Table of Contents
Applications are getting more and more critical for organizations. They are the heart of digital data transformation along with data they process, carry or hold providing not just essential back-office systems of record but also increasing frontline systems of engagement using which organizations serve or interact with their customers, partners and suppliers as well. Since applications are hosted on hybrid cloud , spread across geographies and boast the scalability and all-time availability the importance of a secure and well-connected data centre is essential.
Today we look more in detail about Cisco Multi-site Orchestrator ,its deployment, features etc.
Cisco ACI Multi-Site Orchestrator (MSO)
Cisco Multi-site orchestrator is part of Cisco ACI Anywhere vision which allows a single security and connectivity policy having a single pane of glass to manage all multi-cloud environments. It allows the administrator to create consistent policies for security and connectivity across multiple physical , virtual and cloud hosted sites.
Benefits of Cisco ACI: Multi-Site Orchestrator Deployment (MSO)
- Single pane of administration and orchestration of multiple network fabrics for Cisco ACI and NDFC (Nexus dashboard fabric controller)
- Automation of management and configuration of inter-site network interconnects across IP backbone for cisco ACI and NDFC
- Uniform multi-tenancy policy across sites to allow IP mobility, disaster recovery, active/active use cases for data centres
- Mapping of tenants to applications, and associated networks with specific availability domains for both Cisco ACI and NDFC
- Hybrid and Multi-cloud orchestration support for on premises cisco ACI sites and public cloud sites (Azure and AWS)
- Multi-cloud ACI deployments capability without on premises sites
- Based on resource growth scaling out sites and leaf switches
Functions of Multi-site Orchestrator
- Health state monitoring for different ACI sites
- 0-day configuration provisioning to establish inter-site EVPN control plane
- Defining and provisioning policies across sites
- Day 2 operations functionalities
- Health status and fault status for all managed sites
- Easy identification of stretched policies across sites
- Quick search for any deployed inter-site policy
- Direct access to APIC GUIs in different sites
Cisco ACI Multi-Site Orchestrator Deployment
Deployment requires a 3 node Multi-site Orchestrator cluster to manage all the sites ‘Fabric’ in the ACI environment. Orchestrator can be deployed in a number of ways as under:
We can choose to deploy a cluster in a Cisco Application Services Engine (ASE) as it is a common platform to streamline multi-product integrations, add security to Cisco secure development lifecycle and remove root access on orchestrator applications.
Another option is to deploy each orchestrator node on VMware ESXI VMs directly either using Cisco provided Python scripts or using an OVA image to deploy individually each orchestrator VM.
Single node deployments are also done which are supported for Lab and testing purposes.
Deploy Orchestrator in Application service engine
Step 1 : Download the Cisco ACI Multi-site Orchestrator image, browse software download link
Click ACI Multi-Site Software, from left sidebar choose the Cisco ACI Multi-Site Orchestrator release version
Download the ACI Multi-Site App Image file (Cisco-MSO-<version>.aci) for the release
Step 2: Copy the orchestrator image to Application service engine
Use below command if you have cisco application engine deployed in VMware ESXi (.ova) , Linux (.qcow) or as physical appliance (.iso) and enabled password-based logins for AWS (.ami) deployment – to copy image to temp directory
# scp <app-local-path> rescue-user@<service-engine-ip>:/tmp/
If Application service engine is not deployed in password- enabled mode you should use the certificate (.pem) file which is created during Application service engine deployment
# scp <app-local-path>.aci -i <pem-file-name>.pem rescue-user@<service-engine-ip>:/tmp/
Step 3: Install the Orchestrator application service engine
During installation only one service Engine node needs to be deployed. The application will replicate to other nodes in the cluster automatically.
Log in to any one of service application engine node as rescue-user
If Cisco application engine is deployed in VMware ESXI (.ova), Linux KVM (.qcow) or as physical appliance (.ova) use SSH as below
# ssh rescue-user@<service-engine-ip>
If Application service engine is not deployed in password- enabled mode you should use the certificate (.pem) file which is created during Application service engine deployment
# ssh -i <pem-file-name>.pem rescue-user@<service-engine-ip>
Verify service engine health
# acidiag health
Install the Orchestrator
# acidiag app install <application-path>
Verify that application is loaded and issue command to check openState of the application
OpenState process takes about 20 minutes and wait for state to move to disabled to perform next step, note the application id in disabled state
# acidiag app show
[ { ‘adminState’: ‘Disabled’,
‘apiEntrypoint’: ‘/query’,
‘appID’: ‘MSO’,
‘creationTimestamp’: ‘2020-02-10T20:30:36.195960295Z’,
‘description’: ‘Multi-Site Orchestrator application’,
‘displayName’: ‘ACI Multi-Site Orchestrator’,
‘id’: ‘cisco-mso:2.2.3’,
‘name’: ‘cisco-mso’,
‘operStage’: ‘PostInstall’,
‘operState’: ‘Disabled’,
‘schemaversion’: ”,
‘uiEntrypoint’: ‘/ui/app-start.html’,
‘vendorID’: ‘Cisco’,
‘version’: ‘2.2.3’}]
Step 4: Enable the Orchestrator application
# acidiag app enable <app-id>
Step 5: Verify that cluster is deployed successfully
## acidiag app show
[ { ‘adminState’: ‘Enabled’,
‘apiEntrypoint’: ‘/query’,
‘appID’: ‘MSO’,
‘creationTimestamp’: ‘2020-02-10T20:30:36.195960295Z’,
‘description’: ‘Multi-Site Orchestrator application’,
‘displayName’: ‘ACI Multi-Site Orchestrator’,
‘id’: ‘cisco-mso:2.2.3’,
‘name’: ‘cisco-mso’,
‘operStage’: ‘Enable’,
‘operState’: ‘Running’,
‘schemaversion’: ”,
‘uiEntrypoint’: ‘/ui/app-start.html’,
‘vendorID’: ‘Cisco’,
‘version’: ‘2.2.3’}]
You can log in to Cisco ACI Multi-site orchestrator GUI , post GUI is available you can access it by browsing to any of your application service engine node IP address . The default login is ‘admin’ and the default password is ‘Welcome2msc!’
Continue Reading:
Cisco ACI Multi-Pod vs Multi-Site: Detailed Comparison
Cisco ACI vs Cisco Viptela SD-WAN vs Cisco SD-access
Introduction to Cisco ACI 3.0 Multi-site Fabric
ABOUT THE AUTHOR
I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”
I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.
I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)