This article covers the tools available in Cloud Control Center for effectively managing Virtual Edges (VEs) and Virtual Edge Nodes (VENs) within the Elisity platform. In this article, we will cover the essentials for monitoring the status and viewing detailed information for your VEs and VENs. Additionally, we will guide you through the processes of creating and configuring VEs and VENs, including setting up site labels and distribution zones, which are crucial for a well-structured network environment. This guide aims to provide clear, step-by-step instructions and insights to streamline your network management tasks.
Visibility into Virtual Edges (VEs) and Virtual Edge Nodes (VENs)
The Virtual Edge Dashboard is your centralized platform for monitoring and managing the status and configurations of your Virtual Edges and Virtual Edge Nodes. This dashboard provides a comprehensive view that ensures you have the necessary insights to maintain optimal network performance and security. Here's how to navigate and interpret the key features of the dashboard:
Summary Section
The Summary section offers a quick overview of the current state of your VEs and VENs. It displays the total count and status (Online, Offline, Not Registered, Decommissioned, Deleted) of both VEs and VENs in a simple, graphical format. Clicking on any section of the pie graph or one of the VE/VEN status categories will filter the view below to show only the relevant VEs.
This immediate visibility helps you assess the overall health of your network infrastructure at a glance and quickly gives visibility into any issues with Virtual Edges or Nodes that need addressed.
Virtual Edges and Virtual Edge Nodes Tabs
Below the summary, you'll find tabs for Virtual Edges and Virtual Edge Nodes. These tabs provide detailed lists of all configured VEs and VENs, respectively. Each entry includes crucial information such as the Virtual Edge Name, IP Address, Status, Status Duration, Site Label, Software Version, number of connected Virtual Edge Nodes (for VEs), Distribution Zone, and available Actions. You can customize these table views by adding, removing, and rearranging the columns. For more in-depth information about each VE and VEN, you can open details about each Virtual Edge or Virtual Edge Node.
Filtering by Site Label for Visibility
The Select Site Label feature allows for efficient filtering of VEs/VENs based on Site Labels. This feature enhances your ability to manage large-scale deployments by allowing you to view VEs and VENs associated with specific site labels. Here's how to use this feature effectively:
Multi-Select Dropdown: The site label filter provides a multi-select dropdown, enabling you to choose multiple site labels simultaneously. This flexibility allows for a customized view that matches your specific monitoring or management needs.
Searchable Labels: Begin typing within the dropdown to quickly search and select from the available site labels, making it easier to narrow down to the relevant devices.
Persistent Selections: Your filter selections remain in place even when navigating away from and back to the Virtual Edges page, ensuring continuity in your monitoring activities.
Impact on Dashboard Display: Upon applying one or more site label filters, the dashboard dynamically updates to only display the VEs and VENs associated with the selected labels. This filtering extends to charts and tables, providing a focused view that simplifies management tasks.
Utilizing site label filtering is especially valuable in environments with numerous VEs and VENs, enabling network admins to quickly isolate and manage devices relevant to specific locations or functions.
By integrating these features into your network management routines, you can enhance the efficiency and effectiveness of your monitoring and management activities within the Elisity platform.
Bulk Actions for Managing VEs and VENs
The Elisity platform provides a range of actions that administrators can perform on Virtual Edges, including editing configurations, downloading configurations, and deleting VEs. Each action is designed to offer control over the deployment and management of VEs within the network. With that, the platform supports bulk actions for VEs and VENs, allowing administrators to perform tasks such as restarting Restconf, redeploying, and decommissioning/deleting VENs in a streamlined manner. These actions ae contextual based on the types of VEs/VENs selected and what actions are available for the state of each VE/VEN.
Virtual Edges
-
Download Configuration: This action enables the download of switch-hosted Virtual Edge configuration files. It's specifically designed for switch-hosted VEs, allowing administrators to obtain the configuration file(s) in bulk. These files can be edited offline and then re-uploaded to apply changes to the VEs.
-
Download Docker File: Similar to the configuration file download for switch-hosted VEs, this action pertains to hypervisor-hosted VEs. It allows the download of Docker files (in .yml format) that contain the configurations for the docker container running the VE. Administrators can download these files, modify them as needed to adjust the configuration, and then re-upload them to update the VE settings.
-
Delete: This bulk action permits the deletion of multiple VEs at once. It is crucial for efficiently managing the lifecycle of VEs, especially when decommissioning or reorganizing network infrastructure. The delete action should be used with caution to avoid unintentionally removing critical network components.
Virtual Edge Nodes
- Restart Restconf: This action restarts the Restconf process on selected Virtual Edge Nodes. Restarting Restconf can be necessary for applying new configurations or troubleshooting connectivity issues, ensuring that VENs are properly synchronized with the Elisity management platform.
- Recommission: Recommissioning VENs is a critical step in re-integrating previously decommissioned nodes back into the network. This action reactivates VENs, making them active participants in the network's segmentation and policy enforcement mechanisms.
- Decommission: Decommissioning VENs temporarily removes them from active duty without deleting their configurations. This is useful for maintenance, troubleshooting, or reallocating resources. Decommissioned nodes can be recommissioned later as needed.
- Delete: This option allows for the removal of selected Virtual Edge Nodes from the network. Deletion is permanent and typically used when a node is no longer required or is being replaced. It's essential to ensure that decommissioning and data backup procedures are followed before deletion to prevent unintended data loss or network disruptions.
Accessing Details for VEs/VENs: Click on the Virtual Edge Name or Virtual Edge Node Name from the list. This action takes you to a dedicated details page for the selected VE or VEN, where comprehensive information is presented.
Virtual Edge Details
General Overview: At the top of the page, you'll find essential information about the selected VE, such as the model (if available), the total number of Virtual Edge Nodes (VENs) connected, the VE's IP address, Site Label, Software Version, and Distribution Zone.
Status Indicator: This part also displays the current status (e.g., Online, Offline, Not Registered) of the VE, providing a quick visual indicator of its operational state.
Resource Usage Metrics: Displays real-time data on resource consumption, including Memory Usage and CPU Usage. These metrics are vital for assessing the performance of the VE and identifying potential issues related to resource allocation or overload.
Top-Level Actions
Edit: The edit option allows administrators to modify the VE's configuration, including networking information (e.g., IP address changes), descriptions, and assignment of Site Labels and Distribution Zone labels. This level of control ensures that VEs can be quickly updated to reflect changes in network topology, policy requirements, or deployment strategies.
Download Files: This action enables the downloading of the configuration file used during the VE's onboarding process. It's particularly useful for backup purposes, auditing, or when replicating VE setups across different parts of the network.
Delete: The option to delete a VE becomes available only after all associated Virtual Edge Nodes (VENs) have been decommissioned and deleted. This ensures that network segmentation and policy enforcement are not inadvertently disrupted by the removal of a VE. This action provides a safe mechanism for removing VEs from the network, requiring that dependent or associated VENs are first properly managed to avoid leaving orphaned nodes or creating gaps in network security and segmentation.
Virtual Edge Nodes (VENs) Section
Listing of VENs: Below the Virtual Edge information, there's a section dedicated to the VENs associated with the VE. It lists each VEN's name, IP address, status, status duration, vendor, and the site label and software version if applicable. This consolidated view enables quick monitoring of all nodes connected to the VE.
Clickability for More Details: Each VEN's name is clickable, allowing administrators to drill down into more detailed views of individual nodes. This feature facilitates easier navigation and in-depth monitoring of specific VENs.
Actionable Options for VENs: For each node, actions such as editing settings, downloading configurations, or managing the VEN's operational status are accessible through the Actions menu. This provides convenient control over each VEN's configuration and state directly from the VE's detailed view.
Add Virtual Edge Node: Administrators have the capability to add new VENs to the VE from this window. This supports scalable network growth by allowing the straightforward integration of additional nodes as network demands evolve. For more information on onboarding your access or aggregation layer infrastructure as a Virtual Edge Node for policy enforcement, read our article on Onboarding Catalyst 9000/3850/3650 as a Virtual Edge Node.
Bulk Onboarding Virtual Edges and Nodes: The Elisity Platform enables the bulk creation of Virtual Edges and Nodes using spreadsheet uploads. Read our guide on Bulk Onboarding Virtual Edges and Virtual Edge Nodes for a walkthrough on how to use this feature.
Virtual Edge Node Details
Accessing VEN Details
Clicking on the name of a VEN from any menu in the Virtual Edge dashboard menu brings you to this detailed view. This action-centric approach ensures that network administrators have immediate access to all necessary information and management capabilities for each VEN, supporting effective and efficient network management and troubleshooting practices. Here is a summary of the information and options available for viewing and managing Virtual Edge Nodes from this menu.
Overview: At the top, you'll see an overview that includes the VEN's name, the model of the device (e.g., C9300-48P for Cisco devices), and the vendor. It also shows the current online status, providing a quick indicator of the VEN's operational state.
VEN Specifics: This section provides specific details about the Virtual Edge Node, including the associated Virtual Edge (VE) name, IP address, Site Label, Software Version, and the number of devices connected to this VEN.
Resource Usage: Displays current memory and CPU usage metrics. These insights are vital for monitoring the performance and ensuring that the VEN operates within its capacity, avoiding potential bottlenecks or performance issues.
Model, Vendor, and Device Count: Detailed information about the VEN's hardware model, the vendor, and the total number of devices connected, enabling administrators to assess the VEN's capacity and vendor-specific attributes.
Hardware and Firmware Versions: Shows the hardware version and the current firmware version running on the VEN, information that's essential for compatibility checks and upgrade planning.
Member Switches and Port Configuration
Member Switches: This section lists all the member switches that are part of the switch stack that has been onboarded as a VEN, including details like Switch Number, Role (e.g., Active), Priority, and their current status. This offers insights into the hierarchical structure and the operational roles of switches within the VEN.
Port Configuration: Details about the port configurations can be viewed and managed from this menu, providing administrators with the ability to tailor network connectivity and traffic flow according to specific requirements. For more information about these port configurations and what they do, read Port Configurations on Virtual Edge Nodes.
Top-Level Actions
Edit: Allows for the modification of the VEN's configuration settings, including network settings, descriptions, and associated labels, ensuring the VEN's alignment with the network's operational needs.
Decommission: This option facilitates the safe removal of the VEN from active service, a necessary step before deletion or when the node needs to be temporarily taken offline for maintenance or troubleshooting.
Distribution Zones and Site Labels
Elisity’s microsegmentation solution leverages Distribution Zones and Site Labels to streamline the process of managing network segments and applying policies based on the geographical or logical grouping of resources. This approach enables precise control over how policies are distributed and enforced across the network. Both of these constructs are managed in the Virtual Edge dashboard, but before we get into how to create and assign them to VEs, lets quickly review the concepts.
The interplay between Distribution Zones and Site Labels provides a layered approach to policy management, where Distribution Zones handle the distribution scope of device identity tags while Site Labels facilitate the granular application of policies based on site-specific requirements.
Distribution Zones are conceptual areas within the network that facilitate the efficient distribution of identity tags and policies. They are pivotal in large-scale environments, helping to overcome the limitations posed by hardware diversity and scale. Each Distribution Zone can support a varying number of devices, depending on the specific hardware used within the zone, and is linked to Virtual Edges, ensuring all nodes of a Virtual Edge belong to the same Distribution Zone. The dynamic nature of Distribution Zones allows for their reassignment to different Virtual Edges as needed, enhancing flexibility in network management.
Site Labels offer a method to both organize and classify VEs/VENs and any devices attached to these Policy Enforcement Points based on their physical or logical location. This allows policies to be applied more contextually, and enhances the visibility and analytics data by utilizing site labels as both a filtering mechanism and a policy enforcement mechanism.
Below is an example of how Site Labels are used to assign groups of Virtual Edges and Virtual Edge Nodes to different Policy Sets. In this example, we onboarded our VEs into a Simulation (staging) Policy Set with all simulated policies to ensure a safe, non-disruptive deployment where we can analyze the behavior of our simulated policies and how they would impact our production environment. Then, with one simple action, we can move our Virtual Edges to a new Policy Set by either (1) Assigning a new Site Label to our VEs or (2) moving our original site label to a new Policy Set.
Inheritance of Site Labels and the "Default" Site Label
Site Labels can be assigned to both VEs and VENs, as previously mentioned. In the case that a VEN does not have a Site Label explicitly assigned, the VEN inherits the Site Label of the parent VE, if it exists. If no Site Label has been explicitly assigned to a VE, the VE and its VENs are automatically assigned the "Default" Site Label. If you have Policy Sets enabled, this "Default" Site Label is assigned to the "Core" Policy Set by default. The "Default" Site Label is reassignable to other Policy Sets just like any other Site Label, allowing flexibility into how you manage VEs that have not explicitly been assigned a Site Label.
Creating and Assigning Site Labels and Distribution Zones
Creating Site Labels
To create Site Labels and Assign them to your Virtual Edges and Virtual Edge Nodes, start in the Virtual Edge dashboard and navigate to Settings in the top right.
Next, stay on the Site Labels tab and click + Create Site Label
Give your Site Labels a unique name, and create as many as you need by clicking + Create Another Site Label. Once you have added your Site Labels, click Create.
Afterwards, your Site Labels will appear in the Site Labels list, where you can filter and manage Site Labels, performing actions such as editing and deleting. Note that you can also create new Site Labels on the fly while assigning them to VEs, which will be covered in the next section.
Creating Distribution Zones
The process for creating Distribution Zones is nearly identical to creating Site Labels. Start in the Virtual Edge dashboard and navigate to Settings in the top right.
Next, click on the Distribution Zones tab and click + Create Distribution Zone
Give your DZs a unique name, and create as many as you need by clicking + Create Another Distribution Zone. Once you have added your Site Labels, click Create.
Afterwards, your Distribution Zones will appear in the list of DZs, where you can filter and manage them, performing actions such as editing and deleting. Note that you can also create new Distribution Zones on the fly while assigning them to VEs, which will be covered in the next section.
Assigning Site Labels and Distribution Zones
Both Site Labels and Distribution Zones are assignable to each individual Virtual Edge in the same manner. To assign these labels to a Virtual Edge, click on the name of the Virtual Edge you would like to add labels to.
Assigning these labels is as simple as clicking on the respective fields and selecting the Site Label or Distribution Zone that you want to assign to the VE. You can also create new labels as you add them to the VE, if the label you need does not yet exist. When you are done adding Site Labels and Distribution Zones, click Save Changes for these assignments to take effect.
Be sure that you are aware of the implications for assigning new Site Labels and Distribution Zones. You should be aware of what Policy Sets are associated with your Site Labels, as this defines what policies will be applied to all the endpoints attached to the current VE. An error here can result in unintended policies being distributed to this network segment, which could cause unintended connectivity issues between devices, causing disruption.
Assigning Site Labels to Virtual Edge Nodes
Site Labels can also be applied to each individual Virtual Edge Node, effectively overwriting the Site Label of the parent Virtual Edge, or adding a Site Label if one does not exist at the VE level. This offers a flexible approach to policy management by giving control of Policy Distribution down to each individual Policy Enforcement Point at the edge of your network.
To assign a specific Site Label to a Virtual Edge Node, find the VEN and click Edit Virtual Edge Node from anywhere in the Virtual Edge dashboard.
In the VEN editing window, we can see our current configuration for this Virtual Edge Node. We can also see some information about the parent Virtual Edge, particularly the Site Label of the VE. In this case, our Virtual Edge has the Default Site Label.
Towards the bottom of the window, click on the Site Label field and add any available Site Label, or create a new one. Remember, any time you create a new Site Label, it will be associated with the Core Policy Set, if Policy Sets are enabled. When you are done, click Save Changes.
The same caution applies here. Be sure that you are aware of the implications for assigning new Site Labels and Distribution Zones. You should be aware of what Policy Sets are associated with your Site Labels, as this defines what policies will be applied to all the endpoints attached to the current VE. An error here can result in unintended policies being distributed to this network segment, which could cause unintended connectivity issues between devices, causing disruption.
Global Switch Credentials
The process of setting up global switch credentials within the Elisity platform is designed to provide a streamlined method for authenticating Virtual Edges (VEs) and Virtual Edge Nodes (VENs) across the network. Global credentials serve as a unified authentication mechanism that can be applied to multiple VEs and VENs, facilitating easier management and deployment of these entities.
Steps to Set Up Global Credentials:
Navigate to the Settings section within the Virtual Edge dashboard.
Select the Global Credentials tab and fill in the Switch Admin Username and Password fields. Click Save.
This centralized approach to credential management ensures that changes to authentication details need only be made once and can be automatically applied to all associated devices, significantly reducing administrative overhead.