Fara tare da Cibiyar DNA ta Cisco akan AWS

Cibiyar DNA ta Cisco akan AWS Overview

Lura
An sake sa Cibiyar DNA ta Cisco a matsayin Cibiyar Catalyst, kuma Cisco DNA Center VA Launchpad an sake masa suna a matsayin Cisco Global Launchpad. Yayin aikin sake yin suna, zaku ga tsoffin sunaye da sake suna ana amfani da su a cikin takaddun shaida daban-daban. Koyaya, Cibiyar DNA ta Cisco da Cibiyar Catalyst suna nufin samfur iri ɗaya, kuma Cisco DNA Center VA Launchpad da Cisco Global Launchpad suna magana akan samfur iri ɗaya.
Cibiyar DNA ta Cisco tana ba da ƙayyadaddun gudanarwa, gudanarwa mai fahimta wanda ke sa shi sauri da sauƙi don ƙira, samarwa, da aiwatar da manufofi a cikin mahallin cibiyar sadarwar ku. Cibiyar mai amfani ta Cisco DNA tana ba da hangen nesa na ƙarshen-zuwa-ƙarshe kuma yana amfani da hangen nesa na cibiyar sadarwa don haɓaka aikin cibiyar sadarwa da sadar da mafi kyawun mai amfani da ƙwarewar aikace-aikacen.
Cibiyar DNA ta Cisco akan Amazon Web Sabis (AWS) yana ba da cikakken aikin da cibiyar tura kayan aikin Cisco DNA ta bayar. Cibiyar Cisco DNA akan AWS tana gudana a cikin yanayin girgije na AWS kuma tana sarrafa hanyar sadarwar ku daga gajimare.

Nau'in Haɗi

• Kai tsaye Haɗa
• SD-WAN
• Ku-lo
• (IPsec Tunnel

Ƙarfafawaview

Akwai hanyoyi guda uku don tura Cibiyar DNA ta Cisco akan AWS:

• Aiwatar da Kai ta atomatik: Cisco Global Launchpad yana daidaita Cibiyar DNA ta Cisco akan AWS. Yana taimaka muku ƙirƙirar ayyuka da abubuwan da ake buƙata don kayan aikin girgije. Domin misaliampHar ila yau, yana taimakawa ƙirƙirar gajimare masu zaman kansu (VPCs), subnets, ƙungiyoyin tsaro, IPsec VPN tunnels, da ƙofa. Sa'an nan Cisco DNA Center Amazon Machine Hoton (AMI) yana aiki azaman Amazon Elastic Compute Cloud (EC2) misali tare da ƙayyadaddun tsari a cikin sabon VPC tare da ƙananan ramuka, ƙofofin wucewa, da sauran mahimman albarkatu kamar Amazon CloudWatch don saka idanu, Amazon DynamoDB don ma'ajiyar gwamnati, da kungiyoyin tsaro.
  Cisco yana ba ku hanyoyi biyu don amfani da Cisco Global Launchpad. Kuna iya saukewa kuma shigar da Cisco Global Launchpad akan na'ura na gida, ko za ku iya samun damar Cisco Global Launchpad wanda Cisco ya shirya. Ko da kuwa hanyar, Cisco Global Launchpad yana ba da kayan aikin da kuke buƙata don girka da sarrafa Kayan Kayan Kayan Kayan Kayan Kayan Kayan Kayan Kaya na Cibiyar Fasaha ta Cisco DNA (VA).
  Don ƙarin bayani, duba Sanya Amfani da Cisco Global Launchpad 1.8 ko Ajiye Amfani da Cisco Global Launchpad 1.7.
• Aiwatar da Manual Amfani da AWS CloudFormation: Kuna tura Cisco DNA Center AMI da hannu akan AWS ɗin ku. Maimakon yin amfani da kayan aikin ƙaddamar da Cisco Global Launchpad, kuna amfani da AWS CloudFormation, wanda shine kayan aiki a cikin AWS. Sannan da hannu ka saita Cibiyar DNA ta Cisco ta hanyar ƙirƙirar kayan aikin AWS, kafa rami na VPN, da tura Cisco DNA Center VA. Don ƙarin bayani, duba Sanya Amfani da AWS CloudFormation.
• Aiwatar da Manual Amfani da Wurin Kasuwar AWS: Kuna tura Cibiyar DNA ta Cisco AMI da hannu akan asusun AWS naku. Maimakon yin amfani da kayan aikin ƙaddamarwa na Cisco Global Launchpad, kuna amfani da AWS Marketplace, wanda shine kantin sayar da software na kan layi a cikin AWS. Kuna ƙaddamar da software ta Amazon EC2 ƙaddamar da na'ura wasan bidiyo, sa'an nan kuma da hannu tura Cisco DNA Center ta hanyar ƙirƙirar AWS kayayyakin more rayuwa, kafa VPN rami, da kuma daidaita Cisco DNA Center VA. Lura cewa don wannan hanyar turawa, ƙaddamarwa ta hanyar EC2 kawai ake tallafawa. Sauran zaɓuɓɓukan ƙaddamarwa guda biyu (Launch from Website da Kwafi zuwa Sabis Catalog) ba su da tallafi. Don ƙarin bayani, duba Sanya Amfani da Wurin Kasuwa na AWS.

Idan kuna da ƙaramin gogewa tare da gudanarwar AWS, hanyar sarrafa kansa tare da Cisco Global Launchpad yana ba da mafi kyawun tsari, tsarin shigarwa mai goyan baya. Idan kun saba da gwamnatin AWS kuma kuna da VPCs masu wanzuwa, hanyoyin jagora suna ba da madadin tsarin shigarwa.
Yi la'akari da fa'idodi da lahani na kowace hanya tare da tebur mai zuwa:

Aiki ta atomatik tare da Cisco Global Launchpad	Aiwatar da Manual Amfani da AWS CloudFormation	Aiwatar da Hannu ta Amfani da Kasuwar AWS
• Yana taimakawa ƙirƙirar kayan aikin AWS, kamar VPCs, subnets, ƙungiyoyin tsaro, IPsec VPN tunnels, da ƙofofin shiga, a cikin asusun AWS na ku. • Yana kammala shigar Cisco DNA ta atomatik Cibiyar. • Yana ba da dama ga VAs ɗin ku. • Yana ba da damar sarrafa VAs ɗin ku. Lokacin ƙaddamarwa kusan awanni 1-1½ ne. • Ana aika faɗakarwa ta atomatik zuwa Amazon CloudWatch na ku dashboard. • Zaka iya zaɓar tsakanin gajimare mai sarrafa kansa ko cibiyar sadarwa ta kasuwanci File Tsarin (NFS) madadin. Duk wani gyare-gyaren hannu da aka yi zuwa tsarin aiki mai sarrafa kansa na Cibiyar DNA ta Cisco akan AWS na iya haifar da rikici tare da turawa ta atomatik.	• The AWS CloudFormation file ana buƙatar ƙirƙirar Cibiyar DNA ta Cisco VA akan AWS. • Ka ƙirƙiri abubuwan more rayuwa na AWS, kamar su VPCs, subnets, da ƙungiyoyin tsaro, a cikin asusunka na AWS. • Kuna kafa rami na VPN. • Kuna tura Cibiyar DNA ta Cisco. Lokacin ƙaddamarwa yana kusan daga sa'o'i biyu zuwa kwana biyu. • Kuna buƙatar saita saka idanu da hannu ta hanyar na'urar wasan bidiyo ta AWS. Zaku iya saita NFS na kan-gida kawai don madadin.	• The AWS CloudFormation file ba a buƙatar ƙirƙirar a Cisco DNA Center VA akan AWS. • Ka ƙirƙiri abubuwan more rayuwa na AWS, kamar su VPCs, subnets, da ƙungiyoyin tsaro, a cikin asusunka na AWS. • Kuna kafa rami na VPN. • Kuna tura Cibiyar DNA ta Cisco. Lokacin ƙaddamarwa yana kusan daga sa'o'i biyu zuwa kwana biyu. • Kuna buƙatar saita saka idanu da hannu ta hanyar na'urar wasan bidiyo ta AWS. Zaku iya saita NFS na kan-gida kawai don madadin.

Yi Shirye-shiryen Aiki

Kafin ka tura Cibiyar DNA ta Cisco akan AWS, yi la'akari da bukatun cibiyar sadarwar ku kuma idan kuna buƙatar aiwatar da Cibiyar Cisco DNA mai goyan baya akan haɗin AWS da kuma yadda za ku shiga Cibiyar DNA ta Cisco akan AWS.
Bugu da kari, Cisco yana ba da shawarar ku tabbatar da cewa Cibiyar DNA ta Cisco VA TAR file ka zazzage Cisco TAR na gaske file. Duba Tabbatar da Cibiyar DNA ta Cisco VA TAR File, shafi na 6.

Babban Samun da Cibiyar DNA ta Cisco akan AWS
Cibiyar Cisco DNA akan aiwatar da babban wadatar AWS (HA) shine kamar haka:

• Kudi guda EC2 HA a cikin Wuraren Samarwa (AZ) ana kunna ta tsohuwa.
• Idan misali na Cisco DNA Center EC2 ya fadi, AWS yana kawo wani misali ta atomatik tare da adireshin IP iri ɗaya. Wannan yana tabbatar da haɗin kai mara yankewa kuma yana rage raguwa yayin ayyukan cibiyar sadarwa mai mahimmanci.
  Lura
  Idan kun tura Cibiyar DNA ta Sisiko akan AWS ta amfani da Cisco Global Launchpad, Sakin 1.5.0 ko baya da kuma misalin Cisco DNA Center EC2, AWS yana kawo wani misali ta atomatik a cikin AZ iri ɗaya. A wannan yanayin, AWS na iya sanya Cibiyar DNA ta Cisco wani adireshin IP na daban.
• Ƙwarewa da Maƙasudin Lokaci na Farko (RTO) suna kama da ikon kutage jerin a cikin kayan aikin Cibiyar DNA ta Cisco.

Sharuɗɗa don Haɗa Cisco ISE akan AWS tare da Cibiyar DNA ta Cisco akan AWS
Ana iya haɗa Cisco ISE akan AWS tare da Cibiyar DNA ta Cisco akan AWS. Don haɗa su tare a cikin gajimare, yi la'akari da jagororin masu zuwa:

• Cisco ISE akan AWS yakamata a tura shi cikin VPC daban daga wanda aka tanada don Cisco Global Launchpad.
• VPC don Cisco ISE akan AWS na iya kasancewa a cikin yanki ɗaya kamar ko yanki daban-daban daga VPC don Cibiyar DNA ta Cisco akan AWS.
• Kuna iya amfani da VPC ko Ƙofar Transit (TGW) peering, ya danganta da yanayin ku.
• Don haɗa Cibiyar DNA ta Sisiko akan AWS tare da Sisiko ISE akan AWS ta amfani da VPC ko TGW peering, ƙara abubuwan da ake buƙata ta hanyar shigar da hanyoyin zuwa tebur na VPC ko TGW kuma zuwa teburin hanya wanda ke haɗe zuwa cibiyar sadarwar da ke da alaƙa da Cibiyar DNA ta Cisco akan. AWS ko Cisco ISE akan AWS.
• Cisco Global Launchpad ba zai iya gano duk wani canje-canje na waje ba zuwa abubuwan da Cisco Global Launchpad ya ƙirƙira. Waɗannan ƙungiyoyin sun haɗa da VPCs, VPNs, TGWs, haɗe-haɗe na TGW, ƙananan igiyoyi, kewayawa, da sauransu. Domin misaliampDon haka, yana yiwuwa a goge ko canza kwas ɗin VA wanda Cisco Global Launchpad ya ƙirƙira daga wani aikace-aikacen, kuma Cisco Global Launchpad ba zai san wannan canjin ba.

Baya ga ainihin ƙa'idodin samun dama, kuna buƙatar ba da izinin tashar jiragen ruwa masu shigowa masu zuwa don haɗa ƙungiyar tsaro zuwa misalin Cisco ISE a cikin gajimare:

• Don Cibiyar DNA ta Cisco akan AWS da Cisco ISE akan haɗin AWS, ba da izinin tashoshin TCP 9060 da 8910.
• Don tantancewar radius, ba da izinin tashar jiragen ruwa na UDP 1812, 1813, da duk wasu tashoshin da aka kunna.
• Don sarrafa na'ura ta TACACS, ba da izinin tashar TCP 49.
• Don ƙarin saituna, kamar Datagram Transport Layer Security (DTLS) ko RADIUS Canjin izini (CoA) da aka yi akan Cisco ISE akan AWS, ba da damar tashoshin jiragen ruwa masu dacewa.

Sharuɗɗa don Shiga Cibiyar DNA ta Cisco akan AWS
Bayan kun ƙirƙiri misali mai kama-da-wane na Cibiyar DNA ta Cisco, zaku iya samun dama gare ta ta Cibiyar Cisco DNA GUI da CLI.

Muhimmanci
Cibiyar Cisco DNA ta GUI da CLI ana samun dama ta hanyar hanyar sadarwa ta Kasuwanci, ba daga cibiyar sadarwar jama'a ba. Tare da hanyar turawa ta atomatik, Cisco Global Launchpad yana tabbatar da cewa Cibiyar DNA ta Cisco ta sami dama daga Intanet ɗin Kasuwanci. Tare da hanyar tura da hannu, kuna buƙatar tabbatar da cewa Cibiyar DNA ta Cisco ba ta samun dama ga intanit na jama'a saboda dalilai na tsaro.
Sharuɗɗa don Shiga Cibiyar DNA ta Cisco GUI
Don samun damar Cibiyar DNA ta Cisco GUI:

• Yi amfani da mai bincike mai goyan baya. Don jerin goyan bayan masu bincike na yanzu, duba Bayanan Bayanan don Cisco Global Launchpad.
• A cikin mai bincike, shigar da adireshin IP na misalin Cibiyar DNA na Cisco a cikin tsari mai zuwa: http://ip-address/dna/home
  Don misaliampda: http://192.0.2.27/dna/home
• Yi amfani da waɗannan takaddun shaida don shiga na farko:
  Sunan mai amfani: admin
  Kalmar wucewa: maglev1@3

Lura
Ana buƙatar ka canza wannan kalmar sirri lokacin da ka shiga Cibiyar DNA ta Cisco a karon farko. Kalmar kalmar sirri dole ne:

• Cire kowane tab ko karya layi
• A sami aƙalla haruffa takwas
• Ya ƙunshi haruffa daga aƙalla uku daga cikin rukunan masu zuwa:
• Ƙananan haruffa (az)
• Babban haruffa (AZ)
• Lambobi (0-9)
• Haruffa na musamman (na misaliampku,! ko #)

Sharuɗɗa don Samun shiga Cibiyar DNA ta Cisco CLI
Don samun damar Cibiyar DNA ta Cisco CLI:

• Yi amfani da adireshin IP da maɓallan da suka dace da hanyar da kuka yi amfani da ita don tura Cibiyar DNA ta Cisco:
  • Idan ka tura Cibiyar DNA ta Cisco ta amfani da Cisco Global Launchpad, yi amfani da adireshin IP da maɓallan da Cisco Global Launchpad ke bayarwa.
  • Idan ka tura Cibiyar DNA ta Cisco da hannu ta amfani da AWS, yi amfani da adireshin IP da maɓallan da AWS ke bayarwa.
    Lura
    Makullin dole ne ya zama .pem file. Idan makullin file an zazzage shi azaman maɓalli.cer file, kuna buƙatar sake suna file ku key.pem.
• Canza izinin shiga da hannu akan maɓalli.pem file zuwa 400. Yi amfani da umarnin Linux chmod don canza izinin shiga. Don misaliample: chmod 400 key.pem
• Yi amfani da umarnin Linux mai zuwa don samun damar Cibiyar DNA ta Cisco CLI: ssh -i key.pem maglev@ip-address -p 2222
  Don misaliample: ssh -i key.pem maglev@192.0.2.27 -p 2222

Tabbatar da Cisco DNA Center VA TAR File
Kafin tura Cisco DNA Center VA, muna ba da shawarar ka tabbatar da cewa TAR file ka zazzage Cisco TAR na gaske file.
Kafin ka fara
Tabbatar cewa kun sauke Cisco DNA Center VA TAR file daga Cibiyar Zazzagewar Software na Cisco.
Tsari
Mataki na 1
Zazzage maɓallin jama'a na Cisco (cisco_image_verification_key.pub) don tabbatar da sa hannu daga wurin da Cisco ya kayyade.
Mataki na 2
Zazzage amintaccen hash algorithm (SHA512) checksum file za TAR file daga wurin da Cisco ya kayyade.
Mataki na 3
Samu TAR filesa hannun file (.sig) daga goyan bayan Cisco ta imel ko ta zazzagewa daga amintaccen Cisco website (idan akwai).
Mataki na 4
(Na zaɓi) Yi tabbacin SHA don tantance ko TAR file ya lalace saboda wani ɓangaren saukewa.
Dangane da tsarin aikin ku, shigar da ɗayan umarni masu zuwa:

• A kan tsarin Linux: sha512sumfile-filesuna>
• A tsarin Mac: shasum-a 512file-filesuna>

Microsoft Windows baya haɗa da ginanniyar kayan aikin checksum, amma zaka iya amfani da kayan aikin certutil: certutil -hashfile <filesuna> sha256
Don misaliample: certutil -hashfile D:\Customers\Launchpad-desktop-server-1.x.0.tar.gz sha256
A kan Windows, Hakanan zaka iya amfani da Windows PowerShell don samar da narkarwa. Don misaliampda:
PS C: \ Masu amfani \ Administrator> Samu-FileHash - Hanya
D:\Customers\Launchpad-desktop-server-1.x.0.tar.gz
Hanyar Hash Algorithm
SHA256 D:\Customers\Launchpad-desktop-server-1.x.0.tar.gz
Kwatanta fitarwar umarni zuwa SHA512 checksum file wanda kuka zazzage. Idan fitarwar umarni bai dace ba, zazzage TAR file sake kuma gudanar da umarnin da ya dace a karo na biyu. Idan har yanzu fitarwa bai yi daidai ba, tuntuɓi tallafin Cisco.
Mataki na 5
Tabbatar cewa TAR file na gaske ne kuma daga Cisco ta hanyar tabbatar da sa hannun sa:
openssl dgst -sha512 -tabbatar cisco_image_verification_key.pub -signature <sa hannu-filesuna>file-filesuna>
Lura
Wannan umarnin yana aiki a duka mahallin Mac da Linux. Don Windows, dole ne ka zazzage kuma shigar da OpenSSL (akwai akan rukunin Buɗewar SSL) idan ba ka riga kayi haka ba.
Idan TAR file gaskiya ne, gudanar da wannan umarni yana nuna ingantaccen saƙon Ok. Idan wannan sakon ya kasa bayyana, kar a shigar da TAR file kuma tuntuɓi tallafin Cisco.

Takardu / Albarkatu

CISCO Fara da Cibiyar DNA akan AWS [pdf] Manual mai amfani Fara da Cibiyar DNA akan AWS, An fara da Cibiyar DNA akan AWS, Cibiyar DNA akan AWS, Cibiyar akan AWS

Magana

• Manual mai amfani