Cisco Catalyst SD-WAN Portal

Note

To achieve simplification and consistency, the Cisco SD-WAN solution has been rebranded as Cisco Catalyst SD-WAN. In addition, from Cisco IOS XE SD-WAN Release 17.12.1a and Cisco Catalyst SD-WAN Release 20.12.1, the following component changes are applicable: Cisco vManage to Cisco Catalyst SD-WAN Manager, Cisco vAnalytics to Cisco Catalyst SD-WAN Analytics, Cisco vBond to Cisco Catalyst SD-WAN Validator, Cisco vSmart to Cisco Catalyst SD-WAN Controller, and Cisco Controllers to Cisco Catalyst SD-WAN Control Components. See the latest Release Notes for a comprehensive list of all the component brand name changes. While we transition to the new names, some inconsistencies might be present in the documentation set because of a phased approach to the user interface updates of the software product.

Overview of the Cisco Catalyst SD-WAN Portal

The Cisco Catalyst SD-WAN Portal is a cloud-infrastructure automation tool tailored for Cisco Catalyst SD-WAN, which provides a quick way to provision, monitor, and maintain Cisco Catalyst SD-WAN controllers on public cloud providers.

You can provision the following controllers using the Cisco Catalyst SD-WAN Portal:

Cisco SD-WAN Manager
Cisco SD-WAN Validator
Cisco SD-WAN Controller

Figure 1. Cisco Catalyst SD-WAN Portal Benefits and Operations

The Cisco Catalyst SD-WAN Portal enforces multi-factor authentication (MFA) by default for the portal access. You can configure the Cisco Catalyst SD-WAN Portal to use an identity provider (IdP) that lets you connect any user with any application on any device, using single sign-on (SSO).

Audience

This document is intended for Cisco customers such as service providers, partners, and other end users.

Prerequisites for the Cisco Catalyst SD-WAN Portal

Purchase a Cisco DNA subscription on the Cisco Commerce Workspace.
Create or open an existing Smart Account.
Create a Virtual Account associated with your Smart Account.
Add the device serial numbers on the Cisco Plug and Play (PnP) Connect portal.

For more information, see Cisco Network Plug and Play Connect Capability Overview.

Benefits of the Cisco Catalyst SD-WAN Portal

Enables visibility into critical statistics like instance CPU utilization
Provides a centralized dashboard for real-time monitoring of your Cisco Catalyst SD-WAN overlay networks
Includes a wizard-driven user interface for easy navigation to the appropriate task in the workflow
Provides selection of cloud providers with options for specifying geographic locations for primary and secondary data storage
Supports secure log in using an IdP for SSO with multi-factor authentication (MFA)
Supports role-based access control (RBAC)
Supports provisioning of new overlay networks with custom subnets for on-premises TACACS server connections to overlays

Prerequisites for PCI DSS certification

PCI-certified overlay is applicable to cloud deployments only.
Ensure that you are using Cisco Catalyst SD-WAN Release 20.6.1 or other subsequent extended-support releases. Any other release versions, including standard-support releases, are not PCI DSS certified.

For more information on extended-support releases, see Cisco IOS XE Software Support Timeline for Cisco IOS XE Software Release Starting with 16.x.x.

Smart Account and Virtual Accounts

A Smart Account contains the licenses purchased by your organization. A Smart Account is a central repository where you can view purchased software assets, register, and report software use, and manage licenses across the entire organization.

For the Cisco Catalyst SD-WAN Portal, Cisco has granted the right to access the Cisco Catalyst SD-WAN Portal to the Smart Account administrator. A Smart Account administrator can now view and perform operational tasks related to a customer's hosted controller infrastructure, such as viewing the controllers’ IP addresses and modifying the controllers' IP access lists. If you do not wish for certain users to receive such access, go to the Manage Smart Account section of Cisco Software Central, and remove those users as Smart Account administrators, or use the IDP (identity provider) onboarding feature to grant access to the Cisco Catalyst SD-WAN Portal based on the trusted users in the IDP.

For more information, see Workflow for Smart Account and Virtual Accounts for Provisioning the Controllers.

Virtual Accounts are subaccounts within your Smart Account. Virtual Accounts help you organize your Cisco assets in a way that is logical for your business. You can set up Virtual Accounts by department, product, geography, or other designation that best fits your company's business model.

A default Virtual Account is created for you. We recommend that you create a dedicated Virtual Account for creating Cisco Catalyst SD-WAN overlays.

For more information, see Create a Virtual Account Associated with Your Smart Account.

To provision a Cisco Catalyst SD-WAN controller, a Virtual Account should be associated with an offer attribute that is SD-WAN capable. An SD-WAN-capable attribute is associated with a Virtual Account when ordering your Cisco DNA cloud license.

Note

When you order Cisco DNA licenses using the enterprise agreement, automatic association of Virtual Accounts to an SD-WAN-capable attribute is not available. You need to submit a cloud-controller provisioning request form through the Enterprise Agreement Workspace for the Cisco CloudOps team to provision the controllers. Contact Cisco Catalyst SD-WAN Technical Support to request that the desired Virtual Account become available on the Cisco Catalyst SD-WAN Portal. After the desired Virtual Account is available on the Cisco Catalyst SD-WAN Portal, you can provision the controllers after providing the necessary enterprise agreement contract information.

Cisco Catalyst SD-WAN Portal Configuration Guide

Bias-Free Language

Book Title

Cisco Catalyst SD-WAN Portal Configuration Guide

Chapter Title