Web UI to check if it is operational.
6. On the deployed Standby host, start all the applications using the appmgr start all command.
On the Web UI, navigate to Administration > Native HA and ensure that the HA status displays OK.
Restart Standby Host
Perform this procedure to restart only the Standby host:
1. On the Standby host, stop all the applications using the appmgr stop all command.
2. Verify if all the applications have stopped using the appmgr status all command.
3. Start all the applications using the appmgr start all.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
139
Managing Applications in a High-Availability Environment
Application High Availability Details
On the Web UI, navigate to Administration > Native HA and ensure that the HA status displays OK.
Application High Availability Details
This section describes all of the Cisco Programmable Fabric HA applications.
Cisco DCNM Open Virtual Appliance has two interfaces: one that connects to the Open Virtual Appliance
management network and one that connects to the enhanced Programmable Fabric network. Virtual IP addresses
are defined for both interfaces.
• From the Open Virtual Appliance management network, the DCNM-REST API, DCNM interface, and
AMQP are accessed through the VIP address
• From the enhanced fabric management network, LDAP and DHCP are accessed directly.
Only three Virtual IPs are defined:
• DCNM REST API (on dcnm management network)
• DCNM REST API (on enhanced fabric management network
• AMQP (on dcnm management network)
Note
Although DCNM Open Virtual Appliance in HA sets up a VIP, the VIP is intended to be used for the access
of DCNM, REST API. For GUI access, we still recommend that you use the individual IP addresses of the
DCNM HA peers and use the same to launch DCNM SAN Java clients, etc.
See the following table for a complete list of Programmable Fabric applications and their corresponding HA
mechanisms.
Programmable Fabric
Application
HA Mechanism
Use of Virtual
IPs
Comments
Data Center Network
Manager
DCNM
Clustering/Federation
Yes
Two VIPs defined, one on each
network
RabbitMQ
RabbitMQ Mirrored
Queues
Yes
One VIP defined on the OVA
management network
Repositories
—
—
External repositories have to be
used
Data Center Network Management
The data center network management function is provided by the Cisco Data Center Network Manager
(DCNM) server. Cisco DCNM provides the setup, visualization, management, and monitoring of the data
center infrastructure. Cisco DCNM can be accessed from your browser at http://[host/ip].
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
140
Managing Applications in a High-Availability Environment
Data Center Network Management
Note
For more information about Cisco DCNM, see http://cisco.com/go/dcnm .
HA Implementation
Cisco DCNMs that run on both OVAs are configured in clustering and federated modes for HA. Cisco DCNM
federation is the HA mechanism for SAN devices. Groups of SAN devices can be managed by each node in
the DCNM federated setup. All the devices can be managed using a single client interface.
You can enable automatic failover in the Cisco DCNM UI by choosing: Admin > Federation. If you enable
an automatic failover and the Cisco DCNM that is running on OVA-A fails, the automatic failover moves
only the fabrics and shallow-discovered LANs that are managed by OVA-A to OVA-B automatically.
DCNM Virtual IP Usage
An Open Virtual Appliance HA setup has two VIP addresses (one for each network) for the Cisco DCNM at
the default HTTP port. These VIPs can be used for accessing the DCNM RESTful services on the Open Virtual
Appliance management network and the enhanced fabric management network. For example, external systems
such as Cisco UCS Director can point to the VIP in the Open Virtual Appliance management network and
the request gets directed to the active Cisco DCNM. Similarly, the switches in an enhanced fabric management
network access the VIP address on the enhanced fabric management network during the POAP process.
You can still directly connect to Cisco DCNM real IP addresses and use them as you would in a DCNM in a
cluster/federated set up.
Note
Cisco recommends that you must use VIP addresses only for accessing DCNM REST API. To access the
Cisco DCNM Web or SAN client, you must connect using the IP address of the server.
Licenses
For Cisco DCNM, we recommend that you have licenses on the first instance and a spare matching license
on the second instance.
Application Failovers
Enable an automatic failover option in the Cisco DCNM UI when an Open Virtual Appliance HA pair is set
up by choosing: Administration > DCNM Server > Native HA. This process ensures that if the DCNM that
is running on OVA-A fails, all the fabrics and shallow-discovered LANs managed by DCNM-A are managed
by DCNM-B automatically after a given time interval (usually about 5 minutes after the failure of DCNM on
OVA-A).
The Cisco DCNM VIP address still resides on OVA-A. The Representational State Transfer Web Services
(REST) calls initially hit the VIP addresses on OVA-A and get redirected to the Cisco DCNM that is running
on OVA-B.
Application Failbacks
When the Cisco DCNM on OVA-A comes up, the VIP address automatically redirects the REST requests to
DCNM-A.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
141
Managing Applications in a High-Availability Environment
RabbitMQ
Virtual-IP Failovers
The VIP address that is configured for Cisco DCNM REST API on OVA-A can fail due to two reasons:
• The load-balancing software running on OVA-A fails.
• OVA-A fails.
The VIP address of Cisco DCNM automatically migrates to OVA-B. The only difference is which DCNM
will be used after the failover.
• If a load-balancing software failure occurs, the VIP address on OVA-B directs the requests to DCNM-A.
• If an OVA-A failure occurs, the VIP address on OVA-B directs the requests to DCNM-B.
The automatic failover ensures that the ownership of all of the fabrics and shallow-discovered LANs managed
by DCNM-A automatically change to DCNM-B.
Virtual-IP Failbacks
When OVA-A is brought up and Cisco DCNM is running, the VIP addresses keep running on the Standby
node. The failback of Virtual IP addresses from OVA-B to OVA-A occurs only in the following sequence.
1. OVA-A comes up.
2. Cisco DCNM runs on OVA-A.
3. OVA-B goes down or the load-balancing software fails on OVA-B.
RabbitMQ
RabbitMQ is the message broker that provides the Advanced Messaging Queuing Protocol (AMQP).
Note
You need to stop and restart AMQP on both DCNM's server in HA within 30 seconds, otherwise AMQP may
not start.For more information about RabbitMQ, go to https://www.rabbitmq.com/documentation.html.
HA Implementation
Enabling the HA on the Open Virtual Appliance creates a VIP address in the Open Virtual Appliance
management network. Orchestration systems such as vCloud Director, set their AMQP broker to the VIP
address.
Enabling the HA on the Open Virtual Appliance also configures the RabbitMQ broker that runs on each node
to be a duplicate of the broker that is running on the other node. Both OVAs act as “disk nodes” of a RabbitMQ
cluster, which means that all the persistent messages stored in durable queues are replicated. The RabbitMQ
policy ensures that all the queues are automatically replicated to all the nodes.
Application Failovers
If RabbitMQ-A fails, the VIP address on OVA-A redirects the subsequent AMQP requests to RabbitMQ-B.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
142
Managing Applications in a High-Availability Environment
Repositories
Application Failbacks
When RabbitMQ-A comes up, the VIP address automatically starts directing the AMQP requests to
RabbitMQ-A.
Virtual-IP Failovers
The VIP address configured for the AMQP broker on OVA-A can fail due to two reasons:
• The load-balancing software running on OVA-A fails.
• OVA-A fails.
In both cases, the VIP address of the AMQP automatically migrates to OVA-B. The only difference is which
AMQP broker will be used after the failover.
• In a load-balancing software failure, the VIP address on OVA-B directs the requests to RabbitMQ-A.
• In an OVA-A failure, the VIP address on OVA-B directs the requests to RabbitMQ-B.
Virtual-IP Failbacks
When OVA-A is brought up and AMQP-A is running, the VIP addresses keep running on the OVA-B (directing
the requests to AMQP-A). The failback of the RabbitMQ VIP from OVA-B to OVA-A occurs only in the
following sequence.
1. OVA-A comes up.
2. RabbitMQ runs on OVA-A.
3. OVA-B goes down or the load-balancing software fails on OVA-B.
Repositories
All repositories must be remote.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
143
Managing Applications in a High-Availability Environment
Repositories
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
144
CHAPTER
13
Managing Utility Services After DCNM
Deployment
This chapter describes how to verify and manage all of the utility services that provide DC3 (Programmable
Fabric) central point of management functions after the DCNM is deployed.
Table 7: Cisco DCNM Utility Services
Category
Application
Username
Password
Protocol
Implemented
Network
Management
Data Center
Network Manager
admin
User choice 5
Network
Management
5
User choice refers to the administration password entered by the user during the deployment.
This chapter contains the following sections:
• Editing Network Properties Post DCNM Installation, on page 145
• Convert Standalone Setup to Native-HA Setup, on page 157
• Utility Services Details, on page 161
• Managing Applications and Utility Services , on page 163
• Updating the SFTP Server Address for IPv6, on page 165
Editing Network Properties Post DCNM Installation
The Cisco DCNM OVA or the ISO installation consists of 3 network interfaces:
• dcnm-mgmt network (eth0) interface
This network provides connectivity (SSH, SCP, HTTP, HTTPS) to the Cisco DCNM Open Virtual
Appliance. Associate this network with the port group that corresponds to the subnet that is associated
with the DCNM Management network.
• enhanced-fabric-mgmt (eth1) interface
This network provides enhanced fabric management of Nexus switches. Associate this network with the
port group that corresponds to management network of leaf and spine switches.
• enhanced-fabric-inband (eth2) interface
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
145
Managing Utility Services After DCNM Deployment
Modifying Network Properties on DCNM in Standalone Mode
This network provides in-band connection to fabric. Associate this network with the port group that
corresponds to a fabric in-band connection.
The following figure shows the network diagram for the Cisco DCNM Management interfaces.
During Cisco DCNM installation for your deployment type, you can configure these interfaces. However,
from Cisco DCNM Release 11.2(1), you can edit and modify the network settings post installation.
Note
We recommend that you use appmgr commands to update network properties. Do not restart network interfaces
manually.
You can modify the parameters as explained in the following sections:
Modifying Network Properties on DCNM in Standalone Mode
Note
Execute the following commands on the DCNM Appliance console to avoid a premature session timeout.
To change the Network Properties on Cisco DCNM Standalone setup, perform the following steps:
Procedure
Step 1
Initiate a session on the console, using the following command:
appmgr update network-properties session start
Step 2
Update the Network Properties using the following command:
appmgr update network-properties set ipv4 {eth0|eth1|eth2}<ipv4-address> <network-mask> <gateway>
Step 3
View and verify the changes by using the following command:
appmgr update network-properties session show {config | changes | diffs}
Step 4
After you validate the changes, apply the configuration using the following command:
appmgr update network-properties session apply
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
146
Managing Utility Services After DCNM Deployment
Modifying Network Properties on DCNM in Standalone Mode
Wait for a few minutes before you can logon to the Cisco DCNM Web UI using the eth0 Management Network
IP address.
Sample Command Output for Modifying Network Parameters in the Cisco DCNM Standalone Setup
The following sample example shows how to modify the network parameters post installation for a
Cisco DCNM Standalone setup.
dcnm# appmgr update network-properties session start
dcnm# appmgr update network-properties set ipv4 eth0 172.28.10.244 255.255.255.0 172.28.10.1
dcnm# appmgr update network-properties set ipv4 eth1 100.0.0.244 255.0.0.0
dcnm# appmgr update network-properties set ipv4 eth2 2.0.0.251 255.0.0.0 2.0.0.1
*****************************************************************
WARNING: fabric/poap configuration may need to be changed
manually after changes are applied.
*****************************************************************
dcnm# appmgr update network-properties session show changes
eth0 IPv4 addr 172.28.10.246/255.255.255.0 -> 172.28.10.244/255.255.255.0
eth1 IPv4 addr 1.0.0.246/255.0.0.0
-> 100.0.0.244/255.0.0.0
eth2 IPv4 addr 10.0.0.246/255.0.0.0
-> 2.0.0.251/255.0.0.0 2.0.0.1
dcnm# appmgr update network-properties session apply
*********************************************************************
WARNING
Applications of both nodes of the DCNM HA system need to be stopped
for the changes to be applied properly.
PLEASE STOP ALL APPLICATIONS MANUALLY
*********************************************************************
Have applications been stopped? [y/n]: y
Applying changes
DELETE 1
Node left the swarm.
Server configuration file loaded: /usr/local/cisco/dcm/fm//conf/server.properties
log4j:WARN No appenders could be found for logger (fms.db).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
UPDATE 1
UPDATE 1
DELETE 1
server signaled
INFO
: [ipv6_wait_tentative] Waiting for interface eth0 IPv6 address(es) to leave the
'tentative' state
INFO
: [ipv6_wait_tentative] Waiting for interface eth0 IPv6 address(es) to leave the
'tentative' state
**********************************************************************
Please run 'appmgr start afw; appmgr start all' to restart your nodes.
**********************************************************************
dcnm# appmgr start afw; appmgr start all
Started AFW Server Processes
Started AFW Agent Processes
Started AFW Server Processes
Started AFW Agent Processes
Started applications managed by heartbeat..
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
147
Managing Utility Services After DCNM Deployment
Modifying Network Properties on DCNM in Native HA Mode
Check the status using 'appmgr status all'
Starting High-Availability services: INFO:
Done.
Resource is stopped
Warning: PID file not written; -detached was passed.
AMQP User Check
Started AFW Server Processes
Started AFW Agent Processes
dcnm#
Modifying Network Properties on DCNM in Native HA Mode
Note
Execute the following commands on the DCNM Appliance console to avoid a premature session timeout.
Ensure that you execute the commands in the same order as mentioned in the following steps.
Note
Native HA nodes must be considered as a single entity. When you change the Active node eth1 IP address,
you must also change the Standby node eth1 IP address.
When you change the eth0 IP address in any node, you must change the eth2 IP address for that node.
To change the Network Properties on Cisco DCNM Native HA setup, perform the following steps:
Procedure
Step 1
Stop the DCNM Applications on the Standby node by using the following command:
appmgr stop all
Wait until all the applications stop on the Standby node before you go proceed.
Step 2
Stop the DCNM Applications on the Active node by using the following command:
appmgr stop all
Step 3
Initiate a session on the Cisco DCNM console of both the Active and Standby nodes by using the following
command:
appmgr update network-properties session start
Step 4
On the Active node, modify the network interface parameters by using the following commands:
a) Configure the IP address for eth0, eth1, and eth2 address by using the following command:
appmgr update network-properties set ipv4 {eth0|eth1|eth2}<ipv4-address> <network-mask>
<gateway>
Enter the new IPv4 or IPv6 address for the interface, along with the subnet mask and gateway IP addresses.
b) Configure the VIP IP address by using the following command:
appmgr update network-properties set ipv4 {vip0|vip1|vip2}<ipv4-address> <network-mask>
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
148
Managing Utility Services After DCNM Deployment
Modifying Network Properties on DCNM in Native HA Mode
Enter the vip0 address for eth0 interface. Enter the vip1 address for eth1 interface. Enter the vip2 address
for eth2 interface.
c) Configure the peer IP address by using the following command:
appmgr update network-properties set ipv4 {peer0|peer1|peer2}<ipv4-address>
Enter the eth0 address of the Standby node as peer0 address for Active node. Enter the eth1 address of
the Standby node as peer1 address for Active node. Enter the eth2 address of the Standby node as peer2
address for Active node.
d) View and validate the changes that you have made to the network parameters by using the following
command:
appmgr update network-properties session show{config | changes | diffs}
Step 5
On the Standby node, modify the network interface parameters using the commands described in procedure
in Step Step 4, on page 148.
Step 6
After you validate the changes, apply the configuration on the Active node by using the following command:
appmgr update network-properties session apply
Wait until the prompt returns, to confirm that the network parameters are updated.
Step 7
After you validate the changes, apply the configuration on the Standby node by using the following command:
appmgr update network-properties session apply
Step 8
Start all the applications on the Active node by using the following command:
appmgr start all
Note
Step 9
Wait until all the applications are running successfully on the Active node, before proceeding to
the next step.
Start all the applications on the Standby node by using the following command:
appmgr start all
Step 10
Establish peer trust key on the Active node by using the following command:
appmgr update ssh-peer-trust
Step 11
Establish peer trust key on the Standby node by using the following command:
appmgr update ssh-peer-trust
Sample Command Output for Modifying Network Parameters in the Cisco DCNM Native HA Setup
The following sample example shows how to modify the network parameters post installation for a
Cisco DCNM Native HA setup.
Note
For example, let us indicate Active and Standby appliances as dcnm1 and dcnm2 respectively.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
149
Managing Utility Services After DCNM Deployment
Modifying Network Properties on DCNM in Native HA Mode
[root@dcnm2 ~]# appmgr stop all
Stopping AFW Applications...
Stopping AFW Server Processes
Stopping AFW Agent Processes
Stopped Application Framework...
Stopping High-Availability services: Done.
Stopping and halting node rabbit@dcnm-dcnm2 ...
Note: Forwarding request to 'systemctl enable rabbitmq-server.service'.
Stopping AFW Applications...
Stopping AFW Server Processes
Stopping AFW Agent Processes
Stopped Application Framework...
[root@dcnm2 ~]#
[root@dcnm1 ~]# appmgr stop all
Stopping AFW Applications...
Stopping AFW Server Processes
Stopping AFW Agent Processes
Stopped Application Framework...
Stopping High-Availability services: Done.
Stopping and halting node rabbit@dcnm1 ...
Note: Forwarding request to 'systemctl enable rabbitmq-server.service'.
Stopping AFW Applications...
Stopping AFW Server Processes
Stopping AFW Agent Processes
Stopped Application Framework...
[root@dcnm-1 ~]#
[root@dcnm1 ~]# appmgr update network-properties session start
[root@dcnm1 ~]#
[root@dcnm2 ~]# appmgr update network-properties session start
[root@dcnm2 ~]#
[root@dcnm1 ~]# appmgr update network-properties set ipv4 eth0 172.28.10.244 255.255.255.0
172.28.10.1
[root@dcnm1 ~]# appmgr update network-properties set ipv4 eth1 1.0.0.244 255.0.0.0 1.0.0.1
*****************************************************************
WARNING: fabric/poap configuration may need to be changed
manually after changes are applied.
*****************************************************************
[root@dcnm1 ~]# appmgr update network-properties set ipv4 eth2 2.0.0.244 255.0.0.0 2.0.0.1
[root@dcnm1 ~]# appmgr update network-properties set ipv4 peer0 172.29.10.238
[root@dcnm1 ~]# appmgr update network-properties set ipv4 peer1 1.0.0.238
[root@dcnm1 ~]# appmgr update network-properties set ipv4 peer2 2.0.0.238
[root@dcnm1 ~]# appmgr update network-properties set ipv4 vip0 172.28.10.239 255.255.255.0
[root@dcnm1 ~]# appmgr update network-properties set ipv4 vip1 1.0.0.239 255.0.0.0
[root@dcnm1 ~]# appmgr update network-properties set ipv4 vip2 2.0.0.239 255.0.0.0
[root@dcnm1 ~]# appmgr update network-properties set hostname local dcnm3.cisco.com
[root@dcnm1 ~]# appmgr update network-properties set hostname peer dcnm4.cisco.com
[root@dcnm1 ~]# appmgr update network-properties set hostname vip dcnm5.cisco.com
[root@dcnm1 ~]#
[root@dcnm2 ~]# appmgr update network-properties set ipv4 eth0 172.28.10.238 255.255.255.0
172.28.10.1
[root@dcnm2 ~]# appmgr update network-properties set ipv4 eth1 1.0.0.238 255.0.0.0 1.0.0.1
*****************************************************************
WARNING: fabric/poap configuration may need to be changed
manually after changes are applied.
*****************************************************************
[root@dcnm2 ~]# appmgr update network-properties set ipv4 eth2 2.0.0.238 255.0.0.0 2.0.0.1
[root@dcnm2 ~]# appmgr update network-properties set ipv4 peer0 172.29.10.244
[root@dcnm2 ~]# appmgr update network-properties set ipv4 peer1 1.0.0.244
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
150
Managing Utility Services After DCNM Deployment
Modifying Network Properties on DCNM in Native HA Mode
[root@dcnm2
[root@dcnm2
[root@dcnm2
[root@dcnm2
[root@dcnm2
[root@dcnm2
[root@dcnm2
[root@dcnm2
~]#
~]#
~]#
~]#
~]#
~]#
~]#
~]#
appmgr
appmgr
appmgr
appmgr
appmgr
appmgr
appmgr
update
update
update
update
update
update
update
network-properties
network-properties
network-properties
network-properties
network-properties
network-properties
network-properties
set
set
set
set
set
set
set
ipv4 peer2 2.0.0.244
ipv4 vip0 172.28.10.239 255.255.255.0
ipv4 vip1 1.0.0.239 255.0.0.0
ipv4 vip2 2.0.0.239 255.0.0.0
hostname local dcnm3.cisco.com
hostname peer dcnm4.cisco.com
hostname vip dcnm5.cisco.com
[root@dcnm2 ~]#
[root@dcnm1 ~]# appmgr update network-properties session show changes
eth0 IPv4 addr
172.28.10.246/255.255.255.0
->
172.28.10.244/255.255.255.0
eth1 IPv4 addr
1.0.0.246/255.0.0.0
->
1.0.0.244/255.0.0.0
eth1 IPv4 GW
->
1.0.0.1
eth2 IPv4 addr
/
->
2.0.0.244/255.0.0.0
eth2 IPv4 GW
->
2.0.0.1
Hostname
dcnm1.cisco.com
->
dcnm3.cisco.com
eth0 VIP
172.28.10.248/24
->
172.28.10.239/24
eth1 VIP
1.0.0.248/8
->
1.0.0.239/8
eth2 VIP
/
->
2.0.0.239/8
Peer eth0 IP
172.28.10.247
->
172.29.10.238
Peer eth1 IP
1.0.0.247
->
1.0.0.238
Peer eth2 IP
->
2.0.0.238
Peer hostname
dcnm2.cisco.com
->
dcnm4.cisco.com
VIP hostname
dcnm6.cisco.com
->
dcnm5.cisco.com
[root@dcnm1 ~]# appmgr update network-properties session show config
======= Current configuration ======
Hostname dcnm1.cisco.com
NTP Server
1.ntp.esl.cisco.com
DNS Server
171.70.168.183,1.0.0.246
eth0 IPv4 addr
172.28.10.246/255.255.255.0
eth0 IPv4 GW
172.28.10.1
eth0 IPv6 addr
eth0 IPv6 GW
eth1 IPv4 addr
1.0.0.246/255.0.0.0
eth1 IPv4 GW
eth1 IPv6 addr
eth1 IPv6 GW
eth2 IPv4 addr
/
eth2 IPv4 GW
eth2 IPv6 addr
eth2 IPv6 GW
Peer hostname dcnm2.cisco.com
Peer eth0 IP
172.28.10.247
Peer eth1 IP
1.0.0.247
Peer eth2 IP
Peer eth0 IPv6
Peer eth1 IPv6
eth0 VIP
172.28.10.248/24
eth1 VIP
1.0.0.248/8
eth2 VIP
/
eth0 VIPv6
/
eth1 VIPv6
/
VIP hostname dcnm6.cisco.com
====== Session configuration ======
Hostname dcnm3.cisco.com
NTP Server
1.ntp.esl.cisco.com
DNS Server
171.70.168.183,1.0.0.246
eth0 IPv4 addr
172.28.10.244/255.255.255.0
eth0 IPv4 GW
172.28.10.1
eth0 IPv6 addr
eth0 IPv6 GW
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
151
Managing Utility Services After DCNM Deployment
Modifying Network Properties on DCNM in Native HA Mode
eth1 IPv4 addr
1.0.0.244/255.0.0.0
eth1 IPv4 GW
1.0.0.1
eth1 IPv6 addr
eth1 IPv6 GW
eth2 IPv4 addr
2.0.0.244/255.0.0.0
eth2 IPv4 GW
2.0.0.1
eth2 IPv6 addr
eth2 IPv6 GW
Peer hostname
dcnm4.cisco.com
Peer eth0 IP
172.29.10.238
Peer eth1 IP
1.0.0.238
Peer eth2 IP
2.0.0.238
Peer eth0 IPv6
Peer eth1 IPv6
eth0 VIP
172.28.10.239/24
eth1 VIP
1.0.0.239/8
eth2 VIP
2.0.0.239/8
eth0 VIPv6 /
eth1 VIPv6 /
VIP hostname dcnm5.cisco.com
[root@dcnm1 ~]#
[root@dcnm2 ~]# appmgr update network-properties session show changes
eth0 IPv4 addr
172.28.10.247/255.255.255.0
->
172.28.10.238/255.255.255.0
eth1 IPv4 addr
1.0.0.247/255.0.0.0
->
1.0.0.238/255.0.0.0
eth1 IPv4 GW
->
1.0.0.1
eth2 IPv4 addr
/
->
2.0.0.238/255.0.0.0
eth2 IPv4 GW
->
2.0.0.1
Hostname
dcnm2.cisco.com
->
dcnm4.cisco.com
eth0 VIP
172.28.10.248/24
->
172.28.10.239/24
eth1 VIP
1.0.0.248/8
->
1.0.0.239/8
eth2 VIP
/
->
2.0.0.239/8
Peer eth0 IP
172.28.10.246
->
172.29.10.244
Peer eth1 IP
1.0.0.246
->
1.0.0.244
Peer eth2 IP
->
2.0.0.244
Peer hostname
dcnm1.cisco.com
->
dcnm3.cisco.com
VIP hostname
dcnm6.cisco.com
->
dcnm5.cisco.com
[root@dcnm2 ~]# appmgr update network-properties session show configuration
======= Current configuration ======
Hostname dcnm2.cisco.com
NTP Server
1.ntp.esl.cisco.com
DNS Server
171.70.168.183,1.0.0.247
eth0 IPv4 addr
172.28.10.247/255.255.255.0
eth0 IPv4 GW
172.28.10.1
eth0 IPv6 addr
eth0 IPv6 GW
eth1 IPv4 addr
1.0.0.247/255.0.0.0
eth1 IPv4 GW
eth1 IPv6 addr
eth1 IPv6 GW
eth2 IPv4 addr
/
eth2 IPv4 GW
eth2 IPv6 addr
eth2 IPv6 GW
Peer hostname
dcnm1.cisco.com
Peer eth0 IP
172.28.10.246
Peer eth1 IP
1.0.0.246
Peer eth2 IP
Peer eth0 IPv6
Peer eth1 IPv6
eth0 VIP
172.28.10.248/24
eth1 VIP
1.0.0.248/8
eth2 VIP
/
eth0 VIPv6
/
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
152
Managing Utility Services After DCNM Deployment
Modifying Network Properties on DCNM in Native HA Mode
eth1 VIPv6
/
VIP hostname dcnm6.cisco.com
====== Session configuration ======
Hostname dcnm4.cisco.com
NTP Server
1.ntp.esl.cisco.com
DNS Server
171.70.168.183,1.0.0.247
eth0 IPv4 addr
172.28.10.238/255.255.255.0
eth0 IPv4 GW
172.28.10.1
eth0 IPv6 addr
eth0 IPv6 GW
eth1 IPv4 addr
1.0.0.238/255.0.0.0
eth1 IPv4 GW
1.0.0.1
eth1 IPv6 addr
eth1 IPv6 GW
eth2 IPv4 addr
2.0.0.238/255.0.0.0
eth2 IPv4 GW
2.0.0.1
eth2 IPv6 addr
eth2 IPv6 GW
Peer hostname dcnm3.cisco.com
Peer eth0 IP
172.29.10.244
Peer eth1 IP
1.0.0.244
Peer eth2 IP
2.0.0.244
Peer eth0 IPv6
Peer eth1 IPv6
eth0 VIP
172.28.10.239/24
eth1 VIP
1.0.0.239/8
eth2 VIP
2.0.0.239/8
eth0 VIPv6
/
eth1 VIPv6
/
VIP hostname dcnm5.cisco.com
[root@dcnm2 ~]#
[root@dcnm1 ~]# appmgr update network-properties session apply
*********************************************************************
WARNING
Applications of both nodes of the DCNM HA system need to be stopped
for the changes to be applied properly.
PLEASE STOP ALL APPLICATIONS MANUALLY
*********************************************************************
Have applications been stopped? [y/n]: y
Applying changes
DELETE 1
Node left the swarm.
Server configuration file loaded: /usr/local/cisco/dcm/fm//conf/server.properties
log4j:WARN No appenders could be found for logger (fms.db).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
UPDATE 1
UPDATE 1
DELETE 1
server signaled
INFO
: [ipv6_wait_tentative] Waiting for interface eth0 IPv6 address(es) to leave the
'tentative' state
INFO
: [ipv6_wait_tentative] Waiting for interface eth0 IPv6 address(es) to leave the
'tentative' state
**********************************************************************
Please run 'appmgr start afw; appmgr start all' to restart your nodes.
**********************************************************************
*********************************************************************
Please run 'appmgr update ssh-peer-trust' on the peer node.
*********************************************************************
[root@dcnm1 ~]#
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
153
Managing Utility Services After DCNM Deployment
Modifying Network Properties on DCNM in Native HA Mode
[root@dcnm2 ~]# appmgr update network-properties session apply
*********************************************************************
WARNING
Applications of both nodes of the DCNM HA system need to be stopped
for the changes to be applied properly.
PLEASE STOP ALL APPLICATIONS MANUALLY
*********************************************************************
Have applications been stopped? [y/n]: y
Applying changes
DELETE 1
Node left the swarm.
Server configuration file loaded: /usr/local/cisco/dcm/fm//conf/server.properties
log4j:WARN No appenders could be found for logger (fms.db).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
UPDATE 1
UPDATE 1
DELETE 1
afwnetplugin:0.1
server signaled
**********************************************************************
Please run 'appmgr start afw; appmgr start all' to restart your nodes.
**********************************************************************
*********************************************************************
Please run 'appmgr update ssh-peer-trust' on the peer node.
*********************************************************************
[root@dcnm2 ~]#
Step 7
[root@dcnm1 ~]# appmgr start afw; appmgr start all
Started AFW Server Processes
Started AFW Agent Processes
Started AFW Server Processes
Started AFW Agent Processes
Started applications managed by heartbeat..
Check the status using 'appmgr status all'
Starting High-Availability services: INFO: Resource is stopped
Done.
Warning: PID file not written; -detached was passed.
AMQP User Check
Started AFW Server Processes
Started AFW Agent Processes
[root@dcnm1 ~]#
Waiting for dcnm1 to become active again.
[root@dcnm2 ~]# appmgr start afw; appmgr start all
Started AFW Server Processes
Started AFW Agent Processes
Started AFW Server Processes
Started AFW Agent Processes
Started applications managed by heartbeat..
Check the status using 'appmgr status all'
Starting High-Availability services: INFO: Resource is stopped
Done.
Warning: PID file not written; -detached was passed.
AMQP User Check
Started AFW Server Processes
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
154
Managing Utility Services After DCNM Deployment
Changing the DCNM Server Password Post DCNM Installation
Started AFW Agent Processes
[root@dcnm2 ~]#
[root@dcnm1 ~]# appmgr update ssh-peer-trust
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
Number of key(s) added: 1
Now try logging into the machine, with:
"ssh -o 'StrictHostKeyChecking=no' '172.28.10.245'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
Number of key(s) added: 1
Now try logging into the machine, with:
"ssh -o 'StrictHostKeyChecking=no' '100.0.0.245'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
Number of key(s) added: 1
Now try logging into the machine, with:
"ssh -o 'StrictHostKeyChecking=no'
'dcnm2.cisco.com'"
and check to make sure that only the key(s) you wanted were added.
[root@dcnm1 ~]#
[root@dcnm2 ~]# appmgr update ssh-peer-trust
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
Number of key(s) added: 1
Now try logging into the machine, with:
"ssh -o 'StrictHostKeyChecking=no' '172.28.10.244'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
Number of key(s) added: 1
Now try logging into the machine, with:
"ssh -o 'StrictHostKeyChecking=no' '100.0.0.244'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
Number of key(s) added: 1
Now try logging into the machine, with:
"ssh -o 'StrictHostKeyChecking=no'
'dcnm1.cisco.com'"
and check to make sure that only the key(s) you wanted were added.
[root@dcnm2 ~]#
Changing the DCNM Server Password Post DCNM Installation
The password to access Cisco DCNM Web UI is configured while installing the Cisco DCNM for your
deployment type. However, you can modify this password post installation also, if required.
To change the password post installation, perform the following steps:
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
155
Managing Utility Services After DCNM Deployment
Changing the DCNM Database Password on Standalone Setup
Procedure
Step 1
Stop the applications using the appmgr stop all command.
Wait until all the applications stop running.
Step 2
Change the password for the management interface by using the appmgr change_pwd ssh
{root|poap|sysadmin}[password command.
Ensure that the new password adheres to the following password requirements. If you do not comply with the
requirements, the DCNM application might not function properly:
• It must be at least 8 characters long and contain at least one alphabet and one numeral.
• It can contain a combination of alphabets, numerals, and special characters.
• Do not use any of these special characters in the DCNM password: <SPACE> " & $ % ' ^ = < > ; : ` \ |
/ , .*
Step 3
Start the application using the appmgr start all command.
Changing the DCNM Database Password on Standalone Setup
To change the Postgres database password on Cisco DCNM Standalone setup, perform the following steps:
Procedure
Step 1
Stop all the applications using the appmgr stop all command.
Ensure that all the applications have stopped using the appmgr status all command.
Step 2
Change the Postgres password by using the appmgr change_pwd db command.
Provide the new password at the prompt.
Step 3
Start the application using the appmgr start all command.
Ensure that all the applications have started using the appmgr status all command.
Example
dcnm# appmgr stop all
dcnm# appmgr change_pwd db <<new-password>>
dcnm# appmgr start all
Changing the DCNM Database Password on Native HA Setup
To change the Postgres database password on Cisco DCNM Native HA setup, perform the following steps:
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
156
Managing Utility Services After DCNM Deployment
Convert Standalone Setup to Native-HA Setup
Procedure
Step 1
Stop all the applications on the Standby appliance using the appmgr stop all command.
Ensure that all the applications have stopped using the appmgr status all command.
Step 2
Stop all the applications on the Active appliance using the appmgr stop all command.
Ensure that all the applications have stopped using the appmgr status all command.
Step 3
Change the Postgres password by using the appmgr change_pwd db command on both Active and Standby
nodes.
Ensure that you provide the same password at the prompt.
Step 4
Start the applications on the Active appliance, using the appmgr start all command.
Ensure that all the applications have stopped using the appmgr status all command.
Step 5
Start the applications on the Standby appliance, using the appmgr start all command.
Ensure that all the applications have stopped using the appmgr status all command.
Example
Let us consider Active and standby as dcnm1 and dcnm2, respectively.
dcnm1# appmgr stop all
dcnm2# appmgr stop all
dcnm1# appmgr change_pwd db <<new-password>>
dcnm2# appmgr change_pwd db <<new-password>>
dcnm1# appmgr start all
dcnm2# appmgr start all
Convert Standalone Setup to Native-HA Setup
To convert an existing Cisco DCNM Standalone setup to a Native HA setup, perform the following steps:
Before you begin
Ensure that the Standalone setup is active and operational, by using the appmgr show version command.
dcnm# appmgr show version
Cisco Data Center Network Manager
Version: 11.4(1)
Install mode: LAN Fabric
Standalone node. HA not enabled.
dcnm#
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
157
Managing Utility Services After DCNM Deployment
Convert Standalone Setup to Native-HA Setup
Procedure
Step 1
On the Standalone setup, launch SSH and enable root user access by using the appmgr root-access permit
command:
dcnm# appmgr root-access permit
Step 2
Deploy a new DCNM as secondary node. Choose Fresh installation - HA Secondary
For example, let us indicate the existing setup as dcnm1 and the new DCNM as secondary node as dcnm2.
If the system configuration does not meet minimum resource requirements, SYSTEM RESOURCE
ERROR is displayed on the Web Installer, and the installation will be aborted. Modify the system
requirements, and launch the Web Installer to complete the installation.
Caution
Step 3
Configure dcnm2 as the Secondary node. Paste the URL displayed on the Console tab of dcnm2 and hit Enter.
A welcome message appears.
a) On the Welcome to Cisco DCNM screen, click Get Started.
Caution
If the system configuration does not meet minimum resource requirements, SYSTEM
RESOURCE ERROR is displayed on the Web Installer, and the installation will be aborted.
Modify the system requirements, and launch the Web Installer to complete the installation.
b) On the Cisco DCNM Installer screen, select Fresh Installation - HA Secondary radio button, to install
dcnm2 as Secondary node.
Click Continue.
c) On the Install Mode tab, from the drop-down list, choose the same installation mode that you selected
for the Primary node.
The HA installation fails if you do not choose the same installation mode as Primary node.
Note
Check the Enable Clustered Mode check box, if you have configured the Cisco DCNM Primary in
Clustered mode.
Click Next.
d) On the Administration tab, enter information about passwords.
All the passwords must be same as the passwords that you provided while configuring the
Primary node.
Note
e) On the System Settings, configure the settings for the DCNM Appliance.
• In the Fully Qualified Hostname field, enter the hostname that is a fully qualified domain name
(FQDN) as per RFC1123, section 2.1. Hostnames with only digits is not supported.
• In the DNS Server Address List field, enter the DNS IP address.
Beginning with Release 11.2(1), you can also configure the DNS server using an IPv6 address.
From Release 11.3(1), you can configure more than one DNS server.
Note
If you’re using Network Insights applications, ensure that the DNS server is valid and
reachable.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
158
Managing Utility Services After DCNM Deployment
Convert Standalone Setup to Native-HA Setup
• In the NTP Server Address List field, enter the IP address of the NTP server.
The value must be an IP or IPv6 address or RFC 1123 compliant name.
From Release 11.3(1), you can configure more than one NTP server.
• From the Timezone drop-down list, select the timezone in which you are deploying the DCNM.
Click Next.
f) On the Network Settings tab, configure the network parameters used to reach the DCNM Web UI.
Figure 22: Cisco DCNM Management Network Interfaces
1. In the Management Network area, verify if the auto-populated addresses for Management IPv4
Address and Management Network Default IPv4 Gateway are correct. Modify, if necessary.
Note
Ensure that the IP address belongs to the same Management Network configured on the
Primary node.
(Optionally) Enter a valid IPv6 address along with the prefix to configure the Management IPv6
Address and the Management Network Default IPv6 Gateway.
2. In the Out-of-Band Network area, enter the IPv4 address and Gateway IPv4 Address.
If DCNM is on the IPv6 network, configure the network by entering relevant IPv6 Address for IPv6
address and Gateway IPv6 Address.
Note
Ensure that the IP addresses belong to the same Out-of-Band network configured on the
Primary node.
Out-of-band management provides a connection to the device management ports (Typically mgmt0).
Note
If the out-of-band network is not configured, you cannot configure Cisco DCNM in Cluster
mode.
3. In the In-Band Network area, enter the IPv4 address and Gateway IPv4 Address for the in-band
network.
If DCNM is on the IPv6 network, configure the network by entering relevant IPv6 Address for IPv6
address and Gateway IPv6 Address.
Note
Ensure that the IP addresses belong to the same In-Band network configured on the Primary
node.
The In-Band Network provides reachability to the devices via the front-panel ports.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
159
Managing Utility Services After DCNM Deployment
Convert Standalone Setup to Native-HA Setup
If you do not configure in-band network, Endpoint Locator and Telemetry features are not
operational.
Note
Click Next.
g) On the Applications tab, configure the Internal Applications Services Network, and Cluster mode settings.
1. In the Internal Application Services Network area, in the IPv4 Subnet field, enter the IP subnet to
access the applications that run internally to DCNM.
2. In the Clustered mode configuration area, configure the network settings to deploy the DCNM
instance in Clustered mode. In Clustered mode, applications run on separate compute nodes.
• In the Out-of-Band IPv4 Network Address Pool, enter the address pool from the Out-of-Band
IPv4 network to be used in the Clustered Mode.
Optionally, you can also enter an IPv6 address pool in the Out-of-Band IPv6 Network Address
Pool field.
• In the In-Band IPv4 Network Address Pool, enter the address pool from the In-Band IPv4
network to be used in the Clustered Mode.
Optionally, you can also enter an IPv6 address pool in the In-Band IPv6 Network Address
Pool field.
Ensure that the IP addresses belong to the same pool as configured on the Primary node.
h) On the HA Settings tab, configure the system settings for the Secondary node.
• In the Management IPv4 Address of Primary DCNM node field, enter the appropriate IP Address
to access the DCNM UI.
• In the VIP Fully qualified Host Name field, enter hostname that is a fully qualified domain name
(FQDN) as per RFC1123, section 2.1. Host names with only digits is not supported.
• In the Management Network VIP address field, enter the IP address used as VIP in the management
network.
Optionally, you can also enter an IPv6 VIP address in the Management Network VIPv6 address
field.
Note
If you have configured the Management network using IPv6 address, ensure that you
configure the Management Network VIPv6 Address.
• In the Out-of-Band Network VIP Address field, enter the IP address used as VIP in the Out-of-Band
network.
Optionally, you can also enter an IPv6 VIP address in the Out-of-Band Network VIPv6 Address
field.
• In the In-Band Network VIP Address field, enter the IP address used as VIP in the Out-of-Band
network.
Optionally, you can also enter an IPv6 VIP address in the In-Band Network VIPv6 Address field.
Note
This field is mandatory if you have provided an IP address for In-Band network in the
Network Settings tab.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
160
Managing Utility Services After DCNM Deployment
Utility Services Details
• In the HA Ping Feature IPv4 Address field, enter the HA ping IP address and enable this feature,
if necessary.
The configured IPv4 address must respond to the ICMP echo pings.
Note
HA_PING_ADDRESS, must be different from the DCNM Active and Standby addresses.
You must configure the HA ping IPv4 Address to avoid the Split Brain scenario. This IP address
must belong to Enhanced Fabric management network.
Click Next.
i) On the Summary tab, review the configuration details.
Click Previous to go to the previous tabs and modify the configuration. Click Start Installation to
complete the Cisco DCNM OVA Installation for the chosen deployment mode.
A progress bar appears to show the completed percentage, description of the operation, and the elapsed
time during the installation. After the progress bar shows 100%, click Continue.
A success message appears with the URL to access DCNM Web UI.
***************************************************************
Your Cisco Data Center Network Manager software has been installed.
DCNM Web UI is available at
https://<<IP Address>>
You will be redirected there in 60 seconds.
Thank you
***************************************************************
Note
If the Cisco DCNM is running behind a firewall, ensure that you open the port 2443 to launch
Cisco DCNM Web UI.
What to do next
Verify the HA role by using the appmgr show ha-role command.
On the Active node (old standalone node):
dcnm1# appmgr show ha-role
Native HA enabled.
Deployed role: Active
Current role: Active
On the Standby node (newly deployed node):
dcnm2# appmgr show ha-role
Native HA enabled.
Deployed role: Standby
Current role: Standby
Utility Services Details
This section describes the details of all the utility services within the functions they provide in Cisco DCNM.
The functions are as follows:
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
161
Managing Utility Services After DCNM Deployment
Network Management
Network Management
The data center network management function is provided by the Cisco Data Center Network Manager
(DCNM) server. Cisco DCNM provides the setup, visualization, management, and monitoring of the data
center infrastructure. Cisco DCNM can be accessed from your browser: http://<<hostname/IP
address>>.
Note
For more information about Cisco DCNM, see http://cisco.com/go/dcnm.
Orchestration
RabbitMQ
Rabbit MQ is the message broker that provides the Advanced Messaging Queuing Protocol (AMQP). The
RabbitMQ message broker sends events from the vCloud Director/vShield Manager to the Python script for
parsing. You can configure this protocol by using certain CLI commands from the Secure Shell (SSH) console
of the firmware.
Note
You need to stop and restart AMQP on both DCNM's server in HA within 30 seconds, otherwise AMQP may
not start. For more information about RabbitMQ, go to https://www.rabbitmq.com/documentation.html.
After upgrade, enable RabbitMQ management service stop the service and start the services using the following
commands:
dcnm# appmgr stop amqp
dcnm# appmgr start amqp
If AMQP is not running. the memory space must be exhausted that is indicated in the file
/var/log/rabbitmq/erl_crash.dump.
Device Power On Auto Provisioning
Power On Auto Provisioning (POAP) occurs when a switch boots without any startup configuration. It is
accomplished by two components that were installed:
• DHCP Server
The DHCP server parcels out IP addresses to switches in the fabric and points to the location of the POAP
database, which provides the Python script and associates the devices with images and configurations.
During the Cisco DCNM installation, you define the IP Address for the inside fabric management address
or OOB management network and the subnets associated with the Cisco Programmable Fabric
management.
• Repositories
The TFTP server hosts boot scripts that are used for POAP.
The SCP server downloads the database files, configuration files, and the software images.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
162
Managing Utility Services After DCNM Deployment
Managing Applications and Utility Services
Managing Applications and Utility Services
You can manage the applications and utility services for Cisco Programmable Fabric in the Cisco DCNM
through commands in an SSH terminal.
Enter the appmgr command from the SSH terminal by using the following credentials:
• Username: root
• Password: Administrative password provided during deployment
Note
For your reference, context sensitive help is available for the appmgr command. Use the appmgr command
to display help.
Use the appmgr tech_support command to produce a dump of the log files. You can then provide this
information to the TAC team for troubleshooting and analysis of your setup.
Note
This section does not describe commands for Network Services using Cisco Prime Network Services Controller.
This section includes the following:
Verifying the Application and Utility Services Status after Deployment
After you deploy the OVA/ISO file, you can determine the status of various applications and utility services
that were deployed in the file. You can use the appmgr status command in an SSH session to perform this
procedure.
Note
Context-sensitive help is available for the appmgr status command. Use the appmgr status ? command to
display help.
Procedure
Step 1
Open up an SSH session:
a) Enter the ssh root DCNM network IP address command.
b) Enter the administrative password to login.
Step 2
Check the status by using the following command:
appmgr status all
Example:
DCNM Status
PID USER
=== =====
PR
===
NI VIRT RES
== ==== ===
SHR
===
S
=
%CPU %MEM TIME+
==== ===== ======
COMMAND
=======
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
163
Managing Utility Services After DCNM Deployment
Stopping, Starting, and Resetting Utility Services
1891 root 20 02635m 815m
LDAP Status
PID USER
=== =====
1470 ldap
PR
===
20
AMQP Status
PID USER
=== =====
1504 root
PR
===
20
TFTP Status
PID USER
=== =====
1493 root
PR
===
20
15m S
0.0 21.3
NI VIRT RES SHR S
== ==== === === =
0 692m 12m 4508 S
NI VIRT RES
== ==== ===
0 52068 772
1:32.09
java
%CPU %MEM TIME+
COMMAND
==== ===== ====== =======
0.0 0.3
0:00.02 slapd
SHR S %CPU %MEM TIME+
COMMAND
=== = ==== ===== ====== =======
268 S 0.0 0.0
0:00.00 rabbitmq
NI VIRT RES SHR S
== ==== === === =
0 22088 1012 780 S
%CPU %MEM TIME+
COMMAND
==== ===== ====== =======
0.0 0.0
0:00.00 xinetd
DHCP Status
PID USER
PR
NI VIRT RES SHR S
=== =====
===
== ==== === === =
1668 dhcpd 20
0 46356 3724 408 S 0.0
%CPU %MEM TIME+
COMMAND
==== ===== ====== =======
0.0
0:05.23 dhcp
Stopping, Starting, and Resetting Utility Services
Use the following CLI commands for stopping, starting, and resetting utility services:
• To stop an application, use the appmgr stop command.
dcnm# appmgr stop dhcp
Shutting down dhcpd:
[
OK
]
• To start an application, use the appmgr start command.
dcnm# appmgr start amqp
Starting vsftpd for amqp:
[
OK
]
• To restart an application use the appmgr restart command.
# appmgr restart tftp
Restarting TFTP...
Stopping xinetd:
[
Starting xinetd:
[
Note
OK
OK
]
]
From Cisco DCNM Release 7.1.x, when you stop an application by using the appmgr stop app_name
command, the application will not start during successive reboots.
For example, if DHCP is stopped by using the appmgr stop dhcp command, and the OS is rebooted, the
DHCP application will still be down after the OS is up and running.
To start again, use the command appmgr start dhcp. The DHCP application will be started after reboots
also. This is to ensure that when an environment uses an application that is not packaged as part of the virtual
appliance (like CPNR instead of DHCP), the application locally packaged with the virtual appliance will not
interfere with its function after any OS reboots.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
164
Managing Utility Services After DCNM Deployment
Updating the SFTP Server Address for IPv6
Note
When a DCNM appliance (ISO/OVA) is deployed, the Cisco SMIS component will not get started by default.
However, this component can be managed using the appmgr CLI: appmgr start/stop dcnm-smis
appmgr start/stop dcnm will start or stop only the DCNM web component.
Updating the SFTP Server Address for IPv6
After deploying the DCNM OVA/ISO successfully with EFM IPv4 and IPv6, by default the SFTP address is
pointed to IPv4 only. You need to change the IPv6 address manually in the following two places:
• In the DCNM Web Client, choose Administration > Server Properties and then update the below fields
to IPv6 and click the Apply Changes button.
#_____________________________________________________________________
# GENERAL>xFTP CREDENTIAL
#
# xFTP server's ip address for copying switch files:
server.FileServerAddress
• Log in to the DCNM through ssh and update the SFTP address with IPv6 manually in the server.properties
file (/usr/local/cisco/dcm/fm/conf/server.properties).
# xFTP server's ip address for copying switch files:
server.FileServerAddress=2001:420:5446:2006::224:19
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
165
Managing Utility Services After DCNM Deployment
Updating the SFTP Server Address for IPv6
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
166
CHAPTER
14
Tetration Agent With DCNM Validation
A tetration software agent is a small software application running on a host system. Its core functionality is
to monitor and collect network flow information. It also collects other host information such as network
interfaces and active processes running on the system. The information collected by the agent is exported to
a set of collectors running within the Tetration cluster for further analytical processing.
• Tetration Agent With DCNM Validation, on page 167
Tetration Agent With DCNM Validation
Using the installer script is the recommended method for deploying deep visibility enforcement agents on
Linux platforms.
Before you begin
If the installed agent is to be connected to a Tetration cluster, the ACTIVATION_KEY and HTTPS_PROXY
parameters will be required. If the installer script is used, it will automatically populate the
ACTIVATION_KEY, while you need to insert the HTTPS_PROXY information directly into the script.
If manual deployment is used, manually insert both ACTIVATION_KEY and HTTPS_PROXY parameters
yourself. For more information, see User Configuration for Tetration SaaS.
Procedure
Step 1
Log into the Cisco TetrationOS Software Web UI with your credentials.
Step 2
Choose Agent Config from the Settings menu to display the Agent Config window.
Step 3
Navigate to the Software Agent Download tab.
Step 4
Choose Linux in the Select Platform section.
Step 5
Choose Deep Visibility or Enforcement in the Select Agent Type section.
Step 6
Click the Download Installer button and save the file to a local disk.
Step 7
Log into your DCNM with the root privileges. Copy the installer shell script and execute the script.
Note
The installer script will not proceed if the agent was already installed.
The installer script command syntax is as follows:
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
167
Tetration Agent With DCNM Validation
Tetration Agent With DCNM Validation
$ tetration_linux_installer.sh [-skip-pre-check] [-noInstall]
[-logFile=filename] [-proxy=proxy_string>] [-skip-ipv6-check]
[-help] [-version] [-sensor-version=version_info] [-ls] [-file=filename]
[-save=filename] [-new]
Step 8
-skip-pre-check
Skips pre-installation checks.
-noInstall
The sensor package is not downloaded and installed on the system.
-logFile filename
Writes the log to the file specified by filename .
-proxy proxy_string
Sets the value of HTTPS_PROXY. Use this if a proxy server is needed to
communicate with the cluster. The string should be formatted as
http://proxy:port
-skip-ipv6-check
Skips IPv6 verification.
-help
Prints this help information.
-version
Prints the current script’s version.
-sensorVersion
version_info
Downloads a particular sensor version; default is the latest version. An example
of the version_info entry is –sensor-version=3.1.1.53.devel
-ls
Lists all available sensor versions for your system (does not list pre-3.1
packages). This is a listing only; does not download any package.
-file filename
Let’s you specify a local zip file to use to install the sensor instead of
downloading from the cluster.
-save filename
Downloads the installer zip file from the Tetration cluster, saving it locally
with filename as its name.
-new
Uninstalls/removes all copies of the Tetration agent if it was already installed
on this local machine.
Run the following command to verify if the agent is installed.
sudo rpm -q tet-sensor
An entry appears as follows:
$ sudo rpm -q tet-sensor
tet-sensor-3.1.1.50-1.el6.x86_64
Note
There are five nodes in a DCNM native HA cluster deployment, namely, DCNM Primary, DCNM
Secondary, and three Compute Nodes. Install the tetration agent on each of these nodes for full
visibility of the DCNM cluster.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
168
Tetration Agent With DCNM Validation
Tetration Agent With DCNM Validation
Figure 23: Tetration Agent with DCNM Clusters
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
169
Tetration Agent With DCNM Validation
Tetration Agent With DCNM Validation
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
170
CHAPTER
15
Installing Software Maintenance Update
• Installing Software Maintenance Update on Cisco DCNM 11.4(1) to use Network Insights for Resources
Application, on page 171
Installing SoftwareMaintenance UpdateonCiscoDCNM11.4(1)
to use Network Insights for Resources Application
After installing Cisco DCNM, you can download and install various applications from the Cisco App Center.
In Cisco DCNM 11.4(1) LAN Fabric installation, to use Network Insights for Resources (NIR) Release 2.2.2
or later, install the latest software maintenance update. For a Cisco DCNM Native HA clustered deployment,
apply the update on the Active and Standby nodes only. You need not update the Compute nodes.
To download, add, start, stop, and delete applications from the Cisco DCNM Web UI, choose Applications
> Catalog > Browse App Center. Refer to Installing and Deploying Applications for instructions.
Note
Cisco DCNM allows you to upload the NIR 2.2.2 application without the maintenance update. However, you
cannot start the application. An error appears asking you to install the maintenance update (patch) before
using the NIR 2.2.2 application.
Note
Only a root user must install the maintenance update (patch) on the Cisco DCNM 11.4(1).
To apply the maintenance update to use NIR 2.2.2 application with Cisco DCNM LAN Fabric installation in
Native HA mode, perform the following steps:
Before you begin
• Ensure that both the Cisco DCNM 11.4.1(1) Active and Standby peers are up and running.
• Check and ensure that the Active and Standby servers are operational, using the appmgr show ha-role
command.
Example:
On the Active node:
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
171
Installing Software Maintenance Update
Installing Software Maintenance Update on Cisco DCNM 11.4(1) to use Network Insights for Resources Application
dcnm1# appmgr show ha-role
Native HA enabled.
Deployed role: Active
Current role: Active
On the Standby node:
dcnm2# appmgr show ha-role
Native HA enabled.
Deployed role: Standby
Current role: Standby
Procedure
Step 1
Download the maintenance update (patch).
a) Go to the following site: http://software.cisco.com/download/.
A list of the latest release software for Cisco DCNM available for download is displayed.
b) In the Latest Releases list, choose Release 11.4(1).
c) Locate DCNM 11.4(1) LAN Fabric maintenance update for Network Insights for Resources (NIR
2.2.2+) and click Download icon.
d) Save the dcnm-va.11.4.1-p1.iso.zip file to your directory that is easy to find when you start to
apply the maintenance update (patch).
Step 2
Unzip the dcnm-va.11.4.1-p1.iso.zip file and upload the file to the /root/ folder in both Active
and Standby node of the DCNM setup.
Note
Step 3
For example, let us indicate Active and Standby appliances as dcnm1 and dcnm2 respectively.
Log on to the Cisco DCNM appliance using SSH as a sysadmin user.
Run the su command to enable root user.
dcnm1# su
Enter the root password:
[root@dcnm1]#
dcnm2# su
Enter the root password:
[root@dcnm2]#
Step 4
Run the following command to create a screen session.
[root@dcnm1]# screen
[root@dcnm2]# screen
This creates a session which allows you to execute the commands. The commands continue to run even when
the window is not visible or if you get disconnected.
Step 5
On the Active node, apply the patch.
a) Create a folder named iso using the mkdir /mnt/iso command.
[root@dcnm1]# mkdir -p /mnt/iso
b) Mount the DCNM 11.4(1) patch file on the Active node in the /mnt/iso folder.
[root@dcnm1]# mount dcnm-va.11.4.1-p1.iso /mnt/iso
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
172
Installing Software Maintenance Update
Installing Software Maintenance Update on Cisco DCNM 11.4(1) to use Network Insights for Resources Application
c) Navigate to /scripts/ directory.
[root@dcnm1]# cd /mnt/iso/packaged-files/scripts/
d) Run the ./inline-upgrade.sh script.
[root@dcnm1]# ./inline-upgrade.sh
============================================================
============ Inline Upgrade to DCNM 11.4(1)-p1 =============
============================================================
Upgrading from version: 11.4(1)
Upgrading from install option: LAN Fabric
System type: HA
Compute only: No
Do you want to continue and perform the inline upgrade to 11.4(1)-p1? [y/n]: y
==== Sat Jul 25 15:48:12 PDT 2020 - Task confirmRootPassword started ====
==== Sat Jul 25 15:48:12 PDT 2020 - Task confirmRootPassword finished ====
==== Sat Jul 25 15:48:12 PDT 2020 - Task checkAfwStatus started ====
==== Sat Jul 25 15:48:12 PDT 2020 - Task checkAfwStatus finished ====
==== Sat Jul 25 15:48:12 PDT 2020 - Task backupLocalDB started ====
==== Sat Jul 25 15:48:12 PDT 2020 - Taking DB backup ====
Collecting DB dump...
==== Sat Jul 25 15:48:14 PDT 2020 - Task backupLocalDB finished ====
==== Sat Jul 25 15:48:14 PDT 2020 - Task updateCompliance started ====
Uploading image
Deploying new image
{"ResponseType":0,"Response":""}
{"ResponseType":0,"Response":""}
{"ResponseType":0,"Response":""}
{"ResponseType":0,"Response":""}
{"ResponseType":0,"Response":""}
{"ResponseType":0,"Response":""}
Deleting old image
==== Sat Jul 25 15:52:06 PDT 2020 - Task updateCompliance finished ====
==== Sat Jul 25 15:52:06 PDT 2020 - Task updatePackagedFiles started ====
==== Sat Jul 25 15:52:06 PDT 2020 - Updating packaged-files ====
==== Sat Jul 25 15:52:06 PDT 2020 - Task updatePackagedFiles finished ====
==== Sat Jul 25 15:52:06 PDT 2020 - Task updatePatchList started ====
==== Sat Jul 25 15:52:06 PDT 2020 - Task updatePatchList finished ====
==== Sat Jul 25 15:52:06 PDT 2020 - Task updateTelemetryInfra started ====
Preparing...
########################################
Updating / installing...
telemetry-infra-1.0-2
########################################
Cleaning up / removing...
telemetry-infra-1.0-1
########################################
Created symlink from /etc/systemd/system/telemetry-infra.service to /usr/lib/
systemd/system/telemetry-infra.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/
telemetry-infra.service to /usr/lib/systemd/system/telemetry-infra.service.
Restarting Telemetry Infra ...
Stopped Telemetry Infra...
Started Telemetry Infra...
Check the status using 'appmgr status telemetry-infra'
==== Sat Jul 25 15:52:08 PDT 2020 - Task updateTelemetryInfra finished ====
==== Sat Jul 25 15:52:08 PDT 2020 - Task restartFMServer started ====
==== Sat Jul 25 15:53:14 PDT 2020 - Task restartFMServer finished ====
==== Sat Jul 25 15:53:14 PDT 2020 - Task completeUpgrade started ====
***********************************************************************************
Inline upgrade of this Active DCNM node is complete.
Please wait until this node is Active again
before upgrading the Standby node.
***********************************************************************************
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
173
Installing Software Maintenance Update
Installing Software Maintenance Update on Cisco DCNM 11.4(1) to use Network Insights for Resources Application
==== Sat Jul 25 15:53:14 PDT 2020 - Task completeUpgrade finished ====
Note
After the patch is applied successfully, the DCNM process restarts. This results in a momentary
loss of access to the DCNM Web UI.
e) Ensure the DCNM application is functional, by using the appmgr status all command.
[root@dcnm1]# appmgr status all
Note
Step 6
Ensure that all the services are up and running on the Cisco DCNM Active node before
proceeding to apply patch on the Standby node.
On the Standby node, apply the patch.
a) Create a folder named iso using the mkdir /mnt/iso command.
[root@dcnm2]# mkdir -p /mnt/iso
b) Mount the DCNM 11.4(1) patch file on the Active node in the /mnt/iso folder.
[root@dcnm2]# mount dcnm-va.11.4.1-p1.iso /mnt/iso
c) Navigate to /scripts/ directory.
[root@dcnm2]# cd /mnt/iso/packaged-files/scripts/
d) Run the ./inline-upgrade.sh script.
[root@dcnm2]# ./inline-upgrade.sh --standby
============================================================
============ Inline Upgrade to DCNM 11.4(1)-p1 =============
============================================================
Upgrading from version: 11.4(1)
Upgrading from install option: LAN Fabric
System type: HA
Compute only: No
Do you want to continue and perform
==== Sat Jul 25 15:54:53 PDT 2020 ==== Sat Jul 25 15:54:53 PDT 2020 ==== Sat Jul 25 15:54:53 PDT 2020 ==== Sat Jul 25 15:54:53 PDT 2020 ==== Sat Jul 25 15:54:53 PDT 2020 ==== Sat Jul 25 15:54:53 PDT 2020 Collecting DB dump...
==== Sat Jul 25 15:54:54 PDT 2020 ==== Sat Jul 25 15:54:54 PDT 2020 ==== Sat Jul 25 15:54:54 PDT 2020 ==== Sat Jul 25 15:54:54 PDT 2020 ==== Sat Jul 25 15:54:54 PDT 2020 ==== Sat Jul 25 15:54:54 PDT 2020 ==== Sat Jul 25 15:54:54 PDT 2020 ==== Sat Jul 25 15:54:54 PDT 2020 ==== Sat Jul 25 15:54:54 PDT 2020 Preparing...
Updating / installing...
telemetry-infra-1.0-2
Cleaning up / removing...
telemetry-infra-1.0-1
==== Sat Jul 25 15:54:55 PDT 2020 ==== Sat Jul 25 15:54:55 PDT 2020 -
the inline upgrade to 11.4(1)-p1? [y/n]: y
Task confirmRootPassword started ====
Task confirmRootPassword finished ====
Task checkAfwStatus started ====
Task checkAfwStatus finished ====
Task backupLocalDB started ====
Taking DB backup ====
Task backupLocalDB finished ====
Task updateCompliance started ====
Task updateCompliance finished ====
Task updatePackagedFiles started ====
Updating packaged-files ====
Task updatePackagedFiles finished ====
Task updatePatchList started ====
Task updatePatchList finished ====
Task updateTelemetryInfra started ====
########################################
########################################
########################################
Task updateTelemetryInfra finished ====
Task restartFMServer started ====
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
174
Installing Software Maintenance Update
Installing Software Maintenance Update on Cisco DCNM 11.4(1) to use Network Insights for Resources Application
==== Sat Jul 25 15:54:55 PDT 2020 - Task restartFMServer finished ====
==== Sat Jul 25 15:54:55 PDT 2020 - Task completeUpgrade started ====
***********************************************************************************
Inline upgrade of the HA DCNM system is complete.
***********************************************************************************
==== Sat Jul 25 15:54:55 PDT 2020 - Task completeUpgrade finished ====
[root@dcnm2]# appmgr show ha-role
Native HA enabled.
Deployed role: Standby
e) Ensure the DCNM application is functional, by using the appmgr status all command.
[root@dcnm1]# appmgr status all
Step 7
Terminate the screen session, by using the exit command.
[root@dcnm1]# exit
[root@dcnm2]# exit
Step 8
Unmount the dcnm-va.11.4.1-p1.iso file in both Active and Standby node of the DCNM setup, by
using the umount /mnt/iso command.
Note
You must terminate the screen session before unmounting the patch file.
[root@dcnm1]# umount /mnt/iso
[root@dcnm2]# umount /mnt/iso
What to do next
Log on to the DCNM Web UI with appropriate credentials.
Choose Applications > Catalog. Verify the version of the Compliance application. It must show the version
as 4.0.1 after successfully installing the maintenance update on Cisco DCNM 11.4(1).
Note
If you try to install the maintenance update again, a note appears stating that the patch is already applied on
the Cisco DCNM.
You can now start the NIR 2.2.2 application on the Cisco DCNM Web UI. Refer to Installing and Deploying
Applications for instructions.
To use the DCNM tracker feature after installing the maintenance update, install and start the tracker on all
the NX-OS switches. Launch the Cisco DCNM Web UI, and choose Control > Fabric Builder. For more
information, refer to DCNM Tracker.
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
175
Installing Software Maintenance Update
Installing Software Maintenance Update on Cisco DCNM 11.4(1) to use Network Insights for Resources Application
Cisco DCNM Installation and Upgrade Guide for LAN Fabric Deployment, Release 11.4(1)
176

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project