Multi-Site Orchestrator GUI

Overview

The Cisco ACI Multi-Site (Multi-Site) Orchestrator GUI is a browser-based graphical interface for configuring and monitoring your Cisco ACI, APIC, and Cloud APIC deployments.

The GUI is arranged according to function. For example, the Dashboard page contains an overview of your fabrics and their health, the Sites page provides information on each site and allows you to add sites, the Schemas page allows you to create and configure schemas, and so on. The functionality of each Multi-Site Orchestrator GUI page is described in the following sections

The top of each page shows the controller status indicating how many controllers are operational, the Get Started menu icon, the Settings icon, and the User icon.

The Get Started menu provides easy access to a number of common tasks you may want to perform, such as adding sites or schemas, configuring policies, or performing administrative tasks.

The Settings icon allows you to access overview information about your Multi-Site Orchestrator, such as the currently running version, what's new in the current release, system logs, and Swagger API documentation.

  • Clicking the About MSO link displays information about the version of the Multi-Site Orchestrator currently installed.

  • Clicking the What's New in This Release link displays a short summary of the new features in your release, as well as links to the rest of the Multi-Site documentation.

  • Clicking the API Docs link gives you access to the set of Swagger API object and method references. Using the Swagger API is described in more detail in the Cisco ACI Multi-Site REST API Configuration Guide.

The User icon allows you to view information about the currently logged in user, such as password updates, preferences, and bookmarks. It also allows you to log out of the Orchestrator GUI.

  • The Reset Password link allows you to update the currently logged in user's password

  • The Preferences link allows you to change a few GUI options.

  • The Bookmarks link opens the list of all the bookmarked schemas you save while using the Orchestrator. You can bookmark a schema by clicking the bookmark icon in the top right corner of the screen while viewing or editing the schema.

When working with fabric objects, a Display Name field is used throughout the Orchestrator's GUI whenever the objects are shown. You can specify a display name when creating the objects, however due to object naming requirements on the Cisco APIC, any invalid characters are removed and the resulting Internal Name is used when pushing the objects to sites. The Internal Name that will be used when creating the tenant is typically displayed below the Display Name textbox.

Dashboard

The Multi-Site dashboard displays the list of all of your site implementations in addition to their current functionality and health.

The following screen shot shows the Multi-Site Orchestrator dashboard display:

Figure 1. Multi-Site Orchestrator Dashboard

The Dashboard has the following functional areas:

  • Site Status: The site status table lists your sites according to name and location. The table also indicates the current health status for your implementation according to a descriptive color code.

    • The Controller State column indicates the number of controllers available and running. You can have a maximum number of 3 controllers in your Multi-Site implementation. For example, if one out of the 3 controller is down it is represented as 2/3.

    • The Connectivity column provides an operational status of the BGP sessions and the dataplane unicast and multicast tunnels that are connected to the peer sites for each site in the dashboard. This functionality is available starting with Cisco ACI Multi-Site, Release 1.0(2).

      When one or more BGP sessions or tunnels fail to establish, ACI Multi-Site provides the information about which exact local spines and remote spines failed to establish the BGP session or the tunnel. ACI Multi-Site should be enabled in the site in the infrastructure configuration, for the BGP sessions and the dataplane unicast and multicast tunnels to be established to the peer sites.

      BGP Sessions

      • When the BGP peering type is full-mesh in Infra-> General Settings, the spine node in a site with the BGP peering enabled will establish the BGP sessions to all the spine nodes with the BGP peering enabled in all the peer sites.

      • When the BGP peering type is route-reflector in Infra-> General Settings, the spine node in a site with both BGP peering enabled and route-reflector enabled, will establish the BGP sessions to all the spine nodes with the BGP peering enabled in all the peer sites. In the route-reflector mode, at least the local spine node or the remote spine node or both should have the route-reflector enabled. Otherwise, the BGP session is not established between them.

      • If the local and the remote ASNs are different, then it is eBGP. Therefore, the sessions between those sites are always full-mesh, irrespective of the BGP peering type and the route-reflector configuration.

      Unicast and Multicast Tunnels: A spine node in a site that is connected to ISN and has infrastructure configuration, will establish a tunnel to all the spine nodes that are connected to ISN in the peer sites.

    The color codes indicate the following conditions:

    • Critical (red)

    • Major (orange)

    • Minor (yellow)

    • Warning (green)

    The numbers in the color indicator columns indicate the number of faults per site.

  • + Add Site: enables you to add another site to our implementation. When you click + Add Site, you must provide the following site details information on the Connection Settings page:

    • Name: the name of the site

    • Labels: the label identifier of the site. Multiple labels can be associated to a site.

    • APIC Controller URL: you can add more APIC controllers with a distinguishing URL of a cluster.

    • Username and Password: APIC login info with admin level privileges.

    • Specify Domain For Site: click the switch to on and provide the domain name if default authentication domain is configured in APIC.

      After you have entered your details for your new site, click the Save button.

  • Schema Health: provides a listing of your schemas with locales and health.

    • Click the magnifying glass icon and enter a schema name to search for a subject schema.

    • Click + Add Schema to start the procedure for adding a new schema to your site.

    • Click the site locale in the Schema Health table to view the schema details and status for a template.

      The Schema Health table provides a heat map type of display; that is, the health of the subject schema is displayed according to color. Schemas that span two columns (i.e, locales) indicate a stretched condition.

      • Click the color highlighted table cell to further discover what policies are incorporated into the subject schema. On the schema details page, you can click the arrow to go into the schema builder and update the policy details in the subject schema.

      • The color coded slider enables you to select a range for identifying schemas whose health require further review. For example, you can adjust the slider value to between 80 and 100. Then all of your schema implementations that fall within that specific range are displayed on the accompanying Schema Health table.

Application Management > Tenants Page

The Multi-Site Tenants page lists all of the tenants that comprise your implementation.

The table on the Tenants page displays the following:

  • Tenant Name

  • Assigned to Sites

  • Assigned to Users

  • Assigned to Schemas

  • Actions

The features and functionality on this page include the following:

  • Name: click a tenant name to access the Tenant Details settings page. On the Tenant Details page you can edit or update the following sections:

    • General Settings: change the Display Name and Description as required.

    • Associated Sites: view the sites associated with the subject tenant.

    • Associated Users: view the users associated with the subject tenant - you can associate a user with the subject tenant by checking the empty box next to the user name.

  • Associated Schemas: click the Associated Schema listing to view the schemas associated with the subject tenant.

  • Actions: click the Actions listing to edit the subject tenant's details sites or to create a new network mapping.


    Note
    You can delete the Tenant object by selecting Delete on the Actions drop down menu.

  • Add Tenant: click Add Tenant button to add an existing tenant to your implementation. On the proceeding Tenant Details page, you can add the tenant name, description, security domain, and associated users.

Audit Logs

Click the Audit Log icon next to the Add Schema tab to list the log details for the Schemas page. The Audit Logs: Tenant List page is displayed.

The table on the page displays the following details:

  • Date

  • Action

  • Details

  • User

Click the Most Recent tab to select the audit logs during a particular time period. For example, when you select the range from November 10, 2019 to February 14, 2020 and click Apply, the audit log details for this time period are displayed on the Audit Logs page.

Click the Filter icon next to the Most Recent tab to filter the log details using the following criteria:

  • User: Select one username or all users and click Apply to filter the log details using the username.

  • Action: Select the action, for example, created, updated, or deleted, and click Apply to filter the log details according to the action.

For more information, see the Managing Tenants chapter.

Application Management > Schemas Page

The Schemas page lists all schemas that are associated with your deployment.

Use the magnifying glass and associated field to search for a specific schema. Use schemas to configure or import tenant policies, including the VRF, application profile with EPGs, filters and contracts, bridge domains, and external EPGs.

The Schemas table shows the following information:

  • Name: click the schema name to view or update the settings for the subject schema.

  • Templates: displays the name of the template that is used for the schema. Templates are analogous to profiles in the ACI context, which group policies. You can create templates for stretched objects or site-specific objects.

  • Tenants: displays the name of the tenant that is used for the subject schema.

  • Actions: click the Action field with the associated schema to either edit or delete the subject schema.

You can use the Add Schema button to add a new schema, which is described in more details in Creating Schemas and Templates.

Audit Logs

Click the Audit Log icon next to the Add Schema tab to list the log details for the Schemas page. The Audit Logs: Schemas List page is displayed.

The table on the page displays the following details:

  • Date

  • Action

  • Details

  • User

Click the Most Recent tab to select the audit logs during a particular time period. For example, when you select the range from November 10, 2019 to February 14, 2020 and click Apply, the audit log details for this time period are displayed on the Audit Logs page.

Click the Filter icon next to the Most Recent tab to filter the log details using the following criteria:

  • User: Select one username or all users and click Apply to filter the log details using the username.

  • Action: Select the action, for example, created, updated, or deleted, and click Apply to filter the log details according to the action.

Application Management > Policies Page

The Multi-Site Orchestrator Policies page displays all policies you have configured for your fabrics.

The Policies page contains a table of all policies along with the summary of their types, tenants they're associated with, descriptions, and usage. You can use this page to add new policies or edit existing ones.

You can configure the following policies:

  • DHCP Policy, as described in the chapter

  • MPLS QoS Policy, as described in the chapter.

  • Route Map Policy, as described in the chapter.

  • Multicast Route Map Policy, as described in the chapter.

Infrastructure > Sites Page

The Multi-Site Sites page displays all of the sites in your implementation. An example of the Sites page is shown in the following screen shot:

Figure 2. Multi-Site Sites Page

The Sites page consists of the following two panes:

  • Site Name or Label: the site status table lists your sites and then indicates the current health status for your implementation according to the following color coded identifiers:

    • Critical (red)

    • Major (orange)

    • Minor (yellow)

    • Warning (green)

    When you click a specific site, you can view or edit the site's details on the Connection Settings display:

    • Name

    • Labels

    • APIC Controller URL

    • Username and Password

    • Specify Domain For Site

    • APIC Site ID

      If you have made changes to the listed fields, click the Save button.

  • APIC Controller URLs: the associated APIC URLs for your Multi-Site implementation

  • Configure Infra: click this area to configure your Fabric infrastructure connectivity. For more information, refer to the Cisco Application Policy Infrastructure Controller (APIC) page.

  • Add Site: click the Add Site button to add a site to your implementation. The following details are required for adding a site:

    • Name: the site name.

    • Label: select an existing or create a new label.

    • APIC Controller URL: the existing URL - click + to add a new APIC Controller URL.

    • Username: the site username.

    • Password: the unique site password for access.

    • Specify Domain for Site: click the selector to On to specify a domain for the site.

  • Actions: drop down menu list option to edit, delete, or open a subject site in the APIC user interface.

Admin Pages

When you select the Admin tab from the Cisco ACI Multi-Site Orchestrator navigation bar, it expands the following additional selection of administrative pages:

  • Providers

  • Login Domains

  • Backups

  • Audit Logs

  • Security

  • Remote Locations

  • System Configuration

Providers

Figure 3. Cisco ACI Multi-Site Orchestrator Providers Page

The Providers page under the Admin heading displays information about any configured external authentication providers. The following details are shown for each provider:

  • Host Name

  • Type

  • Description

  • Port

  • Timeout (Sec)

  • Retries

Working with external authentication providers is described in Audit Logs and Security.

Login Domains

Figure 4. Cisco ACI Multi-Site Orchestrator Login Domains Page

The Login Domains page under the Admin heading displays information about the available login domains. The following details are shown for each domain:

  • Name

  • Description

  • Provider

  • Status

  • Default

Working with login domains is described in Audit Logs and Security.

Backups

Figure 5. Cisco ACI Multi-Site Orchestrator Backups Page

The Backups page under the Admin heading displays information about any backups that have been created. The following details are shown for each domain:

  • Date

  • Name

  • Size

  • Notes

Working with backups is described in Audit Logs and Security.

Audit Logs

Figure 6. Cisco ACI Multi-Site Orchestrator Audit Logs Page

The Audit Logs page under the Admin heading displays information about the audit logs and records. The following details are shown:

  • Date

  • Action

  • Type

  • Details

  • User

Working with logs is described in Audit Logs and Security.

Security

Figure 7. Cisco ACI Multi-Site Orchestrator Security Page

The Security page under the Admin heading displays information about the custom certificates and key rings you have configured for use by the Orchestrator. The following details are shown:

  • Certificate Authority

    • Name

    • Description

  • Key Rings

    • Name

    • Description

    • Trustpoint

    • State

Working with certificates is described in Audit Logs and Security.

Remote Locations

The Remote Locations page under the Admin heading displays information about any remote backup locations you have configured for use by the Orchestrator. The following details are shown:

  • Name

  • Host

  • Protocol

  • Username

  • Remote Path

Working remote backups is described in Audit Logs and Security.

System Configuration

The System Configuration page under the Admin heading allows you to configure a number of system settings that define how the Orchestrator GUI behaves. For example, you can change how failed login attempts are treated or if a warning banner should be displayed at the top of the GUI.

The available system settings are described in more detail in Audit Logs and Security.

Admin > Users Page

The Multi-Site Orchestrator Users page displays all of the users.

The Users page features a table containing all of the identified users by username and associated email and current activity status. If you click a selected Username, you can access the General Setting page attributable to the subject user. On the General Setting page, you can edit the details associated with the subject user such as username, password, email, and switch-on user roles.

Click Add User to add a new user to your Multi-Site implementation. The General Setting page display enables you to assign username, password, email, and switch-on user roles associated with your Multi-Site implementation.

For specific tasks, see the User Management chapter.