This section of the guide details initial configuration that will streamline the SD-WAN deployment. This section will cover, site creation within central and Orchestrator configuration including, Account key Generation, Grouping. This guide will be using the Cloud orchestrator however the steps for the on premise Orchestrator will be the same.
Table of contents
Central uses sites to group devices at the same geographical location. This procedure creates sites, used later in this guide.
Step 1 Click the Organization in the left column.
Step 2 Click the Sites tile, then click New Site on the bottom left.
Step 3 In the Create New Site window, assign the following settings, then click Add.
Step 4 Repeat steps 2 and 3 for all remote sites. This guide uses the following sites:
|Address||12601 W Explorer Dr||308 SW 2nd Ave #700||303 E Wacker Dr Suite 2700|
Upon first login to the Cloud Orchestrator there will be a red pop-up box on the right hand side, that says “Important: Account key associated with this account has never been changed.” This account key is used to initially associate the Cloud Orchestrator with the Cloud portal. Its best practice to generate a new key once the orchestrator is initially logged into. This Key is automatically propagated between the Cloud portal and Cloud Orchestrator.
When using the On premise orchestrator the initial account key will be emailed, and then need to be input manually when first logging into the appliance. See the initial account setup here.
Note: The Cloud portal is the inventory management tool for all devices in an account
Step 1 Select the Generate New Key Now.
Step 2 Click Generate New Key & Distribute.
Step 3 Click Close.
Grouping devices provides admins with a way to filter and to select a subset of devices. Its important to have a group structure that will scale and allow precise filtering. Below are two grouping structures for scale, due to the size of OWL this guide will use the grouping on the left.
|OWL Grouping Structure||Example International Enterprise|
To create Groups use the following steps.
Step 1 In the Right pane right click Group 1.
Step 2 Click Rename, Enter AMS.
Step 3 Right click AMS, Click Add group.
Step 4 Enter BRANCH, Click Ok.
Step 5 Repeat step 3, Enter HUB Click OK.
The following section will demonstrate how to configure Service orchestration and BIO configuration. Service orchestration is an optional step that will walk through the orchestrators configuration for a SASE service.
OWL does not require a SASE services however to demonstrate how the organization would configure a generic SASE provider see the following configuration.
Step 1 Click the Configuration tab in the top left corner.
Step 2 In the Cloud Services Column click Service Orchestration.
Step 3 Next to the Service Orchestration title Click +Add Service.
Step 4 Enter the name of the SASE Service and Enter the Prefix.
- Name: E_SASE_PROVIDER
- Prefix: 1
Step 5 Click the E_SASE_Provider tab, then click Remote Endpoint Configuration.
Step 6 Click + Remote Endpoint the enter the following.
IP address: Your public IP
Interface Label: Any
Pre shared Key: Your Pre shared Key
Probe Address: 18.104.22.168
Step 7 Click Save.
Step 8 Click the IP SLA box next to Tunnel Settings.
Step 9 Click the toggle to Enable IP SLA rule orchestration.
Step 10 Change the monitor from Ping to HTTP/HTTPS.
Step 11 Set the source interface to the previously configured label LOOPBACK.
Step 12 Enter in the following recommended SLA settings.
- HTTP Request Timeout: 5
- Keepalive: 1
- Markup after X seconds: 10
- Markdown after X failed: 10
- Mark up after loss below X %: 10
- Mark down after loss below X %: 20
- Mark up after average latency Below X: 150
- Mark down after average latency Below X: 200
Step 13 Click Save.